Connect with us

Gadgets

Ember’s Mug 2 and Travel Mug 2 extend your coffee temperature sweet spot – TechCrunch

Published

on

One of the world’s most static technologies may be the humble mug, but startup Ember decided it was time for a change when they introduced their temperature-controlled smart mug to the market in 2016. Now, the company has launched its Ember Mug 2 — a follow-up that keeps the concept and design intact, but that improves the lineup in some key ways.

There are two separate new second-generation Ember mugs — the Ember Travel Mug and the Ember Mug, designed for home and office use. Both add extended battery life, thanks to swapping its old battery technology with “the most advanced battery technology on the market,” and both gain new redesigned charging coasters, while the Travel Mug 2 gets a new control interface for adjusting the temperature of the beverage within, and it’s a bit lighter while holding the same volume.

Ember Mug 2 (from $99.95)

This sequel to Ember’s home mug comes in black, white and a pricier copper version, as well as in two sizes: 10 oz and 14 oz. Like its predecessor, it features an internal heating element and battery, Bluetooth connectivity for smartphone control from the Ember app and a durable ceramic coating.

The Ember Mug 2 has a customizable LED that shows you when it’s working, and that you can change to whatever color you wish, which is handy if you have a couple of these in use in one household. In order to set your desired temperature, you pair it with an app on your phone (a quick and painless process).

Ember will send you notifications when the liquid within reaches the desired temperature. I’ve long used one of their first-generation products, and the one thing I found was that on my three-a-day coffee schedule, sometimes my third cup would end up cold, because the battery, while decent, would run out before my appetite for caffeine did.

Enter the sequel, which offers up to 50% better battery life than the original version. It’s hard to quantify, as the speed with which I drink my coffee differs day to day, but I will say that in testing I haven’t seen the low battery warning before I was long done actually drinking coffee for the day. In short, if you make sure to pop the mug back on its charging coaster every evening, you should have plenty of juice for a full day of use the next day without any sense of mug range anxiety.

Ember Travel Mug 2 ($179.95)

Ember Mug and Travel Mug 2 5The Travel Mug 2 gets a slight redesign, as well as battery improvements. Whereas Ember used a physical dial to control temperature adjustments without requiring you to use your phone on the last generation, now there’s a touch-sensitive area on the cup just above where the body expands out toward the top. You can slide your fingers around this to increase or decrease the temperature of whatever you have within.

This tweak is likely what allowed Ember to slim down the design while keeping the internal volume (12 oz) the same, so that it’s a bit more lightweight and travel-friendly than before (while also offering as much as three hours of battery life). Ember also took the auto sleep and wake features that it introduced with the original Ember ceramic Mug and brought them to the Travel Mug 2, meaning that it’ll turn itself on and off automatically depending on whether it detects liquid inside, or motion from being picked up, to extend battery life even further.

Ember Mug and Travel Mug 2 7The design of the Ember Travel Mug 2 is top-notch, with a smooth matte surface and hand-friendly design, along with clear, easy to red LED displays that just disappear when not in use. The bottom display shows current temperature, as well as an indicator of remaining battery life, and you can add a custom name to show for avoiding confusion if there are multiple Travel Mugs in use.

Bottom line

Ember’s follow-up hardware to its initial lineup isn’t a dramatic change — but the collection didn’t need a major overhaul because it gets so many things right. The added battery life in the new generation is great, and the appeal remains the same: If you’re a coffee or tea fanatic and don’t love returning to a lukewarm or cold cup, then this is the stuff for you.

Could you opt for a vacuum-walled mug or travel tumbler? Absolutely, and the Zojirushi lineup of insulated travel mugs will keep liquids hot for days. But Ember’s home mug is without peer for actually keeping things hot in an open-top design, and the Travel Mug’s ability to actually adjust and increase temperature on the fly is also a unique value proposition that can’t be matched by any passive insulation.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Gadgets

More top-tier companies targeted by new type of potentially serious attack

Published

on

Getty Images

A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.

The latest attack against Microsoft was also carried out as a proof-of-concept by a researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by contrast, were malicious, but it’s not clear if they succeeded in executing the malware inside their networks. The npm and PyPi open source code repositories, meanwhile, have been flooded with more than 5,000 proof-of-concept packages, according to Sonatype, a firm that helps customers secure the applications they develop.

“Given the daily volume of suspicious npm packages being picked up by Sonatype’s automated malware detection systems, we only expect this trend to increase, with adversaries abusing dependency confusion to conduct even more sinister activities,” Sonatype researcher Ax Sharma, wrote earlier this week.

A slick attack

The goal of these attacks is to execute unauthorized code inside a target’s internal software build system. The technique works by uploading malicious packages to public code repositories and giving them a name that’s identical to a package stored in the target developer’s internal repository.

Developers’ software management apps often favor external code libraries over internal ones, so they download and use the malicious package rather than the trusted one. Alex Birsan—the researcher who tricked Apple and the other 34 companies into running the proof-of-concept packages he uploaded to NPM and PyPi—dubbed the new type of supply chain attack dependency confusion or namespace confusion because it relies of software dependencies with misleading names.

Software dependencies are code libraries that an application must incorporate for it to work. Normally, developers closely guard the names of dependencies inside their software build systems. But Birsan found that the names often leak when package.json files—which hold various metadata relevant to a development project—are embedded into public script files. Internal paths and public scripts that contain the require() programming call can also leak dependency names.

In the event the file with the same name isn’t available in a public repository, hackers can upload a malicious package and give it the same file name and a version number that’s higher than the authentic file stored internally. In many cases, developers either accidentally use the malicious library or their build application automatically does so.

“It’s a slick attack,” HD Moore, co-founder and CEO of network discovery platform Rumble, said. “My guess is it affects a ton of folks,” He added that most at risk are organizations that use large numbers of internal packages and don’t take special steps to prevent public packages from replacing internal ones.

Raining confusion

In the weeks since Birsan published his findings, dependency confusion attacks have flourished. Already hit by a proof-of-concept attack that executed Birsan’s unauthorized package in its network, Microsoft recently fell to a second attack, which was done by researchers from firm Contrast Security.

Matt Austin, director of security research at Contrast, said he started by looking for dependencies used in Microsoft’s Teams desktop application. After finding a JavaScript package called “Optional Dependencies,” he seized on a way to get a Teams development machine to download and run a package he put on NPM. The package used the same name as a module listed as an optional dependency.

Shortly after doing so, a script Austin put into the module started contacting him from several internal Microsoft IP addresses. Austin wrote:

Whether the responses I saw were automated or manual, the fact that I was able to generate this reaction poses significant risk. By taking advantage of the post-install script, I was able to execute code in whatever environment this was being installed on. If attackers were to execute code the way I did on a build server for a desktop application update that was about to be distributed, they could insert anything they wanted into that update, and that code would go out to every desktop using Teams—more than 115 million machines. Such an attack could have monumental repercussions, potentially affecting as many organizations as the massive attack on the SolarWinds software factory that was revealed in December.

He provided the following figure illustrating how a malicious attack might work under this theoretical scenario:

Contrast Security

A Microsoft spokeswoman wrote: “As part of our larger efforts to mitigate package substitution attacks, we quickly identified the issue mentioned and addressed it, and at no point did it pose a serious security risk to our customers.” The spokeswoman added that system that executed Ausin’s code was part of our security testing infrastructure. Microsoft has more about the risks and ways to mitigate them here.

Attacks turn malicious

Like the packages uploaded by Birsan and Austin, the thousands of files that flooded NPM and PyPi have mostly contained benign scripts that send the researchers the IP address and other generic details of the computer that runs them.

But not all of the uploads have observed such restraint. On Monday, Sonatype researchers reported files uploaded to NPM that attempted to steal password hashes and bash script histories from companies including Amazon, Slack, Lyft, Zillow.

A .bash_history file being accessed by the package uploaded to npm.<br />
Enlarge / A .bash_history file being accessed by the package uploaded to npm.

Sonatype

“These activities would take place as soon as a dependency confusion attack succeeds and would need no action from the victim, given the nature of the dependency/namespace hijacking issue,” Sharma, the researcher at Sonatype, wrote.

Bash histories, which store commands and other input that administrators type into their computers, often contain plaintext passwords and other sensitive data. Files stored in the /etc/shadow path of Linux machines store the cryptographic hashes of passwords needed to access user accounts on the computer. (For hashes to be compromised, the NPM app would have to be running in super user mode, an extremely elevated set of privileges that are almost never given to software management apps.)

Sonatype said it had no way of knowing whether the files were executed by any of the companies targeted by the scripts.

The targets respond

In a statement, Slack officials wrote:

The mimicked library in question is not part of Slack’s product, nor is it maintained or supported by Slack. We have no reason to believe the malicious software was executed in production. Our security team regularly scans the dependencies used in our product with internal and external tools to prevent attacks of this nature. Additionally, Slack’s secure development practices, such as using a private scope when using private dependencies, make it unlikely that a dependency-related attack would be successful against our product.

A Lyft statement read: “Lyft was not harmed in this attempt.There is no indication that this malicious software was executed on Lyft’s network. Lyft has a dedicated information security program to defend against such supply chain attacks and runs an active bug bounty program to continuously test its security controls.”

Zillow officials wrote:

We are aware of the recent security report involving a possible attack involving spoofed software packages. After an investigation by our security team, we found no evidence that our systems were compromised or exploited by the disclosed technique. Our team is also taking a number of actions to monitor and defend against any future possible attempts to gain unauthorized access to our systems.

NPM representatives, meanwhile, wrote: “We’ve provided guidance on how to best protect against these types of substitution attacks in this blog post. We’re committed to keeping npm secure and continuing to improve the security of the ecosystem.”

Amazon representatives didn’t respond to an email seeking comment. A representative for PyPi didn’t immediately have a comment.

The recent hack against network tools provider Solar Winds—which compromised the Texas company’s software build system and used it to distribute malicious updates to 18,000 customers—was a stark reminder of the damage that can result from supply-side attacks. Dependency confusion attacks have the potential to inflict even more damage unless developers take precautionary measures.

Continue Reading

Gadgets

Microsoft adds Startup Boost, Sleeping Tabs to Edge build 89

Published

on

Enlarge / We’re not sure why Chromium-based Edge’s branding seems so thoroughly wet.

Microsoft

This week, Microsoft announced several more features trickling down to Edge Stable from its Beta insider channel. These features include Startup Boost, Sleeping Tabs, Vertical Tabs, and a more navigable History dialog. The company also announced some welcome interface tweaks to Bing—which Microsoft insists on categorizing as Edge features, but these items seem to apply equally to Bing in any browser so far.

If you’re not familiar with Microsoft Edge’s release and download system, there are three Insider channels (Canary, Dev, and Beta) that represent daily, weekly, and six-weekly updates in increasing order of stability. New features debut there before eventually making their way into Stable, where normal users will encounter them.

If you’re a Windows user, you can’t actually download new builds in the Stable channel directly. Instead, you must either look for them in Windows Update or navigate to edge://settings/help in-browser and ask Edge to check for updates to itself. If you’d also like to check out the Edge Insider builds, you can do so safely—they won’t replace your Edge Stable; they install side-by-side, with separate icons on your taskbar making them easy to distinguish.

Startup Boost

When we updated Edge Stable to Build 89, we found Startup Boost (shown here as "Continue running background apps") and Sleeping Tabs already enabled.
Enlarge / When we updated Edge Stable to Build 89, we found Startup Boost (shown here as “Continue running background apps”) and Sleeping Tabs already enabled.

Jim Salter

Edge’s new Startup Boost feature is pretty simple. Instead of killing all processes when you close the browser, it leaves a minimal set open and running. Microsoft says that these always-on background processes decrease Edge launch times—whether opened from an Edge icon or opened automatically as an association with hyperlinks from other applications—by 29% to 41%.

Microsoft also says that the background processes have very little impact on CPU and memory footprint of the system as a whole. The new feature is enabled by default in Edge Stable Build 89, but if you don’t like it, you can disable it on your system—go to edge://settings/system and disable Continue running background apps when Microsoft Edge is closed.

Sleeping Tabs

Edge’s new Sleeping Tabs feature automatically puts tabs to sleep—building upon Chromium’s “tab freezing” feature—after two hours of background status without interaction. You can adjust this timeout period manually if it’s not right for you, and Edge also uses heuristics to detect cases when sleep might be inappropriate (for example, tabs that are streaming music in the background).

You can see which tabs have gone to sleep due to their faded appearance in the tab bar; clicking a sleeping tab wakes it up and brings it back into the foreground. To our disappointment, there’s no option to right-click a tab and put it to sleep manually yet—all you can do is wait for the browser to do it for you after a sufficiently long inactivity period.

Vertical tabs

Behold, vertical tabs in action.

Vertical tabs—a feature we first reported nearly a year ago—finally made it to release this week in Edge Stable 89.

Modern displays generally have nearly twice as much horizontal screen real estate as vertical, and arranging tabs, application icons, and so forth across the display’s horizontal axis rather than its vertical makes more efficient use of the working space you have.

Edge certainly isn’t the first application to notice this fact—Ubuntu began using a vertical application launcher (its equivalent to the Windows taskbar) by default almost 10 years ago, for one example. We’ve found that the more efficient use of screen real estate is a great idea, but many users have an immediate, strong negative reaction to such a basic change to their navigation concepts.

Probably for that reason, Microsoft left the default tab bar orientation horizontal. If you’d like to browse like it’s 2021, though, the new vertical tab bar is a single click away—as is putting it back the way you found it.

History Hub

History Hub in action.

Edge’s new History Hub is another welcome UX update, and it’s simpler to use than it is to describe. Navigating to History from the hamburger menu (or hitting the Ctrl+H hotkey) opens your browsing history as a drop-down menu rather than a full page.

The drop-down History menu also has a stickpin icon on its upper right—clicking the pin dynamically resizes the browser pane, making room for a persistent, pinned History pane to its right. The History pane remains in place and is visible as you navigate the web, whether through links in pages or clicking the History links themselves. This makes it much easier to find what you’re looking for in the recent past.

Bing updates

Rounding out the goodies this week, Microsoft announced some updates to how it displays search results. These updates were also billed as Edge improvements, but when we checked bing.com in Google Chrome on a Linux workstation, we saw the same results there.

Local search results in Bing will begin showing stickpins on a map, dynamically updated as you browse them. This makes it easier to sort your search results by geographical area—which isn’t always as simple as “what’s closest” or “what’s furthest away.” This feature isn’t fully implemented yet; Microsoft says it will be fully available in the US in the coming weeks.

The search engine is also adapting its search results contextually when it understands the broad category of what you’re searching for in the first place. Carousel results for recipes now include dynamically updated panes showing caloric information alongside the picture and meta text of the recipe, for one example. Documentary film search results are another good showcase for this update. They pop up in tiles showing box art, title, and little else; hovering over each tile slides open further detailed information about the film.

Finally, educational searches may give more easily digestible, infographic-style returns instead of the simple dense-text based output we’ve become familiar with in the last two decades. It’s not clear exactly what topics will or will not receive the infographic returns or how those are generated, but Microsoft showcases the result of a Bing search for “giraffe animal” as one example.

Continue Reading

Gadgets

Visual Studio Code now runs natively on M1 Macs

Published

on

Enlarge / The 2020, M1-equipped Mac mini.

Samuel Axon

Microsoft has released a new version of source-code editor Visual Studio Code that runs natively on Apple Silicon Macs like the MacBook Air, MacBook Pro, and Mac mini models with Apple M1 chips.

The change came in Visual Studio Code 1.54 (now 1.54.1 thanks to a bug fix update), which is available as a universal 64-bit binary, as is standard for apps with Apple Silicon support. That said, Microsoft also offers downloads for x86-64 and Arm64 versions specifically, if desired.

There are no differences in features between the two versions, of course. And the non-Apple Silicon version worked just fine on M1 Macs previously via Rosetta, but Microsoft says M1 users can expect a few optimizations with the new binaries:

We are happy to announce our first release of stable Apple Silicon builds this iteration. Users on Macs with M1 chips can now use VS Code without emulation with Rosetta, and will notice better performance and longer battery life when running VS Code. Thanks to the community for self-hosting with the Insiders build and reporting issues early in the iteration.

Other key features in Visual Studio Code 1.54 include the ability to retain terminal processes on window reload, performance improvements in the Windows version, product icon themes, improvements when viewing Git history timeline entries, and various accessibility improvements.

This is the latest in a slow march of productivity and power user apps that have launched native Apple Silicon versions, such as Adobe Photoshop. But many popular apps are still not native, including Visual Studio Code’s IDE sibling, Visual Studio 2019 for Mac.

However, native Apple Silicon support is expected to come to Visual Studio 2019 for Mac with .NET 6, which is expected to ship in November. The first .NET 6 preview was distributed last month.

Many makers of development and creative production software have committed to releasing Apple Silicon versions of apps, including Adobe and Unity. But others, like Autodesk, haven’t made much noise about Apple Silicon support yet.

Apple is expected to shift its entire Mac lineup to the new architecture by the end of 2022. Reports citing people familiar with Apple’s plans have indicated that more Apple Silicon-based MacBook Pros are coming this year, as well as significant redesigns for both the iMac and MacBook Air, which will also have Apple Silicon chips.

Continue Reading

Trending