Lumen Metabolism Tracker Review | WIRED

Levels 1 and 2—burning mostly fat—are ideal for the morning. But a 4 or a 5 in the morning, after at least eight hours of no eating, means your body is still trying to burn through what you ate the day before. The app also suggests you take a breath measurement before a workout, to make sure you have enough energy. This is helpful for the newbies among us, but if you’re well versed in nutrition, regularly work out, and eat well, you probably already know how your body reacts to certain meals and don’t need a device to tell you.

Having a score made me think twice about what I was snacking on, even if no one but myself was seeing it. It was just enough of an incentive to make smarter choices, instead of, say, spending an entire day eating nothing but frozen tater tots and rice sides. (Please tell me I’m not the only one?)

Based on your score, Lumen builds a day plan for you, with a suggestion of eating low-, medium-, or high-carb foods. This was especially helpful for me, because it offers advice in a way that’s easy to digest (pun intended). It doesn’t recommend you start an intense diet or make you feel like you’re starving yourself, as some diets do.

The app offers many suggestions for each of your three meals—like grilled shrimp with broccoli, cauliflower, and walnuts for dinner—and you can customize them. For example, one of its breakfast suggestions is scrambled tofu, beans, and a green salad. When you click on the meal, it gives you alternatives for each ingredient that still offer the ideal grams of carbs, protein, and fat. Instead of beans you can substitute hash brown patties (my favorite); instead of the tofu you can have two boiled eggs and one can of tuna. This is a plus for anyone who does not want to follow a one-size-fits-all plan, or doesn’t instinctively know a good substitution for a food item they don’t have or don’t like. These suggestions also make it more likely you’re going to enjoy the meal you’re eating and not consider it a frustrating concession to a diet.

To further personalize, you can choose if you’re a vegetarian (or vegan), mark if you have any allergies, or if you don’t eat a certain type of food, like soy or pork, for example. It’s nice to have everything in one place, so you don’t have to go searching for your own interpretations of meals. In time, it would be nice to see a larger, revolving menu of meals.

The app helped me better understand what goes into a properly balanced meal, so even when I don’t eat what it suggests, I’m more aware of what a normal meal should look like.

The app’s learning section is also particularly useful. It offers quick explanations on a range of health-related topics, from how to properly use the Lumen device to what exactly the correct serving of carbs really looks like. You click through short slides like someone’s Instagram story.

Apple’s T2 Security Chip Has an Unfixable Flaw

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple’s trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.

In general, the jailbreak community haven’t paid as much attention to macOS and OS X as it has iOS, because they don’t have the same restrictions and walled gardens that are built into Apple’s mobile ecosystem. But the T2 chip, launched in 2017, created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple’s “Find My” services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple’s A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass.

On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to run Linux on the T2 or play Doom on a MacBook Pro’s Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like System Integrity Protection and Secure Boot and install malware. Combined with another T2 vulnerability that was publicly disclosed in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain FileVault encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware.

“The T2 is meant to be this little secure black box in Macs—a computer inside your computer, handling things like Lost Mode enforcement, integrity checking, and other privileged duties,” says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. “So the significance is that this chip was supposed to be harder to compromise—but now it’s been done.”

Apple did not respond to WIRED’s requests for comment.

There are a few important limitations of the jailbreak, though, that keep this from being a full-blown security crisis. The first is that an attacker would need physical access to target devices in order to exploit them. The tool can only run off of another device over USB. This means hackers can’t remotely mass-infect every Mac that has a T2 chip. An attacker could jailbreak a target device and then disappear, but the compromise isn’t “persistent”; it ends when the T2 chip is rebooted. The Checkra1n researchers do caution, though, that the T2 chip itself doesn’t reboot every time the device does. To be certain that a Mac hasn’t been compromised by the jailbreak, the T2 chip must be fully restored to Apple’s defaults. Finally, the jailbreak doesn’t give an attacker instant access to a target’s encrypted data. It could allow hackers to install keyloggers or other malware that could later grab the decryption keys, or it could make it easier to brute-force them, but Checkra1n isn’t a silver bullet.

“There are plenty of other vulnerabilities, including remote ones that undoubtedly have more impact on security,” a Checkra1n team member tweeted on Tuesday.

In a discussion with WIRED, the Checkra1n researchers added that they see the jailbreak as a necessary tool for transparency about T2. “It’s a unique chip, and it has differences from iPhones, so having open access is useful to understand it at a deeper level,” a group member said. “It was a complete black box before, and we are now able to look into it and figure out how it works for security research.”

The Law Comes for John McAfee

In a week that Covid-19 continued its invasion of the White House, the biggest security questions continue to center on Donald Trump himself. With just a few weeks remaining until the election, the president continues to question the integrity of the process, which in turn threatens to undermine faith in the democratic process. But don’t worry, we also have stories about hacking and such!

Apple’s T2 chip exists to add an extra layer of security to the company’s Mac line. Which is why it’s especially unfortunate that it has an unfixable flaw that leaves it vulnerable to hackers. There are serious limitations on what attackers could actually do and how they could do it, but still, not ideal! Also not ideal: A Chinese-speaking hacker group has been caught repurposing an especially sneaky tool that was first disclosed years ago as part of a leak of the Italy-based Hacking Team spyware company. That’s a lot of information to process for one sentence, but suffice it to say you don’t want UEFI exploits landing in criminal hands, which appears to have happened here.

In better news, we took a look at how Google keeps its “Smart Replies” feature safe now that it’s been added to Android’s ubiquitous Gboard keyboard. And while Android ransomware has picked up some alarming new tricks, it’s still not a major threat—unless you’re downloading outside of the official Play Store for some reason. (Don’t do that.)

The central figure in an alleged poker cheating scandal that WIRED wrote about in the October issue has filed a defamation lawsuit against a dozen named defendants. Poker pro Mike Postle is seeking $330 million in damages.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

John McAfee is no stranger to exotic forms of trouble. This week, the authorities finally caught up with the antivirus pioneer, arresting him in Spain in connection with tax-evasion charges. His extradition remains pending. The Securities and Exchange Commission has also sued McAfee, alleging that he promoted initial coin offerings on Twitter without disclosing that he’d been paid $23 million to do so. And yes, the SEC complaint does reference McAfee’s infamous 2017 pledge that he would “eat [his] own dick on national television” if the price of bitcoin didn’t hit $500,000 in three years. (He later revised the target to a million dollars.)

Not everything needs to connect to the internet, particularly not chastity-promoting devices like the Qiui Cellmate. Researchers this week came public with a bug that could have allowed a hacker to permanently lock the devices from anywhere in the world. The company eventually released a new API that solved the problem for new users, but taking the old API offline would lock any current users in the device forever, barring some delicate bolt-cutter work. Which means longtime Cellmate owners are still in a bit of a pickle.

For all the focus that Russia’s hacking and disinformation efforts get in the US, it’s important to remember that other countries have stepped up their game as well. Iran stands out among them, particularly after a recent takedown of disinformation-spreading domains included four sites that officials say targeted the US. The sites posed as domestic news outlets and focused on sharing pro-Iran stories. The rest of the sites followed a similar rubric, focusing instead on Western Europe, the Middle East, and Southeast Asia.

Many, many security researchers warned that the so-called ZeroLogon vulnerability was very extremely not good, and that you should patch as soon as possible so that hackers don’t wreak havoc on your systems. If you didn’t heed that warning, well, good luck out there! Microsoft has already spotted an Iranian hacker group exploiting ZeroLogon in active campaigns.

Sam’s Club, the Walmart-owned spin on Costco, has begun requiring its customers to reset their passwords, after the company detected a credential-stuffing attack in September. This doesn’t mean that Sam’s Club itself was breached, but rather that attackers were looking for opportunities to take advantage of anyone reusing a password that had been exposed at some point from some other company’s breach. If you’re a Sam’s Club member, reset that password. If you’re a human on the internet, start using a password manager asap.

More Great WIRED Stories

30 Great Deals at Best Buy, Target, and Other Amazon Prime Day Rivals (Updated)

Note: Prime Day is over, and so are most rival sales. Check our list of remaining Prime Day deals and deals from the final day of Walmart’s sale for the deals that remain. Or read our package of amazing retro tech. As always, we hope we helped you sift through the discounts and find good products.

Prime Day is nearly over, and while Amazon still has plenty of discounts, so do its competitors. We’ve gathered up corresponding deals from Walmart, Target, Best Buy, and other stores. You won’t need a membership to shop these sales, but you should keep in mind that this is just the start of the holiday shopping season. Black Friday and Cyber Monday are just over a month away, and we’ll be covering those sales, too.

Note: We strike through items that sell out or rise in price as we update this guide. Discounts sometimes return quickly, so check for yourself. You’ll need a subscription to Amazon Prime to get most of these deals.

Updated October 14: We added new deals, like the Kobo Clara, adjusted prices, and struck through expired deals.

WIRED’s Prime Day Coverage

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more.

Best Buy Deals

Photograph: Beats

Best Buy is, apparently, starting its Black Friday deals early. There are some good discounts running through the end of today. Just remember that these deals (and more) will reappear next month.

  • Bose QuietComfort 35 II Headphones for $199 ($100 off): These headphones are a little older now, but they’re still just as good as when we first reviewed them. I purchased a pair for my partner one Christmas, and I can attest to the fantastic noise cancellation. This deal is price-matched at Amazon.

  • Beats Solo Pro Headphones for $180 ($120 off): WIRED highly recommends the Beats Solo Pro, even though the headphones charge via a Lightning cable (handy if you use an iPhone). You can save on several colors both at Best Buy and Amazon.

  • Wiz A19 60W Color Smart Bulb 2-Pack for $20 ($8 off): Wiz smart bulbs are budget-friendly and simple. This deal gets you colorful bulbs for the price you’d usually pay for the non-color versions. They work with voice assistants like Alexa and Google Assistant, but you’ll need to download an app for first-time setup.

  • Samsung Galaxy Watch Active2 LTE for $310 ($70 off): We like this fitness wearable, especially for those with Android phones. It has a big face and a better battery life than its predecessor, along with helpful fitness features. This is a deal for the 40-mm LTE model, but the larger size is also on sale. The older Galaxy Watch Active is discounted too, and it’s nearly as capable if you don’t care about the Active2’s digital bezel or slightly better battery life.

  • Crock-Pot 6-Quart Pressure Cooker for $50 ($60 off): What is a sale day without an affordable pressure cooker? Crock-Pots are reliable and indispensable, if you’re doing much more home cooking than you’re used to. This affordable Instant Pot dupe can pressure cook, slow cook, simmer, and saute, as well as a host of other functions. It also comes with a steaming rack and spoon.

  • KitchenAid Stand Mixer for $250 ($250 off): You’ll need a bowl-lift stand mixer if you’re still making loaf after loaf of quarantine bread. They have substantially higher horsepower than the more familiar tilt-head models. This one will last you forever.

  • Dyson Cyclone V10 Stick Vacuum for $400 ($150 off): I (Adrienne) have a million robot vacuums, but nothing will ever match the convenience of a light, modular, wireless stick vacuum that can clean everything from rugs to high ceilings and your car. Dyson makes the best one.

  • iRobot Roomba 960 for $300 ($200 off): When I (Adrienne) first tested the Roomba 900 series, it was a revelation. The rubber brush never got stuck, the suction was powerful, and Dirt Detect sniffed out the gross spots in our carpets with creepy but appreciated accuracy. The only thing I didn’t like was the price, and now it’s much more affordable.

  • Garmin Fenix 5X for $400 ($200 off): The Fenix 5X came out in 2017, but it was the greatest backcountry sports watch the Gadget Lab team had ever put on at the time. If you don’t mind passing up the upgraded battery manager, fall detection, and continuous Pulse Ox monitoring in last year’s Fenix 6 series, this is a good way to save a couple hundred bucks on a great sports watch.

Target Deals

Photograph: Bose

Target is holding a Deal Days event through Wednesday night. Don’t forget to join Target Circle for free to gain access to rewards and exclusive discounts, and see our full post on Target deals.

The Hair-Raising, Record-Setting Race to 331 MPH

Ultimately, Webb says, the limiting factor on the road that morning wasn’t the car—its 5.9-L twin-turbo V8 was still good for at least another 20 mph, SSC engineers estimate—but the conditions. “We didn’t have six lanes on a test track to play with,” says Webb, who competes in multiple race series, including Le Mans and the World Endurance Championship, in addition to being a test and stunt driver. “This is two lanes, and if you get pushed over one lane you only have 6 inches before it’s game over. So it was me deciding to back out of the run. In ideal conditions, we could have gone faster.”

The effort is the culmination of a 10-year development process for the $1.6 million Tuatara, which succeeds the company’s SSC Ultimate Aero. That car had set the record in 2007 for fastest production car, with a speed of 256.18 mph. SSC approached the design of the new car with the record in mind, Shelby says, and the team paid particular attention to the engine—developed in collaboration with Nelson Racing Engines—and aerodynamics, as you’d expect. They had to be more than just good enough to keep the car on a racetrack: The car needed to be slippery enough for high-speed straight-line driving and able to generate enough downforce to stick to the pavement, yet it still had to look great to collectors and the hypercar-admiring public.

That challenge fell to designer Jason Castriota, whose background includes time at Italian automotive design houses Bertone and Pininfarina, where he contributed multiple Ferrari and Maserati production and concept vehicles. He says his chief challenge with a car engineered to exceed 300 mph included managing the airflow both externally and internally, the latter due to the tremendous heat generated by the engine. Too many radiators and extra cooling fluid would increase weight, so Castriota created a network of channels that funnel air into and out of the car. The team adopted an extended wheelbase, an ultracompact engine configuration, and a passenger compartment that resembles a capsule, all in the service of controlling airflow for cooling the engine and brakes, increasing downforce, and minimizing drag. The car has a coefficient of drag of 0.279, which itself is a record for its class—a Jeep Wrangler scores a chunky 0.454 by comparison.

The total downforce at 312 mph—the maximum they simulated—was 770 pounds. Think of downforce as the aerodynamic opposite of the lift generated by an airplane’s wing, and Shelby estimates it would have been well over 800 pounds at 331 mph, Webb’s top speed.

Aerodynamic balance is also essential, in that it determines the “center of pressure” in the car—where the car is pushing down the most. That should be happening directly behind the driver, but in early iterations of the car, computer simulations indicated that at high speed, over 300 mph, most of the downward aerodynamic force was occuring 10 car lengths ahead of the vehicle, as it pushed air forward while moving through it. “We had to claw back our center of pressure to get it where we needed it to be,” Castriota says. “It was a million little adjustments and reshaping of the car to walk it back.”

Everybody Hates Chris(es) | WIRED

The Monitor is a weekly column devoted to everything happening in the WIRED world of culture, from movies to memes, TV to Twitter.

You know what? Fuck Chris. Screw him in his chiseled, overpaid, under-shaved, beautiful face. I’m over it. I don’t care how many summer blockbusters he stars in. That dude can truly get bent.

Whew. That felt good. Do you know what I mean? If I’m wrong, tell me I’m wrong, but I’m tired of that guy. Aren’t you? Wait, what’s that? You don’t know which Chris I’m talking about? Oh, well, let me tell you: It’s all of them.

Yes, in case the entire facetious nature of this intro hasn’t made it obvious, this is about the fact that the internet decided this week to have its umpteenth fight about which of Hollywood’s Chrises—Hemsworth, Pratt, Evans, or Pine—is the most hateable. Social media being what it is, it’s hard to fully nail down why anyone thought this was a good use of everyone’s time—especially because, you know, there’s a lot of other shit going on—but Rebecca Alter at Vulture points to this tweet (below) from TV writer Amy Berg as Patient Zero in the latest Chriscourse. (Also, it’s been quote-tweeted like 14,000 times, so if this tweet isn’t the source then that means there’s an even more popular Chris-debate post out there and we are truly in hell.)

Twitter content

This content can also be viewed on the site it originates from.

Now, this tweet is mostly pictures, but please, if you will, focus on the text: “One has to go.” This is where Berg made her most grievous error. One has to go? Yo, how about all four? How about we play F, Marry, Kill, add in a fourth option—Ignore—and pick that last one for each of these hunks and call it a day?

To be clear, this essay is not meant as a jab at any of these guys, or their careers. No harm is intended here, to their persons or reputations. Pine was great in Wonder Woman! Hemsworth might be the most self-aware himbo to grace the screen since, uh, Brad Pitt (?)! Surely Pratt is someone’s cup of tea! WIRED put Evans on the cover for goodness sake! They all have their pros and cons, and it’s not their fault they all have the same name and similar features, and—for a good portion of the twenty-teens—have dominated summer blockbusters. In fact, if everyone started calling them by their character names—James T. Kirk-Pine, Thor Hemsworth, Star-Lord Pratt, and America’s Ass Evans—it’s possible their homogeneousness might’ve escaped public scrutiny entirely.

And yet, it didn’t. As the argument unfurled over the week, it quickly turned into a commentary on whether or not the Worst Chris was the one named Pratt, largely because of his personal views. (It’s a long story, but Pratt reportedly attends the Zoe Church in Los Angeles, which has links to the Hillsong megachurch, which has been accused of being anti-LGBTQ. Pratt, though, has said, “Nothing could be further from the truth. I go to a church that opens their doors to absolutely everyone.”) This then became cause for several of his Marvel costars—including Robert Downey Jr., Mark Ruffalo, and Zoe Saldana—to come to his defense.

Instagram content

This content can also be viewed on the site it originates from.

Twitter content

This content can also be viewed on the site it originates from.

Twitter content

This content can also be viewed on the site it originates from.

Twitter content

This content can also be viewed on the site it originates from.

Well, that’s nice of them. Meanwhile, others—clearly done with debating Chrises—moved on to dudes with other names.

Twitter content

This content can also be viewed on the site it originates from.

Twitter content

This content can also be viewed on the site it originates from.

Twitter content

This content can also be viewed on the site it originates from.

By Thursday, the entire thing was both spinning out and sputtering out. (It went so far off the rails that YouPorn sent out a press release with data about which Chris was most popular based on users’ searches on the site. It was Evans, by a landslide … not that it matters.) But even as it dies down, it’s important to note why it was a tired exercise in the first place. The original discussion of Hollywood Chrises was a way to draw attention to the fact that so many tentpoles were fronted by similar-looking white guys. But, as Alter pointed out in her piece, “films like Black Panther and Spider-Man: Into the Spider-Verse have made the term ‘Marvel movie’ far less white and homogeneous than what the Chrises once symbolized. … To continue to fixate on these four bland vanilla wafers is to perpetuate their centrality in Hollywood, and I, for one, would rather not.”

So say we all. Also, the original tweet that started the debate left out one important “Chris”—Kristen Stewart—and that, as writer and critic Jason Bailey pointed out, is the conversation folks ought to be having.

Twitter content

This content can also be viewed on the site it originates from.

Photographs by Gregg DeGuire/Getty Images, Jun Sato/Getty Images, Jerod Harris/Getty Images, JB Lacroix/Getty Images

More Great WIRED Stories

‘Watch Dogs: Legion’ Tackles Surveillance Without Humanity

Back in 2015, when creative director Clint Hocking and his team began crafting the near-future world of Watch Dogs: Legion, some of the biggest tech companies in the world were confidently predicting skies buzzing with package-delivery drones and streets full of autonomous vehicles. Everyone would be using cryptocurrency, playing AR games, and making stuff on 3D printers. So into the game they went.

Technology moves faster than game development. For a speculative fiction game about mass surveillance, that creates some problems. “Technology companies—Tesla, Amazon—had started talking publicly about pretty aggressive timelines, schedules, and regulations,” Hocking said in an interview with WIRED. Navigating the marketing babble, his team overshot the mark. On October 29, Watch Dogs: Legion will release as both a game and a time capsule from 2015, back when a couple of big, stock-inflating daydreams painted a picture for 2020 that’s still far from materializing. It’s cute, like remembering how in the ’80s, your geeky friend wouldn’t shut up about how Star Trek’s holodecks would so totally happen. Except these forecasts are from just yesterday.

Hocking’s team didn’t have a crystal ball, or an all-knowing AI, to tell the future. But even pushing aside the unpredictable, like the Covid-19 pandemic, Watch Dogs: Legion’s vision for the impending surveillance dystopia flounders because it tracked tech, not people.

Watch Dogs: Legion takes place in a painstakingly reconstructed, sometime-in-the-future London, now a lightly gritty surveillance state. The government has done a poor job responding to years of economic turmoil, and a private military-surveillance organization called Albion has essentially replaced the police with combat drones and shiny checkpoint scanners. You play as an operative in the chaotic-good, anti-corporate hacking collective DeadSec, recently framed for a mass bombing attack.

You’re not just an operative, though. Watch Dogs: Legion populates its world with over 9 million playable characters, procedurally generated with faces and bodies matched through algorithms to animations, voice lines, and backstories. In a little box above them, you’ll see where they’re going, along with their relationships, jobs, and proficiencies. As a DeadSec operative, you can tap passersby on the shoulder to recruit them to your cause.

“In earlier Watch Dogs games it was fairly superficial. Your ability to profile people was shallow,” says Hocking. “You could see a couple facts about them, a couple things in the storyline. It was much more about the story. Now in the game, the people are much more simulated, much more deeply real.”

Two of my starting character options were podcasters. (The future is full of podcasters.) I went with podcaster Sebastian White, a milquetoast delinquent type who hacks into online video games and likes to swear. He, or somebody else I recruit, will eventually go up against the real villain, a terrorist entity known as Zero Day, whose avatar early on in the game told me, “It’s time for a hard reset.”

Playing for several hours, I never once felt like I embodied Sebastian White or receptionist Margit Horvath or anyone else on my team of recruits, whose epistemic status exists somewhere between heroes, nonplayable characters, and toy soldiers. Watch Dogs: Legion’s humans are difficult to connect to when a new recruit’s origin story is, unwaveringly: You walk up to a random person on the street, hit a button, candidly profess membership in a reportedly violent terrorist group, ask if they want to take down the government, and then drive across town to do them some hazardous favor. Afterward, they suddenly reach commensurate levels of anti-government sentiment and are indebted to you forever. Oh, and they’re all competent hackers.

Formulas or Code? It’s All Numbers When It Comes to Physics

Everyone already uses computers in physics. At the very least, students use handheld calculators (I doubt anyone is still using a slide-rule calculator). Also, it’s becoming more common to have students solve physics problem by creating and coding their own programs—and I think that is a good thing. If you aren’t familiar with these numerical calculations (another name for computational physics), the basic idea is to take a problem and break it into many smaller and simpler problems. These smaller problems are easier to solve, but you get so many calculations that you basically have to write a computer program to complete them (but you technically don’t have to use a computer).

But as numerical methods become more common, we also have to discuss the role of these methods in terms of the nature of science. I often see quotes like this: “Computational methods expand our tool set in physics. We now have three parts of science: experiment, theory, and computations.”

However, this just isn’t true. You can’t break science into three different parts. Computational methods and theory are really just two versions of a calculation—and they really aren’t that different. I’m going to show you how these are the same, but first let me be clear about the nature of science. Science is all about the building and testing of models. We create models about the way the universe works, and then we test these models with experimental evidence. These models could be an actual physical model (like a globe), a conceptual model, an equation—or even a computer program. So, both “theory” and “computation” are both models.

Let’s start with a mass connected to a spring. I’ll be honest, we physicists LOVE this situation. It’s easy enough to solve but complicated enough that we can approximate many other things as just a mass on a spring. For example, when a block sits on a table, the contact force can be modeled as a spring. Even the interaction between atoms in a solid can be approximated as a spring force. Really, this problem is everywhere. But here it is in its most basic form.

Video: Rhett Allain

I’m going to solve this problem two ways. First, I will solve it numerically by breaking it into small pieces (and using some Python code). After that, I will find an analytical solution—a solution that is a closed form function (like in terms of cosine) so that you can put in whatever numbers and parameters you want to get a bunch of solutions. But in the end, I’ll show you that these two methods aren’t really that different.

Numerical Solution

In order to build a numerical model for a mass connected to a spring, we need an expression for the force a spring exerts. If you take a spring and pull it, it pulls back with some force. The more you stretch it, the harder it pulls. Suppose the position of a mass is given by the variable x such that this is also the stretch of the spring. In that case, the spring force (in one dimension) would be:

Illustration: Rhett Allain

In this expression, k is a measure of the stiffness of the spring (called the spring constant). The negative sign means that if you pull the spring in the positive x-direction, the force will pull back in the negative direction. OK, so there’s a force on the mass. What does a force do to an object? It causes a change in velocity. You can see this with Newton’s second law (again in one dimension).

Yes, You Should Be Using Apple Pay or Google Pay

When Apple Pay was first announced back in 2014, it seemed like a revolutionary idea that would take a while to catch on. Six years later, a little under half the iPhone users out there are paying with their phone, with Google and Samsung Pay growing on Android as well. Apple Pay currently accounts for 10 percent of all global card transactions.

That’s impressive, but I can’t help feeling it should be even more popular than it is. If you aren’t using Apple and Google Pay at the grocery store, it’s time to start—it’s better than a credit card in pretty much every way.

It’s Much Faster Than Chip-Based Credit Cards

To start, credit cards have gotten annoyingly slow, thanks to the new chip-based readers. This new (old) tech is much slower than the old swipe-to-pay credit cards of yore, making plastic a bit more of a hassle. Pull out your wallet, dig through to find the right card, put it in, wait, then do it all in reverse when the reader beeps at you like you’ve accidentally tripped some sort of alarm.

With Apple and Google Pay, you just pull out your phone, unlock the home screen, and hover it over the reader—it’ll “swipe” your digital credit card instantaneously, faster than any chip-based card. You don’t even have to open the app—just unlock your phone and tap. If you have a smartwatch, you might be able to tap it to the reader without even touching your phone.

Of course I’m exaggerating the annoyance of credit cards just a bit here, but I really can’t overstate how fast and easy tap-to-pay is. Pulling out your card just feels archaic in comparison, and once you’ve tried Apple and Google Pay, you’ll want to use it whenever possible.

It’s Available in a Ton of Stores

When tap-to-pay systems first launched, it felt like they were only available at a few select stores—popular ones, sure, but few and far enough between that you were still using your credit card the vast majority of the time. That’s no longer true. Not only have more national chains caught up (from grocery stores to pharmacies to the mall and beyond), but smaller mom-and-pop shops often offer the service as well, thanks to Square and other modern payment kiosks that accept tap-to-pay. In my neighborhood, I have the convenience of Apple Pay at the grocery chain down the street as well as the independent bagel shop around the corner. It’s becoming rarer and rarer that I actually have to pull out my wallet. Of course, this may vary depending on where you live and the stores available to you—but it’s becoming much more widespread.

You can also use it for non-physical purchases, like food delivery apps, online stores like Macy’s and Target, and online ticket purchases (you know, when movie theaters become a thing again). It’ll work through the mobile apps and on websites (though Apple Pay requires a Mac for desktop usage). As long as you have a card in your Apple or Google Pay wallet, you can order that takeout from a new app without having to type in your credit card number. Seconds matter when pizza is on the line, guys.

You Still Get Your Credit Card Points

Whenever I evangelize Apple and Google Pay to friends, I get the same question: “But what about my credit card points?” This is a misunderstanding of how these services work. You aren’t paying Apple, who then pays the retailer. When you tap your phone to pay at Trader Joe’s, it works exactly as if you’d scanned your credit card—the charge shows up on your Visa bill as Trader Joe’s, and you get all the points you’re entitled to, including whatever extra bonus points your card applies to that category (double points on groceries, for example).

You can even store multiple credit cards in your digital wallet, if you like to optimize your points by using different cards at different stores. You’ll pick one as the default that scans when you tap your phone, but you can open the Apple Pay or Google Pay app to choose a different card before scanning if you want.

Yes, It’s Secure

Finally, as with all things digital, some folks are hesitant to switch to a service they aren’t familiar with—especially since digital security hasn’t had the most confidence-inducing decade.

But credit cards haven’t exactly been bastions of security either—as anyone who’s had their card stolen will tell you. In some ways, Apple and Google Pay are actually more secure than their plastic counterparts. Both services use tokenization, creating a unique code whenever you make a purchase—the merchant never sees your credit card number, and even if a thief were to somehow steal that code, they wouldn’t be able to use it to make more purchases. This is the same enhanced security your credit card’s chip uses.

For some reason, though, our credit card chips don’t require PIN numbers like they do overseas, so if anyone steals your card, they can make purchases for you. Apple and Google Pay, on the other hand, are locked behind the fingerprint sensor or face recognition on your device, adding an extra layer of security that credit cards don’t have. So even if someone were to steal your phone, they’d have a hard time using it for a Best Buy shopping spree. Oh, and if you lose your phone, you can turn your digital wallet off remotely with Find My iPhone and Google’s Find My Device.

An Engineer Gets 9 Years for Stealing $10M From Microsoft

A former Microsoft software engineer from Ukraine has been sentenced to nine years in prison for stealing more than $10 million in store credit from Microsoft’s online store. From 2016 to 2018, Volodymyr Kvashuk worked for Microsoft as a tester, placing mock online orders to make sure everything was working smoothly.

The software automatically prevented shipment of physical products to testers like Kvashuk. But in a crucial oversight, it didn’t block the purchase of virtual gift cards. So the 26-year-old Kvashuk discovered that he could use his test account to buy real store credit and then use the credit to buy real products.

At first, Kvashuk bought an Office subscription and a couple of graphics cards. But when no one objected to those small purchases, he grew much bolder. In late 2017 and early 2018, he stole millions of dollars worth of Microsoft store credit and resold it online for bitcoin, which he then cashed out using Coinbase.

US prosecutors say he netted at least $2.8 million, which he used to buy a $160,000 Tesla and a $1.6 million waterfront home (his proceeds were less than the value of the stolen credit because he had to sell at a steep discount).

Kvashuk made little effort to cover his tracks for his earliest purchases. But as his thefts got bigger, he took more precautions. He used test accounts that had been created by colleagues for later thefts. This was easy to do because the testers kept track of test account credentials in a shared online document. He used throwaway email addresses and began using a virtual private networking service.

Before cashing out the bitcoins, he sent them to a mixing service in an attempt to hide their origins. Kvashuk reported the bitcoin windfall to the IRS but claimed the bitcoins had been a gift from his father.

But the government’s complaint included quite a bit of evidence linking Kvashuk to the crime.

He sometimes used the same VPN connection—and hence the same IP address—to access different accounts, allowing investigators to draw connections between his known accounts and those used for later thefts. Device fingerprinting techniques also provided circumstantial evidence linking Kvashuk to the larger heists.

The feds also argued that the timing of Kvashuk’s sudden bitcoin wealth was suspicious. “The value of the bitcoin deposits to Kvashuk’s Coinbase account generally correlated with the value of the purchased and redeemed [Microsoft credit],” the government argued.

A jury found the government’s arguments convincing and convicted Kvashuk on several counts in February.

“Stealing from your employer is bad enough, but stealing and making it appear that your colleagues are to blame widens the damage beyond dollars and cents,” US attorney Brian Moran said in a press release. Kvashuk was convicted of “five counts of wire fraud, six counts of money laundering, two counts of aggravated identity theft, two counts of filing false tax returns, and one count each of mail fraud, access device fraud, and access to a protected computer in furtherance of fraud,” the government wrote.

Kvashuk has been ordered to pay $8.3 million in restitution, though it seems unlikely he’ll ever be able to do that. The government says he may be deported after serving his time in prison.

This story originally appeared on Ars Technica.

More Great WIRED Stories