Save Money With These Wifi-Enabled Smart Watering Devices

Smart watering devices are here, and now is exactly when to install them to save money as we head into August. Most of the major players in the sprinkler space like Hunter, Orbit and Rainbird have released smart watering devices, from sprinkler timers to hose timers. Having tried them out for the last year, I can attest that they’re all pretty awesome, but you have to mix and match to get the best out of them.

What is a smart watering device?

Until a few years ago, sprinkler timers went off at set times, rain or shine. Generally a little hard to program, they were reliable and in some cases, came with a “rain delay,” which meant you could hit a button and delay the sprinkler for a day or two if you knew water was about to fall from the sky. Then came timers for your hose, which allowed you to run a sprinkler or hose with roughly the same controls—set a timer and punch a button for a rain delay.

But in 2023, every major player in the sprinkler market has dived into smart systems, and with some gentle comparison, you can use these improved smart watering devices to save money and save yourself from having to race to the timer in the rain and fight spiders to turn your sprinkler off.

Smart devices have two differences from regular non-smart devices. First, they can be controlled by your phone, and let’s not kid around, you can’t undersell this benefit, since no one likes to nose around in a spider-filled box outside, particularly in the rain, which is when you usually need to hit “rain delay.” Online interfaces are easier to use than the button UI on most timers. While these apps allow you to create schedules, just as the timers do, they also allow you to control the sprinklers manually, like a remote. So you can independently turn on one zone for a one-time watering. The second benefit is that some of these timers can actually predict how much watering you’ll need based on the weather, and adjust your watering accordingly.

The difference between bluetooth and wifi enabled smart timers

Smart timers come in two flavors: bluetooth and wifi. Bluetooth timers generally do not require a hub, but require that you be within range of your timer to control it with your phone. To do so, you’ll use an app; every single player in this space has multiple apps, and they don’t often play well with each other. Remember, with a bluetooth device, you can’t control it when you’re away from home. Go on vacation and see that it’s raining—and you can’t turn the sprinklers off.

Once you add a wifi hub to a wifi-enabled device, you get two benefits. First, you can access and control the timer remotely, like when you’re away from home. The second and best reason to use wifi is that it allows the timer to speak to a local weather station, so the timer can choose whether to water or not based on hyperlocal weather.

---

Check out these smart sprinkler timers:

Smart hose timers:

---

Smart wifi timers and evapotranspiration

Being a simple human, I see water falling from the sky and think, “rain good.” My smart timer is, well, smarter. It understands that water not only falls from the sky, but is transferred back to the atmosphere from the ground based on the weather, and the name for that is evapotranspiration.

It uses the local weather to calculate how much to water based on rain, moisture in the air and water leaving the ground. What’s more fascinating is to see how many hyperlocal weather stations there are—I have one mere blocks away. It’s useful to have a weather station nearby, since you have microclimates even within your neighborhood, and all of these smart timers access private weather stations, not just public ones, so you’re more likely to find one nearby. To find out your local weather stations, go to Wunderground and search for your closest station.

Smart sprinkler timers cost about the same as traditional sprinkler timers

For all the functionality they bring, you’d think smart timers would be much more expensive, but they’re all still pretty affordable. An eight-zone timer by Hydrawise is $108, the exact price as their traditional timer, without wifi functionality. Rachio, which also offers an eight-zone wifi controller, is $186. They don’t cost more to install, either, because the installation is precisely the same.

Configuring one of these devices takes 10-15 minutes, and can be handled by any layperson. You generally download an app, connect the wifi hub to the app, and then connect the device to the hub. If you’ve ever used a smart device, you’ll find this comparable.

Mix and matching systems

In my front yard, I’m using a Hunter Hydrawise timer, and have been very happy with it. This year, I wanted to add on a smart timer in my backyard to my hose. I was shocked to learn that even though Hunter had a smart hose timer, it would use a completely different app than my timer in the front yard. Without the benefit of sharing an ecosphere, I figured I might as well go with any hose timer I wanted. Ultimately, I kept the Orbit B-hyve system, which, just like my Hydrawise, connects to a local weather station and is controlled via wifi, not bluetooth. I chose it because I could control two zones instead of only one. B-hyve allows for much more fine tuning of the smart timer, running you through questions about what kind of watering devices you’re using, what the soil is like, and what you’re growing.

from Lifehacker https://ift.tt/ISEfoim

This Refurbished MacBook Air Is $300 Right Now

You or your kid might just need a functional laptop for school, and this refurbished Apple MacBook Air is on sale for $299.99 until August 13, just before back-to-school time.

The 2015 MacBook has a 13.3-inch widescreen LED-backlit display and a native resolution of 1440x900, and it’s equipped with an Intel Mobile Core i5 “Broadwell ULT” processor running at 1.6GHz that can be turbo-boosted to 2.7GHz. It’s obviously outdated and not as fast as a brand-new MacBook, but it can run basic productivity apps like Microsoft Office and has 4GB of RAM, an Intel HD Graphics 6000, and 256GB SSD storage. Connectivity options include standard AirPort (802.11ac) for wireless internet access and Bluetooth 4.0.

This MacBook Air weighs 2.96lbs and is 12.8 inches long. On a full charge, the battery can last up to 12 hours with up to 30 days on standby. The “B” refurbished rating means it might have some superficial signs of wear-and-tear, but they’ll be light and limited to faint scratches, scuffs, or dents, and they don’t affect performance. (It also comes with a black snap-on case that can cover them.)

You can get this refurbished MacBook Air on sale for $299.99 until August 13 at 11:59 p.m. PT, though prices can change at any time.

from Lifehacker https://ift.tt/7qVazsd

How AI Is Used to Scam You (and What You Can Do About It)

This post is part of Lifehacker’s “Living With AI” series: We investigate the current state of AI, walk through how it can be useful (and how it can’t), and evaluate where this revolutionary tech is heading next. Read more here.

There’s a lot of hype around AI, and just as much fear. But anxiety over pie-in-the-sky scenarios involving sentient robots and supercomputers obfuscates the real threats that already exist, like AI-assisted scams.

AI introduces new scams, and enhances old ones

Scammers, hackers, and other malicious actors use AI in many ways, but the ultimate goal is usually the same as other online schemes—to get you to click on fake links or download malware that can steal your personal data, take over your accounts and devices, or spy on you. While the goals are the same as the phishing and malware scams we’ve seen for decades, AI tools can make the job easier by creating more enticing—or threatening—reasons to click those malicious links.

A growing threat is training an AI tool to replicate the likeness of friends or family members using voice recordings, then using those fake voice clips to dupe a victim into thinking their loved one needs them to send money or grant them access to important accounts. Similarly, hackers can program a chatbot using public information and social media posts to send personalized messages or emails claiming to be someone it’s not. In extreme cases, scammers use these tacts to scare people into thinking someone they know has been kidnapped and held for ransom.

Another tactic is using AI-generated content—like fake political articles and social media posts—to rile someone up and get them to click on a dangerous link, or blackmailing victims with deepfake pornography. There are even fake AI-written job listings out there.

The technology is already sophisticated enough to trick people, especially those not looking close enough, and AI-generated content will only become more believable as the technology develops. Unfortunately, no current laws or regulations exist preventing or penalizing the creation and distribution of deepfakes, AI-made misinformation, or the tools used to make them.

How to protect yourself from AI scams

That means the onus is on the general public to keep themselves safe. While this can be difficult—it only takes a few seconds of a voice recording to train an AI—there are still ways to spot and prevent these scams.

If you ever receive a call, email, or text message from someone claiming to be a person you know in danger, you should immediately reach out to the person through the phone number or email address saved in your contacts to confirm that really was them that called. Do not do anything until you know for sure.

As for AI-generated images or video, the best thing to do is scan the image for inconsistencies. AI images might be convincing at a glance, but will reveal errors upon closer inspection, like extra fingers, missing body parts, or incorrect proportions, to name a few. AI videos will have similar issues, and motion may look jittery, glitchy, or warped.

Another strategy is to perform a reverse image search: Drop the image into Google to see if that image, or others like it, exist and are credited to legit photographers, artists, or publications. Some AI art generators post all images made with their tools online, so you can see if the image came from a source like Midjourney.

Otherwise, the methods for avoiding AI-assisted scams are no different from preventing common phishing and malware attacks:

• Don’t take calls from unknown phone numbers.
• Don’t click on suspicious links.
• Double-check messages are coming from a legitimate source.
• Don’t log into random websites with your social media, Google, or Apple accounts.
• Don’t give your personal data or login information to anyone over the phone or online, even if they claim to be an official representative of a company, bank, or social media website.
• Make unique passwords for every account you use.
• Always report any suspected scams.

This isn’t a comprehensive list, but following these strategies can help keep you safe. Be sure to check our guides on avoiding online scams and other internet privacy strategies for more tips.

AI grifters and false advertising

While scammers using AI is a major concern, there’s also a second, broader category of AI scams, one that I alluded to in the intro: AI hype.

Like with any exciting new technology, companies are eager to jump on the AI hype train. We’ve already seen an increase in “AI-powered” products and features, like the AI tools added to Bing and Google search. But that boom in interest is also attracting grifters that will use AI—or our fears of it—to sell you bullshit. The same thing happened with cryptocurrency and NFTs in recent years, and now it’s happening with AI. Don’t get suckered.

One of the best ways to safeguard yourself is to learn how AI works, and what it is—and is not—capable of. The term “AI,” meaning artificial intelligence, isn’t actually what these AI tools actually are, anyway. That would imply these are sentient beings capable of thinking and reasoning. They’re not, and anyone implying their products—or anyone else’s—are somehow “alive” are misguided or lying to you.

That said, plenty of grifters will use more mundane and realistic claims to sell you on whatever AI-adjacent schemes they’re running—like claims you could make tons of money as a freelance writer, coder, or graphic designer using their AI tools. Not only is passing off AI-generated content as your own unethical, but it’s also unwise.

Tools like ChatGPT or Midjourney only work because real humans made the text or art they reference, and often without consent or compensation. There’s no mind in these AI tools, and therefore no experience, memory, or skill informing its output. In other words, they plagiarize, and often poorly, so there’s no way to guarantee an AI-generated article is true unless someone else edits it.

That’s not to say these tools aren’t impressive or that they’re entirely useless. The point is, AI can do a lot of things, but it’s not magic, and it’s not perfect. The next time you hear a claim about a new AI product that sounds too good to be true, chances are it is. Don’t fall for it.

from Lifehacker https://ift.tt/Ls0JqYp

Why Our Laws and Regulations Aren’t Ready for AI

This post is part of Lifehacker’s “Living With AI” series: We investigate the current state of AI, walk through how it can be useful (and how it can’t), and evaluate where this revolutionary tech is heading next. Read more here.

Generative AI tools like ChatGPT seem to be on the verge of taking over the world, and the world has been scrambling to figure out how to respond. While there are some laws and regulations in place around the globe that seek to reign in and control this impressive technology, they are far from universal. Instead, we need to look toward the future to see how AI will be handled by governments going forward.

AI is essentially running wild right now

The situation at present is, for lack of a better phrase, not great. The movement to regulate artificial intelligence isn’t keeping pace with the technology itself, which is putting us in a precarious place. When it launched, ChatGPT was fascinating and fun to test out. Today, it and other large language models are already being used by companies to replace labor traditionally done by people.

Consider the example of G/O Media, Lifehacker’s former parent company. Without informing editorial staff, the company recently published AI content on several of its digital media sites, including tech magazine Gizmodo. That content was riddled with mistakes that knowledgable writers would not have made and which would have been easily identified by editors—but since their input or opinions weren’t considered, the articles went up with misinformation and stayed up.

AI as we understand it in mid-2023 is a particularly novel case. It’s tough to think of the last time a technology has captured the attention of the world in quite this way—maybe the iPhone? Even blockchain technologies like NFTs and the metaverse didn’t take off nearly so quickly. It’s no surprise, then, that AI has also caught lawmakers with their pants down. Yet legitimate warning bells have been sounding about AI for years, if not decades. If the tech came faster than we thought, that doesn’t excuse the lack of forethought in our laws and regulations in the interim. Like a plot twist out of The Matrix, the robots have staged a sneak attack.

But lamenting our lack of foresight isn’t exactly a productive way to deal with the situation we’ve found ourselves in. Instead, let’s take an objective look at where we stand right now with laws and regulations to control this technology, and how the situation could change in the future.

Laws and regulations governing AI in the U.S.

Land of the free, home of the robots. As it stands, the U.S. has very few laws on the books that regulate, limit, or control AI. If that wasn’t the case, we might not have the advancements we’ve seen from companies like OpenAI and Google over the past year.

What we have instead are research and reports on the subject. In October of 2016, the Obama administration published a report titled “Preparing for the Future of Artificial Intelligence” and a companion piece, “The National Artificial Intelligence Research and Development Strategic Plan,” which highlight the potential benefits of AI to society at large, as well as the potential risks that must be mitigated. Important analysis, no doubt, but clearly not convincing enough for lawmakers to take any decisive action in the following six years.

The John S. McCain National Defense Authorization Act for Fiscal Year 2019 established the National Security Commission on Artificial Intelligence, which, you guessed it, produced additional reports on the potential good and bad aspects of AI, and their advice for what to do about it. It dropped its final, 756-page report in 2021.

At this point, the official policy aims to help the development of AI technology rather than hinder it. A 2019 report from the White House’s Office of Science and Technology Policy reiterates that, “the policy of the United States Government [is] to sustain and enhance the scientific, technological, and economic leadership position of the United States in AI,” and that, “Federal agencies must avoid regulatory or non-regulatory actions that needlessly hamper AI innovation and growth.” It also lays out 10 pillars to keep in mind when considering AI regulation, such as public trust in AI, public participation in AI, and safety and security.

Perhaps the closest thing we have to administrative action is the “AI Bill of Rights,” released by the Biden Administration in 2022. The informal bill includes five pillars:

• “You should be protected from unsafe or ineffective systems.”
• “You should not face discrimination by algorithms and systems should be used and designed in an equitable way.”
• “You should be protected from abusive data practices via built-in protections and you should have agency over how data about you is used.”
• “You should know that an automated system is being used and understand how and why it contributes to outcomes that impact you.”
• “You should be able to opt out, where appropriate, and have access to a person who can quickly consider and remedy problems you encounter.”

In addition, the White House has a set of blueprints to ensure these pillars help the public use and understand AI technologies without being taken advantage of or abused. This gives us a glimpse into what AI regulation might look like, especially if the Congress in power proves sympathetic to the White House’s views.

All these reports trend in a positive direction, but at this point, they’re also mostly talk. None spur lawmakers to act; they more gently suggest that someone do something. You know, eventually.

We do have seen some action, though, in the form of hearings. (Congress loves to hold hearings.)

Back in May, OpenAI CEO Sam Altman and two AI experts went before Congress to answer questions on potential AI regulation. During the hearing, lawmakers seemed interested in ideas like creating a new agency (potentially an international one) to oversee the development of AI, as well as introducing a licensing requirement for those looking to use AI technologies. They inquired about who should own the data these systems are trained on, and how AI chatbots like ChatGPT could influence elections, including upcoming 2024 presidential race.

It hasn’t been that long since those hearings, but, still, we haven’t made much progress since.

Some states are introducing their own AI regulations

While the federal government doesn’t have much regulation in place at the moment, some states are taking it upon themselves to act, albeit with a light touch—mostly in the form of privacy laws issued by states like California, Connecticut, Colorado, and Virginia that seek to regulate “automated decision-making” using their citizens’ data.

There do exist laws for one area of AI technology—self-driving cars. According to the National Conference of State Legislatures, 42 states have enacted laws surrounding autonomous vehicles. Teslas are already on the road and driving themselves, and we’re closer than ever to being able to call an autonomous vehicle, rather than a human driver, to deliver us to a destination. But that’s no replacement for laws and regulations controlling AI in general, and on that front, no state, nor the federal government as a whole, has substantial regulations in place.

International views on AI regulation

AI regulation is somewhat further along in other parts of the world than it is in the U.S., but that’s not saying a great deal. For the most part, governments around the world, including those of Brazil and Canada, have done similar work to investigate AI’s potential benefits and drawbacks, and, within that context, how to regulate it in the best way possible.

China is the only major player on the world stage actually aiming to get laws regulating AI on the books. On Aug. 15, rules drawn up by the Cyberspace Administration of China (CAC) will go into effect that apply to AI services available to citizens. These services will need a license, will need to stop generating any “illegal” content once discovered and report the findings accordingly, will be required to conduct security audits, and to be in line with the “core values of socialism.”

Meanwhile there’s the E.U.’s proposed Artificial Intelligence Act, which the European Parliament claims will be the “first rules on AI.” This law bases regulation of AI on the technology’s risk level: Unacceptable risks, such as manipulation of people or social scoring, would be banned. High risks, such as AI in products that fall under the EU’s product safety legislation or AI systems used in things such as biometric identification, education, and law enforcement, would be scrutinized by regulators before being put on the market. Generative AI tools like ChatGPT would need to follow various transparency requirements.

The EU Parliament kicked off talks last month, and hopes to reach an agreement by the end of the year. We’ll see what ends up happening.

As for ChatGPT itself, the technology has been banned in a handful of countries, including Russia, China, North Korea, Cuba, Iran, and Syria. Italy banned the generative AI tool as well, but shortly reversed course.

For now, it seems, the worlds’ governments are mostly playing wait and see with our coming AI overlords.

from Lifehacker https://ift.tt/tYvk2iO

New persistent backdoor used in attacks on Barracuda ESG appliances

The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway (ESG) appliances.

Barracuda ESG zero-day exploit and backdoors

In late May, Barracuda warned that attackers have been exploiting the (then zero-day) vulnerability in Barracuda Networks’ ESG physical appliances.

As previously specified by Mandiant, the threat actors then set up a reverse shell backdoor on the appliances, which they used to download the SEASPY backdoor, along with additional malicious payloads (SALTWATER, SEASIDE).

“SEASPY is a persistent and passive backdoor that masquerades as a legitimate Barracuda service. SEASPY monitors traffic from the actor’s C2 server,” noted the CISA advisory alert.

“When the right packet sequence is captured, it establishes a Transmission Control Protocol (TCP) reverse shell to the C2 server. The shell allows the threat actors to execute arbitrary commands on the ESG appliance.”

After initial attempts to address the vulnerability by releasing a patch or by urging customers to implement mitigations, Barracuda finally issued an urgent action notice advising them to replace their ESG appliances as soon as possible.

A new malware variant

CISA has identified a new malware type on the compromised ESG appliances, which has been dubbed SUBMARINE.

“SUBMARINE is a novel persistent backdoor executed with root privileges that lives in a Structured Query Language (SQL) database on the ESG appliance,” the Agency noted.

“SUBMARINE comprises multiple artifacts—including a SQL trigger, shell scripts, and a loaded library for a Linux daemon—that together enable execution with root privileges, persistence, command and control, and cleanup.”

The Agency says that this malware poses “a severe threat for lateral movement” and has provided indicators of compromise and YARA rules defenders can use to detect it, the other backdoors, and the exploit payload in their environments.

from Help Net Security https://ift.tt/pnNsP49

How the best CISOs leverage people and technology to become superstars

What separates superstar CISOs from the rest of the pack is that they are keenly aware of the burgeoning threat landscape and the cybersecurity skills shortage, but they don’t give in to despair. Instead, they use their existing assets to great effect, including tapping into a hidden source of strength that is critically overlooked as a security resource: their development teams.

In the era of DevSecOps hype, it’s common to say that security is everyone’s responsibility. But there are limits to what untrained and unmotivated workers – especially those who don’t work in IT – can do to make their organization more secure against cyberthreats.

For example, in the real world, travelers at a busy airport should feel responsible for reporting an unattended bag sitting alone in a suspicious location. However, they aren’t trained to inspect that bag to look for threats or empowered to take any actions on their own. At a company, it’s one thing to make everyone aware of cybersecurity, and another to educate them to make their organization more secure within the context of their role or to use the defensive tools they already have in place to counter threats and squash vulnerabilities.

For that, companies need to invest in upskilling. It’s far better, and oftentimes easier, to invest in the talented, loyal staff that are already a part of your organization than to try and hire new people from the outside. But even then, putting those learning resources in the best place to get the required results is key.

Developers already understand IT since they write much of the code for the programs being used by their organizations. And they are often ready, willing, and able to upskill in cybersecurity to help make them even more amazing at their jobs. Smart CISOs are tapping into that enthusiasm and providing developers with the education pathways they want and need, with the payoff being a reduction in common vulnerabilities (not to mention less pressure on overworked AppSec personnel).

Making sure developers get the right upskilling and support

The best CISOs know that upskilling is critical to success. But not just any training will do, especially for the development community who already have a good baseline understanding of IT. A “check-the-box” program won’t offer much return on investment and will likely frustrate developers into poor performance and a lifelong hatred of working with security teams.

Likewise, any solution that impedes their workflow, fails to stay agile with enterprise security goals, or cannot deliver the right education at the right time in an easily digestible format, is unlikely to result in foundational security awareness or skills.

Other secrets of superstar CISOs

Exemplary CISOs are also able to address other key pain points that traditionally flummox good cybersecurity programs, such as the relationships between developers and application security (AppSec) teams, or how cybersecurity is viewed by other C-suite executives and the board of directors.

For AppSec relations, good CISOs realize that developer enablement helps to shift security farther to the so-called left and closer to a piece of software’s origins. Fixing flaws before applications are dropped into production environments is important, and much better than the old way of building code first and running it past the AppSec team at the last minute to avoid those annoying hotfixes and delays to delivery. But it can’t solve all of AppSec’s problems alone. Some vulnerabilities may not show up until applications get into production, so relying on shifting left in isolation to catch all vulnerabilities is impractical and costly.

There also needs to be continuous testing and monitoring in the production environment, and yes, sometimes apps will need to be sent back to developers even after they have been deployed. A great CISO, with a foot in development and security, can smooth out those relations and keep everyone working as a team.

Getting other C-suite executives onboard with better security might be an even more difficult challenge, with leadership outside the CISO and CIO normally looking at business objectives and profits before anything else. To counter that, superstar CISOs know how to show a direct correlation between better, more mature cybersecurity and increased revenue, and how it can even provide a competitive advantage against the competition.

It’s not easy being a CISO, and certainly more challenging than at any other point in history. But those CISOs who master that adversity are becoming true superstars within their companies and communities. They competently employ agile developer upskilling, champion security culture, streamline relationships between the traditional rivals of development and AppSec teams, and encourage leadership to foster a security-first approach from the top down.

from Help Net Security https://ift.tt/Ifdg59A

The race against time in ransomware attacks

Most organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID.

Despite both the rise in threats and the high percentage of respondents whose organizations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience.

In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.

Critical business data at risk due to ransomware

And it’s not just about confidence. Organizations need cyber resilience and data security capabilities in place, too—to recover data and restore business operations and to do so fast.

When asked about the threat of ransomware, 40% of last year’s respondents said “failure to recover data” worried them—even if their data was backed up. This year, 67% lack full confidence their company could recover data and critical business processes in the event of a system-wide cyberattack.

When asked how long, on average, it would take their company to restore data and business processes if a cyberattack occurred:

• 95% said it would take over 24 hours
• 71% said it would take over 4 days
• 41% said it would take over a week

And in a ransomware attack, every minute matters. The longer a business is down and its data is inaccessible, the greater the risk for serious, and often immediate, downstream impacts.

Companies open to paying ransom

When 95% can’t recover data and business processes within 24 hours, not only are organizations vulnerable, but they’re more willing to make choices that may incentivize future industry attacks. Choices that include paying a ransom.

Although paying a ransom is generally considered an action of last resort, 90% of global survey respondents said their organization would—some unequivocally, some depending on the cost consider paying a ransom if it meant they could recover data and business processes, or recover them faster.

With cybercrime predicted to cost the world $8 trillion annually ($10.5 trillion by 2025), more companies are trying to secure financial protection against losses from cyberattacks, data breaches, and other cyber-related incidents. They’re turning to cyber insurance as one of their protection strategies.

According to 87% of respondents, data and cybersecurity vendors must collaborate to provide complete and integrated anti-ransomware solutions. When vendors work towards a common goal of defeating ransomware and creating integrated solutions that support clean recovery efforts, organizations reap the benefits. Greater cyber resilience is better for them, better for the customers they serve, and better for their industries.

A comprehensive approach to data security

“It’s not a surprise that over half of organizations still struggle with securing data in the cloud. The reality is most organization’s data is scattered across different environments and varies by type,” said Tyler Young, CISO of BigID.

“Companies cannot afford to be offline and unable to maintain operations, especially for more than a day. However, the stark reality is that many organizations are vulnerable to leverage from cyber criminals because they are incapable of rapidly recovering their data and business processes when necessary,” said Brian Spanswick, CISO and head of IT, Cohesity. “Therefore, it’s no surprise that 9 in 10 respondents also said their business would consider paying a ransom to maintain continuity.”

When an organization gets hit by ransomware, and data is stolen, wiped, infected, or otherwise compromised, that organization can’t properly function until its data, processes, operations, and applications are restored. Making sure this recovery is clean, and happens fast, is critical to business resilience.

Given this reality, a comprehensive approach to data security and management is the best offense against continuing worldwide threats.

from Help Net Security https://ift.tt/tToxCfJ

The Difference Between Unplugging and Recharging (and Why It Matters)

Years into what was eventually labeled a “burnout epidemic,” there are countless books, articles, and lectures about how to buck this trend, and achieve some sort of balance in your life. Although there are some notable exceptions, most materials and resources contain the same tips and advice—including that it’s necessary for us to unplug and recharge in order to avoid burnout.

The terms “unplugging” and “recharging” are often used interchangeably, but actually refer to two different concepts. Here’s what to know.

The difference between unplugging and recharging

According to Guy Winch, PhD, the author of “Emotional First Aid” and a co-host of the “Dear Therapists” podcast, the reason many people—including himself—end up burning out, isn’t because they spend too much time working: It’s because they’re unable to stop thinking about work in their remaining waking hours.

This nonstop rumination is typically focused on what’s going wrong at work—“the upsetting things, the distressing things”—rather than anything positive, so unsurprisingly, he says it ends up being a major source of stress, and is, in no way, a productive use of our time.

We’re constantly told that we need to unplug after work, but Winch says that’s not enough to prevent or stop us from ruminating. For that, we need to recharge.

What is unplugging?

Winch uses the terms “unplugging” and “disconnecting” interchangeably, referring to taking some type of deliberate action to transition out of “work mode.” This involves setting clear boundaries—or what he calls “guardrails”—to shift your physical and/or mental state; things like changing clothes after work, having a designated work area, or ending your work day with a fake commute if you work from home.

According to Winch, technology “empowers rumination,” so he recommends refraining from checking your work email, and turning off any work-related notifications on your phone.

What is recharging?

Once you’ve unplugged or disconnected, you can move on to recharging—which Winch says involves doing an activity that “leaves you feeling energized mentally, and pleased with yourself for doing it.”

It’s important to note that recharging activities aren’t one-size-fits-all. For example, going to the gym to work out can be mentally energizing for some people, while making other people feel anxious and drained. The same is true of other recharging activities that Winch recommends, like crafting and meditation.

from Lifehacker https://ift.tt/UxyM5FY

Avoid These Mistakes When Planting Trees in Your Yard

Photo: Maria Sbytova (Shutterstock)

Though we tend to think about landscaping in terms of lawns, shrubs, and flowers, there are plenty of reasons to consider planting trees in your yard as well. Not only can they increase your home’s value by up to 15%, and decrease your energy bills by providing shade from summer sun and protection from frigid winter winds, trees can also help clean the air, and attract birds and other pollinators.

But you can’t simply dig a hole, pop a tree in, and call it a day: There are a number of factors to consider in order to be able to provide a tree with the conditions it needs to thrive. It also means avoiding these common tree-planting mistakes.

Avoid these mistakes when planting trees in your yard

Planting trees typically isn’t difficult, but it does take a bit of planning. This includes avoiding mistakes like the ones Graham Herbst of the Nebraska Forest Service (an affiliate of the University of Nebraska–Lincoln) has identified:

• Picking the wrong tree: Consider a tree’s mature height and width to ensure you have enough space for it in your yard; take a look around your neighborhood to find trees that do well in your area.
• The root ball is too small: For every inch of tree diameter, there should be 10"- 12" of root ball. Anything less than that can cause transplant shock for the tree and take much longer for it to get established.
• The hole is too small: The planting hole should be twice the width of the root ball.
• The soil is inhospitable: Extremely sandy or heavy clay soils may need to be amended to ensure that the conditions are right for the tree. Also, always have your soil tested before planting a tree, in order to determine the pH and any fertilizer requirements.
  

These mistakes, along with six more, and other valuable information on tree-planting, are available via this free, two-page downloadable PDF.

from Lifehacker https://ift.tt/KQjIMTN

Here’s When to Replace All Four Tires After Getting a Flat

Getting a flat tire isn’t just a hassle: It can also be expensive. Depending on the circumstances, and what caused the flat, it may be possible to have the tire repaired, instead of replacing it. But when that’s not an option, and you only have one flat tire, how do you know whether you can get away with buying one replacement, instead of a set of four new tires? Here’s what to know.

When you can get away with replacing one tire

Most professionals will tell you that it’s best to replace all four tires at once—even if they’re relatively new, and you only have one flat. There’s a reason for this (beyond making them making money): When you only replace one tire, it will have a different tread depth than the other three, which can impact its accelerating, braking, and cornering abilities, as well as the vehicle’s stability.

Of course, not everyone can afford an entire set of new tires at one time, and may opt to purchase a single replacement instead. According to Rick Popely of Cars.com, this is possible, as long as the other tires still have most of their tread. Here’s how he explains it:

Tread depth is measured in 32nds of an inch, and most new tires typically have 10/32 to 12/32 (5/16 to 3/8) of an inch of tread. If a car’s other tires have lost only 2/32 or up to maybe 4/32 of their original tread depth, it’s probably OK to replace just the damaged tire.

This article from J.D. Power goes into more detail about how to get away with replacing one tire.

When to replace all four tires after getting a flat

There are certain situations, however, when you really do need to replace all four tires after getting a flat, including when:

It’s a four-wheel-drive or all-wheel-drive vehicle

Cars with this feature tend to be sensitive to even minor differences in tread depth, tire diameters on an axle, and between tires on different axles. These differences can lead to a glitch in the drivetrain system.

It’s a two-wheel-drive vehicle with four worn-out tires

In some cases, it’s possible to get away with replacing two out of four tires on a two-weel-drive vehicle, as either the front or rear pair will have more wear than the other two. However, if all four tires are around 70% (or more) worn, Ryan Pszczolkowski, Consumer Reports tire program leader, recommends replacing the entire set.

The owner’s manual indicates that it’s necessary

If you’re deciding between whether to replace one, two, or all four tires, start by checking the owner’s manual. There you’ll find instructions and specifications for tire replacement, including whether it’s necessary to get a full new set.

from Lifehacker https://ift.tt/17WwOYM

Week in review: Ivanti zero-day exploited, MikroTik vulnerability could compromise 900,000 routers

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Key factors for effective security automation
In this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how automation can be strategically integrated with human expertise, the challenges in ensuring data integrity, and the considerations when automating advanced tasks.

Overcoming the cybersecurity talent shortage with upskilling initiatives
In this Help Net Security interview, Dr. Lindsey Polley de Lopez, Director of Cyber & Space Intelligence at MACH37, proposes strategies for companies, educational institutions, and governments on how to address the ongoing shortage of cybersecurity talent through the introduction of upskilling initiatives.

Inspiring secure coding: Strategies to encourage developers’ continuous improvement
In software development, the importance of secure coding practices cannot be overstated. Fostering a security culture within development teams has become crucial to ensure the integrity and protection of digital systems.

Bridging the cybersecurity skills gap through cyber range training
In this Help Net Security interview, Debbie Gordon, CEO of Cloud Range explains the concept of a cyber range, its crucial role in preparing for real-world cyber threats, and the importance of realism in cyber training scenarios.

MikroTik vulnerability could be used to hijack 900,000 routers (CVE-2023-30799)
A privilege escalation vulnerability (CVE-2023-30799) could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines.

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)
A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority (NSM) has confirmed on Tuesday.

Has the MOVEit hack paid off for Cl0p?
The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research.

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)
Apple has patched an exploited zero-day kernel vulnerability (CVE-2023-38606) in iOS, iPadOS, macOS, watchOS and tvOS.

US companies commit to safe, transparent AI development
Seven US artificial intelligence (AI) giants – Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI – have publicly committed to “help move toward safe, secure, and transparent development of AI technology.”

ZTNA can be more than a VPN replacement for application access
In the wake of increased workforce mobility, today’s organizations require more innovative, more flexible, and more secure methods of granting network and application access to their workers.

RaaS proliferation: 14 new ransomware groups target organizations worldwide
In the Q2 2023, GuidePoint Research and Intelligence Team (GRIT) tracked 1,177 total publicly posted ransomware victims claimed by 41 different threat groups.

National Cyber Strategy Implementation Plan: What you need to know
In this Help Net Security video, Kelly Rozumalski, a Senior VP leading Booz Allen’s national cyber defense business, discusses the recently published National Cybersecurity Strategy Implementation Plan (NCSIP).

A step-by-step guide for patching software vulnerabilities
Proper patch management relies on important factors like size of an organization, complexity of an IT environment, criticality of systems, and number of resources allocated to manage it all, so plan accordingly.

Average cost of a data breach reaches $4.45 million in 2023
IBM released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% increase over the last 3 years.

CISOs gear up to combat the rising threat of B2B fraud
In this Help Net Security video, ex-British Intelligence officer Alex Beavan, Head of Ethics and Anti-Corruption at Convera, discusses how fraudsters target businesses and his experiences with companies putting away millions of pounds just to write off fraud.

Enterprises should layer-up security to avoid legal repercussions
The role of CISO these days requires a strong moral compass: You have to be the one speaking up for the protection of customer data and be ready to handle uncomfortable situations such as pressure to downplay an actual breach.

Zero trust rated as highly effective by businesses worldwide
Zero trust is here to stay, with 82% of experts currently working on implementing zero trust, and 16% planning to begin within 18 months, according to Beyond Identity.

Converging networking and security with SASE
In this Help Net Security video, Omri Guelfand, VP of Product Management and SASE/Networking as a Service at Cisco Meraki, discusses converging networking and security with SASE.

SEC adopts new cybersecurity incident disclosure rules for companies
The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.

Strengthening the weakest links in the digital supply chain
In this Help Net Security video, Marc Gaffan, CEO at IONIX, discusses how businesses’ biggest cybersecurity mistake is not protecting the full external attack surface that continues to expand to include a businesses’ entire digital supply chain.

Cryptojacking soars as cyberattacks increase, diversify
Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall.

Companies are rushing into generative AI without a cohesive, secure strategy
Despite mass adoption of generative AI, most companies don’t have a coordinated strategy for deploying it or know how to assess its security—exposing them to risks and disadvantages if they don’t change their approach, according to Grammarly.

Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database
Stellar Toolkit for Exchange allows multiple exports at once, and enables you to recover data from corrupted databases or backups, along with features to export directly to a live Exchange Server database or Office 365.

New infosec products of the week: July 28, 2023
Here’s a look at the most interesting products from the past week, featuring releases from BreachRx, Darktrace, Dig Security, Panorays, and SeeMetrics.

from Help Net Security https://ift.tt/KNFUgWd

You Can Download Instructions for More Than 6,800 LEGO Kits for Free

Photo: Alexander Lukatskiy (Shutterstock)

Since the LEGO system was introduced in the mid-1950s, the sets of interlocking blocks, figures, and other pieces have been popular with people of all ages (except, maybe, the people who accidentally step on the blocks while barefoot).

In addition to providing the opportunity for creative play—allowing children to design and build their own structures—LEGO has released thousands of sets with the pieces and instructions for a specific building, design, vehicle, and countless other objects. Now, building instruction booklets for more than 6,800 different sets are available to download for free at the Internet Archive. Here’s what to know.

How to download LEGO building instructions

Created on May 29, 2023, the Internet Archive’s LEGO Building Instructions collection contains “a dump of all available building instruction booklet PDFs from the LEGO website” as of March 2023, according to the description on the site.

You can search for sets by their number or name, or simply browse the collection. At this point, it’s not possible to sort the instructions based on the date they were initially released, but you can sort them by the number of views that particular week, or since the collection launched.

Currently, the most popular instructions are the ones for the Colosseum, the Galaxy Explorer, and the cover photo of Meet the Beatles.

Additional online LEGO resources

Of course, the Internet Archive collection isn’t the only site with information about LEGO, including build instructions. A few others include:

• Peeron: An archive of instructions for all LEGO sets, downloadable as separated image files for every page (instead of a single PDF)
• Brickset: A database containing more than 18,000 sets and other items released over the past 72 years; also a database of more than 50,000 parts, obtained directly from LEGO
• Bricklink: In addition to being an online LEGO marketplace, the site also has a searchable catalog of products and pieces, and other resources
• Rebrickable: A site that will show you which LEGO sets you can build from the sets and parts you already own, including both official LEGO build instructions, as well as original user-submitted designs

from Lifehacker https://ift.tt/VRt47wz

Four Minute Books Is $40 Right Now

Book summary platforms give condensed versions of popular books, and Four Minute Books has a wide range of bestsellers with summaries that can all be finished in—you guessed it—four minutes or fewer, and it’s on sale right now for $39.99.

This lifetime subscription comes with summaries of more than 800 books and 600 audiobooks. Each summary gives you the main points of the text, plus three lessons you can take from it. Titles include recent bestsellers in a variety of genres, including personal finance, productivity, creativity, health and wellness, and mindfulness. The library is always growing, but right now you can find titles like Atomic Habits by James Clear, Rich Dad Poor Dad by Robert Kiyosaki, and Outliers by Malcolm Gladwell.

Four Minute Books Lifetime Subscription Trailer

Of course, a book summary can’t replace the actual experience of reading a good book, but sometimes you may just want to speed through the high points of a book you don’t intend to fully read. Four Minute Books summaries are short and direct, and you can get a lifetime subscription for $39.99 right now, though prices can change at any time.

from Lifehacker https://ift.tt/ymjGko0

Your Athletic Peak Is Longer Than You Think

In the world of sports, young athletes get a lot of attention: High school and college teams are full of strong, fast people. Later in life, the stereotype goes, they’ll be has-beens who can’t stop talking about that game they won or how much they benched in the weight room. But in many sports, we actually get better as we age—for at least another decade or two.

This is good news for those of us who found our favorite sports or fitness hobbies later in life, or who have simply fallen prey to the marketing of fitness as a thing only done well by young, attractive people. So when is your body really past its peak? A lot later than you think.

Peak ages for strength sports like powerlifting

When you train for a strength sport, adding muscle mass is a big part of what helps you to lift big weights and succeed in your sport. But adding muscle takes time, which gives older competitors an advantage over their younger peers±up to a point.

In Olympic weightlifting, the best athletes tend to hit their peak around age 25, which probably reflects a balance of two factors. On the one hand, youth seems to provide better explosiveness and springy, elastic tendons. On the other, muscle takes time to build. That said, plenty of weightlifters start late in life and keep getting better as they put in more training time.

In powerlifting, the average peak for world champions is 10 years later, at age 35. Without having to be as explosive as Olympic weightlifters, lifters can keep putting on muscle and still do well in their sport. It’s also possible that powerlifters start their sport later in life, meaning they’re older when they’ve finally put in enough training time to be a champion.

Don’t forget that these numbers represent a peak, not a limit. About half of elite athletes peak later than average, by definition. And your abilities don’t plummet after you hit peak age—you just don’t improve as much as you used to.

Peak ages for endurance sports like marathons

Runners tend to peak later in life depending on the distance of their sport. Olympic medalists in shorter distance events averaged 26 years old in the Tokyo Olympics, but plenty of individuals were older than that and still competitive.

Meanwhile, a recent study on marathoners found that the peak age seems to be 27 for men and 29 for women. And small studies on ultramarathoners—people who run races of more than 26 miles—have found even older peak ages. This one found that men are fastest at 39 years old, and women at 40.

Endurance cycling also favors older ages: One study found that sprinters peak at age 26, and “general classification” cyclists closer to 29. In one long-distance (447 mile!) race, winners over the years averaged age 36 for men and 39 for women. And a study on triathletes found that while Olympic-distance triathletes seem to peak around age 27, competitors in the Ironman distance (a 2.4 mile swim, 112 mile bike, and an entire marathon as the running portion) peak at age 35.

There’s hope for everybody, really

The data on peak ages reflect a lot of factors besides chronological age and training age. Female tennis players, for example, began winning at older ages as prize money for the women’s tournaments increased, making it more financially possible for players to dedicate years to the sport rather than retiring young.

In fact, if you look at Olympic athletes over time, athletes in almost all sports are competing at older ages. While there are plenty of factors that influence who makes it to the Olympics (the rule change that allowed professional athletes, for example), it does seem that elite athletes are peaking at older ages than they used to. In part, this may be because advances in training techniques and healthcare have been allowing athletes to have longer careers in their sports.

If you are a person who started sports late, it’s important to remember that training age is often more important than the number of birthdays you have had. It’s been said that the way to get stronger as you age is to start out weak. I started weightlifting in my 30s, so I’ll never have a younger, stronger memory to compare myself to. I’m now stronger in my 40s than I ever was in my 30s, so what does a theoretical “peak” age matter?

Or, to put it another way: if someone becomes a world champion at age 25, they may have started in their sport at age 15 or even 10. If you’re, say, 35, you missed that boat—but if you train hard starting now, you could be crushing your age-group opponents at age 45 or 50. And that’s true no matter your sport.

from Lifehacker https://ift.tt/9wjqILJ

Make a Chilling Tray With Two Aluminum Pans

Chilled foods in the humid, sweaty depths of summer feel like a blessing from the snack heavens. It’s the keeping them cold that’s tricky. Bury sandwiches and snacks in ice and you risk water seeping in. Coolers are functional, but a bunch of red and blue plastic bins aren’t much of a display. Leave the food unprotected, and, well, things get weird fast. Instead, you can keep enticing displays of food cool with your own nesting vessel of customized ice.

The idea (demonstrated brilliantly here on TikTok) requires two similar or identical vessels. One will hold a customized brick of ice, and the other will hold the food. Let’s say you have two disposable aluminum trays. Partially fill one tray way with water, the video recommends one-third, and freeze it. When you’re ready to use it, place the second vessel on top of the large slick of ice and fill it with your snacks. The large sheet of ice underneath chills the upper pan and your food remains cold and dry. (Keep in mind, this isn’t an infallible way to keep food safe. Always keep an eye on the time and temperature. Depending on the food, temperature, and setting, meats and dairy have one or two hours.) When the event is over, dump out the water in a cluster of parched plants.

---

Make nesting ice vessels for your next party:

---

You can do this with any twinning vessels, but it’s important that they nest and conduct energy well. Nesting containers have a smaller bottom and angled walls so the top flares out a bit. This allows the containers to stack completely inside one another. If your vessels don’t stack, the ice won’t sit flush against the base of the upper container, and you need that for the chilliest results. Metal will keep your food colder than glass, ceramic, or plastic containers because metal is a better conductor of energy.

To do this with bowls, you can make a custom-fitted “bowl” of ice. I added water to the vessel and put the second bowl on top with a weight (frozen blueberries). When I’m ready to use it I can quickly add veggie sticks to the bowl. I’ll be using this trick for summer lunch parties to keep things like wrapped sandwiches, charcuterie, shrimp cocktail, or bowls of hummus cool.

The only con is that you need ample freezer space available for multiple hours to freeze your trays and keep them there until you need them. My freezer is packed, but I managed to do this with smaller vessels. (I’m beginning to think my apartment needs a chest-style freezer.) If you need to use big trays, you can freeze them separately and nest them afterward to take up less space in the cold box.

from Lifehacker https://ift.tt/tRbiAJ3

The Best Way to Bulk Export Your Apple Notes

Apple Notes is among the best free note-taking apps out there, but it doesn’t make it easy to export notes in bulk. Whether you’re thinking of switching to another app—such as Obsidian, which has better support for Android and Windows—or just considering backing up all your notes, you’re going to need a bulk export tool to handle the job.

iCloud doesn’t count, by the way. While certainly convenient and better than nothing, iCloud is a sync service and not really a backup tool. Sure, if you lose your iPhone, you can sign into iCloud and restore your notes. But if you delete notes from one device, you’ll lose that note for good. That’s why it’s good to export your notes periodically to have a second copy of everything you’ve been scribbling on your iPhone, iPad, or Mac.

Fortunately, there is a great free Mac app to help. With it, you can easily import your notes into other apps, or just keep a copy on your local hard drive, a different cloud storage service, or your NAS.

How to bulk export Apple Notes

When you’re ready to export your notes in bulk, download Exporter from the Mac App Store. When it’s installed, open Exporter and click the big down arrow icon. You’ll be asked to select a folder to store all exported notes, and once you’ve picked it, Exporter will show a progress bar and begin downloading everything.

Once it’s done, all notes will appear in the folder you chose. Exporter neatly categorizes notes according to your own folder structure and has separate sub-folders to store images and attachments. The default export format is “md,” which stands for Markdown. This is good enough for text notes, but it doesn’t display embedded images in these notes. Those files are stored in separate folders.

If you prefer seeing images embedded within notes, open Exporter, click the Format menu in the top bar, and select HTML. Now export all of your notes and you’ll find that all of the display images and other media within the note itself.

You can now use the import tools offered by your favorite note-taking apps to move these notes. Not every note-taking app will support the export formats we’ve chosen, but the best ones, such as Obsidian and Bear, do support them.

from Lifehacker https://ift.tt/b7yT4AU

You Can Get Microsoft Office and Windows 11 Pro for $50 Right Now

A lifetime license to Microsoft Office 2021 and Windows 11 Pro is on sale for $49.99 right now through July 31. Unlike a Microsoft 365 subscription that charges recurring fees, this license gives you lifetime access to Microsoft Office after a one-time payment, and you’ll get a download link and software license key to install Word, Excel, PowerPoint, Outlook, Teams, OneNote, Publisher, and Access onto one Windows computer.

You’re probably already familiar with Office’s suite of products: Word is excellent for typing up essays and project briefs; PowerPoint helps you throw together a slideshow with predesigned templates; Outlook and Teams allows you to collaborate in real time with peers or coworkers.

Also included is Windows 11 Pro, which comes with extra features like BitLocker device encryption, Microsoft Remote Desktop, and Windows Information Protection.

You can get both Microsoft Office Pro 2021 and Windows 11 Pro for $49.99 right now (reg. $418) through July 31 at 11:59 p.m. PT, though prices can change at any time.

from Lifehacker https://ift.tt/MGQkheW

Make This No-Bake Panna Colada Pie If You Hate Your Oven Right Now

No-bake desserts get a lot of shade most of the year, but the dead of summer is when they shine brightest. Suddenly the insults stop and the compliments fly. Clear a space in your fridge because we’re jumping in the deep-end of no-bake desserts with this simple yet dazzling Panna Colada Pie.

Panna cotta is one of my favorite no-bake desserts. It’s a decadent Italian dessert made of sweetened cream and milk set with gelatin. It’s utterly simple but completely sophisticated, and so is this pie. The filling is made of alternating pineapple juice and coconut milk layers to represent the flavors you find in a refreshing summer piña colada. The layers are cooked using the panna cotta method, so they set in the fridge without any oven time.

The alternating layers are what makes this pie a fun party trick. To get these stunning, defined layers, we’ll work on one layer at a time. It might seem a bit counterintuitive, but cooling each layer one at a time is faster than dumping in one thick layer, and making each flavor stripe takes about 7 minutes.

I start with a premade graham cracker pie crust. I like the cookie-like flavor with a tinge of salt, but you could use any sort of pie crust you like, homemade or store bought. Place it on a large flat plate, or small baking sheet. This surface gives you something to hold onto and catch spills.

---

Ingredients and tools to start your shopping list:

---

Pour out a cup of canned or bottled pineapple juice. In a wide bowl, add 1/4 cup of the juice and pour the rest of the cup into a small pot. Pineapple juice is already plenty sweet so you don’t need to add any sugar. (Note: Avoid fresh pineapple juice. The fresh juice contains an enzyme that breaks down the bonds of gelatin and keeps it from setting.) Sprinkle the powdered gelatin over the surface of the juice in the bowl, trying to keep the layer of powder as thin and evenly spread out as possible to avoid clumping. Allow it to bloom for about five minutes, or until all of the dry patches are gone and the liquid is thick and grainy looking.

Pouring in the first layer of pineapple.

Photo: Allie Chanthorn Reinmann

Turn on the burner and heat up the pineapple juice until it simmers, and let it simmer for about 30 seconds. Turn off the heat and scoop the bloomed gelatin into the pot. Whisk for about a minute until the gelatin is completely dissolved. It happens fast. Pour the hot liquid into the pie shell slowly, so it doesn’t splash. Set it in the fridge to set for 30-40 minutes. When you jiggle the baking sheet, you’ll see that the layer is firm.

Pineapple layer has set. A few pieces of graham cracker floats are to be expected.

Photo: Allie Chanthorn Reinmann

Repeat the technique for the coconut milk panna cotta layer. Pour the cream and most of the coconut milk into a pot, this time with a bit of sugar. Reserve a third of a cup of the coconut milk to bloom the gelatin in a wide bowl for about five minutes. Heat the coconut milk mixture until simmering, and turn off the heat. Add the bloomed gelatin and whisk it in. You may see tiny bubbles floating on the top, that’s just the melted coconut fat. Pour this layer on top of the first layer, and let it set in the fridge for about 45 minutes.

The final layer of pineapple is the exact same as the first, so just repeat the steps described above to top off the pie. I noticed that the final layer set much more quickly than the first two. I checked after 28 minutes and it was already set.

If you want to streamline the process even further, situate the pie shell in an accessible spot in the fridge and leave it there. Pour each layer while keeping the shell inside the fridge. (Walking back to the fridge after pouring each layer was a test of my balance and hand stability. It was flawed. Liquid escaped. You will do better.)

Top this pie with a generous helping of soft- or medium-peak whipped cream. Despite the bold look, this panna colada pie is subtle, with a polished tropical flavor and gentle sweetness. The coconut and pineapple are a celebrated match, and here you can taste how the richness and acidity play well together. The graham cracker crust adds a bit of texture, but if you’d like to play up some crunch, add a heap of toasted coconut flakes to the top.

Panna Colada No-Bake Pie

Ingredients:

• 1 premade graham cracker pie crust

This is for one pineapple layer. You will repeat these measurements later for the 3rd layer:

• 1 cup pineapple juice
• 1 ½ teaspoons powdered gelatin

The coconut layer:

• 1 cups coconut milk
• ⅓ cup heavy cream
• 3 tablespoons sugar
• 2 teaspoons gelatin

The whipped cream topping:

• 1 cup heavy cream
• 3 tablespoons sugar
• ¼ teaspoon vanilla extract

Place the pie crust on a baking sheet in the refrigerator. Make sure there is some clearance above so you can pour the liquids in easily.

For the first pineapple layer: Put ¾ cup of pineapple juice in a small pot, and ¼ cup in a wide bowl. Dust the gelatin over the juice in the bowl to bloom it, about 5 minutes. Heat the juice in the pot. Simmer for about 30 seconds. Turn off the heat and add the bloomed gelatin. Whisk until the gelatin dissolves. Pour the liquid into the pie shell. Let it set, about 30-40 minutes.

For the coconut layer: Put the cream, sugar, and ⅔ of the coconut milk into a small pot. Put ⅓ of the coconut milk into a wide bowl. (It’s best to use the liquid for blooming instead of the coconut fat chunks.) Sprinkle the gelatin over the liquid in the bowl and allow it to bloom for about five minutes. Heat the pot until the coconut milk mixture is simmering gently. Turn off the heat and add the bloomed gelatin. Whisk until the gelatin dissolves. Pour the liquid into the pie shell. Let it set, about 45 minutes.

Repeat the same measurements and method you did for the first pineapple layer to make the final pineapple layer. Pour this on top as the final layer of filling. Just before serving, whip the heavy cream with the sugar until you get soft peaks. Stir in the vanilla extract. Smother the top of the pie in the whipped cream, slice, and serve.

from Lifehacker https://ift.tt/CyVf48c

The Difference Between Idle Time and Downtime at Work (and Why It Matters)

When we refer to working 40 hours a week, are we really working 40 hours—or are we waiting on colleagues to respond to emails, chatting with coworkers, and wasting away in meetings for a sizable chunk of that time? There are simply some hours that aren’t true work hours, even if they occur during the work day. Times like that are known as idle time or downtime—but there’s a difference between the two, and knowing that difference can actually help you work smarter.

The difference between idle time and downtime

These terms don’t just refer to the time experienced by people in the workplace; they also refer to—and come from—the tools we use to get our jobs done. Per FlowPath, a facilities management company, idle time is any time when an asset is waiting to run or isn’t scheduled to run, and downtime is when the asset can’t run, due to an outage or planned maintenance. For example, idle time happens when you’re waiting for your computer to boot up; downtime happens when the computer just won’t turn on.

And the concept is basically the same for people: According to UpKeep, a software maintenance company, idle time is nonproductive time that occurs when there’s a lack of demand or an unforeseen work stoppage. When you have all the tools you need available to you, but no reason to use them, you’re in idle time. If you’re working on a pitch deck, for instance, and need approval from a higher-up before you move forward on it, you’re idle while you wait for that approval, even though you could open the program to work on it.

Downtime isn’t necessarily bad, either. Sometimes, you need a break from working. In some instances, that “planned maintenance” is actually for you. According to Indeed, you can run into idle time that is caused by what corporate psychologists call “the dead-time effect,” which is when you’re overworked and stop being productive. It’s better to pre-plan downtime than let idle time occur because of burnout. The trick to making idle and downtime work for you and your company is scheduling.

Scheduling around idle and downtime

Downtime can also occur when too many people are away from the office, say, on vacations or out sick. In that case, unlike idle time, a job can’t just be done whenever everything is ready, as the key tools—in this case, the people—are completely offline.

To avoid losses from idle time and downtime, you need a solid scheduling plan. First, you should personally schedule around idle time. For instance, if you work in an environment that depends on the delivery of certain assets or products, pad time into your schedule to account for how long that might take. If it should take one day, leave padding for two, and fill up any idle slots with work you can accomplish without the shipment, if any. Use timeboxing, or the complete filling of your calendar, for this, and set two deadlines: the ideal date the shipment (or whatever you need) will be there and a flexible time that you could still make work.

For scheduling around downtime, make sure that you update your company-wide calendar whenever you’re going to be out and check for others’ outages when you’re making your personal schedule. Others’ downtime could lead to yours if you don’t account for the things you’ll need from them and get those before they’re gone.

from Lifehacker https://ift.tt/68bMNJH

You Can (Maybe) Get the Benefits of Weed Without Weed

Cannabinoids, the chemical compounds cannabis famously contains, are not only found in cannabis. In fact, there are both endocannabinoids, made by the body, and phytocannabinoids, made by plants. Humans have an entire system of receptors dedicated to interacting with cannabinoids—whether made by the body or coming from outside sources—called the endocannabinoid system, or the ECS for short.

While there’s still much unraveling to be done, science has started to break down how the ECS works to modulate hunger, body temperature, sleep, and other vital functions. It’s the basic reason why cannabis provides relief to some people for things like nausea and inflammation—its plant-generated cannabinoids interact with the body’s CB1 and CB2 receptors, which are found all over and influence bodily responses. 

Not everybody who wants to signal their ECS for health reasons like potentially better sleep or increased appetite wants to get high, which brings us to other options besides cannabis. (By the way, in states with recreational cannabis programs, lots of cannabis-derived CBD products are properly tested and labeled to avoid THC contamination that logs over desired or stated levels—not something you’d get from most commonly available CBD products.)

Even if you’re willing to try weed, the cannabis landscape has never been more confusing—and as non-cannabis and/or synthetically derived supplements grow in popularity, some pointers are in order.

What is a cannabinoid?

Scientists have long marveled at humans’ ancient ability to seek out plants that do stuff to our bodies—especially ones that target specific receptors for purposes like healing or intoxication. Cannabis is one of those plants, and you’re probably already familiar with THC and CBD, two of the most common and prevalent cannabinoids that have been “discovered.”

One study looking for phytocannabinoids (cannabinoids made by plants) defined them as “any plant-derived natural product capable of either directly interacting with cannabinoid receptors or sharing chemical similarity with cannabinoids or both.”

We’ve been smoking, eating, and meddling with the seven-leaved hero plant millennia before we started to figure out why, or how, it works in our bodies. Research is catching up as to how exactly we get higher from the plant’s hundreds of little-understood chemicals faster and better than isolated THC, and why we don’t get high from CBD or other cannabinoids at all.

What we do know is that the body has ready-made receptors to accept and interact with cannabinoids, be they from plants or the body itself. So far, there are two known types, CB1 and CB2, and they’re found all over the place, from the brain and nerves to visceral tissue in the abdomen and even the skin.

The body makes cannabinoids called endo-cannabinoids to influence body processes and target the CB receptors. When talking about this mechanism, people often refer to a “runner’s high”—when the body releases extra endocannabinoid anandamide into the bloodstream, boosting mood and increasing a feeling of happiness.

Cannabis makes phytocannabinoids, THC and CBD being the big ones but also THC-v, CBG, CBN, and other naturally occurring chemicals that activate the body’s CB receptors. THC is referred to in research as “the most potent phytocannabinoid activator of the CB1 receptor”and that’s how we get high, but other cannabinoids and other plant compounds can signal the ECS for other effects.

What other plants have cannabinoids

No matter what some marketing might say, THC and CBD are only found in cannabis plants, for now. Cannabinoids can be synthesized with other plant and chemical extracts, but they don’t occur in those forms in nature (or, if they do, those haven’t been discovered yet).

That doesn’t mean you can’t signal your ECS with other supplements if you are avoiding cannabis. While you can’t get a similar high from these plants, nor can you get therapeutic amounts from food, supplements exist with concentrated plant extracts that could have benefits.

Some plants contain what are called cannabimimetic compounds, and they are said to have similar effects to cannabinoids like CBD, but not THC. One big one is beta caryophyllene, which is a volatile aromatic chemical that is found in cannabis but also many plants, like clove and black pepper. Beta caryophyllene signals the CB2 receptor, and is being researched for pain modulation, for one thing.

Catechins in tea are another potential cannabis-like chemical. Anandamide, an endocannabinoid, exists in small amounts in cacao and truffles, but you won’t get a significant dose from eating those foods.

Echinacea, sunflower, and spilanthes are flowers that have cannabimimetic effects, like immune stimulation and (possibly) promoting sleep. While these flowers aren’t in the same family as cannabis flowers and don’t produce chemicals commonly thought of as cannabinoids, they may be able to influence CB2 receptors with their own plant chemicals.

Lots of other foods and supplements have potential as cannabimimetics. Our bodies can convert some omega-3 fatty acids into endocannabinoids, which might provide anti-inflammatory action. Dietary omega-3 is not too hard to come by, but supplements can help make sure you’re hitting targets. Another endocannabinoid-like chemical called palmitoylethanolamide (known as PEA), found in egg yolks, uses similar pathways to cannabinoids to signal the ECS.

Another interesting potential source of cannabinoids in food would be products from animals that eat cannabinoid-rich feed (some animal feeds contain hemp). While not known or quantified yet, this could be a supplement to the ECS overall by stimulating receptors, but definitely won’t be getting anyone high.

Non-cannabis/hemp-derived CBD or other cannabinoids might be synthetically created, so it’s important to understand if you’re looking for this type of product or its effects. One brand, called Peels, combines olivetol and orange peel to synthesize CBD, but most of the time it’s not clear how companies are creating synthetic cannabinoids, especially “hemp-compliant” delta-9 THC or delta-8 THC, so do your research before ingesting synthetic cannabis or cannabinoids.

Can you substitute cannabinoids with other plants, foods, or supplements?

Sort of. You can basically signal the ECS with other plants to mimic CBD and anandamide’s effects, but you can’t faux-signal THC, which gives some people better results for pain and other health uses.

If you’re looking for more cannabinoids, cannabimimetic compounds in food might have marginally low concentrations, but supplements will be more potent and possibly more reliable for use as a remedy.

Supplements like PEA in particular are being explored for their potential to signal the entourage effect, which is the major scientific key to unlocking how THC and the ECS work in the first place, so keep an eye on the research community if you have reasons to explore non-cannabis ECS support.

PEA, turmeric and/or curcumin, and fish or flax oil are all commonly consumed for health concerns like inflammation, something many people grab cannabis for. While these supplements may have some cannabimimetic properties, they could also have their own mechanisms for fighting pain, so you can sub in these supplements for cannabis to try for yourself, after checking with your doctor or pharmacist for contraindications.

from Lifehacker https://ift.tt/ZwNFXMV