Nuclear fuel is around 2-3% of electricity cost, and there is too much worldwide supply for it to be of any concern, so it doesn't really matter where it comes from. For energy balance calculations it is accepted that nuclear energy is counted as produced where the reactor itself is.
Strategically, if nuclear power experiences a resurgence, procuring uranium could become difficult because the superpowers (Russia, China, and the US) will want to reserve it for themselves, and corresponding efforts have already begun.
The majority of nuclear-producing nations (Australia, Canada, Kazakhstan, Uzbekistan, etc.) will immediately comply.
Wind and sun, however, cannot be confiscated or withheld by blockade or embargo.
There is so much uranium in the ground (in the west too) that it doesn’t make sense to ”keep it” for yourself. Why would Russia wanna keep a supply for the next one million years instead of selling it and get money today? Same with all other countries with uranium.
Regarding known and exploited or rapidly exploitable deposits, we are very, very far from millions of years:
"As of 2017, identified uranium reserves recoverable at US$130/kg were 6.14 million tons (compared to 5.72 million tons in 2015). At the rate of consumption in 2017, these reserves are sufficient for slightly over 130 years of supply"
You're forgetting about the supply chain. Who manufactures all the solar panels and wind turbines? Honest question - are we increasing the risks of becoming energy dependent on China? Or does Europe have the ability to manufacture its own?
AFAIK all the raw materials (maybe not all top-notch, especially from the get go, but usable) and all the know-how exist in Europe (at worst currently working abroad), where many nations want to reindustrialize and gain autonomy.
In France numerous projects appear. Some may be too ambitious, some with a Chinese partner. In any case we will re-learn, and it will be less difficult than creating usable uranium without any adequate ore here!
Nuclear power resurgence is bullshit and it will always remain a drop in the bucket, especially for large countries. US has too much natural gas, China too much renewables, Russia well, it's of virtually no economic impact worldwide and whatever they might do is irrelevant (unless they nuke us).
Any country that starts a new nuclear power plant construction today won't finish it before electricity will be comprehensively solved by renewables. It pertains even to dictatorship where public opinion does not exist and there's no red tape (Belarus: 14 years from decision to first reactor start) let alone not in free countries. It puts them into 2040+. In EU let's say there will be certainly no fossil fuel electricity at all, maybe apart from few percents of natgas for prolonged quiet periods in winter, and whatever nuclear power remains will be easy to replace. China? go figure, they have a problem of removing coal generation and that's essentially same as nuclear from standpoint of its behaviour on the grid, and there is so much more coal, nuclear will be squashed simply as a byproduct of whatever solution (which will likely be solar+batteries) they come up with.
Not switching to metric for time is reasonable, because there are already two existing 'natural' units for time (the day and the year), and they don't align on each other in metric (a year of exactly 1000 days would be so much easier, but we'll have to deal with reality as it is... or accelerate the rotation speed of the planet I suppose).
So long as we live on earth, metric time won't make much sense.
Is there any reason they should? Unless the Earth were tidally locked to the Sun, I'm not aware of any reason a day would have any relationship to a year.
It would be convenient to not having to deal with leap days and other such constructs. Of course, we cannot choose how these things behave, and therefore using a calendar not aligned to the natural cycles of our planet would be even less convenient, and would only start making sense when humanity develops into an interplanetary civilization.
The US isn't on a 365.24-based system, either. Days don't fit neatly into years, anyway.
That would have no impact on decimalizing sub-day units: 10 decidays in a day, 2 millidays to cook an egg... But no country did it, which speaks to the power our time traditions really hold in our psyche.
>That would have no impact on decimalizing sub-day units:
part of it is natural. We roughly divide day and night into 2 parts, so we already need to have considerations for halves.
It seems like base 12 was chosen simply due to religion. the zodiac defined the hours at night for ancient egypt, and the Goddesses of Seasons for Greece later on.
Minutes and seconds came because we let astronomers define them based on hours and movements of the sun along a dial. The time it'd take for a dial to traverse a literal arcminute and arcsecond (which is still a thing today). Though these times are very different from today's minutes and seconds. So we have math to thank for the base 60 measurements.
> part of it is natural. We roughly divide day and night into 2 parts, so we already need to have considerations for halves.
I forget which country did it but their historical time system counts hours as two halves from sunrise and then from sunset... That sounds a lot better than noon and midnight, to me. We could totally do
France has its own agency, the CNES (though most research go through ESA nowaday), and had it for a long time.
Its launchers are still the best when it comes to reliability I believe, though not competitive on cost anymore since the advent of spaceX (Ariane6's first flight was in 2024 and its price per kilogram is just an order of magnitude worse than spaceX). Definitely missed a step.
Still, France has an active and ongoing space program since about 1970.
The Ariane family is, at least formally, ESA, not CNES, tho. The UK also has its own agency, but launches via ESA (or private). I think it would be probably fair to say that Ariane is more French than anything else, but it’s not strictly a French project.
Confusingly, the EU also has its own agency, though it doesn’t, as far as I can see, do much outside of operating Galileo. ESA, though obviously very EU aligned, isn’t an EU agency, and has non-EU/EEA/former-EU members (notably, _Canada_).
I think if the labor cost is a small part of total cost, it might be more valuable to investigate the roughly 1:2 output per worker. Some possibilities, none confirmed:
- Chinese workers work 2 shifts instead of 3 shifts, so the factory simply hires less workers. This should also show a difference of total output of cars;
- Chinese factory has better processes or/and automation, which is more interesting.
So when someone finds a bug in software, in your mind the only acceptable options are:
1) Fix it yourself
2) Sit on it silently until the maintainers finally get some time to fix it
That seems crazy to me. For one, not everyone who discovers a bug can fix it themselves. But also a patch doesn't fix it until it's merged. If filing a public bug report is expecting the maintainers to "drop everything and do free labor" then certainly dropping an unexpected PR with new code that makes heretofore unseen changes to a claimed security vulnerability must surely be a much stronger demand that the maintainers "drop everything" and do the "free labor" of validating the bug, validating the patch, merging the patch etc etc etc. So if the maintainers don't have time to patch a bug from a highly detailed bug report, they probably don't have time to review an unexpected patch for the same. So then what? Does people sit on that bug silently until someone finally gets around to having the time to review the PR. Or are they allowed to go public with the PR even though that's far more clearly a "demand to drop everything and come fix the issue NOW".
I for one am quite happy the guy who found the XZ backdoor went public before a fix was in place. And if tomorrow someone discovers that all Debian 13 releases have a vulnerable SSH installation that allows root logins with the password `12345`, I frankly don't give a damn how overworked the SSH or Debian maintainers are, I want them to go public with that information too so the rest of us can shut off our Debian servers.
Responsible disclosure policies for contributor-driven projects can differ from commercial projects. Also, if Google has the funds to pay for bug finding, they also have the funds for bug fixing the community projects they depend on.
> Responsible disclosure policies for contributor-driven projects can differ from commercial projects.
The can, but there's not an obvious reason why they should. If anything, public disclosure timelines for commercial closed source projects should be much much longer than for contributor-driven projects because once a bug is public ANYONE can fix it in the contributor-driven project, where as for a commercial project, you're entirely at the mercy of the commercial entities timelines.
> Also, if Google has the funds to pay for bug finding, they also have the funds for bug fixing the community projects they depend on.
They do. And they do. They literally higher the ffmpeg maintainers via the maintainer's consulting business (fflabs.eu) and they routinely contribute code to the ffmpeg project.
> The can, but there's not an obvious reason why they should.
Of course there are obvious reasons: corporations have the resources and incentives to fix them promptly once threatened with disclosure. Corporations don't respond well otherwise. None of these apply to volunteer projects.
> They literally higher the ffmpeg maintainers via the maintainer's consulting business (fflabs.eu) and they routinely contribute code to the ffmpeg project.
Great, then they should loop in the people they're paying on any notification of a vulnerability.
Of course, if this has truly been the case then nobody would have heard of this debacle.
How so? Volunteer projects have maintainers assigned to the project writing code. The "resources" to fix a bug promptly are simply choosing to allocate your developer resources to fixing the bug. Of course, volunteers might not want to do that, but then again, a company might not want to allocate their developers to fixing a bug either. But in either case the solution is to prioritize spending developer hours on the bug instead of on some other aspect of your project. In fact, volunteer driven projects have one huge resource that corporations don't, a theoretically infinite supply of developers to work on the project. Anyone with an interest can pick up the task of fixing the bug. That's the promise of open source right? Many eyes making all bugs shallow.
As for incentives, apparently both corporations and volunteer projects are "incentivized" to preserve their reputation. If volunteer projects weren't, we wouldn't be having this insane discussion where some people are claiming filing a bug report is tantamount to blackmail.
The only difference between the volunteer project and the corporation is even the head of a volunteer project can't literally force someone to work on an issue under the threat of being fired. I guess technically they could threaten to expel them from the project and I'm sure some bigger projects could also deny funding from their donation pool to a developer that refuses to play ball, but obviously that's not quite the same as being fired from your day job.
> Great, then they should loop in the people they're paying on any notification of a vulnerability.
If only there was some generally agreed upon and standardized way of looping the right people in on notifications of a bug. Some sort of "bug report" that you could give a team. It could include things like what issue you think you've found, places in the code that you believe are the cause of the issue, possibly suggested remediations, maybe even a minimum test case so that you can easily reproduce and validate the bug. Even better if there were some sort email address[1] that you could send these sorts of reports to if you didn't necessarily want to make them public right away. Or maybe there could be a big public database you could submit the reports to where anyone could see things that need work and could pick up the work[2] even if the maintainers themselves didn't. That would be swell, I'm sure some smart person will figure out a system like that one day.
xz was a fundamentally different problem, it was code that had been maliciously introduced to a widespread library and the corrupted version was in the process of being deployed to multiple distributions. The clock was very much ticking.
The clock is always ticking. You have no idea when you find a vulnerability who knows about it or how or whether it is currently being actively exploited. A choice to delay disclosure is a choice to take on the risk that the bug is being actively exploited in order to reduce the gap (and risk in that gap) between public disclosure and remediations being available. But critically, it is a risk that is being forced on the users of the software. They are unable to make an informed decision about accepting the risk because they don't know there is a risk. Public disclosure, sooner rather than later MUST be the goal of all bug reports, no matter how serious and no matter how overworked the maintainers.
That would be an acceptable response if it was just the last one president doing it, but it's been ongoing since WW2 at the very least.
I hold Russia as a whole accountable for Russia's recent war in Ukraine, it's their Responsibility to get rid of their leader when he started an unjustified invasion.
I hold the U.S. as a whole responsible for their successive presidents antics.
Persistently bad behavior can be anticipated and accounted for, random actions cannot. Importer have as much issue with the tariffs as they have with the unpredictability of those tariffs.
In theory, you try to limit the influence of a persistently bad actor, but it seems the U.S. didn't get the memo.
> America? The one with all the spying, NSA, Patriot Act, this America?
Yes. We do all of that. But so does practically everyone else. The difference is our federal structure and--until recently--independent courts provided a bit more oversight than other countries' citizens had access to. And we've had--until recently--respect for privacy held deeply enough by enough people that it turns into a stink at the federal level in at least some respect.
Most countries have national logging requirements, disclosure requirements and domestic police with the powers of the NSA. (America remains one of the few countries in which one can form a legal entity with zero identification.)
reply