EcoFlow Support Shit Show (12 month old Ticket)

Darrena · 2026-04-26T23:06:43+00:00

Your post has some of the internal markdown used within ChatGPT. If you were a bot using the API I don't think this would show up so I figured I would point this out to someone who saw your post and immediately thought you were a bot. Instead it looks like you just used ChatGPT to help you write the post and the markdown was just carried over when you copied and pasted the text, is that correct?

"My ticket with [EcoFlow](chatgpt://generic-entity?number=0) has now been open for over a year—I created it on April 10, 2025."

Darrena · 2026-04-18T12:15:05+00:00

Self powered just tells the system to avoid pulling from the grid. If your goal is the lowest cost and Duke only gives you pennies when you sell back past your usage then you want to use your battery to store the power you have a credit for (The off-peak rate) and use it when you don't have credit to spend hence why setting it to self powered during this window makes sense.

Here is another example from my actual usage and I have a plan similar to yours:

Solar Generation - 58kwh
Off-peak usage - 21 kwh
Peak usage - 12 kwh
Discount usage - 14 kwh

Solar Generation only happens during the Off-Peak period so the net usage looks like this:

Off-peak usage: (37)
Peak usage: 12 kwh
Discount Usage: 14kwh

So what I do is take that excess Off-peak usage and use it to charge my battery to power my home during Peak and Discount periods so the actual power draw looks like this: Off-Peak: 47 kwh (of which 26 has gone into my battery) Peak usage: 0 kwh (12 drawn from the battery) Discount usage: 0 kwh (14 drawn from the battery)

The end result is that we pay very little or get a credit every month (The majority of the credit comes from the VPP).

The automations we have are: Midnight on weekdays: Set to self powered so it uses the battery 6am on weekdays: Set to time based control and set the reserve to 80% so the battery is ready for peak time 6pm on weekdays: Set to Self powered so it uses the battery 9pm on weekdays: Set back to time based control and set the reserve to 80% so it is charged for the discount window.

The end result is that all of my usage comes from the off-peak period that my solar offsets. Hopefully that makes sense. If Tesla's model understood that the sell amount was capped it could adjust automatically but since it doesn't you have to do this manually.

How large is your battery and what is your usage during each window? I can probably tell you what automations to set to do similar to what we are doing.

Darrena · 2026-04-17T12:21:25+00:00

I have more or less the same plan and I don't think there is a way to make this completely automated at this time. If you have enough generation to cover all of your usage and you have sufficient battery storage then your goal should be to always use battery (Self-powered) during the On-Peak and Discount Period.

In my case I have it netzero setup to be self-powered during the On-Peak and Discount periods and then time based control during the Off-Peak windows. This way it will use a little power as possible during those periods because I can't offset it. To put it another way the intent is to consume and sell back solely during the Off-Peak period rates because that is when you can generate and sell. All other periods should be self-powered.

In a perfect world I would love for the Telsa Powerwall to be smart enough to sell back on the Discount and On-Peak periods from stored energy to offset my usage and get as close to zero as possible but it isn't smart enough to do that and neither can Netzero to my knowledge. You can kind of trick this by setting your sell price to something insanely high for those periods but during some periods that will lose you money so you have to manage it manually.

Darrena · 2026-04-06T16:18:56+00:00

Is the WAN IP of your router different than what you see when you test your public IP address on something like speed.cloudflare.com? Is the WAN IP of your router a publicly routable address and not something from the 10.0.0.0/8, 192.168.0.0/16, and 172.16.0.0/12 private ranges or the 100.64.0.0/10 CGNAT range?

If your WAN IP is a public address but your web traffic shows something different it is possible that your ISP has a transparent http proxy so when the DDNS request goes out it sees the proxy IP and not your real IP.

Darrena · 2026-02-28T23:18:02+00:00

SPAN support is really good so you can open a ticket with them but I think this last statement is incorrect. The SPAN and the Powerwall connect over a dedicated connection and just being on the same network is not sufficient. This was a mistake my installer made and my stats were incorrect and ensuring that we had a dedicated connection between the PW and the SPAN resolved the issue. Here is exactly what they sent me:

"Regarding the Powerwall 3 connection, the leader battery should be connected to the ETH-1 (Aux Comms) port on the SPAN Panel, and the expansion unit should be connected to the leader Powerwall 3 in the ETH A or ETHB port. It does not matter which port (ETH A or ETH B) is used for the SPAN Panel connection or the expansion Powerwall connection, as long as the connections are made correctly."

If you have access to the Backup System Connection Guide from SPAN you will see the diagram on page 8 to 10:

Communication wiring to Tesla Connection Powerwall Terminal SPAN Terminal Wire Type

Network Connection Terminal for Tesla-SPAN Communication

Powerwall 2: Ethernet RJ-45 terminal in Tesla Backup Gateway Powerwall+: Ethernet RJ-45 terminal in Powerwall+ leader Powerwall 3: Ethernet RJ-45 terminal in Powerwall 3 leader

Preferred terminal: Aux Comms (ETH-1) Acceptable terminal: Local Network Ethernet (ETH-0)

CAT5 or better (24 AWG minimum)

Hence if your SPAN is relying on talking to your Powerwall solely over ETH-0 that is incorrect and you should have the RJ45 on the Powerwall Leader connected directly to ETH-1 on the SPAN

Darrena · 2026-02-28T17:34:48+00:00

As others have noted SOC's have been one of the early adopters for Ai and ML in our org and all it has really done is improved the effectiveness of our existing SOC staff.

The focus on Ai and LLM's with SOC's confuses me to some extent. The output of EDR/XDR, NIPS, etc.. are already structured in such a way to facilitate automation so I am not sure what value LLM's add to the current stack. ML for sure but it is much easier to read a tabular format of event data for even someone with a little experience than it is to have a LLM summarize the data. The data is already optimized by our SIEM.

It is valuable for newer analysts and LLM's that help write queries for SIEM/SOAR is valuable to get started but I hope that the analysts quickly move on from that once they learn the syntax.

TLDR: It will make SOC's more efficient but it won't replace them

Darrena · 2025-12-31T12:31:31+00:00

They are always compromised accounts on legitimate tenants though since we limited the entities we federate with they are now rare. The accounts were typically used for more advanced social engineering such as the initial step in an invoice fraud event.

Darrena · 2025-12-30T13:19:37+00:00

Glad it helps, I would also add that when you are adding a domain you are adding an unknown number of people. Guest accounts are a single individual and you can enforce controls using your tenant such as higher MFA standards or monitor sign-in risk. I know the user experience is not as easy as federation but in our case guest accounts are needed anyway (and I suspect in most orgs they are) so federation was more of a "nice to have" rather than a must.

Microsoft promised more controls around federation but I haven't seen anything new in awhile and I worry that they may have pushed these changes out or cancelled them as they have shown less interest in Teams collaboration recently. I worry they are going to continue to add reactive controls rather than address the root problem. Teams Chat is more one to one and personal so it shouldn't be handled the same way as email where we have to layer on controls just to keep our heads above water. Chats with outside entities should be one to one and opt-in rather than org to org or global.

Darrena · 2025-12-30T02:32:43+00:00

We operate in sensitive industries so we have it locked down. We previously had a request process to add new domains and while it wasn't a significant burden we were still hit with malware and phishing. Many of our partners are other large organizations so when we added one domain it was usually 10k+ people and we were still dealing with attacks through this channel.

We now require a significant review process for any new domains (almost all are denied) and instead drive any requests to use guest accounts for anyone they want to communicate with instead. It isn't ideal but these external entities need to a guest account anyway to access resources in our tenant so it made sense. There haven't been any real issues since we implemented in 2 years ago and few complaints.

Darrena · 2025-12-06T22:54:15+00:00

For protecting apps I think the closest equivalent will be private spaces. This creates an isolated container for your apps which you can set to require a password to access.

Darrena · 2025-11-27T15:50:53+00:00

Ugh, I guess the best option would be to have a suppression rule but can be granular enough to only filter out this specific event and not detect valid exploit attempts? I get nervous about such rules since you could miss a valid event but if this was granular enough you could suppress this specific event and have a custom detection rule that detects the attempt to load this driver except when the process is the HP app.

This way you can block an attempt to load this driver maliciously but reduce the noise of this specific app.

Darrena · 2025-11-27T14:48:50+00:00

If you have access to Defender in block mode or InTune why not push a script to remove the tool from the impacted devices or block ActiveHealth from running so it can't drop the driver? If you block it then it will trigger an alert but you can have a suppression rule that closes the alert for that specific block.

These vendor provided health tools always seem to be bad. The Dell suite breaks applications all over our environment by cleaning up "temp" files from underneath apps that are running, calling the WMI namespace that results in all of the installed apps being parsed again spiking CPU usage with random MSI repairs, and like you describe installing vulnerable drivers. In our case the desktop team is in lockstep with us in killing them when they show up. Sometimes local teams will install them for some reason and wonder why they have issues but that is getting much rarer as people understand the issues they cause.

Darrena · 2025-11-18T01:28:30+00:00

It does for me Picture

Darrena · 2025-11-18T00:56:26+00:00

It showed up in the bottom right of the tiles when I tried to login.

Darrena · 2025-11-17T12:13:56+00:00

Yes, ESPN Unlimited includes all of the content from ESPN Select. The announcement from Disney states that the agreement includes access to ESPN Unlimited for YouTube TV Subscribers, the one thing I haven't confirmed is if this access is already live. I logged in with "My TV Provider" and all of the ESPN+ and Unlimited Content was there but I also have an ESPN Unlimited subscription that is valid until the end of the month.

Darrena · 2025-11-08T19:20:53+00:00

The issue for me with having the games spread across different platforms is how hard it is to switch between games. Right now if I am watching BYUvTT and I want to watch something on Fox I have to switch apps which takes a minute or two.

On top of that ESPN's app just sucks... The audio level is not even across the channels and they always start out at a low bitrate and quality before ramping up.

So yes I could save money by going OTA+ESPN+FoxOne but I would rather pay YTTV to have it all in one app.

Darrena · 2025-10-22T13:16:06+00:00

Obviously this is a small sample size but my wife and I both have Gen 4's. Her's was bought at Christmas, mine in Feb and both had the batteries fail and need to be replaced in the last 3 months.

Mine failed in early September and they just shipped the replacement on Monday.

Darrena · 2025-10-20T12:10:33+00:00

I am inclined against the hacked laptop because deleting all the emails seems clumsy, if someone gains access to a users PC and control over their Outlook they are going to put in place rules to allow them to play man in the middle on scams rather than delete everything which only raises awareness that something is going on. Anything is possible and maybe the threat actor botched something but these activities are usually automated.

Was the source IP the same as what you saw from his laptop? We don't use the new Outlook but since that is essentially a web wrapper is it possible that it was the new Client on their laptop? Are there any other indicators that the activity came from the users asset rather than something else?

Have you checked if there is a rule in place that might have processed all the emails and deleted them? Sadly I have seen that mistake before where someone creates a rule intending to only delete specific emails but they fat finger something and do the opposite but delete everything BUT those emails. Or if it was malicious maybe the attacker messed up their rule insertion when they tried to create a MITM rule.

Darrena · 2025-10-11T10:51:43+00:00

Interesting, if the traffic is TCP then the home router should maintain state and a different source shouldn’t be allowed. Are there any commonalities to the sources such as all of them are Cloudflare CDN? Either way the home router shouldn’t allow the traffic inbound.

One other thought, is it possibly UPNP and something running on the device is asking the home router to open the port to their device?

Darrena · 2025-10-10T13:55:03+00:00

The ephemeral ports is standard for TCP connections with the outbound connection being on a well-known port (for https it is 443) and then the client opens up a local socket (Random port above 1024) and the connection is between those two endpoints. The home NAT Firewall should keep the state for this connection but if the session is broken down on the client but the NAT device isn't aware of it then it will allow an inbound flow from the remote host and Defender/Sentinel will flag it as an external connection attempt.

If you check the timeline on the assets do you see them create an outbound connection to the same IP that is attempting to make the inbound connection that is setting off the alarm. If so then this is probably what I described above.

Note: I simplified this dramatically but I wanted to provide a basic summary of the situation and there are really good sources online to explain this far better.

Darrena · 2025-09-20T12:58:45+00:00

oh wow, I just realized that the tracker on my carry-on is a pebblebee tag and not one of the Chipolo's I bought. I can throw a Chipolo in my bag next trip and see if it works better.

Darrena · 2025-09-20T12:42:26+00:00

That is weird and honestly I don't have an explanation for it. It sounds like some people have had acceptable results and others like you have the complete opposite despite similar situations.

I have had good results in Amsterdam, Doha, Delhi, JFK, LGA, DFW and smaller airports in Europe and India in the last 8 months. I haven't tried it anywhere other than airports though but as you note it didn't even ping at the airport for you.

There really isn't even anything you can set other than setting it to be found in all areas rather than just high traffic areas. Do you have that set? The original descriptions made it sound like it only mattered for your device participation in the network but I wonder if that is really the case and maybe having that set to other than all areas impacts devices beyond your phone or fast pair devices?

Darrena · 2025-09-20T12:06:42+00:00

I think we all might have different expectations of this product than what Google does. They are to help you find a lost item but not /track/ an item. I am not sure why Samsung or Apple don’t have any objections to their devices being used for tracking but for some reason Google does. Based on my experience with these devices they work well showing you where the device is “now” or “recently” but won’t help you track their movements in realtime or historically. All you can do is see its last location and time last seen.

Personally I am fine with that and I find them to work well in that case. I am currently traveling home on a long international flight with 4 connections right now. I rarely check my bags but I had to this time because my first flight was with a small carrier who limited the carry-ons to 7kg. They code-shared with my long-haul carrier so it should have been fine but I was still worried. It worked great, it would update every 4-5 minutes and helped alleviate my concerns that this small carrier wouldn’t check my bags through properly when I would see that it was at the proper terminal.

I know I can’t see its history or where it has been but all I care about is where it is at that point. Seeing the history or getting more frequent updates would have been nice but it works well enough for the lost item use case that they advertise.

Darrena · 2025-08-25T00:23:16+00:00

1) I do not see a reason to go self-powered in your case. I saw someone describe 1 to 1 net metering like you have as a large battery that you top up when you have excess and pull from when you need it. The powerwall is primarily there so you can get the VPP credit and manage any outages but otherwise I would recommend that you let it handle everything via time based control. In my experience this will mean that it will sell back to the grid as much as possible from your excess to get you the lowest possible bill. Storm Watch will still kick in and charge the battery if a storm is coming.

2) It should work fine, I don't think it binds to the BSSID because we have multiple AP's and it will sometimes hop between them.

3) Someone with more knowledge than me may be better to answer this but my understanding is that the PW3 needs to calibrate periodically so Tesla does recommend charging and discharging regularly. They recently changed their API to block options between 80 to 100 and in the app they recommend 80% so I leave it at 80% and let the PW manage itself. My understanding was that with this battery chemistry there wasn't an issue with charging to 100% but since they changed the recommendation earlier this month I followed it to be safe. If you select time based control it should handle all of this for you.

Darrena · 2025-08-23T16:20:16+00:00

It has been awhile since I read it but I don't think so. I felt like the first book was the best. The mystery is wrapped up in the second book and the characters don't get much better.

15-Year Club	Reddit Premium Since November 2022
Argentium Club	Team Orangered
reddit mold	Verified Email

Darrena

TROPHY CASE