Amju Wolf @ amju_wolf @pawb.social

Posts

2

Comments

368

Joined

2 yr. ago

Most modern heat pump systems account for that and have electric heating/defrosting built-in for those few cold days a year.

Also it's not like you have to remove your old heating system*; you can just plumb in the heat pump into your central heating and have cut off valves for the original system, so you can still use it as a backup.

*) unless your government is retarded and in order to get subsidies they require you to uninstall it

That's like the stupidest take, especially for most of Germany. In the worst case you'd supplement the heat pump with electric heat so in the coldest days when it doesn't work at all (which will be a few days a year at most) you'd get to ... checks notes ... 1x efficiency, which is only as bad as having regular electric heating which many people have anyway.

It's still usually more efficient and better for emissions when the coal is burned at a power plant with high efficiency and filtering systems.

For larger homes with central heating and radiators inverter air conditioners aren't really a great solution - they are expensive (especially when you don't have/need an air conditioner in the first place), unsightly and work for more or less just one room. A heat pump is a generic term for a multitude of things, but as a replacement for central heating you'd most likely have just one outdoor unit that spews cold air and inside you'd have a large heat exchanger where you warm up the water for your central heating (and possibly warm water in general for showering and the like).

It's pretty amazing.

If it wasn't strictly bound to origin but could be, say, at least "licensed out" (perhaps with the places of origin still at least getting a small cut) it could be a win-win-win.

But as it is it's just artificially inflating prices of goods that are potentially just as good (or in some cases potentially even worse) than some alternatives.

That's a lot of trouble to go into to have questionable security. Though it's admittedly really cool.

I guess this is only great if you have to use potentially compromised computers often, so you are risking leaking at most a single password at a time, but still...

Unlike a proper password manager this still has issues though; for one, saving in cleartext is just bad, reading EEPROMs is trivial, and (perhaps more importantly) unlike a normal password manager this doesn't protect you against inputting data on a wrong (phished) domain.

Yeah, if an attacker can modify your page it doesn't matter if you auto-fill, fill on request or copy/enter the credentials manually - you are fucked either way.

That is, in fact, more secure than having to copy the login manually.

Technically you do lose the second factor, but nowadays 2FA is often mandatory or they force some crap like SMS/email verification onto you. If you are aware of the risk then it isn't a huge deal.

Though you might want to consider not using it at least for the most important stuff like banking (here you don't even have an option; banks have their own 2FA apps that you have to use) and primary/recovery email.

Have you considered using just the 3 domains with Proton and hosting the rest yourself? Assuming you have some more important/primary mail domains than others.

But you can do that in vanilla JS, too.

Even better, don't use JS at all if you don't have to.

You can write shitty code in TS too.

100% agree. Typescript is just a bandaid on top of a broken language. Sure it's better than bleeding, but it'd be preferable not to get injured in the first place.

And you can still apply the bandaid wrong.

The article is just an outright lie lol

I didn't even open the article but I agree!

But you can still deal with that respectably, or just not comment at all if you can't do it in a representative way.

Because you're much more likely to lose or break a hardware fob than lose a password, let alone change (lose or whatever) recovery email or phone.

Like, it would be a neat option; ideally you could set up literally anything and say what combination of factors you want to use for recovery and which to use for authentication, but it'd be a pretty big change for a tiny minority of users.

Google kinda does do that though. You can have a recovery email (or multiple IIRC), or you can have a phone number.

TOTP and hardware authenticators are more for second factor authentication; you're probably more likely to use those than a password, and they don't really make sense for recovery.

...and when browser integrity becomes a thing?

Not sure why only this one car is getting all the blame.

Because it generates clicks.