The Survival skill is a general measurement of Henry's ability to live off what nature provides in Kingdom Come: Deliverance 2. A higher Survival skill means you get to enjoy better yields from hunting and foraging, and you'll be able to use your knowledge to help other people as well.

An Animal Crossing: New Horizons player has shared the extraordinary amount of Nook Miles their mother has collected within the game, and the community was stunned by the impressive saving. Nook Miles are a type of currency in New Horizons, and Tom Nook initially explains to island dwellers that 5,000 Nook Miles must be saved to cover their tent and initial move-in fees. The currency can also be redeemed at the Nook Stop terminal in exchange for a range of items, capabilities, and recipes.

Security can be an intimidating topic for web developers. The vocabulary is rich and full of acronyms. Trends evolve quickly as hackers and analysts play a perpetual cat-and-mouse game. Vulnerabilities stem from little details we cannot afford to spend too much time on during our day-to-day operations.JavaScript developers already have a lot to take with the emergence of a new wave of innovative architectures, such as React Server Components, Next.js App Router, or Astro islands.So, lets have a focused approach. What we need is to be able to detect and palliate the most common security issues. A top ten of the most common vulnerabilities would be ideal.Meet The OWASP Top 10Guess what: there happens to be such a top ten of the most common vulnerabilities, curated by experts in the field! It is provided by the OWASP Foundation, and its an extremely valuable resource for getting started with security. OWASP stands for Open Worldwide Application Security Project. Its a nonprofit foundation whose goal is to make software more secure globally. It supports many open-source projects and produces high-quality education resources, including the OWASP top 10 vulnerabilities list.We will dive through each item of the OWASP top 10 to understand how to recognize these vulnerabilities in a full-stack application.Note: I will use Next.js as an example, but this knowledge applies to any similar full-stack architecture, even outside of the JavaScript ecosystem.Lets start our countdown towards a safer web!Number 10: Server-Side Request Forgery (SSRF)You may have heard about Server-Side Rendering, aka SSR. Well, you can consider SSRF to be its evil twin acronym.Server-Side Request Forgery can be summed up as letting an attacker fire requests using your backend server. Besides hosting costs that may rise up, the main problem is that the attacker will benefit from your servers level of accreditation. In a complex architecture, this means being able to target your internal private services using your own corrupted server.Here is an example. Our app lets a user input a URL and summarizes the content of the target page server-side using an AI SDK. A mischievous user passes localhost:3000 as the URL instead of a website theyd like to summarize. Your server will fire a request against itself or any other service running on port 3000 in your backend infrastructure. This is a severe SSRF vulnerability!Youll want to be careful when firing requests based on user inputs, especially server-side.Number 9: Security Logging And Monitoring FailuresI wish we could establish a telepathic connection with our beloved Node.js server running in the backend. Instead, the best thing we have to see what happens in the cloud is a dreadful stream of unstructured pieces of text we name logs.Yet we will have to deal with that, not only for debugging or performance optimization but also because logs are often the only information youll get to discover and remediate a security issue.As a starter, you might want to focus on logging the most important transactions of your application exactly like you would prioritize writing end-to-end tests. In most applications, this means login, signup, payouts, mail sending, and so on. In a bigger company, a more complete telemetry solution is a must-have, such as Open Telemetry, Sentry, or Datadog.If you are using React Server Components, you may need to set up a proper logging strategy anyway since its not possible to debug them directly from the browser as we used to do for Client components.Number 8: Software And Data Integrity FailuresThe OWASP top 10 vulnerabilities tend to have various levels of granularity, and this one is really a big family. Id like to focus on supply chain attacks, as they have gained a lot of popularity over the years.You may have heard about the Log4J vulnerability. It was very publicized, very critical, and very exploited by hackers. Its a massive supply chain attack.In the JavaScript ecosystem, you most probably install your dependencies using NPM. Before picking dependencies, you might want to craft yourself a small list of health indicators. Is the library maintained and tested with proper code?Does it play a critical role in my application?Who is the main contributor?Did I spell it right when installing?For more serious business, you might want to consider setting up a Supply Chain Analysis (SCA) solution; GitHubs Dependabot is a free one, and Snyk and Datadog are other famous actors.Number 7: Identification And Authentication FailuresHere is a stereotypical vulnerability belonging to this category: your admin password is leaked. A hacker finds it. Boom, game over. Password management procedures are beyond the scope of this article, but in the context of full-stack web development, lets dive deep into how we can prevent brute force attacks using Next.js edge middlewares.Middlewares are tiny proxies written in JavaScript. They process requests in a way that is supposed to be very, very fast, faster than a normal Node.js endpoint, for example. They are a good fit for handling low-level processing, like blocking malicious IPs or redirecting users towards the correct translation of a page.One interesting use case is rate limiting. You can quickly improve the security of your applications by limiting peoples ability to spam your POST endpoints, especially login and signup.You may go even further by setting up a Web Applications Firewall (WAF). A WAF lets developers implement elaborate security rules. This is not something you would set up directly in your application but rather at the host level. For instance, Vercel has released its own WAF in 2024.Number 6: Vulnerable And Outdated ComponentsWe have discussed supply chain attacks earlier. Outdated components are a variation of this vulnerability, where you actually are the person to blame. Sorry about that.Security vulnerabilities are often discovered ahead of time by diligent security analysts before a mean attacker can even start thinking about exploiting them. Thanks, analysts friends! When this happens, they fill out a Common Vulnerabilities and Exposure and store that in a public database.The remedy is the same as for supply chain attacks: set up an SCA solution like Dependabot that will regularly check for the use of vulnerable packages in your application.Halfway breakI just want to mention at this point how much progress we have made since the beginning of this article. To sum it up:We know how to recognize an SSRF. This is a nasty vulnerability, and it is easy to accidentally introduce while crafting a super cool feature.We have identified monitoring and dependency analysis solutions as important pieces of support software for securing applications.We have figured out a good use case for Next.js edge middlewares: rate limiting our authentication endpoints to prevent brute force attacks.Its a good time to go grab a tea or coffee. But after that, come back with us because we are going to discover the five most common vulnerabilities affecting web applications!Number 5: Security MisconfigurationThere are so many configurations that we can mismanage. But lets focus on the most insightful ones for a web developer learning about security: HTTP headers.You can use HTTP response headers to pass on a lot of information to the users browser about whats possible or not on your website.For example, by narrowing down the Permissions-Policy headers, you can claim that your website will never require access to the users camera. This is an extremely powerful protection mechanism in case of a script injection attack (XSS). Even if the hacker manages to run a malicious script in the victims browser, the latter will not allow the script to access the camera.I invite you to observe the security configuration of any template or boilerplate that you use to craft your own websites. Do you understand them properly? Can you improve them? Answering these questions will inevitably lead you to vastly increase the safety of your websites!Number 4: Insecure DesignI find this one funny, although a bit insulting for us developers.Bad code is literally the fourth most common cause of vulnerabilities in web applications! You cant just blame your infrastructure team anymore.Design is actually not just about code but about the way we use our programming tools to produce software artifacts. In the context of full-stack JavaScript frameworks, I would recommend learning how to use them idiomatically, the same way youd want to learn a foreign language. Its not just about translating what you already know word-by-word. You need to get a grasp of how a native speaker would phrase their thoughts.Learning idiomatic Next.js is really, really hard. Trust me, I teach this framework to web developers. Next is all about client and server logic hybridization, and some patterns may not even transfer to competing frameworks with a different architecture like Astro.js or Remix.Hopefully, the Next.js core team has produced many free learning resources, including articles and documentation specifically focusing on security.I recommend reading Sebastian Markbges famous article How to Think About Security in Next.js as a starting point. If you use Next.js in a professional setting, consider organizing proper training sessions before you start working on high-stakes projects.Number 3: InjectionInjections are the epitome of vulnerabilities, the quintessence of breaches, and the paragon of security issues. SQL injections are typically very famous, but JavaScript injections are also quite common. Despite being well-known vulnerabilities, injections are still in the top 3 in the OWASP ranking!Injections are the reason why forcing a React component to render HTML is done through an unwelcoming dangerouslySetInnerHTML function.React doesnt want you to include user input that could contain a malicious script.The screenshot below is a demonstration of an injection using images. It could target a message board, for instance. The attacker misused the image posting system. They passed a URL that points towards an API GET endpoint instead of an actual image. Whenever your websites users see this post in their browser, an authenticated request is fired against your backend, triggering a payment!As a bonus, having a GET endpoint that triggers side-effects such as payment also constitutes a risk of Cross-Site Request Forgery (CSRF, which happens to be SSRF client-side cousin).Even experienced developers can be caught off-guard. Are you aware that dynamic route parameters are user inputs? For instance, [language]/page.jsx in a Next.js or Astro app. I often see clumsy attack attempts when logging them, like language being replaced by a path traversal like ../../../../passwords.txt.Zod is a very popular library for running server-side data validation of user inputs. You can add a transform step to sanitize inputs included in database queries, or that could land in places where they end up being executed as code.Number 2: Cryptographic FailuresA typical discussion between two developers that are in deep, deep trouble: We have leaked our database and encryption key. What algorithm was used to encrypt the password again? AES-128 or SHA-512? I dont know, arent they the same thing? They transform passwords into gibberish, right? Alright. We are in deep, deep trouble.This vulnerability mostly concerns backend developers who have to deal with sensitive personal identifiers (PII) or passwords. To be honest, I dont know much about these algorithms; I studied computer science way too long ago.The only thing I remember is that you need non-reversible algorithms to encrypt passwords, aka hashing algorithms. The point is that if the encrypted passwords are leaked, and the encryption key is also leaked, it will still be super hard to hack an account (you cant just reverse the encryption).In the State of JavaScript survey, we use passwordless authentication with an email magic link and one-way hash emails, so even as admins, we cannot guess a users email in our database.And number 1 is...Such suspense! We are about to discover that the top 1 vulnerability in the world of web development is...Broken Access Control! Tada.Yeah, the name is not super insightful, so let me rephrase it. Its about people being able to access other peoples accounts or people being able to access resources they are not allowed to. Thats more impressive when put this way.A while ago, I wrote an article about the fact that checking authorization within a layout may leave page content unprotected in Next.js. Its not a flaw in the frameworks design but a consequence of how React Server Components have a different model than their client counterparts, which then affects how the layout works in Next.Here is a demo of how you can implement a paywall in Next.js that doesnt protect anything.// app/layout.jsx// Using cookie-based authentication as usualasync function checkPaid() { const token = cookies.get("auth_token"); return await db.hasPayments(token);}// Running the payment check in a layout to apply it to all pages// Sadly, this is not how Next.js works!export default async function Layout() { // this won't work as expected!! const hasPaid = await checkPaid(); if (!hasPaid) redirect("/subscribe"); // then render the underlying page return <div>{children}</div>;}// this can be accessed directly// by adding RSC=1 to the request that fetches it!export default function Page() { return <div>PAID CONTENT</div>}What We Have Learned From The Top 5 VulnerabilitiesMost common vulnerabilities are tightly related to application design issues: Copy-pasting configuration without really understanding it.Having an improper understanding of the framework we use in inner working. Next.js is a complex beast and doesnt make our life easier on this point!Picking an algorithm that is not suited for a given task.These vulnerabilities are tough ones because they confront us to our own limits as web developers. Nobody is perfect, and the most experienced developers will inevitably write vulnerable code at some point in their lives without even noticing. How to prevent that? By not staying alone! When in doubt, ask around fellow developers; there are great chances that someone has faced the same issues and can lead you to the right solutions.Where To Head Now?First, I must insist that you have already done a great job of improving the security of your applications by reading this article. Congratulations!Most hackers rely on a volume strategy and are not particularly skilled, so they are really in pain when confronted with educated developers who can spot and fix the most common vulnerabilities.From there, I can suggest a few directions to get even better at securing your web applications:Try to apply the OWASP top 10 to an application you know well, either a personal project, your companys codebase, or an open-source solution.Give a shot at some third-party security tools. They tend to overflow developers with too much information but keep in mind that most actors in the field of security are aware of this issue and work actively to provide more focused vulnerability alerts.Ive added my favorite security-related resources at the end of the article, so youll have plenty to read!Thanks for reading, and stay secure!Resources For Further LearningAn interactive demo of an SSRF in a Next.js app and how to fix itOWASP Top 10An SSRF vulnerability that affected Next.js image optimization systemObserve React Server Components using Open TelemetryOpenTelemetry and open source Telemtry standard Log4J vulnerabilitySetting up rate limiting in a middleware using a Redis serviceVercel WAF annoucementMitre CVE databaseAn interactive demo of a CSRF vulnerability in a Next.js app and how to fix itA super complete guide on authentication specifically targeting web appsServer form validation with zod in Next.js (Astro has it built-in)Sanitization with zodSecure statically rendered paid content in Next.js and how layouts are a bad place to run authentication checksSmashing Magazine articles related to security (almost 50 matches at the time of writing!)This article is inspired by my talk at React Advanced London 2024, Securing Server-Rendered Applications: Next.js case, which is available to watch as a replay online.

How to provide just enough context for your projectsContinue reading on UX Collective

Apple will bring its new M5 chip to the MacBook Pro before the iPad Pro, according to a new report.

We've got more tri-fold news: for Samsung's rumored device, and Huawei's existing handset.

In December, Y Combinators first-ever Fall batch got their own Demo Day. The Silicon Valley-based startup acceleratorwhich has produced big hits like Airbnb, Doordash, and Stripehad doubled the number of startup classes that could enter its program. The showing was mixed: 87% were AI companies, and few have yet to publicly disclose their seeds.Undoubtedly the most prestigious hub of Silicon Valleys startup culture, YCs outside critics have grown in their ranks. They have many sore spots to point to: increased batches, diminished seed rounds, more duplicate companies, less specialized training, and the list goes on. But, from the inside, its rare to hear a YC founder complain about their experience. The deal ($125,000 for 7% of the company, plus a $375,000 SAFE note, extensive mentorship, and physical office space) remains highly sought after. YCs acceptance rate is still a mere 1%.So, whats with the shift in energy? Its hard to tellbut the change has been immediate. From the entrepreneurs perspective, the core base of Y Combinator has diluted, says Arpita Agnihotri, an associate professor of management at the Pennsylvania State University at Harrisburg. The excitement has definitely reduced.Its just so many companiesLike a university, YC has its own specialized application process, where it chooses which startups to accept into its class (or batch). These batches are remarkably successful; where the average startup failure rate is around 90%, YCs is an estimated 18%. 5.5% of YC startups become unicorns; the summed value of YCs graduates is over $600 billion.In YCs early days, there were only two batches a year, and they remained small. In 2009, when Airbnb and Stripe went through, YCs two cohorts hosted a summed 42 companies. But then things got out of hand; the 2022 winter batch had 400 companies. New CEO Garry Tan took action to reduce batch sizes, though they remain relatively large. He also introduced two additional cohorts in the fall and spring, creating a more distributed schedule. But this reconfiguration comes with its own challenges: Two more classes of entrepreneurs for investors to consider, and two more Demo Days for them to attend.Masha Bucher, CEO of Day One Ventures, has invested in 35 companies out of YC within the past six years. Eight of those companies have been acquired. She slowed her investments during the COVID-19 pandemic, when she saw the quality of YCs choice in firms go down. But shes been happy under Garry Taneven if she wishes hed cut down the number of participating firms.I want batches to be smaller, because its a bit overwhelming, Bucher says. Its just so many companies and, as a result of it, you dedicate less time for every single opportunity.At one recent Demo Day, Bucher noticed that many more founders were surrounded by angel investors than venture capitalists, a sign that valuations have gotten too high for VC firms and left founders reliant on smaller-dollar investors. To Bucher, greater exclusivity could be the solution. While smaller (or fewer) cohorts would saddle YC with more risk, it could also coax back these VCs, proving that the high valuations are worth it.This change makes it easier for YC to support founders when theyre ready, instead of making them wait for the next application cycle, a YC spokesperson wrote in an email to Fast Company. The batch sizes are smaller nowabout half the size of the old cohorts. So even with more cohorts, the total number of startups we fund each year stays the same.Not everybody is hopeful of being the starAI startup Artisan sparked outrage in 2024 for its provocative San Francisco ads: Stop Hiring Humans. But, among the YC heads, Artisan is a golden child. Theyre one of the biggest raisers among the winter 2024 batch, having collected around $12 million in seed funding. The companys CEO, Jaspar Carmichael-Jack, was confident in his ability to court investors far before he joined YC, but credits the accelerator with bringing brand awareness.Artisans $12 million seed ranks them among the declining number of YC firms who aim for bigger seeds. Among its cohort, AI-powered legal software Leya was the only other firm to publicly break $10 million. Some others made it around $5 million; more landed closer to $2 million or below. For many, it looks like the seed rounds of YC-stamped firms are in decline.A lot of people end up raising $2-3 million and sometimes thats enough, but sometimes its not, says Amy Cheetham, a partner at Costanoa Ventures who estimates that 1015% of the companies that come across her desk are from YC. What I always tell people is to make sure that theyre really thoughtful about not under capitalizing their business coming out of [YC].For those rare big raisers, its common to bring big investors on board before even applying for YC. Artisan collected $2.3 million in pre-seed funding. Lumen Orbit, a space datacenter startup that now boasts a staggering $11 million seed, amassed $2.4 million beforehand. Its CEO Philip Johnston says he thinks of the seed as a small Series A, and claims that the big raise was necessary because of the companys hardware focus.Taking on gobs of money out of YC may not be the best move for founders. At a minimum, it lessens the chances for future catastrophic down rounds. YC has also been a haven for little tech, the smaller, more technically oriented companies that are not looking to be the next Airbnb or Stripe. Saurabh Bhattacharya, a reader in digital marketing at Newcastle University Business School, notes the importance of these companies: Not everybody is hopeful of being the star startup.YC encourages founders to raise only the capital they need, a YC spokesperson wrote. With advancements in AI, startups are increasingly able to achieve more significant milestones with less funding. This approach not only enables rapid progress but also minimizes founder dilution, allowing them to retain more control of their companies.Multiple horses in the same raceWhen Demo Day arrives, a founders success often hinges on their companys individuality. But as YC continues to accept similar startupssome of which directly overlapstanding out has become increasingly difficult.Concerns about company duplication flared up in fall 2024 when an AI code-editing scandal shook the accelerator. New YC inductee Pear AI, which promised to create VSCode for The New Age of AI, came under fire for altering the open-source license of Continueanother YC-backed startup. Many saw it as a blatant case of copying. (Pear AI did not respond to an interview request.)Even when direct imitation isnt an issue, many startups find themselves with near-identical counterparts within the accelerator. Using the AlphaLens tool, Lopold Gasteen analyzed 4,938 YC startups and identified numerous look-alikes. [YC] conducts a whole bunch of concurrent experiments, Gasteen says. Whats clear to me is that they dont mind having multiple horses in the same race.Are founders uncomfortable with having a duplicate within YC? Fast Company reached out to several of them; only two were willing to speak on the record. Cossi Achille Arouko, founder of Africa-based Bujeti, doesnt mind sharing space with Middle East-based Alaan, which also runs a corporate expense management platform. Hes spent so much time [with the Alaan team] that we are all friends, he says.Similarly, Flock Safety and Abel Police were flagged as look-alikes for their AI-driven crime footage uploads, but Abel CEO Daniel Francis dismisses concerns. Theyre not a competing product, he says; if anything, Flock Safety has only helped his business.YC maintains that it prioritizes founders over ideas and sees competition as an unavoidable byproduct of innovation. But Artisan CEO Carmichael-Jack admits he only applied to YC because his company filled a niche within the accelerator.If I was doing an HR platform, dealing with [YC companies] Gusto and Rippling, I probably wouldnt do YC, he says. Because, are you really going to become the category leader over them?A whole bunch of B2B SaaS businessesYC only has one guiding principle for companies: Make something people want. But, on the inside, the types of companies that succeed within the accelerators walls may be more unified.One of the criticisms of YC is that its turned into a whole bunch of B2B SaaS businesses sitting around selling their stuff to each other, says Ryan Wardell, the cofounder of StartupSauce, a digital community of SaaS entrepreneurs. How much help are you actually getting to move outside into the real world and sell to actual companies that are outside the YC ecosystem?Fast Company asked every YC founder interviewed for this piece whether there was a certain type of company that succeeds within the accelerator. Most demurred, citing a low fail rate or positive personal experiences. Lumen Orbits Johnson acknowledged the stereotype that YC was built for young B2B SaaS founders, but insisted that YCs advantages move in waves and trends.Artisans Carmichael-Jack, though, was unusually blunt. I wouldnt do Y Combinator if we were a consumer company, he says. The value that we got from YC was specifically from being a B2B company.How much value does the actual accelerator program provide?When YC was founded in 2005, Silicon Valley was a smaller, more insular community. For tech founders, the accelerators mentorship provided a crucial entry pointoffering access to the right investors and influential networks. Twenty years later, the landscape has changed. Capital is more accessible, and any startup generating revenue can find a seat at the table. This shift raises a pressing question: Is YCs training still worth it?How much value does the actual accelerator program provide? Wardell asks. If Y Combinator just picked out the top 1.5% of startups and said, We think these ones are good, you should invest in them, and then they got out of the way, I think their success or failure rate would probably be identical to what it is now.While YC continues to thrive, the accelerator space has encountered some turbulence. Newchip, once an Austin-based competitor to YC, filed for bankruptcy in 2023. Meanwhile, Techstars closed its Boulder, Seattle, and Austin operations. Those hiccups have led some to speculate that accelerators might eventually drop or reduce their mentorship programs. YCs value, they argue, might lie primarily in its stamp of approval; guidance would take a secondary role. Agnihotri, the Penn State professor, sees the diminished training as a trade-off with the high number of companies. What startups gain from a wider network, they lose in mentorship. When you have large batch sizes, then you cannot have customized solutions to the problems that startups are facing, she says.Y Combinator, for its part, insists its 21 full-time and visiting partners can adequately mentor the founders they take on. Founders are getting just as much, if not more, support than ever, a YC representative wrote.

In 2017, the most consumed household food was coffee. In 2024, it was meat. That doesnt just mean many Americans are eating more animal protein than ever. It means there are downstream effects in other productsincluding how our dish soap is formulated.Today, Dawn is introducing a new product called Dawn Powersuds. It has twice the suds of the old Dawn, with bubbles that promise to stay white longer and dishes that rinse more easily. The more interesting point is that the formulation is the direct response to cultural practices around diet that have become obsessed with protein. Back in 2017 when Dawn created most of its cleaning formulas used today, our top consumed foods were coffee, eggs, butter, oil, and milk, according to Procter & Gamble, which makes Dawn dish soap. Now, they are meat, coffee, eggs, oil, and cheese.Neither meat nor cheese was on the list less than a decade ago, but the company says that thanks to diets like keto, consumers are cooking vastly differently at home. It drove P&G to spend the last two years creating Powersuds as a response to consumer needs.Proteins and fats we see are really on the rise, says Angelica Matthews, P&Gs VP of North American Dish Car, whose company interviewed 10,000 people last year about their dishwashing habits. Things like a one-pan casserole dish like a chicken cheesy bake is something we see being really popular.Dawn PowerSuds is P&Gs new detergent is more bubbly and grease-cutting than any of its products to date, as a way to mitigate the messes of a protein-rich, fat-laden diet. The biodegradable formulation advertises two times more suds than Dawn Platinum, and its grease-trapping formula is protected by five separate patents, promising that if you stick a pan of bacon drippings into a full stack of other dishes, the oil will be encapsulated instead of coating your plates. The formula also balances this task for those of us who dont fill a whole sink of water, and avoids being so concentrated that you cant simply squirt it onto a single dish as many people do.[Photo: Dawn]Americas shift toward meatier, more complex dietsThe truth of contemporary diets is a bit more complicated than protein. According to P&G, were not just cooking more meat and cheese; were actually cooking more involved dishes across the board with more complex soils than just a few years ago. The company credits a shift in the food media as whetting our appetites and ambitiousness for actual cooking rather than food entertainment.Think of being at home in the 2010s and watching Gordon Ramsay yell at people in a kitchen . . . you were maybe making a little less complex dishes yourself, says Morgan Eberhard, principal scientist at P&G. Now were seeing just more accessibility, more availability of different cooking recipes through social mediathrough Instagram, TikTok, and things like that.Anyone who has cooked an ambitious meal with lots of ingredients and pans knows that its the dishes that can be the most daunting part of the project. Dawn calls this phenomenon the mental load, and points to dishwashing as the second most hated chore after cleaning the toilet. The company argues that dishes that clean more easily will reduce this mental load, thereby encouraging us to cook more at home.If I can get a consumer with Dawn Powersuds to go from spending 30 minutes a day cleaning the dishes to 25 minutes a day cleaning the dishes, five minutes doesnt sound like a big deal, but it really is, says Matthews.Aside from dishes, P&G notes that Dawn is formulated to stretch outside the sink to serve as something of an all purpose cleaner. They see customers grab it for all sorts of other tasks, like wiping down cabinets, washing plastic lawn chairs, and degreasing tire rims. Cutting through soil and oil with a product always on your counter, and tested to not turn your hands into a mummys, has a most certain appeal.The Powersuds experienceAs I fill my sink with water and soap, I have to say, the new Powersuds are really something. Theyre so white they almost have an almost blue tint, like freshly bleached teeth. Thirty full minutes later, I return to the sink, and the bubbles are still sitting there, confidently smelling like apple Bath & Bodyworks (a bit too strong for my taste, tbh, but clean-feeling all the same).Dawns obsession with the sud has driven much of the reformulation, even though its actual relationship to cleaning power is more demonstrative than functional.The suds are more of a cue of whats happening, says Eberhard. So you can think of the suds as the tip of the iceberg, and all of the the ingredients that are doing the cleaning that are breaking down the grease and tough food under the water.As Eberhard explains, when suds dissipate on their own, you can actually agitate the water to bring them back. But when they dissipate while doing your dishes, its indicative that the surfactants (which break up oil) and other cleaning agents under the water are binding to food and losing cleaning power. In this sense, the longer lasting suds are an advertisement and cue of longer lasting cleaning power. Theyre a bubbly data visualization.Overall, how much better the new Dawn cleans than older Dawn is hard for me to quantify. Egg stuck in a frying pan is still a pain in the butt to clean, no two ways about it. I saw a bigger jump from Dawn to Dawn Powerwash, the companys superb spray-on degreaser, than I did from Powerwash to Powersuds. But I rarely fill a whole sink to do dishesand my cheesy chicken casseroles are pretty rare. P&G contends its beta testers are saying they can wash all their dishes in a single sink of water, without draining and restarting.I trust thats true. But there is a depressing twist to this innovation: meat now necessitates a frothy new solution to its own growing problem.

Ever since the new Barbie live-action movie came out, the doll franchise has received renewed interest and, of course, collaborations that make pink the new black. Given Barbies colorful history, despite its strong association with a single hue, its not really that surprising that it continues to have a large following, especially ones that are willing to cough up the dough to buy products with distinct Barbie themes, whether or not theyll actually use those products.Weve seen Barbies design language used and reinterpreted for a variety of objects, from miniaturized designer chairs, cameras, and, of course, chic clamshell phones. It, therefore, doesnt come as a shock that wed also get a rugged G-SHOCK watch in this iconic bright pink hue, but this collaboration with the worlds most famous doll does more than just give the worlds most iconic rugged watch a superficial paint job.Designer: CasioWith some Barbie-themed products, its probably enough to give the item a pink color and some branding and call it a day. The G-SHOCK Barbie edition, however, goes a little deeper, down to almost every visible part. Building up on Casios GMA-S110 known for its gear-shaped parts, the Barbie edition gives each component a different hue of pink as well as a different texture, perhaps to convey the metaphor of having subtle differences in personalities and characters even if were all united by a single pink color.Of course, not everything in the watch is pink, or else it would be impossible to read. The clock hands and bezel inlays are painted black to stand out from the pink background. In the dark, when its almost impossible to see color anyway, the watch turns on an amber light that gives it a rather spooky aura.Theres no shortage of Barbie branding to be found, from the engraved case back to the Barbie logo at the 3 oclock position to a heart motif inset dial at the 9 oclock position. Even the strap has its fair share of accents, like the Barbie Silohead logo at one end of loop.Invisible to the naked eye, Casio reveals that key components of the watchs bezel and band use bio-based resin to help reduce the products negative impact on the environment. It turns the watch into more than just a fashion accessory, becoming a strong statement that not only supports sustainable living but also women empowerment.The post Barbie-themed G-SHOCK watch has a beauty thats more than skin-deep first appeared on Yanko Design.

The 3D render looks like an photograph for a retro album cover.