Actually, any (S)ATA Security Command requires prior unlocking. As all drives are unlocked per default, malicious software may simply set a password on your harddisk to access it. If you're rebooting your box in such a situation, your BIOS prompts for the password, so effectively, your hard disk's data is held as a hostage by the malicious software.

To prevent similar issues, any likely current BIOS during the booting process sends a "security freeze" command to lock all (S)ATA drives until that drive is being reset. The obvious workaround: boot your software, remove power from the drive, re-attach power cables, set a "security password" on the drive ("secure erase" requires this) and then issue the "secure erase" command. There is also special hardware to do so (a simple hard disk interface with a single button, which results in sending "set password" and "secure erase").

The japanese government initially only declared a radius of 3km, then enlarged this to 10km, later to 20km around Fukoshima. A few days of measurements later, fukoshima-originated plutonium has been found up to 40km away from Fukoshima and mearurements by the US DoE and NNSA do indicate that a radius of 80km is much more appropriate. However, japan is a pretty crowded country and there just isn't that much space to evacuate that many people; so in the end, the japanese government continues lying to the public.

Probably the most important issue is not to take into account the directly affected people today, but also the implications on the future. For example nuclear waste needs to be store at least tens of thousands of years, in some cases also hundreds of thousands of years.

Today, libraries are also scanning books and applying a lot of chemical processes to remove the dissolving acids from paper in books printed over the last hundred years and to keep the knowledge from those books. But if you'd like to read the contents of a 5,25"-floppy from a C64's VC1541 floppy drive written 30 years ago, you're not only in the jeopardy wether the floppy is still readable, the floppy drive also used an obscure encoding. So "the digital age" also faces a lot of other issues, how to persist knowledge.

Nuclear wasted areas, including those created by nuclear accidents, need to recognized as such, preventing people to settle there. The Cernobyl accident did happen 25 years ago, but poor or homeless people did start settling the surrounding area merely 15 years ago. Today, a few thousand people do live in the "closed" area. Officially, they're not permitted to live there, but the officials don't care about it that much.

It also did take a few hundred years for scientists to decode what the Maya wrote a few thousand years ago. I suppose nobody will wait settling that long for some scientist to decode the warnings around the area of Fukoshima.

You're also missing a different point: one option to use solar is to install large panels into deserts, another one is to concentrate solar power to heat oil and power generators using this heat; the electric power then is transferred to existing power grids using long-distance electric lines. This does require quite a large upfront investment, but there are various companies around the world doing so and aren't that uncomfortable to do so - so in the end, the investments do pay off.

Yet a third one is to install photovoltaic panels onto existing roofs and buildings. There are also recent (yet pricey) options to install glass windows with some special foil, which enables those windows to act as transparent pholtovoltaic panel. So in the end, you don't need to cover the earth by much more solar panels more than it already is by buildings. And don't forget that photovoltaic is probably the least efficient way of renewable energy, so there are many other options, too. For example, Germany's renewable energy act made people install a lot of photovoltaic cells onto their roofs, yet only around 2% of germany's electric power is supplied by photovoltaic cells. Another 13% or so are supplied by other renewable energies.

Not to mention the guys from redgate, sending a lucky database administrator to space via https://www.dbainspace.com/ :-)

You as an artist also do have to pay fees for playing your own music; if you're playing roughly more than 80% of self-written titles, you can expect to receive "most" of your money back (minus a collection fee), provided you do submit a full list of all songs and their writers of that specific event. If you make an appearance at some festival or do have supporting act: sorry, you've already lost that game. According to GEMA, the whole festival or evening is the "event".

An artist as a GEMA member also has to report any of their songs which may be played in public, on the radio or wherever else and they transfer basically all rights for collecting any fees to GEMA. This does have at least two downsides: songs reported that way are still within the fee-collecting contract even after your contract with GEMA expires, and you're usually legally bound 30 years to adhere to this contract. So even after 20 years of leaving your GEMA contract, you as an artist may not sell your own music written 22 years ago without paying some fee to GEMA. However, as your contract did expire, you usually don't receive any money back from GEMA. So in the end, at least the nasty aspects of GEMA contracts do last "for life". Legally, they're required to renew every few years, but in the end, this also increases both the amount of "represented artists" as well as "re-signing artists" quite a lot and does increase GEMA's standing in the german music industry.

GEMA's collected fees are also distributed according to some non-understandable scheme; however, this scheme seems to favor popular artists much more than smaller artists.

As an artist, basically any record company, label, publisher or distributor pushes you to sign a GEMA contract, as the GEMA system is much easier for them than individually collecting and distributing fees to artists. So in the end, about every artist who did publish a CD in Germany actually at some point did sign GEMA contracts (or GEMA does have bi-literal contracts with fee-collecting counterparts in their respective countries).

On the other side, GEMA also forces about anyone who at some point may play some kind of music to report played songs. For example, the barber shop around the corner has to report their opening hours to GEMA, as they're using a radio to provide a little bit of background music. And you can't even produce a DVD in germany without submitting a written note to GEMA listing all titles, writers and artists.

There are also other issues with GEMA's counter-fee-collecting and their standing within the german music industry. For example, the german podcasting guys at bitsundso.de made a christmas DVD back in 2008 and bought a fluffy jingly-christmas-background soundtrack directly from an english artist, who wrote, performed and distributed his work on his own. In order to produce the DVD, they did have to submit a list of included music titles, artists and writers to GEMA. They also accompanied that listing (of one single track, used in 24 DVD tracks as background music) with the bill of the UK-based artist.

About half a year after the DVD had been made public, GEMA wanted to collect 22 Euros as a fee "for the artist". The artists didn't have a contract with GEMA, but GEMA does have an agreement with its UK counterpart to collect any fees for artists within each others region and under each others contract, and that specific artist also had a contract with that UK-counterpart, but he kept the permission to individually sell his music on his own (something which isn't really possible for GEMA-signed artists). GEMA strictly rejected any claims from bitsundso-team, the UK-based artist and even the UK-counterpart to GEMA. I'm not sure on the exact outcome, but the GEMA-struggles "GEMA collecting money for GEMA-free music" in the end did take about half a year or so.

Out of many server suppliers, exactly Dell actually is supplying commodity server hardware and their boxes can easily be replaced by about any kind of vendor.
Dell is taking a few things of what's being sold on the market, do "customize" (brand) its firmware and that's it. And what they're actually replacing usually sucks (e.g. their BIOS) or is somehow outdated and just a little buggy. For example, a colleague of mine did fix a couple of DELL raid controller issues just by downloading official LSI firmware onto those controllers using LSI's linux tools. Of course, we're loosing Dell's support, but in the end - do you prefer "full vendor support" or not loosing your data?

The only thing which isn't completely "commodity" are some spare parts, like power supplies, fans or hard drive trays.
However, Dell's controllers usually don't mind if you replace the dell-branded hard disk by a non-dell-branded hard disk.

Even DELL's kind of out-of-band-management called DRAC isn't that special. If you're not the serial console type of guy and don't like whatever level of IPMI is implemented on e.g. some Supermicro board, you may take a look at AMI's MegaRAC line of products, which coincidentally does have a lot of similarities to DRAC. If I remember correctly, that DELL 2950 I've been evaluating back in 2000 did have a full-length MegaRAC PCI card.
However, even today's DRAC is based upon IPMI, so even in this case it's not that an issue to replace some Dell box by any kind of decent server hardware.

Wait, there's another one: the Clinton economists recognized the possible problems and so they recommended both political parties to propose someone for presidential elections who will ensure that there's enough debt for everyone.

Angela Merkel was born in Hamburg back in 1954, though their parents did move to East Germany a few weeks later.
From 1945 on, Hamburg was part of the British Occupation Zone. East and West Germany were founded in 1949 and most people believe occupation zones ceased to exist in 1949 as well, but the occupation officially ended in 1955 with enforcement of the General Treaty.

So even Angela Merkel wasn't born in the UK and neither lived there, but there are at least some British things in her life.
Maybe her birth certificate has been issued by some british agency ...

No offense taken - I do see the whole trojan surveillance issue as being a very important issue for multiple reasons.

For example, many people are having their laughs on the low level of technical expertise being used in this trojan. A few ones are also laughing about how these trojans have been installed (e.g. in one case, a customs officer at an airport wanted to do some extensive checks on one suspect's notebook; the suspect handed them the notebook, the officer left for a few minutes into another room and returned the notebook).

A different, but very worrying view are the legal issues and the tendencies of politicians. A few politicians do want this kind of spyware for years. A few years ago, the constitutional court did decide on exactly what kinds of actions may be exercised by such a surveillance software and what actions are clearly forbidden. However, exactly the same government who triggered this court decision did ignore those decisions. The Chaos Computer Club has been checking multiple versions of the same spyware, and all of them do completely ignore any court decisions.

Merely a little more than just a year ago, Germany's federal president resigned after an unlucky notion in a radio interview, which doesn't exactly match the ideas of the constitution and the rule of the german defence-only army. A few weeks later, the minister of defence Guttenberg states an even bolder statement of the same issue and is being applauded for this. However, plagiarism in his doctorate thesis effectively makes him resign a few months later: at first, the minister strictly denies everything, later choses to "temporarily" no longer use his doctorate title, then asks the university to withdraw the title. In the end, he's asking the chancellor to accept his resignment.

With the trojan spyware issue, about every state and federal politician did deny usage of this software, then denied the results of the analysis, later somehow acknowledged the results and even later acknowledged that this software has actively been used by more government agencies than estimated. The scheme of answers is the very same like with Guttenberg's doctorate plagiarism, but the actual crime strictly is a violation of a constitutional court's decision. Nobody resigned.

Back in 2008, the constitutional court also decided federal election laws to be flawed and gave politicians three years to resolve those issues. The deadline for this expired this summer. So the very next federal elections may easily be revoked. What does it tell you when a government does ignore multiple decisions of its highest courts and as such, ignoring certain ideas and aspects of their own constitution?

During the past 30 years or so, the Chaos Computer Club also became a very valuable, non-biased and honored source in expertise on IT security for media, politics, regular and highest courts, but exactly once their analysis on "governmental spyware" appeared, quite a few politicians cried that you can't trust those ideas and fantasys of some weird kind of club who do claim chaos in their title. So actually, those politicians are actually trying to defame the Chaos Computer Club.

One of the samples of the current surveillance software has been retrieved from a notebook; the software has been installed by customs officers at an airport, who did some "extensive checks" in another room. To me, this reads like the owner handed his notebook to those customs officers and they've been using some kind of bootable USB stick or the like to install into the Trojan into the likely non-encrypted filesystem.

A similar linux version wouldn't have to target a specific distro, a security issue or a loophole. So when someone gets physical access to your notebook, he could easily boot the box off a CD to replace /sbin/init by some kind of statically linked rootkit - there's no need for a root password, exploit or loophole once you already do have physical access and may simply mount the filesystem. And while they're at it, they may mess around with the rpm or dpkg database in order to correct any MD5 checksums and tagging /sbin/init as being a part of sysvinit or upstart release 66.6, so you likely won't receive any distro-updates to those packages for ages. I guess average linux users wouldn't notice a trojan installed that way and "only" during some major distro upgrade, things may break.

Another way were to replace the kernel binary on hard disk with a specific rootkit-kernel. This way, one might also access encrypted blockdevices or filesystems.

So probably about the only ways to protect from such threats were to strictly use encrypted blockdevices on hard disk and load the system kernel from a USB stick. The USB stick is only required for booting and may be removed after boot. So if some customs officer wants to take a closer look at your notebook, you may hand them the notebook - it isn't able to boot and its encrypted drive won't enable them to install a rootkit.

East or West Germany? Something tells me that East Germany had a different education system. Again, the joke is not about them. I myself have an accent when speaking Americano.

Until 20 years ago, students in West Germany have been learning English, while students in East Germany have been learning Russian. After Germany has been united, schools in East Germany pretty soon started offering English courses. However, I've been in West-German schools and back in 1989, my school also started offering russian language courses. I guess this is linked to Russia's era of Perestroika/Glasnost.

A co-worker of mine came from East Germany and did only attend two years or so of english lessons at school. He also attended the "business english" courses being offered in the office, but still was somehow uncomfortable actually speaking English. Nevertheless, he didn't have much trouble resolving technical and work-related issues with colleagues from the U.S. via email or ticketing systems.
On the other hand, he was fluently speaking in russian with another co-worker who came to Germany from the country of Ukraine and who has been about the same level of being uncomfortable in speaking german than he was with speaking English. In terms of business and economy, former russian countries also do come closer to Europe, so in the end, both English and Russian have been proven to be important languages in business (at least to those Europeans who live between "western" and "eastern" Europe).

iPhone OS and Android don't even closely compare to this. In Android, you do have full multitasking: applications do run in the background.
With iOS, applications may create fairly limited background tasks who may wake up the application by specific events.

So in Android, some stupid application e.g. polling for your location may drain your battery "in the background", while in iOS, the same application would've forked a background task to notify the application once the phone leaves a certain cell tower area. To me, the iOS approach sounds much cleaner.

Hmmm. Adding a Windows print queue to CUPS in OS X (10.6) is quite easy - compared to manually fumbling with CUPS' "http://localhost:631"-interface I'm used with my linux boxes.

I'm also using an LG P970 - an Android Phone. Running a pretty stock LG flavor of Android 2.2.2; but due to the "branding" of my phone company and the "enhancements" by LG, at least a dozen unwanted, unremovable-unless-you-root-your-device applications do start after booting and continue to spawn. Occasionally, I see alerts like "application xyz does no longer respond - kill it or continue waiting". Sometimes, both the "kill" and the "ignore" button won't work and my only way to solve this is to remove the battery and so to "force-boot" the device. This happens about once or twice a week.
Without JuiceDefender and other tricks (like turning off GPS and switch to the less-powerconsuming 2G-GSM than 3G/HSPA) the phone's battery has trouble to survive at least 10 hours. I'm happy that JuiceDefender has increased my battery life by x1.32 during the last 48 hours (estimated).
If some other application wouldn't have killed JuiceDefender, JD might have increased my battery life by x2.0, as it usually does.
The LG P970 did appear on the market around half a year ago, LG stated in their press releases to upgrade those devices to Android 2.3 "soon". However, nothing happened. A few weeks ago, a firmware update showed up, updating from LG's release V10b to V10c - still the same Android 2.2.2, but with some supposed bug fixes. After installing the firmware update, LG's email application refused working and instantly crashed. The issue is known in the forums: you just need to hit the "delete application data" button deeply hidden in the settings menue for the email application and re-enter all your login credentials for those various mail accounts.

It compares pretty much like running a PC with Windows 95: you do run a few extra tools just to get your device in a somehow usable state. However, those tools are workarounds for something which hasn't been written from ground up to be usable. It's not perfect, but at least it much looks like something good and most of the time, it does its job. And once you've settled with the various quirks, you start believing that this is the way to go.

I've never personally had an iPhone, but after having used different brands and models of Android phones, I'm tempted to give an iPhone a try.

You know Steve Yegges accidental G+ posting regarding Google an APIs? :-)

At Amazon, everyone was forced to do everything as a service. In the end, there are 20 services calling each other and it may take a week to find exactly the spot where a certain error happens.

At Google, everyone creates a product first and maybe adds an API later. However, this API usually is quite limited and of not much use.

The "good" way is a different approach: if your API doesn't work to create the kind of product you're trying to sell, it's incomplete and deserves to die.
So create an API first and use this API to create your product. If the result is good, your API is usually good as well.

Legal representatives of the trojan-authoring company "DigiTask" actually stated to german press that "basically DigiTask were able to supply software for other operating systems as well - if the contract tells them to do so."
So your attempt to be funny does point in a completely wrong direction: those guys who wrote this "legal interception" piece of spyware are clearly "dangerous" to non-Windows platforms as well.

On a sidenote, for at least 30 years or so german students in school classes after elementary school do attend 4-6 years of english language courses, usually a couple of hours per week. Some german politicians (usually those who can't speak their own language without using a dialect or at lease some very "unique" accent) publicly also suppose that toddlers in Kindergarten or pupils entering elementary school should start learning either mandarin chinese or english. English language and pop culture also do have quite a strong impact in Germany as well; for example, clearance sale isn't advertised with "Schlussverkauf" anymore but with large "SALE" signs. And 20 years ago, most germans didn't have an idea of halloween, but today, german kids can't wait to carve pumpkins and ask for a german version of "trick or treat".

As a german, I did learn english and french at school but haven't been using french for close to 20 years. My school grades in french have never been fairly well, but a few months ago, I've been waiting in line at an amusement park located in germany, but close to the french border. A french mum and her four-year-old kid were waiting behind me, and the girl wanted to ride a roller coaster, but was smaller than the usually asked 120 centimeters. My "rusty" french was still good enough to understand most of their conversation, to introduce myself and give them a hint on a close "youngster" roller coaster which may also be used by smaller kids.

Of course, those language courses in school are far from being perfect and without frequent use, people do tend both to forget words and not to be self-confident enough to use a language learned years ago - but those language courses still do enable people to communicate with each other. This is especially important in Europe, where you can't move any further than a few hundred miles without at least being able to barely understand a completely different language. I also do know that german is quite a hard language to learn, so I don't expect any foreigners to speak german. If someone tries to do so, I see this as a very honorable attempt to accommodate himself to the country he is in - so in fact, a kind of compliment.

If some word is unknown in such a situation, most people also tend to describe a word either using known, assumed-to-be-simpler words or even yet another, third language rather than using a word of their own (hey, they know that their language is not understood, so there's no use for their language's vocabulary). Yet another point where your joke fails.

So maybe now you should start poking fun at those U.S. citizens, who do try to find a job in Miami and have a hard time doing so without speaking spanish. It's about the same level of "assuming to be funny at the expense of an unknown situation".

The original press release from chaos computer club at http://www.ccc.de/de/updates/2011/staatstrojaner

points to

http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz

Feel free to do your own analysis :-)

However, AV software now does have at lease one more symptom to watch out for possible malware: the trojan included a couple of .DLLs, who didn't export any kind of function.

Sorry, but VMs are just a different flavor of shared hosting and your recommendation doesn't do any good. With VMs, VPS or dedicated servers hosted on a network operated by clueless network admins simply gives you a new kind of insecurities. For example, when some other dedicated server is sending out spoofed ARP replies to take over your default gateway, you do open your box to simple man-in-the-middle attacks.
And dedicated servers won't help if you're operating them with a clueless admin - and exactly those are the one's who are asking such stuff in #httpd.

I've been working at a quite large web host for more than ten years now. When taking into account the ratio of shared vs. dedicated customers, I see a higher ratio of dedicated customers being hacked every day: the number of possible insecurities is simply higher.

With "classic" shared hosting, your host is running a single kernel and relies on unix permissions to separate sites from each other: a flaw in the kernel or when setting permissions will expose the host. Having proper permissions set is an easy task (just say no to "chmod 777"), so your cracker usually has to target the kernel, usually from a local user account (e.g some "hacked" website running year-old, insecure installs of Wordpress or something else).

With VMs, your host is running a single hypervisor and relies on that hypervisor to properly separate VMs from each other: so a flaw in that hypervisor or its configuration will give the cracker full access to every VM. A (security-wise) proper configuration isn't that obvious to many guys, so this is really an issue.
What's usually required: local user access to a single VM, usually by exploiting their outdated, insecure phpBB/whatever-install.
After that, just take a look at what kind of virtual hardware you're seeing, and e.g. start googling for "vmware exploit".
However, many VMs, VPS and dedicated servers are simply poorly administrated and both shared and dedicated websites poorly operated.

I've seen a hundreds of shared hosting sites exploited within a single day via insecure, customer-installed scripts - but none of those exploiters was ever able to take over our shared hosting environment. The reason is simple: our admins actually do care about their servers, care about their own reputation and take pride in what they do. We also do develop our custom kernel patches inhouse and du manually check wether we actually do need a newer kernel (fixing old and introducing new vulnerabilities) or wether we just would like to backport those patches to our own set of kernels. We're not only running "usually" hardended systems, but customers are granted access only to a specially hardended chroot environment with hand-selected suid binaries, paranoid logfile monitoring and custom kernel patches preventing and alerting any not-whitelisted privilege escalation or any non-whitelisted uid-0-process (so far, those alerts have only been accidentally set off by interns doing their job in unexpected, not-whitelisted ways). Our systems also automatically trigger counteractions, like e.g. temporarily firewalling brute-force password cracking attempts to non-existant users and freezing strange-behaving processes on our servers. And once some notice on a possible vulnerability does come up, at least three admins in parallel do investigate those issues and think about how to solve those issues.

Within years, the most publicity on our shared hosting security was due to some guy who used an insecure, customer php-script to replace a customer's index.html with some content like

#:~$ id
uid=0(root) gid=0(root) groups=0(root)

Of course, the permissions of index.html still did belong to the customer ... and the Apache logfile clearly showed a POST to the insecure php-script with the same timestamp than the one of index.html.

We're also offering dedicated servers - who also run in a hardened environment, but still do run "usual" linux distributions and windows installs.
Hardending takes place at a different layer: private VLANs (layer 2 access only to DHCP/rescue server and default gateway, not to any other box on the same network), static ARP tables on routers and DHCP server, switch port security and the like do prevent dedicated servers from taking over other servers or our infrastructure. So in essence, the security of the dedicated server is solely to the administrator of that server.

I also do see at least a dozen dedicated servers (both physical hardware or using some virtualization layer like Xen/HyperV/vmware/openvz) being cracked every day; as I don't have access to those boxes, the actual numbers may be higher, I may only assume from the number of boxes temporarily taken offline e.g. due to outgoing DDoS-traffic. We usually take down those machines, ask our users to investigate and in case of signs of a break-in to reinstall their box - many don't care about that and try to "remove" rootkits manually without proper training on doing so. Many only restore their latest backups, and so expose the same vulnerabilities than before. Sometimes, they accidentally do restore the rootkits. And in some cases, customers do reimage their box, do install the latest security fixes, but reinstall their four-year-old phpBB install which has most likely been used by the cracker to gain user permissions.

A few times, support requests have been escalated to our admins - the customer wanted us to take a look at their server, which had been hacked five times a month and the customer doesn't have a clue why this keeps happening. When investigating, we usually do see a lot of reasons who are humiliating to any serious admin: at least a dozen daemons running for no obvious reason (e.g. three backup softwares in parallel), user accounts with both insecure passwords and sudo permissions; logfiles being turned off and no monitoring in place. Having "the latest security patches installed" isn't worth a dime when you're still running a five year old linux distro who didn't release security patches for at least two years now.

Hell, even in our own forums users do recommend VMs or VPS to those who'd like to "try out Linux" and were not able to install Linux on their home hardware. It certainly frightens me a lot when someone recommends to go for a dedicated server, a VM, VPS or the like to manage on their own ("doesn't take any more than 5 minutes a month") when all they need is just some competently managed shared hosting webspace AND some thought on who will manage any applications installed within that webspace. In #httpd on freenode, you're seeing exactly those "admins" and not admins of any serious web host.

So after all, there is no excuse to incompetently operate website content. If you recommend incompetent website operators to also become clueless admins, this won't enhance security at all but will create just more VMs/VPS/servers for those crackers out there to take over, host phishing sites, bot herds or take part in DDoS networks.

The interesting stuff on "those loonies" are the typical objections: e.g., the Pirate Party is said to be a "only one topic party".

My favourite answer to such objections simply is to take a step back. The Pirate Party did often say they're very knowledgable in certain matters, but certainly not in others - and they leave those things to others until they do have enough clue. To me, this is a lot more trustworthy and works for me much better than some party who states they're a master of all arts.

On the other hand, parties like the liberals (FDP) do have a very long party program with lots of interesting topics, but over the last 10 years or so they basically made themselves a "one topic party" by continuously repeating "reduce taxes, this will solve all problems". So in the end, a few of those objections "against" the pirate party are in deed things to watch out for with the well-known parties.

Been there, done that :-)

Back in 1995, Germany's nucler power plant operators turned ads in large newspapers stating that it is technically impossible and implausible to run more then 5% of electric energy using renewable energy. In 2000, the german government decided to promote renewables; this resulted in a dramatic tech improvement for e.g. solar and wind energy, prices for such energy plants did drop and are now pretty close to the same prices like other sources of energy. A new industry on renewable industry with thousands of jobs did arise.
Now in 2010, roughly around 15% of germany's power originated in renewable energy. In January 2011, Spain even reached close to 50% by renewables (they do rely pretty much on wind energy). However, nuclear power plants can't be powered up and down that fast and often according to what's needed to support renewables and so in spain, a lot of wind energy plants are actually powered down just because the nuclear power plants can't handle dynamic load that well.

There have been quite a few studies by independent parties, and basically all of them are now stating that it's possible for germany to reduce nuclear power to zero by further promoting renewables and suitable storage technologies. To do so within the next 10 years merely requires around 5% higher electricity prices and the revenues from inventing storage technologies and technical

The issue of "non-storable" power is often quoted, so there are actually some ideas and projects in place. At one site in germany, wind energy is used to literally push air into underground caverns or pump water into an artificial lake. Once power is needed, the air or water are used to power generators. Of couse, the overall
efficiency does drop and the storage capacity is usually limited to a few hours or up to a day or so.

So People now start thinking about using renewable power to use electrolysis to seperate hydrogen from oxygen and mix the resulting hydrogen with carbondioxide to methane, which may be fed into the existing gas grid and used as "renewable" gas. Gas can be stored quite well and the full storage capacity of the german gas grid equals roughly around 3-4 months of electric power supply.
Of course, efficiency to re-create electricity this way does drop to roughly 30%, but any energy used to support this process is actually renewable energy, so this won't hurt the environment and often this energy is "too much" for the power grid. So instead of powering down wind energy, you may also spend the "extra" wind energy on creating "renewable gas", which may be stored and later used to supply a gas power plant which re-creates electricity on demand.

In south-western germany, with roughly around half a dozen nuclear power plants, there were 35 earthquakes during the last 200 years with magnitudes of 7 or higher on the MSK scale (which roughly equals a magnitude of 6 or higher on the richter scale). However, earthquakes are "rare" enough, usually limited to a smaller area and so people either tend do forget or underestimate them, so the earthquake resistance standards for nuclear power plants in Germany are actually much lower than in Japan - and probably too weak.

For example, the nuclear power plant in the city of Mülheim-Kärlich close to Luxemburg had been planned to be installed in an earthquake-prone area. When this became publicly known, they decided to install the power plant only 70 meters away from the original site in order to reduce the risk. After a few weeks of operation, some courts decided that the more-or-less ignored issue of the earthquake-prone area will invalidate any current installing permits and that this power plant needs to be taken offline and removed. After three years of further legal battle into highest courts, the power company finally started deconstructing that power plant.

The main issue with Fukushima weren't exactly the Earthquake or the Tsunami but the power outage within the nuclear power plant which completely disabled the cooling system. The earthquake also made any cooling attempts much harder, as the site has been devasted quite a lot. To explain: a non-powered Nuclear power plant still needs to be cooled down, and when any kind of major natural disaster (earthquake, flood, storm, ...) interrupts the external power supply, that site in question is in trouble. Usually, nuclear power plants rely on having either some backup diesel generators on site to take over for 2-4 days or they rely on getting power from another block on the same site. But in reality, those concepts are still flawed. If the "uplink" to the power grid is broken, the power plant produces "too much" power and so about every block on site needs to be powered down, but still needs cooling. And if there is a major power outage within the power grid without some way to refill the backup generators in time, 2 days of backup generators are simply not enough.

For example during the last few months, a german nuclear power plant trouble report became publicly known where one time last year the backup generators failed, the power supply by next block redundancy didn't work (maintenance) and so at least one power plant's block had to rely on commercial power from the power grid. As there was no outage involved, the incident back than had been reported to be "minor" and didn't go publicly noticed. So such "issues" do arise, but didn't became known until someone investigated.

And people do remember that even power outages are rare and short (around 15 minutes per year in germany), but major electricity blackouts actually can happen due to a lot of reasons. For example, back in November 2005, heavy snow on landline power lines cracked down 82 power poles in north-western germany, leading a full power blackout for villages and cities in the "Münsterland" area. Power companies, fire brigades and other emergency technical assistance units installed mobile power generators and temporarily replaced the power lines by on-ground-cabling, but it took up to five days to supply every city with electric power again.
schneechaos-muensterland.de has some nice pictures and explanations (in german) of the situation back than.

According to some statistics by germany's federate power agency (which may also be found on the site above), there have been around a dozen major power outages due to up to 172 broken power poles within an area during the last 30 years, so such issues aren't exactly rare. It doesn't happen to everyone,
but it still happens :-)

Yet another example: the river Oder between Poland and Germany had at least two major floods during the last 15 years. During such a flood, the actual power usage of an area does drop close to zero and the power grid is no longer that reliable, so if you're operating a nuclear power plant in that area, you may actually be forced to immediately shut down all of your nuclear power blocks. However, they still need to be cooled: you can't rely on the power grid, the other blocks on site even in low-power mode generate too much electricity, so your only hope to avoid a nuclear power accident are your backup generators, who only have fuel for 2-4 days. So if your fuel trucks can't reach your site to refill your generator's tanks within that time frame, you're in severe trouble.