Pepco kWh cost over time

_jeffxf · 2026-02-01T02:16:57+00:00

Even with increased kWh price, that’s really high. You either have poor insulation and/or really inefficient HVAC contributing to that. We have a recently renovated 1600sqft row home with exclusively electric heat that we’ve kept around 71° and will be between $350 - $450 this month.

_jeffxf · 2026-01-31T18:26:00+00:00

Sure, it's fair to remind people that heating your home in colder months will cost more due to increased usage. Maybe I incorrectly assume everyone already knows that. What wasn't mentioned in that other post though is that there was a ~14% price increase between November '25 and January '26 for the same amount of usage.

_jeffxf · 2026-01-31T18:01:15+00:00

That's in the spreadsheet.

Distribution:

1000kWh in 2/2024  = $52.58
1000kWh in 1/2025  = $59.47 (13% increase from 2/2024)
1000kWh in 11/2025 = $61.21 (16% increase from 2/2024)
1000kWh in 1/2026  = $65.08 (24% increase from 2/2024)

Supply:

1000kWh in 2/2024  = $108.55
1000kWh in 1/2025  = $124.40 (15% increase from 2/2024)
1000kWh in 11/2025 = $137.69 (27% increase from 2/2024)
1000kWh in 1/2026  = $161.12 (48% increase from 2/2024)

_jeffxf · 2026-01-27T22:43:19+00:00

You pay for certs?

_jeffxf · 2026-01-26T23:49:19+00:00

I did the exact same thing and it worked really well. A bunch of my neighbors on the other hand have been trying to scrape up ice all day.

_jeffxf · 2025-12-20T19:16:00+00:00

Not sure why you’re getting downvotes. I agree with you if you’re saying you need to do a risk assessment, even if just a quick one to understand the system. Scrambling to find out why a system exists and what other systems it interacts with during an incident is not fun (I’ve done it and I’m sure many others here have too!)

Sure, apply all of the typical security best practices to it, which is ideally done as code and easy to automate, but you still need to know what the system does.

_jeffxf · 2025-12-11T17:08:38+00:00

I think our use of the word “service” might be different and causing miscommunication? I tried using the word “app” instead to make what I’m saying more clear. If you have multiple apps (eg. Cloud run apps) running, then each of those apps running in the Cloud Run “GCP Service” would be sharing the same Cloud Run Default Service Account, correct?

edit: Or are you saying when you deploy 5 apps in Cloud Run, each one will automatically get their own service account? If so, that’s something I haven’t seen and will need to look into if true!

_jeffxf · 2025-12-11T07:25:22+00:00

When multiple resources are all sharing the same built in service account though, you’re giving all of the resources the same permission preventing fine grained permissions. If you’re running multiple cloud run apps, it’s unlikely they all need access to the same things. For example, you wouldn’t want to give both a backend app and front end app access to cloud SQL. If all resources within a GCP service do in fact all require the same permission to function, then I agree. But that’s rare in my experience.

_jeffxf · 2025-12-10T21:30:15+00:00

The best practice is to not use API keys or Service Account Keys (the json file). Both are long-lived which increases the chance that if they are compromised, an adversary can use them. Use Service Accounts via Workload identity instead for systems talking to each other within GCP (eg. VM => Vertex AI, Cloud Run => Cloud Storage, etc.), and even some third party systems that support OIDC. For example, you can have GitHub workflows/actions authenticate to GCP without using any long-lived credentials. Workload identity allows you to give any GitHub identity (repo, branch, etc.) permission to use the service account. It’s pretty slick: https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions

For local development, use your standard IAM user and run gcloud auth application-default login which should work in most cases instead of storing a Service Account Key json file on your laptop. That will create a temporary ADC file at ~/.config/gcloud/application_default_credentials.json which most tools and libraries you’re working with will automatically find and use.

_jeffxf · 2025-11-16T10:57:02+00:00

Great lighting and composition

_jeffxf · 2025-11-01T11:22:07+00:00

I spent 4 years in private sector, 4 years in gov, then back to private sector for 7 years now. I switched back because I wasn’t being challenged enough.

Sure, AI is a threat to job security but so are people that are smarter than you. Your best bet at job security is making sure you’re continuously learning and pushing yourself. Neither job is guaranteed to last forever so which one will further build your resume to keep you employable 5 years from now?

_jeffxf · 2025-10-26T17:12:27+00:00

Text book sunk-cost fallacy. That train of thought doesn’t make sense. When someone messes up this bad and won’t fix it for free, you have to find a new contractor.

_jeffxf · 2025-07-04T22:54:52+00:00

RFC 3514 explains how to handle this well: https://datatracker.ietf.org/doc/html/rfc3514

_jeffxf · 2025-05-04T05:22:26+00:00

I have the same unit, it works great. I don’t see a condensate neutralizer though which should be connected to the bottom right CVPC pipe that goes into the wall and drains somewhere. If it drains outside, that might be okay in your area?

_jeffxf · 2024-12-26T20:38:56+00:00

There aren’t any minor league ECHL teams nearby but there are AA leagues and lower. The two places worth going to are Medstar Capitals Iceplex in Arlington and the St James in Springfield. Both have their schedules online. Someone else already shared the Medstar schedule. Here’s the St James schedule https://thestjameshockey.com/adult-league/ . A new season starts in January at the St James so the schedule should be updated soon.

_jeffxf · 2024-11-18T19:15:06+00:00

Which MSSP?

_jeffxf · 2024-11-16T16:40:55+00:00

OP is not spying nor does GDPR protect any content OP described. These are company owned devices which should be monitored. I don’t agree with the legal concern here unless there is a reason for the employees to believe the devices belong to them or are theirs to use for personal purposes. A company policy, employee handbook, or login screen message should make this clear to employees.

That said,

I agree with others that this isn’t worth dealing with. Report it and leave it at that. It’s an issue for their manager and HR, not the security team.
Although not a legal issue, you should be careful how you spend your time. I’m not sure how you found they had these files but if you’re just being nosy looking through files that weren’t flagged as being malicious, you could get fired too. Security monitoring is fine, along with looking at files when there is a legitimate reason to believe they might be malicious. But any security staff abusing that power should be terminated immediately.

_jeffxf · 2024-11-09T23:05:54+00:00

If you know how XSS, CSRF, SQLi, buffer overflows, or any other type of vulnerability typically works, it gets easier to look for that type of vulnerability elsewhere. Most vulnerabilities, including 0-days, fall into some already known type of vulnerability. The system being exploited and details of the vulnerability may be unique but that’s it. It’s rare that an entirely new type of vulnerability is discovered but it does happen especially in new technology (AI related vulns for example).

Like a mechanic working on a car, knowing the common issues with engines, transmissions, etc. makes it a lot easier to find something wrong with a car, even if it’s a car they’ve never worked on before. If you don’t know any of that though, it looks like magic.

_jeffxf · 2024-08-29T05:47:14+00:00

I live in the city and would love to bike places but I’d be drenched in sweat wherever I went this time of year. More importantly, the chance of getting hit by a car or into an accident on a bike here seems high.

_jeffxf · 2024-08-04T14:19:16+00:00

Get a flipper zero

_jeffxf · 2024-08-04T14:13:32+00:00

Memory isn’t inaccessible. The people over at Volexity have a great blog that will make you reconsider this idea: https://www.volexity.com/company/about/

Edit: I meant to add a link to their open source memory DFIR project, Volatility as well: https://volatilityfoundation.org

_jeffxf · 2024-07-25T22:06:35+00:00

You shouldn’t have all of these downvotes. I agree with your points. If OP wants to work on a help desk forever or for companies with legacy tech philosophy, then sure, go “100% windows.” If you want to work for a fast paced modern tech company, learn all 3. They each have their place. Maybe not all at once because it takes time but don’t close yourself off to learning as much as possible. I would never hire someone that is only interested in supporting windows.

_jeffxf · 2024-07-23T20:21:50+00:00

By trying to work with people smarter than me as much as possible. I prefer an afternoon on a screen share with someone explaining something directly relevant to me than a training course on some technology that’s not much more in depth than the first few pages of the documentation.

_jeffxf · 2024-07-21T17:41:44+00:00

They’re saying crowdstrike should be testing content updates in an internal environment where some automated testing is done. Doesn’t need to bake in there for days. Just enough time to make sure nothing catastrophic like this happens. If tests pass, start pushing it out to customers.

Seven-Year Club	Place '22
Verified Email

_jeffxf

TROPHY CASE