Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Getty Images

Researchers have unpacked a major cybersecurity find—a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced.

The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows.

Exotic, yes. Rare, no.

On Monday, researchers from Kaspersky profiled CosmicStrand, the security firm’s name for a sophisticated UEFI rootkit that the company detected and obtained through its antivirus software. The find is among only a handful of such UEFI threats known to have been used in the wild. Until recently, researchers assumed that the technical demands required to develop UEFI malware of this caliber put it out of reach of most threat actors. Now, with Kaspersky attributing CosmicStrand to an unknown Chinese-speaking hacking group with possible ties to cryptominer malware, this type of malware may not be so rare after all.

“The most striking aspect of this report is that this UEFI implant seems to have been used in the wild since the end of 2016—long before UEFI attacks started being publicly described,” Kaspersky researchers wrote. “This discovery begs a final question: If this is what the attackers were using back then, what are they using today?”

While researchers from fellow security firm Qihoo360 reported on an earlier variant of the rootkit in 2017, Kaspersky and most other Western-based security firms didn’t take notice. Kaspersky’s newer research describes in detail how the rootkit—found in firmware images of some Gigabyte or Asus motherboards—is able to hijack the boot process of infected machines. The technical underpinnings attest to the sophistication of the malware.

A rootkit is a piece of malware that runs in the deepest regions of the operating system it infects. It leverages this strategic position to hide information about its presence from the operating system itself. A bootkit, meanwhile, is malware that infects the boot process of a machine in order to persist on the system. The successor to legacy BIOS, UEFI is a technical standard defining how components can participate in the startup of an OS. It’s the most “recent” one, as it was introduced around 2006. Today, almost all devices support UEFI when it comes to the boot process. The key point here is that when we say something takes place at the UEFI level, it means that it happens when the computer is starting up, before the operating system has even been loaded. Whatever standard is being used during that process is only an implementation detail, and in 2022, it will almost always be UEFI anyway.

In an email, Kaspersky researcher Ivan Kwiatkowski wrote:

So a rootkit may or may not be a bootkit, depending on where it is installed on the victim’s machine. A bootkit may or may not be a rootkit, as long as it infected a component used for the system startup (but considering how low-level these usually are, bootkits will usually be rootkits). And firmware is one of the components which can be infected by bootkits, but there are others, too. CosmicStrand happens to be all of these at the same time: It has the stealthy rootkit capabilities and infects the boot process through malicious patching of the firmware image of motherboards.

The workflow of CosmicStrand consists of setting “hooks” at carefully selected points in the boot process. Hooks are modifications to the normal execution flow. They usually come in the form of additional code developed by the attacker, but in some cases, a legitimate user may inject code before or after a particular function to bring about new functionality.

The CosmicStrand workflow looks like this:

  • The initial infected firmware bootstraps the whole chain.
  • The malware sets up a malicious hook in the boot manager, allowing it to modify Windows’ kernel loader before it is executed.
  • By tampering with the OS loader, the attackers are able to set up another hook in a function of the Windows kernel.
  • When that function is later called during the normal startup procedure of the OS, the malware takes control of the execution flow one last time.
  • It deploys a shellcode in memory and contacts the C2 server to retrieve the actual malicious payload to run on the victim’s machine.

Nomatic Navigator Sling 10L review: the Goldilocks laptop sling bag

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

The Nomatic Navigator Sling 10L is the exact size needed for a 14-inch MacBook Pro and everything someone would want in an everyday carry laptop bag.

When Nomatic first announced the 10L Sling, we were excited by the prospect of a simple bag sized between the 15L and 6L bags we previously reviewed. However, the 10L Sling quickly sold out and was only meant to be a limited edition item.

Nomatic noted the high demand for the bag, so after some time, the company finally put the Navigator 10L Sling back on sale as a permanent fixture in its online store. Because of that span of time, we were able to use Nomatic’s bag for much longer than other review items and have grown to like this middle-of-the-road bag.

Nomatic Navigator Sling 10L design

The build and materials are identical to the rest of the Nomatic Navigator line. There is a small front pocket and a single main compartment.

The front pocket is a simple quick access pocket for flat items like an iPad mini or notebook. A cable access port allows a charging cable to run to the quick access pocket to discreetly charge your tablet or phone.

The Nomatic Navigator line are similarly designed big to small

The Nomatic Navigator line are similarly designed big to small

The main compartment has a large laptop sleeve rated for 13-inch laptops, but our 14-inch MacBook Pro fits without issue. There are five pockets in the main compartment, two pen holders, and the open space of the bag itself.

A zipper outside the bag hides a mesh water bottle pocket. The water bottle pocket hides away and keeps the bag’s silhouette clean when not used.

Since this is a sling, it only has one strap. A stabilizer strap resides in a hidden compartment that can be used to keep the bag steady when walking or riding a bike.

The strap also has a small card holder perfect for keeping an ID and credit card readily accessible. This is handy if your wallet is stored in the bag or if your pants lack pockets.

Using the Nomatic Sling 10L

We have used the Navigator 15L backpack, which can expand up to 21L of space, and the Navigator 6L Sling. The larger backpack proved great for extended travel, while the smaller sling was an excellent companion to our iPad Air.

However, the significant difference in size between the two left us wanting for the best of both bags.

The Nomatic 6L Sling and 15L Backpack were both too big and too small for what we wanted

The Nomatic 6L Sling and 15L Backpack were both too big and too small for what we wanted

That’s where the Navigator 10L Sling fits in — a perfect middle ground of portability and sizable storage. This was the commuting bag we were looking for, as it was just right for a laptop, tablet, chargers, headphones, and a few other items while keeping things incredibly slim and light.

The key to a small everyday carry bag is having gear that minimizes what you need. We packed the Navigator Sling with a handful of items we’d want handy when working at a cafe or friend’s house to see how much space was left over.

We didn’t take advantage of the other two pockets, one being an RFID-protected sleeve for passports or other IDs. The other is a thin zip-up mesh pouch for adapters or other small items we don’t need because the rest of our gear provides everything we’d want.

The laptop sleeve held our 14-inch MacBook Pro. It was snug, showing that the sleeve was built with smaller notebooks in mind, but it still fit without stressing the bag or laptop.

The Nomatic Navigator 10L Sling is a good option for bare-minimum travel

The Nomatic Navigator 10L Sling is a good option for bare-minimum travel

Our iPad mini 6 slid into the front pocket without issue, and we could easily run a cable from the battery pack for charging if we wished. The water bottle pocket could also easily accommodate our favorite water bottle.

Packed this way, it is a comfortable weight without stressing any compartment or pocket. We’ve also tested using this bag with an iPad Pro in a Magic Keyboard along with several accessories and a dock for a portable iPad workstation.

The bag doesn’t hold everything in our office but isn’t meant to. We love that even after packing all these devices, it remained thin, relatively light, balanced, and didn’t bulge.

The Nomatic Navigator 10L Sling is comfortable to wear even with a full bag, and the weight felt distributed evenly. The strap has plenty of play for a snug fit or loose droop, depending on how you want to carry it.

Should you buy the Nomatic Sling 10L

The Nomatic Sling 10L fits a very specific niche. We’d easily recommend this to anyone looking for a durable, slim laptop bag capable of carrying the bare necessities for remote work.

Even with everything we need for a day out, there's still some space

Even with everything we need for a day out, there’s still some space

If you’re looking for something to carry a laptop, multiple tablets, notebooks, headphones, and a bundle of charging cables, you’d be better off looking at Nomatic’s Navigator 15L backpack.

The key to using the Nomatic Sling 10L is self-control. Learn what you need and take only that, and you’ll find this the perfect bag for your small MacBook.

  • Slim design, water-resistant material
  • Perfect compromise between size and storage
  • Comfortable to wear and well-balanced
  • Material is easily scuffed
  • No option for a 10L backpack, sling strap may be a no-go for some

Rating: 4.5 out of 5

Scoring a bag that fits within a specific niche is difficult. We believe this is the perfect bag for those looking for a compact laptop bag with little room for improvement. However, it may be too cramped for some users, and the sling strap may be less desirable than backpack straps.

Where to buy the Nomatic Sling 10L

Nomatic carries two finishes of the bag. We tested the Black model, but there’s a camouflage “Tiger Stripe” option too.

If you’re interested in a Nomatic bag, but want something more hefty, the Nomatic Navigator 15L backpack is $249.99 on Amazon.

Solana Labs Is Making a Phone, and It’s Going to Revolutionize Web3

  • Solana Labs just announced it’s building a web3 native cellphone. 
  • Solana founder Anatoly Yakovenko says the phone is the first step to creating a better mobile web3. 
  • 5 crypto vets share their thoughts on how the phone could impact solana’s price & the crypto market.

Solana has gone where no crypto has ever gone before, and created a cellphone

This bold step has sent shockwaves throughout the crypto industry, with many wondering if Solana Labs — the company behind the solana cryptocurrency — actually plans to compete with tech behemoths like Samsung and Apple. 

Insider spoke with several crypto experts, ranging from the founder of solana to skeptical crypto analysts, who shared their thoughts on the solana phone and what it means for the future of cryptocurrency.

Solana’s phone gamble

Up until now, crypto innovation has largely been limited to software.

While there have been some physical innovations — like more energy efficient mining and better hard wallets to protect your crypto — most crypto projects are focused on building out different ways to utilize the blockchain, as in the case of DeFi or NFTs.

While the new phone, which is called the Saga, will run on the Android platform when it’s released in early 2023, it’s the Solana Mobile Stack (SMS) that really brings a web3 experience to the mobile phone market. 

The SMS is an Android-based developer’s tool kit for building web3 apps and software that comes complete with a decentralized app store — positioning itself as an open-source alternative to Apple’s App Store and the Google Play Store.

Solana founder Anatoly Yakovenko shared his thoughts on what he wants to see from the Solana Mobile Stack.

“The real thing that we really want to unlock is the ability for developers to build these next generation, really tightly integrated applications that are delightful for users to use in web3,” Yakovenko said.

He continued: “The wallet can be tighter, and integrated into things like tap-to-pay. Having a web3 app store is necessary because the way that true digitally owned items work is very different from how you buy a movie on Amazon.” 

In other words, when you purchase a copy of a movie on your phone, you don’t suddenly own the licensing rights to that movie — you’re just getting a digital copy of the film. Whereas when you buy a Bored Ape NFT, full ownership and licensing of that NFT is transferred from seller to buyer during the sale.

Right now digital ownership on mobile phones is broadly limited to purchasing in-app goods from the Apple App Store or Google Play Store, both of which take a huge chunk of sales from publishers in the form of fees, and both of which retain complete control over the apps on their platforms.

But a web3-first system like the SMS could shift the narrative away from walled gardens owned by Apple and Google and towards the sort of self-custody that crypto enthusiasts love.

Reasons to be bullish about solana cell phone

As real world use cases for NFTs continue to grow, a solana phone could be seminal for solana’s adoption across the crypto ecosystem.

“We’re particularly excited about the solana phone’s launch because of its potential to further integrate NFTs into our everyday lives in both digital and in-real life spaces,” Magic Eden founder Jack Lu told Insider.  

He continued: “The more NFTs become integrated, the more expansive their use cases will become — which will bolster the broader growth of the NFT ecosystem.”

Right now, NFTs are limited to primarily profile pictures; however, NFT believers think that its use cases could expand much further. For example, real estate or music ownership could be transferred as NFTs.

Caseem Ward, an advisor to crypto media company Light Node, expressed optimism about both the phone’s future and the impact it would have on the price of the solana cryptocurrency. 

“Solana Mobile Stack has a chance to become the iOS or android of web3,” Ward said. “Most of the world is using mobile devices — integrating native web3 will make the experience seamless, expediting our arrival to widespread mass adoption. Solana’s commitment to build full steam ahead in this market downturn especially with this new focus on a mobile Web3 experience will translate into billions of added value to solana’s market cap.”

Causes for caution about solana’s phone

But not everyone is bullish about the prospect of a solana phone — even solana supporters. 

Grit Trakulhoon, an investor at Andreeson-Horowtiz-backed investment platform Titan Invest, expressed mixed thoughts about the phone’s potential success. 

“There are two main endeavors: software — Solana Mobile Stack (SMS): A toolkit enabling developers to build web3 mobile applications, and Hardware — Solana Saga: A new android mobile phone with full integration with SMS,” Trakulhoon said. 

He elaborated: “From a software perspective — the platform / software developer kit (SDK) — it seems to make sense. However, hardware (the phone) is a different beast and the barrier to entry is huge. So it’s unclear whether they will succeed, but I am rooting for them.”

Right now the smartphone market is dominated by Apple and Samsung, who combined consistently make up well over 50% of the market share of phones sold around the globe. Moreover, even tech titans like Google have struggled to create phones that can compete with the mobile phone market incumbents. 

Matt Batsinelas, a partner at Triblock, shared Trakulhoon’s sentiment. 

“While I’m bullish on the solana blockchain and other projects that solana has incubated, I don’t see a viable path for a crypto native mobile device to compete with Apple and Google,” Batsinelas said. 

He continued: “The SDK could be a powerful gateway for developers to reach mobile users, but building a mobile phone is not solana’s core competency and there are likely better ways for Solana Labs to incentivize mobile development.”

Yakovenko told Insider how he would define success for the solana phone. 

“Selling a lot of phones is like a dream, but we don’t need to sell a lot of phones to succeed,” Yakovenko said. “There’s multiple ways that we win. One of those is that we prove out that these business models are scalable. You can actually have web3 mobile experiences without the way that the app store works today in a fair way that is still growing and economically sustainable.”

“The app stores are such a pain in the butt for developers, that if we have 50,000 dedicated web3 users that are active — with a web3 friendly app store — that’s a better distribution channel for devs than the big app stores are today,” Yakovenko concluded. 

Apple partnerships are helping build new homes and new starts in communities across California

Newly found Lightning Framework offers a plethora of Linux hacking capabilities

A stylized skull and crossbones made out of ones and zeroes.

The software framework has become essential to developing almost all complex software these days. The Django Web framework, for instance, bundles all the libraries, image files, and other components needed to quickly build and deploy web apps, making it a mainstay at companies like Google, Spotify, and Pinterest. Frameworks provide a platform that performs common functions like logging and authentication shared across an app ecosystem.

Last week, researchers from security firm Intezer revealed the Lightning Framework, a modular malware framework for Linux that has gone undocumented until now. Lightning Framework is post-exploit malware, meaning it gets installed after an attacker has already gained access to a targeted machine. Once installed, it can provide some of the same efficiencies and speed to Linux compromises that Django provides for web development.

“It is rare to see such an intricate framework developed for targeting Linux systems,” Ryan Robinson, a security researcher at Intezer, wrote in a post. “Lightning is a modular framework we discovered that has a plethora of capabilities, and the ability to install multiple types of rootkit, as well as the capability to run plugins.”


Lightning consists of a downloader named Lightning.Downloader and a core module named Lightning.Core. They connect to a designated command and control server to download software and receive commands, respectively. Users can then run any of at least seven modules that do all kinds of other nefarious things. Capabilities include both passive and active communications with the threat actor, including opening a secure shell on the infected machine and a polymorphic malleable command.

The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and support for connecting to command and control servers that use malleable profiles. Malware frameworks have existed for years, but there aren’t many that provide so much comprehensive support for the hacking of Linux machines.

In an email, Robinson said Intezer found the malware on VirusTotal. He wrote:

The entity that submitted it appears to be related to a Chinese manufacturing organisation that makes small motor appliances. We found this based on other submissions from the same submitter. I fingerprinted the server that we used to identify the company and they were indeed using Centos (which the malware was compiled for). But this still is not solid enough to conclude that they were the targets or infected with the malware. We have not learned anything new since the publication. The ideal thing which we hope to find is one of the encrypted malleable C2 configuration profiles. It would give us network IOCs to perform pivoting off.

Intezer was able to obtain parts of the framework but not everything. From the files the company researchers were able to analyze, they could infer the presence of other modules. The company provided the following overview:

Name Name on Disk Description
Lightning.Downloader kbioset The persistent module that downloads the core module and its plugins
Lightning.Core kkdmflush The main module of the Lightning Framework
Linux.Plugin.Lightning.SsHijacker soss There is a reference to this module but no sample found in the wild yet.
Linux.Plugin.Lightning.Sshd sshod OpenSSH with hardcoded private and host keys
Linux.Plugin.Lightning.Nethogs nethoogs There is a reference to this module but no sample found in the wild yet. Presumably the software Nethogs
Linux.Plugin.Lightning.iftop iftoop There is a reference to this module but no sample found in the wild yet. Presumably the software iftop
Linux.Plugin.Lightning.iptraf iptraof There is a reference to this module but no sample found in the wild yet. Presumably the software IPTraf
Linux.Plugin.RootkieHide There is a reference to this module but no sample found in the wild yet. LD_PRELOAD Rootkit
Linux.Plugin.Kernel elastisearch.ko There is a reference to this module but no sample found in the wild yet. LKM Rootkit

So far there are no known instances of the Lightning Framework being actively used in the wild. Then again, given the abundance of available capabilities, state-of-the-art stealth is undoubtedly part of the package.

Lomi review: A great countertop composter — if you’ve got the space for it

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Pela’s countertop composter Lomi brings the eco-friendly practice of composting out of the backyard and into your home.

Lomi is a countertop composter for disposing of food waste, which also promises to keep your houseplants happy and reduce your carbon footprint. It was designed by Pela, a producer of a biodegradable line of phone cases and accessories for the iPhone and other Apple devices.

Why you shouldn’t throw your food waste into the garbage

Before we get started, let’s address the number one problem Lomi wants to solve: food waste.

Most people are under the assumption that food waste is pretty safe to throw away. After all, organic material decomposes — famously so. We’ve all forgotten a banana on the counter at least once.

Believe it or not, food waste doesn’t always break down in landfills, and when it does, it doesn’t always do so in the best way possible.

Landfills are anaerobic environments, ecosystems that don’t have enough oxygen to undergo the “normal” biodegrading process.

When organic materials — especially food and yard waste — are thrown into the landfill, they are quickly buried by layers of other garbage. Then, starved of oxygen and light, much of the organic material festers.

When it does finally decompose, it off-gasses methane. While some landfill facilities have begun capturing methane to create electricity, many have not.

Composting food scraps, on the other hand, is significantly better for the environment. Traditionally, composting requires a mixture of nitrogen-rich (“green”) waste and carbon-rich (“brown”) waste, which then breaks down over time into a nutrient-dense material that you can use to supplement your garden.

Typically, this is done in open-air piles, regularly watered, and then turned with a pitchfork or shovel to help provide oxygen and evenly distribute heat. It’s a labor-intensive process, but it significantly benefits the environment and the person maintaining the compost pile.

But, not everyone can maintain a compost pile — and that’s where Lomi comes in.

What Lomi is

Lomi is a “countertop composter.” Countertop composters are machines designed to simulate the early stages of composting.

What we like best about Lomi is that it is designed with users in mind and is extremely easy to use.

To use Lomi, you open the lid, dump your organic scraps inside Lomi’s bucket, press a button, and walk away.

Lomi's bucket

Lomi’s bucket

It then grinds the scraps and adds a bit of heat, which helps to jump-start the composting process. The process takes between 3 and twenty hours to complete, and what comes out depends on what you throw in and what mode you use.

Additionally, Lomi also looks better than most countertop composters. Its contemporary design is friendly and could easily be mistaken for a humidifier or similar home appliance.

Setting up Lomi

Setting up Lomi is extremely easy. All you’ll need to do is pop open the two filter chambers, fill them with activated charcoal pellets, and put them back in.

Lomi's filters must be filled with activated charcoal pellets every three to four months

Lomi’s filters must be filled with activated charcoal pellets every three to four months

After that, Lomi encourages you to toss the biodegradable plastic bags that held the charcoal into your first cycle.

Depending on use, the charcoal will need to be replaced every three to four months. Pela sells a subscription that will send you the pellets. While that is handy, we’d like to point out that it’s the same charcoal pellets used in aquarium tanks, so you can find it cheaper elsewhere.

What can and can’t go into Lomi

Many things can go into Lomi, and Pela has created a list of stuff you can chuck inside.

  • Fruit and vegetables*
  • Coffee grounds
  • Eggshells
  • Meat scraps*
  • Rinds and peels*
  • Yard and houseplant trimmings
  • Lomi approved bioplastics, paper products, and packaging
  • * Provided they follow Lomi’s guidelines for individual items.

What should never go into Lomi

  • Dairy products, like cheese, yogurt, milk
  • Chemical-treated plants or yard trimmings
  • Wax paper, glossy paper
  • Diapers
  • Animal feces
Our first batch of compost was a mix of kitchen scraps and houseplant trimmngs

Our first batch of compost was a mix of kitchen scraps and houseplant trimmngs

We will note that Pela seems torn on whether or not you can compost meat in Lomi. Sometimes Pela says it’s okay, but other times, it doesn’t.

To air on the safe side, we suggest not chucking meat into Lomi if you plan on using it for your indoor potted plants.

What comes out

Now’s a great time to talk about what comes out of Lomi after it runs a cycle. Lomi has three different cycles you can choose from, each resulting in a different type of end-product.

Eco Mode: This quick mode is designed to create a material perfect for chucking into your backyard compost pile or green waste bin. Unfortunately, it’s not appropriate for adding to your houseplants, as it hasn’t been broken down enough and doesn’t contain enough microbes.

Grow Mode: A longer, more energy-intensive mode that uses a Lomi Pod — a compost probiotic of sorts — to create nutrient-rich dirt that you can add to your plants at a 1-to-10 ratio. You can also dispose of it in your compost pile or green waste bin.

Lomi-Approved Mode: Lomi allows you to break down approved bioplastics, paper products, and compostable packaging. This includes Pela phone cases and Pela Apple Watch bands! The end-product of this cycle is perfect for chucking into your green waste bin or household garbage.

How well it works

Lomi works pretty well for what it is. However, we were surprised by how quiet Lomi was, even when it dealt with hard objects like corn cobs.

Our first batch of soon-to-be compost included avocado skins, pepper trimmings, fallen orchid blooms, golden pothos trimmings, grape stems, some old coconut coir from a repotted plant, and the occasional plate scrapings.

After a few hours, Lomi created a pile of

After a few hours, Lomi created a pile of “dirt” that is ready to toss in a green waste bin — or into your back yard!

It consisted of about three days worth of Lomi-approved materials. Larger households will probably fill up a Lomi at least once a day.

Perhaps the best part about Lomi is its hands-off nature, as it’s essentially a set-and-forget device. Once you throw your food scraps into it, you can hit the button and walk away.

When you return, Lomi will have made quick work of your organic material, leaving behind a brown, mulch-like substance.

We were very impressed with how well Lomi manages odors. The carbon filter helps filter out smells while running, and for the most part, it didn’t even get particularly gross while we dumped scraps in throughout the day.

Of course, if you leave food scraps in there for a few days, it will smell pretty gross whenever you open it up. There’s a better solution for that, though.

If we know we’re going to take a little while before we fill Lomi’s bucket up enough to run a cycle, we store our food scraps in the freezer — make sure to let them defrost inside of Lomi for a while before you run a cycle.

What comes out of Lomi doesn’t smell bad at all. Instead, it smells mostly like organic matter. Our first batch smelled mostly like mulch and a little like vegetable soup, and the second batch smelled faintly of bananas.

Is it really compost?

The material that comes out of Lomi isn’t the same material you’d get from a traditional compost pile. Instead, it’s more of immature compost, with significant decomposing left before it becomes mature.

That’s why Lomi recommends mixing it in a 1-to-10 part ratio, one part Lomi dirt to 10 parts soil, to help feed your plants. Lomi’s dirt will continue to break down as you water your plants, releasing nutrients into the soil.

Mixing it in higher ratios can damage your plants, just like any other fertilizer.

If you want to age the end-product, many folks have found that you can mix it with soil and leave it to age somewhere that gets moderate sunlight. Because it’s already been ground up in the machine, Lomi’s dirt breaks down in a compost pile, bin, or bucket very quickly — a couple of weeks compared to an entire season for traditional compost.

Who Lomi is for

Lomi is designed to help reduce food waste for people who do not have access to community-supported composting programs or for those who may not be able to maintain a traditional compost pile.

While this seems like it would be explicitly for apartment dwellers — which certainly is Lomi’s core demographic — it’s not just smaller living spaces

For example, we don’t live in an area with a community-supported composting program. We don’t even have a green waste program at all — the city expects you to dispose of your food in the garbage and your yard waste out of your pocket should it not be able to fit in a garbage bag.

And while backyard composting isn’t explicitly banned here, there are some concerns with just throwing food waste on the ground. Cats in this area tend to be free range, we have a neighborhood groundhog, and there have been — on occasion — issues with bears.

So, yes, Lomi is targeted toward those who live in apartments, but it isn’t exclusively for those in apartments. Plenty of homeowners and plant lovers could get use out of Lomi as well.


There are a few drawbacks to Lomi that are worth taking stock of before purchasing one.

First, it’s not a small machine. Lomi has a substantial physical footprint, and if you’ve limited space in your home, Lomi may not fit. We couldn’t store Lomi on our countertop without sacrificing food prep space.

Fortunately, we’ve got other places where Lomi can live, which means it still fits into our lives pretty well. However, that may not be the case for apartment dwellers with limited space.

Next, Lomi does have to use electricity to do its job. Unlike a traditional compost pile, which is heated by the sun, Lomi needs to tap into the power grid.

As a result, Lomi has a larger carbon footprint than a traditional compost pile.

Pela packages the Lomi in 100% compostable packaging —  including the charcoal pellet bag!

Pela packages the Lomi in 100% compostable packaging — including the charcoal pellet bag!

In fact, Pela even tells people who can maintain a traditional compost pile to avoid Lomi altogether. After all — why spend $500 on something you could do for the cost of a pitchfork and some chicken wire?

Of course, food sent to landfills produces methane, a greenhouse gas, which isn’t ideal either.

Pela estimates that even if Lomi uses non-renewable energy, Lomi can prevent 200kg of carbon emissions per year generated by sending the food to a landfill — assuming that Lomi composts 365 kilograms of food waste per year. That’s about an 80% reduction in carbon emissions.

As a side note: if you’re worried about what Lomi costs to run, it’s not all that expensive. The US average electricity price hovers around 14 cents per kWh, meaning that a Lomi Grow Cycle should cost about 14 cents to run.

The Eco Mode only costs about 8 cents to run.

The only particularly frustrating thing about Lomi is that it isn’t quiet. Not the grinding — that’s pretty easy to ignore — but the beeping.

Pela jokes about this, stating that “Lomi likes to talk,” but we found the beeping to be a significant drawback to the unit.

It beeps. It beeps loudly. It beeps when you open it, it beeps when you close it, and it beeps when you press the buttons. Then, when it finishes its cycle, it beeps again.

If you spend a lot of time on calls for work, or if you have your bedroom — or your kids’ bedrooms — close to the kitchen, this is a significant problem. So should Pela release a Lomi 2.0, we’d like to see the ability to turn off the beeping.

Last, it’s not cheap. As stated above, Lomi costs $500, which may not be in the cards for many people.

Unfortunately, this is true of all countertop composters — and many non-electric composters, too.

Vitamix’s FoodCycler, a similar machine, retails for around $400 but doesn’t produce an end product that can be added directly to plants. You can’t refill the FoodCycler’s filters, and they’ll cost you $40 a pop.

We’re hoping that eventually, someone comes to market with a product in the $200 range, but until then, Lomi — and its countertop composting cousins — may only be for certain folks.

Hopes for future releases

Should Pela continue to iterate on Lomi, we’d like to see some app integration. Lomi is practically begging for it!

We’d love to have an app that offers a countdown until the cycle is finished, monitors filter health, and allows us to quickly check what items can and can’t be added in which modes.

Loud, counter-eating, but makes excellent dirt

Lomi is a great way to prevent your food waste from going to the landfill while providing you with a valuable end product. This is true whether you solely run it on eco-mode and dump the dirt into your compost pile or green waste bin or run it in grow-mode to supplement your plants.

While we don’t think it’s for everyone, we believe it’s still doing meaningful work. And, if you’re a plant parent, you really can’t beat having your own unlimited supply of plant-ready fertilizer.

Where to buy

If you’re in the market for a Lomi of your own, you can head to, Best Buy or Pela’s website. Lomi costs $500 and is often in short supply. We encourage those interested in Lomi to purchase one as soon as they are available, as they tend to go fast.

Rating: 3.5 out of 5 stars

  • Very easy to use
  • Creates nutrient-rich fertilizer for houseplants, gardens
  • Reduces food waste sent to the landfill
  • Minimal to no odor
  • Can be used to supplement yard-waste composting, especially leaf mold composting
  • Easy to clean and maintain
  • Loud, frequent beeping
  • Expensive to purchase
  • Large footprint makes it difficult to store
  • Lomi pods and charcoal are an additional expense

Global Music Mobile Apps Market Size, Share, Trends, CAGR by Technology, Key Players, Regions, Cost, Revenue and Forecast 2022 to 2028

Global  Music Mobile Apps  Market Size, Share, Trends, CAGR by Technology, Key Players, Regions, Cost, Revenue and Forecast 2022 to 2028

The latest report on the Music Mobile Apps market is an exhaustive study of this business sphere. The report elaborately emphasizes on the market dynamics and outlines details pertaining to returns registered by the market over the forecast period, alongside the anticipated growth rate followed during the analysis timeframe.

The study meticulously unveils the Music Mobile Apps market and contains substantial details about the projections with respect to industry, renumeration forecast, sales graph, and growth prospects over the forecast timeline. Information focusing on the varied market segmentation, along with the important driving parameters which will influence the expansion graph of the industry is entailed in the report.

The Music Mobile Apps market with regards to the regional outlook:

  • The geographical landscape of the Music Mobile Apps market is thoroughly analyzed in the report, and is inclusive of regions like Americas, APAC, Europe, Middle East & Africa.
  • Major information pertaining to the sales amassed by all the regions and expected market share held by them is given.
  • The report delivers insights about the revenue share contributed by each region as well as the growth rate registered by each geography over the analysis period.

Request Sample Copy of this Report @

Other takeaways from the report on the Music Mobile Apps market:

  • The competitive framework of the Music Mobile Apps industry is scrutinized in the report, wherein this spectrum is defined by companies like Google Play Music Apple Music YouTube Music Spotify Shazam Amazon Music Idago Audiomack TuneIn Radio Soundcloud Pandora Tidal Netease Cloud Music Napster Music By Region North America United States Canada Europe Germany France UK Italy Russia Nordic Countries Rest of Europe Asia-Pacific China Japan South Korea Southeast Asia India Australia Rest of Asia Latin America Mexico Brazil Rest of Latin America Middle East & Africa Turkey Saudi Arabia UAE Rest of MEA.
  • An overview of product developed by the market behemoths, alongside the product application scope is presented in the report.
  • Details regarding the current market position and sales garnered over the forecast timeline, along with company profile for each market leader are outlined.
  • Pricing models, profit returns, as well as industry share held by each contender are elucidated in the report.
  • As per the report, the product terrain of the Music Mobile Apps market is comprised of Free and Subscription.
  • Insights pertaining to the industry share accounted for, sales accrued, and revenue generated by each product segment during the forecast timeframe are encompassed in the report.
  • The report comprehensively analyzes the application spectrum of the Music Mobile Apps market. According to research, the application scope is split into Andrio , IOS ,By Company , Google Play Music , Apple Music , YouTube Music , Spotify , Shazam , Amazon Music , Idago , Audiomack , TuneIn Radio , Soundcloud , Pandora , Tidal , Netease Cloud Music , Napster Music ,By Region , North America , United States , Canada , Europe and Ger.
  • Information with respect to industry share registered by each application segment and the renumeration accounted for as well as sales volume is depicted in the report.
  • The study emphasizes on myriad aspects of the business space like competition trends and concentration rate.
  • The report further elaborates on the marketing channels established by various industry players.


Request Customization for This Report @

Apple Brompton Road opens July 28 in London

How Tor is fighting—and beating—Russian censorship

How Tor is fighting—and beating—Russian censorship

For years, the anonymity service Tor has been the best way to stay private online and dodge web censorship. Much to the ire of governments and law enforcement agencies, Tor encrypts your web traffic and sends it through a chain of computers, making it very hard for people to track you online. Authoritarian governments see it as a particular threat to their longevity, and in recent months, Russia has stepped up its long-term ambition to block Tor—although not without a fight.

In December 2021, Russia’s media regulator, Roskomnadzor, enacted a 4-year-old court order that allows it to order Internet service providers (ISPs) to block the Tor Project website, where the Tor Browser can be downloaded, and restrict access to its services. Since then, censors have been locked in a battle with Tor’s technical team and users in Russia, who are pushing to keep the Tor network online and allow people to access the uncensored web, which is otherwise heavily restricted in the country.

Russia’s efforts to block Tor come in two flavors: the technical and the political. So far, Tor has had some success on both fronts. It has found ways to avoid Russian blocking efforts, and this month, it was removed from Russia’s list of blocked websites following a legal challenge. (Although this doesn’t mean blocking efforts will instantly end.)

“We are being attacked by the Russian government, they are trying to block Tor,” says Gustavo Gus, community team lead of the Tor Project. The past few months have seen Russian officials adapt their tactics, Gus says, while the Tor Project’s anti-censorship engineers have successfully launched updates to stop its services from being blocked. “The fight is not over,” Gus says. “People can connect to Tor. People can easily bypass censorship.”

In Russia, the Internet infrastructure is relatively decentralized: ISPs can receive blocking orders from Roskomnadzor, but it’s up to individual companies to implement them. (China is the only country to have effectively blocked Tor, which was possible due to more centralized Internet control). While Russian authorities have been installing new equipment that uses deep packet inspection to monitor and block online services, the effectiveness of these blocks is mixed.

“The censorship that’s happening in Russia is not constant and uniform,” Gus says. Gus explains that because of different ISPs, Tor may be blocked for some people but not others, even those in the same city. Both Tor’s metrics and external analysis appear to show the dwindling effectiveness of Russian censorship.

Tor’s data shows that since the end of 2021 there has been a big drop in the number of people directly connecting to Tor in Russia. However, people are able to connect to its services using volunteer-run bridges—entry points to the network that can’t easily be blocked, as their details aren’t public—and Tor’s anti-censorship tool Snowflake. External data from the Internet monitoring group Open Observatory of Network Interference shows a big rise in people in Russia accessing Tor using Snowflake.

Since the start of Russia’s war with Ukraine in February, Russian officials have introduced a slurry of new laws to control the Internet and have clamped down on civil society groups. Natalia Krapiva, tech legal counsel at NGO Access Now, says Russia blocking Tor is part of larger efforts to control people’s access to information, such as the Kremlin’s VPN clampdown. “Russia is trying to eliminate any possible sources of truthful alternative information about the war and about what is going on in Russia internally,” Krapiva says. This feeds into a “chilling effect,” where people change their behavior or self-censor. “Certain measures, even if they don’t directly block or censor, create this fear of retaliation and fear of consequences coming later on.”

There have been two major incidents against Tor’s Snowflake, Gus says. The first, in December, was fixed within 10 days. The second, in May of this year, was also patched shortly after it was discovered. “They were blocking Snowflake in different ways,” Gus says. These attacks against Snowflake often involve fingerprinting, which uses small details about browsers and Internet connections to try to uniquely identify the technology that someone is using. For instance, the number of times a browser connects with an external source may make it stand out from other browsers. If Snowflake can be identified, it is easier to block.

Latest VMWare Fusion tech preview brings Windows 11 to Apple Silicon Macs

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

VMWare has announced that its upcoming update to VMWare Fusion will bring Windows 11 support to both Intel-based and Apple Silicon machines.

Although ARM versions of Windows itself aren’t available on Macs with M1 or M2 chips, users will be able to download and use Windows 11 on Apple Silicon Macs using the VMWare Fusion virtualization software.

The latest update to VMWare Fusion is now available to test out as a free technology preview on the company’s website.

VMWare says that it’s looking for user feedback as it “irons out kinks” and prepares for more formal support later in 2022.

“It’s here,” the company wrote. “While it is a little early, and things on Apple silicon don’t always behave like we’re used to on Intel, we’re thrilled to be able to share the work we’ve been doing to prepare support for Windows 11 virtual machines on Fusion, for both Intel and Apple silicon Macs.”

Along with Windows 11 support on Apple Silicon machines, the new tech preview also includes VMtools installation for Windows 11 on M1, improved Linux support on M1, 3D Graphics HW Acceleration and OpenGL 4.3 in Linux VMs, and more.

The company does note, however, that VMWare Fusion is still a work in progress on Apple Silicon Macs, and there are some limitations to the support. Fusion won’t support VMs running across different architectures, for example. Also, users can’t currently create macOS-based virtual machines, though VMWare is looking into that for the future.