"This item is now discontinued." I wonder if this incident is the reason (or if it simply sold out in the aftermath).

> They also implemented AES with S-boxes in pure JavaScript (no bitslicing), which adds a cache-timing leak. Yay.

From the DEKRA security review certificate [1]: "Proven implementations of cryptographic primitives." is marked as a pass... (I also couldn't find a way to verify the authenticity of this certificate).

[1] https://appdefensealliance.dev/reports/com.mess.engerx_17179...

If you're buying modern phones and expect the charger to also be used with your future phone, I'd look for a USB PD capable power supply with PPS support. (Edit: Many of the phone makers that are listed as having proprietary technologies support PD on newer phones. Since the EU mandates USB PD, I would expect the vast majority of new devices to support it at least well enough that you won't need anything else.)

Rather than 10 of a given charger, consider a smaller number of GaN chargers with multiple ports, but be aware that many of the "smart" ones will reset all ports if any port is reconnected or renegotiates. I have a "smart" charger capable of outputting 100 W on one port or some mix of wattages on multiple ports (mainly for travel), and a "dumb" multi-port charger that I use both for slow charging of phones and for powering IoT devices that I don't want to be reset. The latter simply has multiple USB-A ports, which lets me charge almost anything - either with an A-to-C cable, or A-to-whatever-that-device-needs (either Micro-USB, Mini-USB, or something proprietary).

Good advice thank you. Makes me think maybe a slow charging set up by the bed and a fast charger down in the living room / kitchen / for travel.

Then maybe another slow charger for all those miscellaneous things around the house.

It boils down to applying a carefully controlled charging voltage (higher than the current battery voltage) to the battery. I would assume that the voltage is adjusted to achieve a specific charging current.

With PPS (programmable power supply), AFAIK the phone will typically ask the charger for a voltage twice as high as it wants to send to the battery, possibly a bit more to compensate for losses in the cable, then halve that with a highly efficient charge pump (https://en.wikipedia.org/wiki/Charge_pump).

The best (most "gentle") way of charging a battery would likely be a phone that is intentionally not trying to fast charge, connected to a PPS-capable power supply. This would minimize losses and thus heat within the phone without charging the battery faster than necessary. I suspect that the difference to charging off a non-PPS charger is negligible in practice.

Wireless charging creates a lot of waste heat, which isn't great for the battery.

The problem with that is that this is often not a real choice. You don't get to pick individual properties, you get to pick from a (usually pretty small) selection of products which bundle a lot of properties together, and these annoyances are usually not deal-breaking enough to cancel the other reasons why you are using that product.

Often, there simply is no respectful alternative because everyone is doing it, or the respectful alternative is utterly useless due to other issues, or the disrespectful platform is the exclusive distributor for some content that you really want to access.

The platforms/apps know this and generally get more abusive the less alternatives you have.

You might be surprised to learn just how much technology and entertainment you can live without.

> so their customers can obtain data about your usage

I can't prove it, but I suspect selling data is a very minor consideration in the appification of everything.

Aside from there actually being people who like that kind of thing (and them apparently being more common than people who like physical forms of self-flagellation), the main benefit of appifying everything is the opportunity to sell you "value-add services", aka sell you a subscription for the hardware you already bought.

I've been in the room when the decision was made to app-ify things. The revenue stream is 100% of the point.

The data revenue stream or the subscription revenue stream?

How much revenue can you get from knowing when someone was doing their laundry?

Both, plus the captive advertising revenue stream. If you can push ads during the laundry app, or do tie-ins where a given detergent enables some bullshit feature...

Replying to myself here. I just found myself shopping for a washer and dryer, and indeed, ran across one that takes manufacturer-branded detergent cartridges and offers to order more, right in the app, when they run low.

It can use third-party detergent by manually adding it at the start of the cycle, but adding some _during_ the cycle (which ultimately uses less) is only supported if using their cartridge.

I wish I was making this up.

I'm sure there's at least one VPN service that has US IPs and takes Monero.

Which is fine for the attacker here. All they need is to hit the login endpoint from an IP that's geolocated to the US. They don't mind if it's possible to trace it to their Russian IP. And that's roughly all that the VPN service sees. I explicitly mentioned Monero because I believe that when used properly, it wouldn't add any extra information.

Mullvad

The blogpost mentions "I guess it's always good to have another SDR just to confirm that we're not polluting other frequencies." and they have an RTLSDR which probably could serve as a good enough spectrum analyzer for this use case?

You're trying to transmit (only) on e.g. 433 MHz, but you actually transmit on 433 MHz and a bell curve around it.

so, severe LO clock drift?

Not exactly, the transmitted power tends to be centered on the frequency you desire, but there are unwanted harmonics off the center frequency. Its like having a fire hose that hits the desired target with water (something on fire), but it also hits everything else around the target in a large radius as well which may be very sensitive to water (precious art, high power transformers, etc)

> the theory being that warming up a cold house in the morning costs more energy than maintaining a stable temperature

This is only true if the heating happens quickly and the system is less efficient when heating quickly. Otherwise, this doesn't make sense from a physics standpoint. A temporarily lower temperature differential means less kWh of heat lost.

This is a whole research topic, my PhD in fact!

FWIW I run my heat pump intermittently and with locally-smart TRVs that get to call for heat centrally, and a weather compensation only flow temperature curve, and it WORKSFORME!

https://www.earth.org.uk/heat-pump-16WW-control.html

Fascinating read.

Certainly feels like I'd need PhD from it to successfully install, modify, calibrate and run the installation until its fully adjusted, for the peak comfort and minimum cost/dirty energy use.

I enjoyed reading this, thank you.

\o/

I think that maintaining a stable temperature means warm walls/floors/furniture and potentially cooler air temperature, as opposed to a cold house with intermittently warm air. Most people can feel comfortable at a lower thermostat (air) temperature if the walls etc are warm due to maintaining a stable temperature. I don't have calculations or references, YMMV.

Heating systems generally are more efficient when they need to output less power. Whether that cancels the increased heat loss seems to be a question that can’t be answered in general.

>Otherwise, this doesn't make sense from a physics standpoint. A temporarily lower temperature differential means less kWh of heat lost.

This topic comes up anytime thermostats and heating are mentioned. The physics arguments only makes sense if you don't care about comfort. Most people would rather optimize for comfort with some energy/cost savings if possible and the physics folks seem to not care about comfort at all.