I am sure there are many organizational reasons, but the mere existence of a first-party “fix search engine results” app implies that personalized search must be broken for enough people to warrant its creation.
It's not just bad, it's a fundamental failure of security. The effect is the same as a password that can't be changed. It might still be possible for users to manually delete active sessions in some Google account management page, but nobody in the world would expect they'd need to do that after changing their password.
I worked on a product that rotated the TLS certificate frequently. And it actually showed up a number of times in questions from customers or vendor security questionnaires about whether we rotated the certificates and how that happened.
But what we were never asked was whether old certificates were cancelled... which in that system they were not. So it didn't matter how many times we rotated our secrets, any old or leaked secret in a backup or elsewhere was still completely valid. But we had met the security theater that those rotations happened.
So I expect what you do, is that changing a password would cancel all sessions using that credential. But that's kind of hard to do, so we'll just leave that side buggy and untested, because we did the important part of the theater that said we can change passwords.
But a (public key) certificate is not a public key. A cert is a public key A (to private key a), signed by another key b, of which public key B is known. To rotate a cert means resigning the public key A (which is still derived from the same private key a).
Ah, so basically just renewing before it's due, that makes sense. For some reason it didn't occur to me that rotate could mean that too.
This does still leave the problem of the old certs being valid though. This only makes sense as a security practice if the certs are short-lived, which theirs apparently weren't. If the certs live much longer than the rotation window, this really is just security theatre.
I do think thaumasiotes has a point and GP's company probably misinterpreted the rotation requirements and short lifespans were implied in the requirement.
> If the certs live much longer than the rotation window, this really is just security theatre.
That's very true.
> and GP's company probably misinterpreted the rotation requirements and short lifespans were implied in the requirement.
Or GP didn't know that the company was indeed using short expiration times, and somehow confused it with certificate revocation (called "cancelled" in the post).
It's technically possible to reuse it, but letsencrypt / certbot do not reuse it by default. You have to go out of your way and do extra work to reuse a CSR when renewing a cert.
The original poster didn't mention LE or anything else that uses ACME. It's pretty easy to reuse a key in a bespoke PKI setup; the X.509 builder APIs that I've used make it trivial. Which doesn't make it a good idea, of course.
> But what we were never asked was whether old certificates were cancelled... which in that system they were not. So it didn't matter how many times we rotated our secrets, any old or leaked secret in a backup or elsewhere was still completely valid. But we had met the security theater that those rotations happened.
Huh? You haven't "rotated" your credentials until the old ones are invalidated. Adding new credentials isn't a rotation.
I've hacked into your account and changed your password. Should all your cookies mean nothing for when you try to regain access to your account? Similarly, should knowledge if your old password contribute nothing towards allowing you back into your account?
Which is more trustworthy, the same device/cookie I've seen logged into the account for the last <duration of retention period>, or some new one that just reset the password?
I won't pretend to understand Google's mechanisms or intentions, nor the workings of this exploit, but surely it is more complicated then simply invalidating all prior info upon password rotation?
It's bad because when someone suspects unauthorized access to their account, the first thing anyone recommends is to change your password. If the old cookies keep working, changing your password doesn't help.
The easy and widespread solution to this issue is simply to ask the user if they would like to log out their other devices when they change their password.
I doubt google needs to use this as a feature for tracking.
Even if we argued that this was for tracking purposes, google could keep the cookie for tracking and just deny access to the services until a login flow was completed.
That assumes high chronic diseases from other things causing high health care costs. What if we got rid of most chronic diseases? Most are caused by lifestyle but they’ve become topics we just don’t talk about. They’re taboo.
I wish the OP a speedy return of their money but this sounds spot on. This is an edge case the Marcus customer support state machine does not handle and it will need the assistance of someone empowered to make Serious Decisions to resolve.
Right now they are probably trying to figure out when exactly they banked someone who was no longer a US person and what the consequences are.
A credit score is determined by your loan totals/history.
Every lender needs to assess credit-worthiness in some way, and they resort to the very similar schemes, with minor procedural differences based on cultural factors and historical accident.
Except that credit scores in the US include things such as evictions and credit card use, scores going down if you repay a loan in full and other bullshit, which a random bank determining your credit worthiness in France doesn't do. They ask for proof of income, check with Banque de France if you have outstanding debts or if you have failed debt payments, and that's it.
Of course there's no requirement, but everyone knows that paying off a loan early can, in some circumstances[0], lower your credit score. Nobody is taking the time to look into your score and see why it was 810 last month and is 780 this month. They just use the 780 and move on, so it can absolutely affect the rate you get, and whether you get approved or not. No creditor is overriding a denial because they spent time investigating your recent score change.
[0] Usually the credit score is a measure of how likely you are to hold credit over time. It is not a "how good are you with money" or "how much money do you have" score, it is a "how likely are you to pay this back under the agreed-upon terms" score. Part of that score is the mix of different credit types, so if you pay off your final installment loan (e.g. car, house, private loan, student loan), your mix of credit types just went from N to N-1, hence a temporary, minimal drop. This is also why paying something off early can negatively affect it (in certain models, but I don't think this happens much anymore). This is always used by people to explain how credit scores are stupid and evil and idiotic and evil and stupid, but its effect is always overblown, and your score almost always rebounds within a few months.
If Solar provides up to 90% of CA’s peak capacity, why is electricity here so monstrously expensive? Shouldn’t it be nearly the lowest cost because there is no need to pay for fuel?
The most cost-effective form of solar power is utility scale solar farms. In 2012 California was installing those faster than it did last year. Hover over the chart in this article to see the year-over-year changes:
As toomuchtodo mentioned in another comment [1], the cost of solar declined 89% in the past decade. California's installed base is weighted toward older, more expensive solar power installations because it started installing solar power sooner and more rapidly than other states. That's compounded by California's slowdown in utility scale solar farms added in recent years. Texas is about to surpass California on installed solar farm capacity and Texas's solar generation will be cheaper because those farms have been built more recently with lower cost solar hardware.
I would appreciate data to the contrary, but the accounting in your first claim doesn't seem right to me. Behind the meter rooftop solar should be the most cost-effective because no new distribution is required nor is any land use change required.
The National Renewable Energy Laboratory has charts and reports showing US system prices per installed watt for residential solar and utility scale solar with single axis sun tracking:
In 2010, the cost-per-watt was a little more than 2 dollars higher for residential solar than for utility scale solar ($8.70 vs $6.54). In 2022, residential was still a little more than 2 dollars higher ($3.16 vs $1.06), but since system costs have plummeted, that means the ratio now favors utility scale installations much more dramatically.
You can see in the charts that "Soft Costs - Other" remains persistently high for residential solar. That includes things like permitting and inspection. A 100 megawatt solar farm requires permitting and inspection too, but it's much less cost than the 10,000 permits and inspections required for equivalent capacity distributed across residential rooftops. The other big difference evident from 2010 to 2022 is that residential solar inverter costs are still significant whereas the inverter costs have become practically invisible in 2022 for large solar farms. More aggressive price competition and increasing unit capacity have proportionally lowered the inverter costs much more for large solar farms.
The cost per megawatt hour generated is actually even more imbalanced in favor of large solar farms than these cost-per-watt charts show. You can't use solar tracking on rooftops. Solar farms with single axis tracking to follow the sun's position generate more energy per year than equivalent wattage installed in fixed positions on rooftops. Average rooftop systems are also less frequently cleaned than ground level solar farms. Not only does rooftop solar cost 3 times as much per installed watt, it also generates maybe 30% less energy per installed watt per year.
Two issues I see missing from NREL's analysis: land use and distribution.
I don't see a cost attributed to land in there. It's free for residential because it's already put to use, but not so for utility-scale and probably hard to estimate broadly. Environmental impacts of that land use should also be accounted for in addition to direct land acquisition cost and/or leasing. Solar generation does not have land impacts when placed on a roof. That land is already "disrupted" and therefore allocated for human use.
Either way, labor is now the dominant piece of the cost for residential, and it's obvious that one-off small jobs in high-price metros are more expensive than a crew operating in rural areas. An accounting looking strictly and materials + labor is going to heavily favor utilities, but it doesn't capture the full picture.
Yes, you cherry-picked an under-regulated market with cheap land. Not to mention that cheap land is usually further from metro areas and thus requires more distribution costs. Either way, as I mentioned land acquisition cost does not fully encapsulate the environmental costs of covering large tracts of natural land with panels.
I looked in online real estate sites recently and found $1000/acre land within a few hours of NY City. Land is quite cheap.
I hope you are spending your time attacking farming, which uses orders of magnitude more land than PV (and will even in a PV-powered world) and delivers orders of magnitude less economic value per unit of land.
Yea if you look at your bill a lot of the cost is not in generation, it’s in transmission. We’re paying for the grid mostly, upkeep and PGE/SCE profits.
Wholesale electricity prices are based on the marginal cost of electrical generation. As a result, wholesale costs will generally be driven by the cost of natural gas generation.
1. How much "area under the curve" comes from _up to_ 90% of _peak capacity_. If it read "50% of annual consumption", I might be more inclined to ask your same question.
2. It doesn't necessarily follow that free fuel == cheaper power. I'm not at all familiar, but I imagine building, operating, and maintaining a solar plant could be expensive, perhaps even more expensive than a coal plant, for all I know.
The best way to measure this is from the CO2 emissions estimates. These fell by about 23% from 2018 to 2023[1], implying that renewables have displaced about one quarter of fossil fuel inputs. However, it should be noted that nobody really knows the true denominator of energy demand, because distributed small-scale solar production adds up to an unknown quantity.
In the spring and summer seasons California routinely hits over 100% of demand generated from renewables at some point in a given month. CAISO, which does not cover the entire state, says that in June about 47% came from renewables. Last June it was only 37%.
Because you still have to pay for enough fossil fuel generators to power the grid AND the solar and wind subsidies, because the latter can't supply power all the time. If every solar setup had to provide guaranteed minimum power 24/7 for 30 days, then you'd see the true cost is much higher because they would need to directly pay for a mostly-idle power plant, instead of the very inefficient way we do now (brinkmanship of grid stability and occasional massive spikes in wholesale cost).
In WA we pay more for "fish mitigation" than all other hydro-related costs. I expect CA has similar money pits.
Transmission, paying for PG&E starting wildfires and the resulting settlements, paying for living wages for folks working at PG&E living in monstrously expensive places, paying for debt and the rest of the power generation infrastructure.
They don’t mean 90% during peak demand. They mean at most solar makes up 90% of our generation. This would occur 11a-2p. Peak demand is 5-7 pm, and it’s twice as high as the midday load and it’s met by huge natural gas turbines that run a few hundred hours per year.
> > why is electricity here so monstrously expensive?
This is in line with why are we replacing fossil fuels with solar.
It was never a quality of life play, it's some sort of altruistic effort / dumbness deciding to be the suckers kind of thing.
California for sure cares about them Californians who'd be alive 150 years from now more than those who are alive right now. Actually not even that, given that the atmosphere is one for everybody, they care more about Indians and Chinese who'd be alive 150 years from now than Californians who struggle and are 'alive' right now.
> Actually not even that, given that the atmosphere is one for everybody, they care more about Indians and Chinese who'd be alive 150 years from now than Californians who struggle and are 'alive' right now
Given that the atmosphere is one for everybody, comparing by country does not make sense because some countries have more people than other countries.
It makes sense to identify who are the fools and who are the wiseguys.
Like the solar panel industry which was jumpstarted with immense subsidies by Germany, EU and the US and now is 99% a Chinese industry manufacturing product. Amazing.
And EVs will be too, once the smoke clears we'll be lucky if we are left with just the brand and the cult of personality of Tesla, while everything else will be manufactured in China.
Probably because AC is newer. Home heating has been seen as a necessity for generations, so most people have had it, while there are still plenty of people who lived without AC for large chunks of their life.
Plus there's the San Francisco factor. AC is simply not necessary there most of the time for most people. Even when it is hot, it is usually hot/dry, and tends to cool down at night. Thus there are many people here who think AC is a needless luxury everywhere because they personally do not need it.
I think this is huge. Extreme heat kills more Americans than hurricanes, tornadoes, or extreme cold. However, the people it kills tend to be poor and far away from the political and cultural power centers in the US.
Active cooling is too expensive and too unreliable for most of the human population. It's cheaper to pour a concrete slab foundation for thermal mass and/or clear the airflow beneath the house, plant some trees, and insulate a roof than it is to install an AC and run it every summer.
Plus, if there's a power outage but you live in a house that's naturally cool, the heat won't reach unlivable levels. Hot weather can set off cascading failures in infrastructure: demand rises as everyone's AC kicks in, equipment fails in the heat, fires start, workers at power plants find it difficult to cope with the heat, etc. Passive cooling increases the resilience of the population.
AC isn’t bad but it encourages inappropriate construction techniques.
If you’re in the southeast us, traditionally buildings would have awnings, good airflow, etc. Now, cookie cutter commercial construction is a sealed box that relies on HVAC for temperature and moisture control.
Ditto in the north - until energy prices started climbing buildings like hotels were built as large footprint 1-2 story buildings to save capital costs. (Less structural costs, no elevator) Those buildings are impossible to afford heat nowadays, so you’re seeing more multi-story hotels and apartments.
I think it's mostly just the common trend of eco-virtue-signaling these days. Why focus on technological progress when you can just generate a lot of outrage with trigger words like "climate change" and the like?
It's worth noting that refrigeration is over a century old now.
It's not people who give a shit about climate change who are saying that air conditioning is bad.
Maybe you'll find a lone crazy to validate the persection complex that compels such a mendacious post, and you'll definitely get a little mild "do you really need it at 66F in June?" rhetoric and I'm sure that hits conspicuous consumers right in the feels that definitely matter just as much as reality does--but on the other hand, it is also precisely the folks who care about such things who push for cooling stations and other ways to symptomatically address the worsening heat waves in urban areas, because heat kills and it kills the poor and the old preferentially.
It isn't those awful hippies who have a problem with air conditioning--it's the people who wish that those people (and poor people! lest we forget!) would conveniently disappear. For other people, of course. Those positing that people should just Tough It Out aren't doing so themselves.
AC isn't just for the heat, it also controls humidity. Yesterday where I live it was 27C and 80% humidity.
In the day I was mowing the lawn and after 10 minutes sweat was dripping from my forehead (I'm not that unfit). Then I took a cold shower, and after 30 minutes I was swsaty again from the humidity. When I went to bed I switched on the AC...
I find 35C+ in dry regions much more comfortable than this, especially if you have an old stone building that acts as big thermal mass to keep the inside comfortable during the hottest parts of the day.
Italian here. In many places they don't just turn on AC when not needed, but even do that the wrongest possible way: while leaving shop doors open w/ no air barriers. No idea of the reasoning behind that practice, but I often see shops doing that, especially coffees. Do they think customers won't in if they see transparent doors closed?
As a result, their power bill will probably be huge, but having also fridges and blast chillers, electric stoves, espresso machines etc. working all day, that might go overlooked. I've heard somewhere in the EU there are harsh fines for shops using AC while keeping doors open, but sadly that's not the case here.
> No one seems to complain about the environmental impact of home heating in cold climates.
Humans chose to migrate to those climates tens of thousands of years ago when they had no other choice. They arrived to escape conflict, tension, or in search of more resources.
Then they survived in those climates with literal stone age technology, and struggled, but persevered for thousands of years. Finally, in the last 100 years they managed to get comfortable with modern technology.
Asking them to move is asking them to give up hundreds of generations of genetic adaptation, and cultural integration with their location.
On the other hand, the places that people are critical of are those that have expanded dramatically in population only in the last 50 years - places that have never supported significant human populations, but suddenly were able to due to:
* Air conditioning technology
* A sudden, but now expiring, era of cheap fossil fuels.
We're talking about places like Saudi Arabia, Phoenix, Las Vegas, and so on.
These places never supported significant human populations the way that "Northern Europe" has, and is only now able to BECAUSE of AC technology.
I have seen an article about how home heating uses significantly more energy than cooling, though heat pumps should help that some. There is also a lot of money and rhetoric going into insulation and air sealing to make home heating more efficient.
Different techniques are needed for hot climates, but I sure as heck don’t see a disproportionate attention on AC vs heating. It all falls under building energy usage, which is a substantial consumer of primary energy worldwide.
I think because in many places in the past people coped fine so there is a scare that this AC popularity will increase energy usage.
You are correct that Heating in cold climates probably is worse. AC has the advantage that the load matches sunny summer weather. At least in Europe - Asia and Eastern USA the humidity at night is an extra problem.
The US and Denmark are the two well known jurisdictions with fixed rates for the loan term (typically 30 years in the US).
Refinancing happens when rates go down.
Yes, this does mean lenders take a lot of interest rate risk. The whole US government mortgage securitization and insurance infrastructure exists to help transfer this risk to people who want it.
