InchBlog

Never put off the work till tomorrow what you can put off today.

What Is a Supply Chain Attack? — 05/31/2021

What Is a Supply Chain Attack?

Cybersecurity truisms have long been described in simple terms of trust: Beware email attachments from unfamiliar sources, and don’t hand over credentials to a fraudulent website. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: What if the legitimate hardware and software that makes up your network has been compromised at the source?

That insidious and increasingly common form of hacking is known as a “supply chain attack,” a technique in which an adversary slips malicious code or even a malicious component into a trusted piece of software or hardware. By compromising a single supplier, spies or saboteurs can hijack its distribution systems to turn any application they sell, any software update they push out, even the physical equipment they ship to customers, into Trojan horses. With one well-placed intrusion, they can create a springboard to the networks of a supplier’s customers—sometimes numbering hundreds or even thousands of victims.

“Supply chain attacks are scary because they’re really hard to deal with, and because they make it clear you’re trusting a whole ecology,” says Nick Weaver, a security researcher at UC Berkeley’s International Computer Science Institute. “You’re trusting every vendor whose code is on your machine, and you’re trusting every vendor’s vendor.”

The severity of the supply chain threat was demonstrated on a massive scale last December, when it was revealed that Russian hackers—later identified as working for the country’s foreign intelligence service, known as the SVR—had hacked the software firm SolarWinds and planted malicious code in its IT management tool Orion, allowing access to as many as 18,000 networks that used that application around the world. The SVR used that foothold to burrow deep into the networks of at least nine US federal agencies, including NASA, the State Department, the Department of Defense, and the Department of Justice.

But as shocking as that spy operation was, SolarWinds wasn’t unique. Serious supply chain attacks have hit companies around the world for years, both before and since Russia’s audacious campaign. Just last month, it was revealed that hackers had compromised a software development tool sold by a firm called CodeCov that gave the hackers access to hundreds of victims’ networks. A Chinese hacking group known as Barium carried out at least six supply chain attacks over the past five years, hiding malicious code in the software of computer maker Asus and in the hard-drive cleanup application CCleaner. In 2017 the Russian hackers known as Sandworm, part of the country’s GRU military intelligence service, hijacked the software updates of the Ukrainian accounting software MEDoc and used it to push out self-spreading, destructive code known as NotPetya, which ultimately inflicted $10 billion in damage worldwide—the costliest cyberattack in history.

In fact, supply chain attacks were first demonstrated around four decades ago, when Ken Thompson, one of the creators of the Unix operating system, wanted to see if he could hide a backdoor in Unix’s login function. Thompson didn’t merely plant a piece of malicious code that granted him the ability to log into any system. He built a compiler—a tool for turning readable source code into a machine-readable, executable program—that secretly placed the backdoor in the function when it was compiled. Then he went a step further and corrupted the compiler that compiled the compiler, so that even the source code of the user’s compiler wouldn’t have any obvious signs of tampering. “The moral is obvious,” Thompson wrote in a lecture explaining his demonstration in 1984. “You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.)”

That theoretical trick—a kind of double supply chain attack that corrupts not only a widely used piece of software but the tools used to create it—has since become a reality too. In 2015, hackers distributed a fake version of XCode, a tool used to build iOS applications, that secretly planted malicious code in dozens of Chinese iPhone apps. And the technique appeared again in 2019, when China’s Barium hackers corrupted a version of the Microsoft Visual Studio compiler so that it let them hide malware in several video games.

The rise in supply chain attacks, Berkeley’s Weaver argues, may be due in part to improved defenses against more rudimentary assaults. Hackers have had to look for less easily protected points of ingress. And supply chain attacks also offer economies of scale; hack one software supplier and you can get access to hundreds of networks. “It’s partially that you want bang for your buck, and partially it’s just that supply chain attacks are indirect. Your actual targets are not who you’re attacking,” Weaver says. “If your actual targets are hard, this might be the weakest point to let you get into them.”

Preventing future supply chain attacks won’t be easy; there’s no simple way for companies to ensure that the software and hardware they buy hasn’t been corrupted. Hardware supply chain attacks, in which an adversary physically plants malicious code or components inside a piece of equipment, can be particularly hard to detect. While a bombshell report from Bloomberg in 2018 claimed that tiny spy chips had been hidden inside the SuperMicro motherboards used in servers inside Amazon and Apple data centers, all the companies involved vehemently denied the story—as did the NSA. But the classified leaks of Edward Snowden revealed that the NSA itself has hijacked shipments of Cisco routers and backdoored them for its own spying purposes.

The solution to supply chain attacks—on both software and hardware—is perhaps not so much technological as organizational, argues Beau Woods, a senior adviser to the Cybersecurity and Infrastructure Security Agency. Companies and government agencies need to know who their software and hardware suppliers are, vet them, hold them to certain standards. He compares that shift to how companies like Toyota seek to control and limit their supply chains to ensure reliability. The same now has to be done for cybersecurity. “They look to streamline the supply chain: fewer suppliers and higher-quality parts from those suppliers,” Woods says. “Software development and IT operations have in some ways been relearning those supply chain principles.”

The Biden White House’s cybersecurity executive order issued earlier this month may help. It sets new minimum security standards for any company that wants to sell software to federal agencies. But the same vetting is just as necessary across the private sector. And private companies—just as much as federal agencies—shouldn’t expect the epidemic of supply chain compromises to end any time soon, Woods says.

Ken Thompson may have been right in 1984 when he wrote that you can’t fully trust any code that you didn’t write yourself. But trusting code from suppliers you trust—and have vetted—may be the next best thing.


More Great WIRED Stories
Learn the basics of ethical hacking with this course bundle —

Learn the basics of ethical hacking with this course bundle

TL;DR: Get an intro to ethical hacking with the All-In-One 2021 Super-Sized Ethical Hacking Bundle. As of May 31, get this 18-course bundle for only $20 — a 99% discount.


If you’re considering a career change, ethical hacking is an innovative sector in high demand. Want to see if it’s something you’d enjoy? Learn the basics with this All-In-One 2021 Super-Sized Ethical Hacking Bundle.

This jam-packed training program features 18 courses and over 100 hours worth of content from top cybersecurity instructors, like ethical hacker Aleksa Tamburkovski, who boasts an instructor rating of 4.6 out of 5 stars; penetration tester Atul Tiwari, who has earned 4.2 out of 5 stars; and security consultant Gabriel Avramescu, who has earned 4.4. Designed for beginners, the courses help lay the groundwork for a potential ethical hacking career.

In this training, you’ll work your way through hands-on labs about hacking systems, networks, wireless, mobile, and websites. You’ll learn how to do network scanning, password hacking, encoding and decoding with Python, discover NMAP basic and advanced techniques, navigate Kali Linux internal tools and commands, use Burp to automate certain attacks, and so much more.

Each of the courses can be accessed via desktop or mobile, so you can work through them on your own time. Plus, you’ll get lifetime access, so you can return to the information whenever you want a refresher.

While the bundle is valued at over $3,000, you can score access to all 18 ethical hacking courses for only $20 for a limited time.

Learn about investing of all sorts with this course bundle on sale —

Learn about investing of all sorts with this course bundle on sale

TL;DR: Want to make money from trading cryptocurrency? Grab this Stock and Cryptocurrency Investment Toolkit Bundle on sale for $20 as of May 31.


If you want to learn more about investing, your weird uncle ranting about GameStop stock and Bitcoin when he’s had a few too many doesn’t really cut it. Get more reliable information from this comprehensive Stock and Cryptocurrency Investment Toolkit Bundle, which is on sale for $20 for a limited time.

Packed with 11 courses and nearly 55 hours of content, this bundle is great for novices and will help answer your most basic questions about investing without judgement — whether you’re interested in the stock market, cryptocurrency, real estate, or all three.

In one of the courses, a three-hour cryptocurrency beginner’s guide, you’ll learn the exact system the instructor, Jerry Banfield, uses to decide which altcoins to trust. Banfield is an entrepreneur, YouTube content creator, and Facebook gamer who’s earned millions from Bitcoin.

Besides Banfield, the instructors include Justin O’Brien, an entrepreneur and venture capitalist, and Chris Haroun, an award-winning business school professor and former Goldman Sachs employee who’s taught over a million students on Udemy alone, among others.

This complete bundle is valued at over $1,800 when courses are priced separately, but during this Memorial Day price drop, you can score all 11 courses for just $20

Xiaomi shows off phone that can charge to 100% in 8 minutes —

Xiaomi shows off phone that can charge to 100% in 8 minutes

Xiaomi’s at it again: The company’s new fast charging technology can get a smartphone from 0 to 100 percent battery in less than 8 minutes. 

The 200W wired charging tech, used on a modified Xiaomi MI 11 Pro with a 4,000mAh battery, gets the phone from 0-10% in just 44 seconds. The phone gets to 50% in 3 minutes, and it’s fully charged in 7:57 minutes. 

In a YouTube video (below), Xiaomi also showcased its 120W wireless charging tech, which gets a smartphone with a 4,000mAh battery from 0 to 100 percent battery in 15 minutes. 

Xiaomi’s been showcasing increasingly faster charging tech year after year. In October last year, the company showed off its 80W wireless charging tech which got a phone from 0 to 100 percent in 19 minutes. 

There’s no word on when, exactly, the new tech will make its way into a Xiaomi phone you can actually buy. For reference, the regular Xiaomi Mi 11 has 55 wired charging and 50W wireless charging. 

Increasingly faster charging is slowly being implemented in widely available smartphones, but there are limits as to how fast you can charge a battery, as more power means more generated heat and, potentially, quicker battery degradation. 

How to zoom out on an Apple Watch — 05/30/2021

How to zoom out on an Apple Watch

There are two types of Apple Watch users: Those who have the zoom feature turned on and those who have it turned off. 

If you’re the type who needs to see content up close, then you might find the Apple Watch’s display stuck on magnified mode at some point while using it. Don’t worry, getting back to full view is as simple as tapping on the display. 

Here’s how to zoom out on your Apple Watch display.

Double-tap with two fingers 

Double-tap to zoom in and double-tap to zoom out.

Double-tap to zoom in and double-tap to zoom out.

Image: apple / screenshot

You can zoom all the way out using the Digital Crown in Grid View.

You can zoom all the way out using the Digital Crown in Grid View.

Image: Apple / screenshot

Zooming out on the Apple Watch is as simple as zooming in — all you have to do is tap the display twice with two fingers. 

If you’re on the main display in Grid View (where all your apps are scattered across the screen), you can also rotate the Digital Crown counter-clockwise to zoom out even further.

How to adjust or disable zoom on Apple Watch

You can adjust the zoom level via Settings.

You can adjust the zoom level via Settings.

Image: apple / screenshot

You can also turn the feature off completely.

You can also turn the feature off completely.

Image: apple / screenshot

Zoom is also adjustable on the Apple Watch. Go to Settings > Accessibility > Zoom. At the bottom of the display is a slider that allows you to adjust the maximum zoom level. 

If you find yourself getting super annoyed at the functionality, you can turn the feature off. Simply go to Settings > Accessibility > Zoom and toggle it off. 

You can also adjust or disable Zoom using the Watch app on your iPhone.

You can also adjust or disable Zoom using the Watch app on your iPhone.

Image: screenshot / apple

You can also access both of these settings using your iPhone via the Watch app. Simply go to Settings > Accessibility > Zoom.

How to turn off location history in Google Maps —

How to turn off location history in Google Maps

Sometimes it feels a little creepy to open Google Maps and see a detailed list of the last few places I’ve been. I really wouldn’t want that information to fall into the wrong hands. 

Google gets it, which is why the company introduced a simplified way to turn off location history from within Google Maps Timeline. The feature is now live for Android users and Google says it plans to eventually bring it to iOS users as well.

Less tapping? Yes, please.

Less tapping? Yes, please.

Image: Screenshot: google

Google’s new “Location History” feature will show up as a simple toggle right on your Timeline interface. It’s a super convenient change, since you can now easily disable history without going anywhere else in the app. Previously, erasing your location history took several extra, unintuitive steps within the Maps app. 

Here’s how to turn off location history in Google Maps on your Android phone:

Open the Google Maps app > tap on your profile picture in the top-right corner > tap “Your Timeline” > toggle “Location History” off.

Protecting users’ privacy should always be this easy.

Apple’s M1 Chip Has a Fascinating Flaw —

Apple’s M1 Chip Has a Fascinating Flaw

Apple’s new M1 CPU has a flaw that creates a covert channel that two or more malicious apps—already installed—can use to transmit information to each other, a developer has found.

The surreptitious communication can occur without using computer memory, sockets, files, or any other operating system feature, developer Hector Martin said. The channel can bridge processes running as different users and under different privilege levels. These characteristics allow for the apps to exchange data in a way that can’t be detected—at least not without specialized equipment.

Martin said the flaw is mainly harmless, because it can’t be used to infect a Mac, and it can’t be used by exploits or malware to steal or tamper with data on a machine. It can only be abused by two or more malicious apps that have already been installed on a Mac through means unrelated to the M1 flaw.

Still, the bug, which Martin calls M1racles, meets the technical definition of a vulnerability. As such, it has come with its own vulnerability designation: CVE-2021-30747.

“It violates the OS security model,” Martin explained in a post published Wednesday. “You’re not supposed to be able to send data from one process to another secretly. And even if harmless in this case, you’re not supposed to be able to write to random CPU system registers from user space either.”

Other researchers with expertise in CPUs and other silicon-based security agreed with that assessment.

“The discovered bug cannot be used to infer information about any application on the system,” said Michael Schwartz, one of the researchers who helped discover the more serious Meltdown and Spectre vulnerabilities in Intel, AMD, and ARM CPUs. “It can only be used as a communication channel between two colluding (malicious) applications.”

He went on to elaborate:

The vulnerability is similar to an anonymous “post office box”; it allows the two applications to send messages to each other. This is more or less invisible to other applications, and there is no efficient way to prevent it. However, as no other application is using this “post office box,” no data or metadata of other applications is leaking. So there is the limitation that it can only be used as a communication channel between two applications running on macOS. However, there are already so many ways for applications to communicate (files, pipes, sockets, …) that one more channel doesn’t really impact the security negatively. Still, it is a bug that can be abused as an unintended communication channel, so I think it is fair to call it a vulnerability.

A covert channel might be of more consequence on iPhones, Martin said, because it could be used to bypass sandboxing that’s built into iOS apps. Under normal conditions, a malicious keyboard app has no means to leak key presses because such apps have no access to the internet. The covert channel could circumvent this protection by passing the key presses to another malicious app, which in turn would send it over the internet.

Even then, the chances that two apps would pass Apple’s review process and get installed on a target’s device are low indeed.

The flaw stems from a per-cluster system register in ARM CPUs that’s accessible by EL0, a mode that’s reserved for user applications and hence has limited system privileges. The register contains two bits that can be read or written to. This creates the covert channel, since the register can be accessed simultaneously by all cores in the cluster.

Martin wrote:

A malicious pair of cooperating processes may build a robust channel out of this two-bit state, by using a clock-and-data protocol (e.g., one side writes 1x to send data, the other side writes 00 to request the next bit). This allows the processes to exchange an arbitrary amount of data, bound only by CPU overhead. CPU core affinity APIs can be used to ensure that both processes are scheduled on the same CPU core cluster. A PoC demonstrating this approach to achieve high-speed, robust data transfer is available here. This approach, without much optimization, can achieve transfer rates of over 1MB/s (less with data redundancy).

Martin has provided a demo video here.

It’s not clear why the register was created, but Martin suspects that its access to EL0 was an error rather than intentional. There is no way to patch or fix the bug in existing chips. Users who are concerned about the flaw have no other recourse than to run the entire OS as a properly configured virtual machine. Because the VM will disable guest access to this register, the covert channel is killed. Unfortunately, this option has a serious performance penalty.

Martin stumbled on the flaw as he was using a tool called m1n1 in his capacity as the lead manager for Asahi Linux, a project that aims to port Linux to M1-based Macs. He initially thought the behavior was a proprietary feature, and as such, he openly discussed it in developer forums. He later learned that it was a bug that even Apple developers hadn’t known about.

Again, the vast majority of Mac users—probably higher than 99 percent—have no reason for concern. People with two or more malicious apps already installed on their machine have much bigger worries. The vulnerability is more notable for showing that chip flaws, technically known as errata, reside in virtually all CPUs, even new ones that have the benefit of learning from previous mistakes made in other architectures.

Apple didn’t respond to a request for comment, so it’s not yet clear if the company has plans to fix or mitigate the flaw in future generations of the CPU. For those interested in more technical details, Martin’s site provides a deep dive.

This story originally appeared on Ars Technica.


More Great WIRED Stories
Chair Simulator Is a Game About … Sitting —

Chair Simulator Is a Game About … Sitting

Over the weekend, I finished my first desktop gaming PC build, complete with an RTX 3080, a wicked-fast hard drive, and more RGB than is fully necessary. Once I was fully set up, I didn’t push Cyberpunk 2077‘s ray-tracing capabilities to the max. I didn’t delve into the world of overclocking. I didn’t even mine a single Satoshi. Rather, I mined Sit Points in Chair Simulator, a free Steam game that lives up to its name.

Chair Simulator is the latest drop from MSCHF, the viral pranksters known for such memes as the Jesus shoes (and subsequent Satan shoes), Finger on the App, and mounting a paintball gun on a Boston Dynamics Spot robot. The game is silly, senseless, and weirdly enjoyable—an embodiment of that specific sort of slap-happy, late-night sleepover energy. 

Everyone has heard of farming and immersive life simulators, but there are tons of strange sim games available on Steam. Goat Simulator and Microsoft Flight Simulator are two of the more well known options, but players can also simulate obscure, often mundane tasks like building a PC, power washing, and winemaking. Chair Simulator definitely falls into the latter category. 

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more.

Don’t Just Sit There

Starting a new game loads hilariously low-poly playable characters to choose from. The names are notable—choose from Dillion Francis, FaZe Jarvis, Corinna Kopf, Mr. Beast, and other MSCHF associates. (I played as Neekolul, who cheerily called me a boomer each time I sat.) Your goal is to sit, earn Sit Points, and purchase all 100 of the chairs. That’s it. That’s your only objective. Part relaxing, part aggravating, this game is exactly as weird as it sounds.

You earn Sit Points (SP) by—you guessed it—sitting. You’ll need to keep an eye on your discomfort meter, though. If it gets too high, you’ll earn points slower. Ignore it for much longer and you’ll die. Permanently. There are no save states. It’s like a lower-stakes Dark Souls

After sitting and standing and sitting again for more than half an hour of my actual life span on this planet, I navigated Neekolul to the only other environment in the game: an Ikea-like storefront offering labyrinthian showrooms full of chairs. I passed a beanbag (50 SP), a piano bench (200 SP), and dozens of other seating options. Then I stumbled upon the Iron Throne, priced at a whopping 800 SP. I knew what I had to do.

I walked back to my starter folding chair, and I sat, and I stood, and I let my discomfort meter reset, and I sat again. I upgraded to a slightly less uncomfortable chair—an Orgone option worth 450 SP—and started earning points faster. Finally, I accumulated enough to unlock the Iron Throne, and despite the lack of any tangible achievement, taking a seat made me feel like Daenerys. I actually exclaimed, “I got the Iron Throne!” in my living room at 3 am. Nobody was around to celebrate with me or to care. Nobody was around to witness the madness in my eyes as I decided to complete the rest of my meaningless furniture Pokédex. 

I kept sitting and standing, eventually purchasing a costly Eames lounge that earned 6 SP per second. I was on top of the low-poly world. A quick search lent me a cheat code and I WASD’d my way through the store, purchasing with abandon. After 90 minutes and a near miss with a lethal chair, I reached the absurd ending. It was funny but bittersweet. I wanted to keep sitting. 

Have Several Seats

Unsurprisingly, there are already YouTube videos of people speed-running Chair Simulator. It has very positive reviews on Steam, where it’s been trending off and on since it was first available to download. The game’s cheeky item descriptions and bizarre self-awareness made me laugh, but what I found most delightful were the parallels. There’s something unexpectedly funny about spending hours sitting in real life while playing a game where sitting is both the journey and the destination. 

My brother texted me upon seeing my Steam activity. “Louryn, what the heck is Chair Simulator?” I told him, “It’s exactly what it sounds like.”

Despite the lack of Steam achievements, story line, depth, and nearly every other hallmark of what makes a game good, I had a ton of fun playing Chair Simulator. Somehow, it’s the perfect distillation of gaming—it’s an obvious waste of time, and it isn’t disguised as anything other than that … which is exactly why it’s worth installing.


More Great WIRED Stories
The 9 Best Portable Grills You Can Buy —

The 9 Best Portable Grills You Can Buy

Summer is right around the corner. Maybe you’re preparing for a crazy, spit-swapping post-pandemic blast; maybe you’re just stepping, blinking, into the sun for the first time in a year. Either way, we have something that’ll make your summer better: a small, portable grill you can use to start something sizzling on a small apartment balcony, or to lug to the beach or pool. 

We’ve looked at full-size gas and charcoal grills before, but we also wanted to find the best ways to get your grill on wherever you are, whatever your living situation might be. We researched and tested a dozen new portable grills to see which can brat the best. Check out our other buying guides, like the Best Grilling Accessories, to get the most out of your purchase.

Updated May 2021: We added the Weber Traveler and Primus Kamoto and noted an upgrade to the BioLite FirePit.

Special offer for Gear readers: Get a 1-year subscription to WIRED for $5 ($25 off). This includes unlimited access to WIRED.com and our print magazine (if you’d like). Subscriptions help fund the work we do every day.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more. 

The Best Portable Charcoal Grill

Weber Jumbo Joe ($70)

Photograph: Weber

Of all the charcoal grills I tested, the Weber Jumbo Joe strikes the best balance of affordability, features, and ease of use. It’s big enough (18.5 inches in diameter) to smoke two racks of ribs or to fit burgers and corn for six people (admittedly, this was crowded), but small enough that you’ll still have room in the trunk for a cooler and camping supplies.

It’s one of the most versatile grills I tested. Grilling, barbecuing, smoking—you can do it all with ease. Thanks to its dual-vent system (one at the bottom, one at the top), you get the same fine-grained level of temperature control you’ll find in Weber’s full-size kettles.

It weighs 22 pounds and has a handle with a bar that fits over the top to keep the kettle and lid together for easy carrying. I tossed mine in the back of the car for trips to the lake and the park and it never tipped over. The ash catcher at the bottom makes cleaning less of a hassle by allowing you to dump the excess without removing the grill grates.

The Jumbo Joe has a considerable following on the internet. Fans have added thermometers, fastened knobs to make it easier to open and close vents, attached hanging ash cans, and come up with creative ways to cook taller items, like beer-can chicken.

It’s not perfect, though. No thermometer is included, and Weber does not make a storage cover for the Jumbo Joe. If you want to do any indirect-heat cooking, you’ll want to buy the hinged grill grate for $27 so you can feed in fresh fuel without removing the top grill, and the $20 charcoal basket is also useful. The KettlePizza add-on kit ($200) is fun, but way more expensive than the grill itself; there’s a cheaper basic version, but it’s currently out of stock.

Weber Jumbo Joe costs $75 at Amazon, Weber, and Home Depot

Smaller alternative: The Weber Smokey Joe Premium costs $38 at Amazon and $48 at Weber. This is our top pick for anyone who doesn’t need the larger Jumbo Joe. The downside is you lose the lower vent, which means less temperature control. That’s not a huge deal unless you’re slow-cooking. The Smokey Joe was also more difficult to clean. But if you want a smaller kettle, this is a good option.

Best Portable Propane Grill

Weber Q 1200 ($209)

Photograph: Weber

If flavor is your only criterion, I would argue that charcoal is superior to propane gas. But flavor is rarely the only factor. We don’t grill in beautiful meadows under a rainbow every day. Often, we grill after hours on a Friday while we’re also trying to set up a tent, inflate a mattress, and wrangle hungry children. And that’s when the convenience of propane trumps charcoal.

For those times, your best bet is the Weber Q 1200. It’s big enough for a family of four and strikes the best balance between ease of use and cooking performance. It has a thermometer and some side tables to hold your plates and tongs. It’s also a champ at keeping a constant, even heat in pretty much any weather conditions. A storm blew in one afternoon, but it just kept on cooking despite the high wind and rain.

It’s also good at minimizing flare-ups. To test this I marinated some chicken in lemon juice and olive oil and laid it on the grills. Every grill flared somewhat, but the Q 1200 (and the Coleman below) have heavy enameled cast-iron grates that are closed over the burners, which helps keep the flaring under control.

The main downside is its weight. It may be totally unfazed by weather, but it’s heavy at 30 pounds. The $95 wheeled stand is worth a look if you plan to transport it a lot. (Also be sure to check out the new Weber Traveler below.) Other nice accessories include the griddle for $52 and a storage cover for $18.

Weber Q 1200 costs $219 at Amazon, Weber, and Walmart

Smaller alternative: The Weber Q 1000 costs $189 at Amazon, Weber and Home Depot. It’s nearly identical to Weber’s Q 1200 but loses the thermometer and side tables. The result is a more compact, though still heavy grill. If you don’t need the tables and want to save a few dollars, go with this model.

Best for Apartment Dwellers

George Foreman Plate Grill ($29)

Photograph: Amazon

Not everyone has a yard, and it’s increasingly common for apartments to ban open flame grills on balconies. This is where electric grills come in. It’s grilling, sort of, but without the flames.

After trying a few different options, I’ve come back around to the one that got me through apartment life: the George Foreman grill. Some may turn up their nose and say this isn’t really grilling, but there’s no grilling police (as far as I know), and it’s as close as some of us can get—so grill on.

I haven’t used the fancier models, but this basic four-serving one served me well for years. You can pull the grills out for easy cleaning, there’s a drip pan to catch all the grease, and if you’re not in the grilling mood, it doubles as a Panini press.

Keep in mind that this is a little different than normal grilling, since it cooks from the top and bottom, which means your food cooks faster. Make sure you preheat your grill until the green light clicks. This will ensure that your food doesn’t stick to the grill plates.

George Foreman’s 4-Serving Plate Grill costs $29 at Amazon and Walmart, and $34 at Home Depot

Best Indoor Grill Upgrade

Kenyon City Grill ($425)

Photograph: Kenyon

If you don’t have a yard but want something a bit closer to grilling than the George Foreman above, then the Kenyon City Grill is a great option.

Kenyon has been making electric grills and cookers for around 80 years (its grills are popular on boats, which is partly why this one is made of marine-grade stainless steel), but this is its first portable grill. It delivers where others fail. It cooks evenly and at consistent temperatures. (I was able to get up to 592 degrees off a digital thermometer.) There’s very little smoke, though I do suggest using it in a well-ventilated area if you’re indoors.

The big question is, how does the food taste? Well, not like it came off a nice charcoal grill. Sorry, you can’t get that taste without charcoal. But the same principle works on the City Grill—juices coming off whatever you’re cooking sizzle and give off tiny amounts of smoke that flavor your food as it cooks. The results are quite tasty. I grilled everything from pork chops to asparagus and was quite happy with the results. If you want to expand the City Grill’s capabilities, you can buy a flat top surface for $75 that you can use to cook up a pancake breakfast.

At 24 pounds and requiring electricity, the City Grill is not a good choice if you want something truly portable. But if you’re stuck with no way to cook over a flame, the Kenyon is well worth the money.

Kenyon’s City Grill costs $425 at Kenyon

Best for Couples

Coleman Roadtrip 225 Portable Propane Grill ($180)

Photograph: Coleman

For couples and small families looking for the convenience of propane, the Coleman Roadtrip 225 Portable may work better than a Weber. It’s considerably lighter and mostly matches the Weber Q 1200. Coleman also gives you the option to use only one burner, so you can grill a couple of burgers without draining your propane gas tank. With variable controls, you can sear veggies on one side while cooking meat more slowly on the other.

There’s a grease pan to catch drips while cooking, and it’s removable for cleaning. You also get push-button ignition and 11,000 BTUs of propane grilling power. What the Coleman lacks is a thermometer and a latch on the lid to let you carry it one-handed, though these omissions don’t stop me from recommending it.

Coleman has accessories that let you use half the stove as a griddle or regular stove burner so you can simmer beans while you grill hot dogs. I enjoyed the $32 griddle for frying. While I didn’t try it myself, the $20 stove grate gets high marks in other reviews around the web.

Coleman Roadtrip 225 Portable costs $180 at Amazon and $180 at Home Depot

Best Grill on Wheels

Weber Traveler Portable Grill ($325)

Photograph: Weber

The Weber Traveler’s sturdy design and easy collapsing and extending system trump our previous pick in this category, which was the Coleman Roadtrip 285 ($250 at Amazon). The Coleman had a nasty habit of pinching my fingers if I wasn’t careful when collapsing it, but that doesn’t happen with the Weber, because the release mechanism isn’t near the hinge. The Traveler also offers a little more grilling space and is easier to transport, thanks to sturdier wheels.

Like the Q above, the Traveler uses a single burner that wraps around the entire bottom of the grill. That’s covered by a two-piece cast iron grill grate that’s solid where it runs over the burner, which acts as a heat diffuser and keeps the burner from getting covered in grease. Speaking of grease, it has a slide-out grease trap that’s easy to empty. It also has a built-in thermometer that’s reasonably accurate, but I still suggest getting a separate probe like the Weber Connect Smart Hub ($92 at Amazon), because, well, everyone needs to have their work double-checked.

But no matter how you measure it, the Traveler’s 13,000-BTU burner gets plenty hot and really shines when searing. The 320-square-inch grilling surface is big enough to grill for a crowd.

The only real knock against the Weber is that it is big. It’ll still fit in the trunk of your car, but it definitely takes up a considerable amount of space.

The Weber Traveler costs $325 at Weber and Home Depot

Best Big Green Egg

Big Green Egg MiniMax ($628)

Photograph: Big Green Egg

The iconic Big Green Egg has a cultlike following. But they are, indeed, big. If you can’t face the prospect of going without your Big Green Egg for a weekend, the MiniMax Big Green Egg is much smaller, but it still isn’t terribly portable. However, if you want to smoke, grill, and bake outdoors, this ceramic cooker is a strong choice.

The Big Green Egg is a Kamado-style cooker (Kamado is a Japanese word that roughly means “stove”), which makes it much more than a grill. The ceramic construction retains heat and turns it into a portable oven as well. The MiniMax Big Green Egg is identical to its larger cousin in nearly every way, but smaller. It weighs 75 pounds, making it by the far the heaviest grill I tested, but the double-handle carrying system makes it easy for two people to lift it around. The problem is that the 13-inch grilling surface of the MiniMax can only grill for about four people.

It’s big enough to roast a chicken, sear a couple of large steaks at a time, or fit about six 12-inch skewers. But if you’re doing meat and veggies for a family of four, you’re going to be cooking in batches. In practice, this isn’t so bad. Most meats need to rest when they’re done cooking anyway, giving you time to do your veggies. In my testing, the Mini Big Green Egg has excellent heat control and, like the larger version, is extremely fuel-efficient.

Big Green Egg’s MiniMax costs $628 and can only be purchased in retail stores, including Ace Hardware. You can find a local store that carries the MiniMax here.

Best Grill and Fire Pit Combo

Biolite FirePit+ ($250)

Photograph: BioLite

Do you know what’s cooler than a grill? One that doubles as a fire pit, with the ability to recharge your phone and do your bidding via Bluetooth. BioLite’s FirePit is all of these things and more.

The FirePit is a sleek, portable mesh box with removable legs, a hibachi-style grill, and an ash bin. Biolite recently released the FirePit+ for $250, which features some slight design tweaks to improve airflow and a larger battery that can run the built-in fan for 30 hours on low. Like its predecessor, the new model uses a Bluetooth-compatible app to precisely control the airflow, which in turn controls your cooking temperature. Be sure to read through my colleague Adrienne So’s full review of the original model for more details, but I set out specifically to see how it grills, and the answer is: very well.

It will burn wood or charcoal, though I mainly used wood to test. With the right kind of wood (I used oak and pecan since, that’s what grows around my house), the FirePit may produce the best flavor of any grill here. The main drawback when using it as a grill is its size. It’s big enough to cook for four, but it’s long and narrow, which makes some things awkward (I suggest you don’t try a whole chicken). It’s best suited to grilling kabobs and the like. Think “food on a stick.”

Perhaps the best thing about the FirePit is that when dinner’s over, you can lower the fuel rack and turn it into, well, a fire pit.

Biolite’s Firepit+ is $250 at BioLite and REI. 

Best Leave-No-Trace Option

Primus Kamoto ($160)

Photograph: Primus

This is my new go-to charcoal grill for quick trips. I still love the Weber above, but the Kamoto has the edge when it comes to portability. It collapses down to store flat; the large version that I tested measures about 15 inches by 20 inches. Once extended, it’s big enough to handle 16-inch long logs (or charcoal) with 255 square inches of cooking surface. That’s big enough to handle burgers and veggies for our family of five. After you’re done cooking, the Kamoto doubles as a fire pit, which is handy for campsites where ground fires aren’t allowed (like at the beach).

The compact design makes it portable and leaves plenty of extra trunk space, but I’m not crazy about the grilling surface itself. It’s a thin metal grid, and I find that heavily marinated meats stick a bit more than on wider, thicker grill grates. On the plus side, your asparagus won’t drop through into the coals. 

My other concern is that relatively thin metal may warp with heat over time. Since this grill folds up, that could render it unusable. I’ve been using it regularly (about once a week) for six months now, and it still collapses nicely, but one side has begun to bow out slightly.

Primus’s Large Kamoto Grill/Firepit is $160 at Amazon and Backcountry.

Testing Methods

The terms grilling and barbecue are often used interchangeably, which is fine, but if you get serious about cooking over flame you’ll want to learn the distinction. Grilling usually means cooking directly over high heat, while barbecue typically refers to cooking over indirect heat for longer periods of time. You grill steak. You barbecue ribs.

I used both methods to test, grilling everything from steak to salmon to corn, even kale. (This recipe for grilled kale is my go-to for testing how hard it is to clean a grill. It’s delicious but incredibly messy.)

For the charcoal options, I also barbecued ribs and pulled pork. I haven’t tried brisket, but I believe it would be possible to do a smaller piece on the Weber Jumbo Joe.

Stop Using Propane Bottles

The ubiquitous disposable green propane bottle is convenient, but it’s a huge source of pollution. It’s illegal in many jurisdictions to throw them in the trash, though that doesn’t stop many people, it seems, given how many of these end up in landfills every year. Don’t be that person. 

Unfortunately, refillable options for the smaller canisters are currently out of stock in many places. If you have the room and space, we like these larger, pricier options at Amazon and Camping World. Cooking outdoors over both stove and grill,three meals a day, an 11-pound tank lasts me about two weeks. It’s small and light enough to not be any more difficult to cart around than the four to six 1-pound bottles it replaces.

You can also buy an adapter ($9) to refill your smaller canisters, though depending on where you live and your level of common sense, this may not be legal or advisable, as you can easily overfill or break the valve. If you live in California, you may also be able to bring in 1-pound canisters for free refills or exchange empty canisters for full ones. 


More Great WIRED Stories
6 helpful Google Calendar tips and tricks —

6 helpful Google Calendar tips and tricks

The problem with analog calendars, if you’re old enough to even remember those, is that they required you to look at them to work. Digital calendars may be better at reminding you to do things, but they still can’t read your mind. Google Calendar, for instance, can only do what you tell it to do. The Google system may be good at integrating dates and activities from your other Google applications, but the calendar becomes much more intuitive after you give it some careful directions.

While you may think you have the Google Calendar basics down, there are a number of features that can help you schedule events and keep your calendars up-to-date in a more efficient manner. If you mostly access your Google Calendar via your phone, there’s also a good chance you’re missing out on a lot of Google Calendar features that can be accessed or activated in the desktop settings.

Here’s a list of six useful Google Calendar tips and tricks you need in your life:

1. “Negotiate” a meeting time

When it comes to planning meetings there are two helpful scheduling options you may not be utilizing. 

First, you can choose “Find a time” when creating an event. After selecting this option, the system will show you the schedules of each participant on a given day, as long as they also use Google Calendar. 

Does this time work for everyone?

Does this time work for everyone?

Image: screenshot: Google Calendar 

Using this feature will help you schedule a meeting when you know everyone is free, so you can hopefully avoid a series of conflicts and excuses. Another option is to choose “Suggest a time” for each participant. This feature prompts the system to automatically generate a list of meeting time options, so you can select the one you feel works best. 

2. Add a video conference link

When you’re creating an event or calendar invite Google lets you add a link to a video conference via Google Meet that can hold up to 100 participants. 

The video link is incredibly simple to set up, as they literally prompt you for it when you create an event on the calendar. Just click the “Add Google Meet video conferencing” button when creating your event and a link will be generated and included on the invite.

Can I see your face?

Can I see your face?

Image: screenshot: Google calendar

3. Enable keyboard shortcuts

Did you know Google Calendar has a whole set of keyboard shortcuts available? All you have to do to access the shortcuts is enable them in Settings. Click the gear in the upper right corner of your calendar, hit Settings, then select “Keyboard shortcuts.”

Here’s a sample of some of the most helpful keyboard shortcuts:

  • Search: shift + /

  • Create event: c

  • Scroll to previous date range: k or p

  • Scroll to next date range: j or n

  • Jump to today: t

  • Delete event: Backspace or Delete

Switch views to:

  • Day: 1 or d

  • Week: 2 or w

  • Month: 3 or m

  • 7 days: 4 or x

  • Agenda: 5 or a 

If you want your calendar to give you more information on your scheduled events, you can change the format density, but finding this setting is a bit of a challenge. Instead of going into Settings, click the gear icon on the upper right corner of the webpage and look for “Density and color.” Then, change the “Information density” setting to “Compact.”

Look at all that info!

Look at all that info!

Image: screenshot / google

Do you want that info? Here's how to get it.

Do you want that info? Here’s how to get it.

Image: screenshot / google

4. Send emails to a group

If you need to send an update to a group of people that are included in an event, you don’t have to go through the struggle of remembering all of their names and email addresses. You can draft an email to all the people through the event itself. Click on your calendar event, then click the envelope icon to email guests and compose your note. All done. 

For our next trick we will click that little envelope.

For our next trick we will click that little envelope.

Image: screenshot / google

5. Transfer event ownership

After you’ve created a meeting or event, you can back out of it and put someone else in charge! Follow the edit function on the event, choose “More actions” and at the bottom of the list you’ll see “Change owner.” Select it and type in the name or email address of your designee. Then breathe a sigh of relief.

Here, take this.

Here, take this.

Image: screenshot: Google Calendar

6. Make a daily agenda

Some days I make a to-do list and email it to myself. And other days I manually send reminders to myself all day long. Google Calendar will actually do this for you. Go to Settings and choose the calendar that you want the agenda to generate from under “Settings for my calendars.” Under the “Other notifications” section change the “Daily agenda” option from “None” to “Email.”

Let Google Calendar make your to-do list for you.

Let Google Calendar make your to-do list for you.

Image: screenshot / google

Now your schedule will be sent to you each day and you’ll be able to avoid checking in with your calendar directly. The dream.