If there’s any scope for a user to inject JavaScript, then potentially this gives a vector of attack against other internal things (e.g admin.domain.com, operations.domain.com etc)
Also, if for example the SaaS you’re running sends a lot of system emails that really shouldn’t end up in spam filters, you can’t afford to let things like marketing campaigns negatively influence your domain’s spam score.
If you look at the detail pages, you’ll see that “not yet assigned” doesn’t mean that a fix hasn’t been implemented yet. But you are right that not all CVEs get fixed as quickly as I claimed. However, my experience has been that high-profile ones that surface in tech news usually are.
I bought a thermal camera as a fun toy, it is great at finding studs especially for walls that face outside. Also you can see pipes easily when hot water is running through them.
But it was not cheap, cost about $300.
If you just want to just find studs, use magnetic stud finder. Cost about $10. Very easy to use and accurate.
The key to using stud finders is never trusting them and using multiple methods as a sanity check. For example, if it says a stud is as position x I'll sanity check by checking x-16" and x+16" because there should also be studs there. If nothing, maybe I'll try x-15, x-14, etc with the key being looking for some repeating pattern. Test moving vertically as well.
Combine with some knocking to feel/listen for a stud right against the wall vs an erroneously detected pipe 1/4" away.
I'll also use a neodymium magnet in certain situations to look for drywall nails/screws in conjunction with the other methods.
I don't fully trust any of these methods, but together they'll get you as confident as you can be short of having a couple hundred dollar detector or taking the wall apart.
If it's drywall you can use use a cheap stud finder or just yours ears and hands to find studs fairly easy. Plaster might be a little harder but still doable. Also, look for outlets as those are attached to studs. Depending on the age and construction of the house studs will be 16 inches apart.
Another issue with heat pump rollout, at least in the UK is a severe lack of qualified heating engineers with a basic understanding of thermodynamic principles.
Thus you get plumbers with experience installing gas boilers, resulting in poorly specified and installed systems that provide nowhere near the efficiency that they should reach.
This then leads people to say “heat pumps don’t work” or “heat pumps are expensive to run”, which only feeds into the whole anti net-zero rhetoric.
My friend's father owns an AC/heat pump/PV installation business and by his account it's even worse, as the most common issue seems to be that piping is poorly laid out and/or insulated, making a huge chunk of the heat escape into the ground.
How was that not an issue with coal/gas boilers? I don't know. Perhaps people just cranked up the gas and lived with the resulting bills.
People talk about needing larger radiators for heat pumps. You also needed similar sized radiators for condensing gas boilers to work at the claimed efficiency.
People were just burning 20% more gas for no good reason.
That would be my thinking as well, as it's analogous to how people use internal combustion cars - everyone seems to just accept the fact that in city driving fuel-to-wheels efficiency just drops below 20%.
It is worse for heat pumps. For condensing boilers the return water temperature needs to be low enough, but the system can easily be set to 60 degrees.
For heat pumps, 40 degrees is about the max for efficient operation. So radiators need to be quite a bit bigger compared to what you need for a condensing boiler.
> The correct temperature setting for heating on a combi boiler is 'as low as possible', but as a guide most older homes can run their heating systems at 60°C and newer homes at 50-55°C. They start to reach their very highest efficiency potential at 45°C flow temperature or lower, but this can be too low for older properties.
> Ultimately how low you can turn your flow temperature down will depend on the size of your radiators, how well insulated your home is and your thermostat temperature.
....
> A vast skills and knowledge gap (that dates back to 2005 when condensing gas boilers become mandatory) means 99% of installers do not understand how condensing gas boilers work and therefore cannot set them up to run as they were designed to. Installers have been let down and so have UK households. We have simply not benefited as much as we should have from this leap forward in boiler efficiency.
Then you are talking about something else. If the return temperature is below 40 degrees then the condensing mode kicks in. This can typically be achieved if the system is set to 60 degrees. Most radiators for this type of system work well with a temperature drop of 20 degrees. Obviously the flow should be adjusted accordingly.
If you go lower, efficiency may increase by tiny amounts, but in most practical setups the system is likely to become unstable and you will lose more than you gain. This is especially true if the system is also used to provide hot tap water. For hot tap water, in particular for a shower, the system needs to be able to heat a lot of water quickly.
According to the Heat Geek (in the UK) their minimum is 3.5 and their current average is 4.4. I saw a video[0] they did with Urban Plumbers and they visited a new build (well insulated) where the SCOP was 2.2. The main reason it was so low was the heat pump was over specced (by almost 4 times!) and the pump was cycling constantly.
> The main reason it was so low was the heat pump was over specced (by almost 4 times!) and the pump was cycling constantly.
You can find over-specing in the US/CA as well because of rules of thumb, or installers just looking at what the old system was and replacing it 1:1 with the same new system—never mind that more insulation or better windows have been perhaps put in.
For new builds, a lot of jurisdictions are mandating standardized calculations be done for estimated energy needs, equipment selection, etc:
If you're going to do a retrofit/replacement, it may be worth finding an HVAC company that will do that process for your non-new dwelling. The fact that a company could offer it may mean they're a step above Random Bob's HVAC.
I should also note that Heat Geek said, controversially, that one of their biggest indicators of a bad job is companies with more experience as such companies usually had a good reputation along with bad habits. Since customers don't know how these systems work or are expected to perform there is no good feedback mechanism apart from customer not complaining which is less likely as customers don't know what to expect in the way of bills being reduced in a properly working system.
Performance numbers from well designed systems aren't relevant to the fears of people who've heard the horror stories.
And there are horror stories from there being too many poorly qualified green installers doing a half-job. Some systems wildly underperform. My octogenarian neighbour had no central heating for two weeks while a replacement pump motor could be sourced and somebody could be found to fit it. You wouldn't have that with gas.
Heat pumps are catching up —I want them to win, we need them to— but this stuff has to get better. Installing one should be certified, performance should be mandated to protect consumers and grant money.
> Installing one should be certified, performance should be mandated to protect consumers and grant money.
How is a certificate and a mandate that
oliwarner suggested going to provide heat? Burning a certificate takes at most a few seconds.
To spell it out for you, the mechanism is pretty much the same as elsewhere:
Companies can offer customers some warranties that their system will work as advertised (ie provide heat with a minimum of fuel). Lots of companies in the private sector offer such warranties on a variety of products. The warranty by itself does not keep you warm, but it typically provides for some restitution in case of failure. (In an extreme case, you can imagine that people would be happy to be paid a million dollars in return for putting up without heat for two weeks. In practice, the warranty will probably settle on something less extreme. For example, some modest monetary compensation plus help with sourcing propane heaters as you suggest. Your imagination is the limit here.)
Because the small companies that do this kind of heat pump installation go bankrupt and disappear all the time, you can administer the warranty via a third party insurance company.
And here's where the certificates come in: just like some car insurance companies give you discounts in return for eg a clean driving record, you would imagine that your heat pump installation company would also be able to purchase much cheaper insurance to benefit their customers if they can provide evidence that they know what they are doing.
In practice the main benefit of the whole scheme would come from insurance companies keeping an eye on the installation companies. The payouts are mostly there to provide discipline and align incentives; but in a well running system the payouts shouldn't be necessary very often.
It would only need to be 4.7 to beat a gas/oil system that is 100% efficient.
In reality, a very good gas based system that is well specified and installed might reach 80% as a whole. Most UK gas/oil heating systems are significantly lower.
I had a plumber tell me that if I left the filling loop open then the pressure in the radiators would just keep rising and rising forever until they burst. He didn't agree that it would stop at equilibrium with mains pressure.
> This then leads people to say “heat pumps don’t work” or “heat pumps are expensive to run”
When I was doing some extensive renovations of a house about 7 years ago now (in the UK), we called a company whose main business was to install heat pumps (along with underfloor heating, etc). The person asked me a bunch of questions, and based on the age of the house and the insulation and such, she said, "I appreciate what you're trying to do, but I'm really worried that a heat pump won't be able to heat your house sufficiently on cold days; I'd really recommend that you take the money you'd spend on a heat pump and spend it on better insulation for the house instead."
Given that's their main business, and that she was knowingly turning me away as a customer, I tend to give some credence to her assessment. At least it can't be due to a lack of understanding or bias.
Now that our house is better insulated, I might try again next time our boiler is up for replacement, particularly if I can arrange to get the heat pump to cool the floors in the summertime as well as heat them in the wintertime.
WRT cooling with water based system there are a few of issues:
1. A system that also provides cooling isn’t allowed under the heat pump government grant.
2. You might actually need planning permission for this
3. Especially in a humid environment like the uk, you can end up with condensation and damp issues, which you really don’t want in an underfloor slab install
If you also want cooling, better to go an air-air based system (aka air conditioning)
The situation with respect to condensation: look at historical data for the dew point during the summer season. That as low as you can get. For example, I'm in The Netherlands and our system is set to 18 degrees Celsius.
The amount of cooling this way is limited. Though the nice thing is that it tends to keep the house cool. There is no cold airflow.
With respect to government grants. Sometimes you can buy units that can only heat to get the grant. But a simple change enables cooling after the unit is installed.
You can also just look up what the dew point is on any particular day, and adjust your temperature.
In general, if you want to save money, you should set your aircon to the highest temperature you can tolerate. We typically operate at 26-28C at home here in Singapore, and our dew point is typically between 24-26C.
The modest reduction in air temperature from 30-33C outside feels amplified, because the aircon also reduces humidity. We also rely heavily on ceiling fans.
If their working fluid is water, you are right. But most aircons work like fridges, and their pipes don't transport 'cold' by literally having a cold fluid, but by having an ambient temperature fluid that they turn into a gas inside your interior aircon unit (and then later turn back from a gas into a liquid on the outside unit).
The actual pipes are always at pretty much ambient temperatures.
> 3. Especially in a humid environment like the uk, you can end up with condensation and damp issues, which you really don’t want in an underfloor slab install
You only end up with condensation issues, if you cool below the dew point.
Here in very humid Singapore our dew point is typically at about 24-26C. If you set your aircon to no less than 26C here, you never have any problems with condensation.
(Any old weather reporting website or app will tell the dew point. Apparently right now as I am writing this comments, it's 12C in London.)
This. The cost of installing and upgrading a big old drafty Victorian house to a COP 4+ efficiency where the running costs actually beat oil/gas would have a break even point way past the end of my lifetime.
Nope, it's very simple. Just don't try to heat up water to heat the house. Use an aircon. In fact, their efficiency is even better. 4+ is already standard, 5+ is good and there are even models that go beyond 6.
Only problem can be if you have a lot of tiny rooms - in that case it's expensive to install everything.
Those figures are for the unit itself. It takes a lot less energy to heat air than it does to heat water, but water retains heat for much longer.
What matters is the SCOP for the system as a whole.
In a traditional Victorian house with a fireplace in every room, radiant heat will provide far greater efficiency than a forced air system, in which all of that warm air will literally go straight up the chimney.
> What matters is the SCOP for the system as a whole.
That's exactly what my numbers are.
They are the efficiencies for moving the heat-energy from the outside air into the inside air, assuming constant 20 degrees celcius indoor temperature and a specifically weighted outdoor temperature (there are multiple types of SCOPs, depending on the climate-zone and I was refering to the moderate one as it is present in most of middle Europe).
Whether you transfer the heat from the outside air (or some other medium) into the indoor air or into the indoor water does not matter - except that for the latter, you will need to consider that the water has to still transfer the heat to the indoor air, so you need to know how hot the water will have to be to calculate the SCOP correctly for your house.
> In a traditional Victorian house with a fireplace in every room, radiant heat will provide far greater efficiency than a forced air system, in which all of that warm air will literally go straight up the chimney.
What kind of "efficiency" are you even talking about? Can you please provide a definition and some example calculation? Otherwise it's meaningless to discuss.
This doesn’t surprise me. I found an information exposure vuln on the user registration endpoint a while ago (given a phone number of an authy user who had previously registered via another customer, retrieve all other numbers/devices/timestamps, email addresses and other info for that user).
> Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint
Revocation for random domains is kind of a moo point as chrome doesn’t do OCSP default, just CRLsets that are pushed out with browser releases, that probably won’t include your domain.
I checked two domains registered through Cloudflare about a week ago and both have 1-year certificates issued by Sectigo, valid until May 2025. Never enabled DDoS protection or any other features besides editing DNS records.
some air-water heat pumps _can_ run in cooling mode, but speaking to a heating engineer the other week he recommended not doing this for exactly this reason.