We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.
I never thought I’d find a Tatiana Maslany role I enjoyed as much as Orphan Black, yet here we are. Maximum Pleasure Guaranteed is Apple TV’s latest thriller, following on from recent huge releases like Margo’s Got Money Troublesand Widow’s Bay, and it’s another fantastic release from the streaming service.
Here, Maslany plays newly divorced mother Paula, who has been spending time with Trevor (Brandon Flynn), a camboy. Since Paula’s ex-husband has main custody of their daughter, she spends lonely nights talking with him, which inevitably leads to more.
Advertisement
Unfortunately for Paula, her private life doesn’t stay that way for very long. During a session with Trevor, a masked man bursts into his apartment and starts beating him up. Paula films the attack, only to be told it’s “not a real crime” when she tries reporting it.
Latest Videos From
Things take a darker turn from this moment on when Trevor calls her, begging for a $50,000 ransom, otherwise he’ll be killed. She can’t pay this, of course, and is spooked when she gets a call from Trevor and an accomplice on her work number. Considering she never shared that information, it’s clear she’s in trouble, and Trevor demands the money; otherwise, he says he’ll ruin her life.
Trevor also coldly reveals that he’ll publish their secretly recorded interactions and ruin Paula’s chance at maintaining custody, a threat that’s not to be taken lightly.
It’s good old-fashioned blackmail, and that’s the catalyst for the rest of the ten-part series. Paula must balance her complicated divorce from Karl (Jake Johnson) alongside the stress of being blackmailed, with plenty of twists along the way.
Maslany is perfectly cast as she works to keep her job, be a good mother to her daughter, while trying to unravel who is blackmailing her. Maximum Pleasure Guaranteed does center on how mothers, and women in general, can be so harshly judged by those around them to the point where evidence that Paula did connect with a camboy could ruin her life, just as the mysterious accomplice told her.
Advertisement
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Maximum Pleasure Guaranteed — Official Teaser “Maximum Chaos” | Apple TV – YouTube
Maximum Pleasure Guaranteed is one of those shows I wish had been released all at once. It’s moreish and binge-worthy, so waiting a week between episodes might feel annoying. Even if it doesn’t always balance the tonal shifts from humor to seriously shocking moments, I was largely impressed by the twists and turns throughout; it did keep me guessing.
As Paula falls deeper into this rabbit hole, we meet a great supporting cast of the various people in her life. Nobody here feels miscast; everyone does a great job at bringing the totally wild story to life, even if it’s Maslany that shines throughout.
There’s enough to help it stand out among the abundance of thriller shows across the best streaming services, and it’s well worth hanging on to your Apple TV subscription so you can enjoy a new episode each week.
Advertisement
It really does feel like we’re spoiled for choice there at the moment, with many of my current favorite shows having a home on Apple TV.
Freshly sliced pepperoni is delivered via conveyer belt onto a pizza being assembled by a Picnic pizza-making robot. (GeekWire File Photo)
Picnic, the 10-year-old Seattle food automation startup that set out to revolutionize the production of pizza with robotics, has shut down and liquidated its assets.
According to legal documents and an email to creditors and investors, Picnic was unable to pay its debts and on May 11 executed a General Assignment for the Benefit of Creditors, a state-law process that allows an insolvent company to liquidate its assets outside of bankruptcy. A Santa Monica, Calif.-based liquidator, CMBG Advisors Inc., was named to handle the wind-down.
“CMBG will be working to sell off any remaining company assets and intends to distribute any cash proceeds after expenses to creditors,” stated the email, which was seen by GeekWire.
In fact, a buyer for those assets and Picnic’s intellectual property has since been found, said James Baer, founder and president of CMBG, speaking via phone Friday afternoon.
“I want to be respectful of privacy issues, but I will disclose that we did sell the company,” Baer said. He declined to reveal the name of the buyer, the purchase price or how any of the assets might be used.
Advertisement
The development marks a dramatic turn for a startup that raised about $50 million and was placing its pizza-making robots in stadiums, universities, and big-box retailers across the country. As of Friday, Picnic’s website was still live, touting its most recent funding round.
Founded in 2016 by mechanical engineer Garett Ochs as Otto Robotics and then Vivid Robotics, Picnic incorporated as Picnic Works, and set out to tackle one of the food industry’s most persistent challenges: the high cost and inconsistency of manual food preparation. Microsoft co-founder Paul Allen’s Vulcan Capital was among those that funded the company’s seed round.
Its signature product, the Picnic Pizza Station, could help a single employee produce up to 100 customized 12-inch pizzas per hour by automating the topping process — a pitch aimed squarely at high-volume food service operations struggling with labor costs and turnover.
Former Picnic CEO Clayton Wood at the company’s booth on the CES show floor in 2020. The Seattle startup and its pizza-making robot were making pizzas for attendees throughout the week. (GeekWire File Photo)
GeekWire first saw and tested the robotic pizza maker in 2019 as the company, led at the time by CEO Clayton Wood, emerged from stealth mode at its headquarters in Seattle’s Interbay neighborhood.
Picnic continued to raise funding and seek new customers over the next few years with Wood at the helm. The pandemic accelerated demand for carry-out and delivery as food service was reimagined. In 2021, the startup raised $16 million and inked a partnership with Seattle’s Ethan Stowell Restaurants. In 2022, a partnership with Domino’s tested robotic pizza assembly.
Advertisement
“Right now we’re really excited about some of the customers we’re talking to across all kinds of segments,” Wood said at the time. “We’re looking at everything — convenience stores, branded pizza, large brands in pizza, ski resorts, theme parks, grocers, managed food service. We’re jazzed.”
By 2023, Picnic had grown to about 100 employees, but it ran into economic headwinds, struggled to raise more cash, and was forced to conduct layoffs. Wood stepped down as CEO that year.
Reached Friday, Wood recalled Picnic being “caught in the squeeze” between a free-money era of 2018-2019 and 2022, “when the bottom dropped out of the market.”
The company brought on new CEO Michael Bridges in May 2023 and managed to attract $5 million in new financing, with backing from Unlock Venture Partners, the firm co-led by longtime Seattle-area entrepreneur and investor Andy Liu.
Advertisement
“Everything they did after that was happening in some kind of stealth mode, which was bizarre to me,” Wood said. “Because everything I was doing was trying to promote it and make it famous.”
Bridges lasted about two years and was gone in July 2025.
Last September, another new CEO came aboard — Valeri Inting — who had her sights set on building a “hospitality-first automated pizza chain,” with a pop-up planned for New York City earlier this year. But it never happened.
The former Picnic facility, on the second floor at R&D Interbay, a flexible workspaces development in Seattle, on Friday. (GeekWire Photo / Kurt Schlosser)
On Friday, GeekWire visited R&D Interbay, a flexible workspaces development in Seattle’s industrial Interbay neighborhood where Picnic’s headquarters were previously located.
The second-floor space was empty. There was no lingering smell of robotic pizza in the air.
Advertisement
Other tenants in the building recalled Picnic packing up several months ago. One remembered tasting pizzas from time to time, and another said the trash bins were full of “interesting materials” such as motors and other components after the move-out.
Lee Kindell, owner and head chef at Moto Pizza, gets ready to catch one of his pies as it emerges from a Picnic Pizza Station at his Belltown location in 2023. (GeekWire File Photo / Kurt Schlosser)
Among those left in the lurch by the demise of Picnic was Lee Kindell, owner and chef at Seattle’s Moto Pizza and an evangelist for technology in the kitchen. Moto operates eight Seattle locations and is expanding in California.
Kindell was one of Picnic’s most enthusiastic early customers, saying in 2023 that “robotics is the future of food” as he showed off a Pizza Station at his Belltown location. He told GeekWire this week that he actually wanted to buy Picnic when he first learned of the company’s financial troubles.
When the end finally came, he said, he was left holding a $250,000 “robot aquarium” — his term for the idle Picnic machines now sitting in his restaurant.
“I was so pissed I started my own robot company,” he said, referencing Motobotics, a new and separate entity from Moto Pizza, to build his own pizza-making machines. He’s partnering with the Igor Institute and Fresh Consulting, which is part of the Northwest Robotic Alliance.
Advertisement
But he still has his eye on Picnic — or whatever it is next. Of the mystery buyer, he said, “I want to know if they’re just going to use the IP, or if they’re going to try to resurrect Picnic.”
SpaceX lifted its upgraded Starship V3 rocket from the pad at Starbase in Texas late this afternoon for its first full test flight. At 407 feet tall and carrying more thrust than any rocket before it, the vehicle rose on 33 engines in the Super Heavy booster and six in the upper stage. One booster engine failed to ignite at the start, yet the stack cleared the tower cleanly and kept climbing.
The sound of an engine roaring on the coastal flats filled the air as the rocket began to accelerate. Only a few minutes in, the stages separated from each other high above the Gulf. The upper Starship ship continued to ascend, while the booster abruptly reversed course and returned to Earth. SpaceX had hoped to gently guide the booster back down to the Gulf’s surface with a controlled return and a soft landing, but the main brake burn engines failed to relight properly. So the booster tumbled through the air before colliding with the sea and breaking apart.
BUILD AN OFFICIAL NASA ROCKET – Kids prepare to explore outer space with the LEGO Technic NASA Artemis Space Launch System Rocket (42221) building…
3-STAGE ROCKET SEPARATION – Young builders can turn the hand crank to watch the rocket separate in 3 distinct stages: solid rocket boosters, core…
STEM BUILDING TOY FOR KIDS – This educational rocket kit was created in collaboration with NASA and ESA to showcase the authentic system that will…
However, attention quickly moved to the ship that was still on its way up. This one was carrying out a slew of test objectives, not the least of which was the launch of twenty dummy Starlink satellites and two actual ones outfitted with cameras to capture footage of the heat shield as it traveled through the skies. One of the six Raptor engines on board opted to shut down during the ascent, but the other five did a decent enough job to get them up to the height they planned, which was close to 195 kilometers. As they did so, the ship floated free and released each satellite exactly on time before beginning its long, arcing curve out over the Indian Ocean.
Re-entry produced the normal glow of plasma around the ship as it plunged lower into the atmosphere. The flight controllers watched as it flipped and calmed itself down with a succession of small, precise burns. In the final moments, it flopped onto its side in the sea, precisely where the engineers had hoped to land it for this test. Then, guess what? The ship exploded on contact. That was always part of the plan, of course, because the goal was to collect some data without taking too many risks, especially given this was the new hardware’s first trip.
Advertisement
Meanwhile, engineers at Starbase had utilized the flight to test a whole new launch pad configuration. That pad kept its position despite the tremendous liftoff, which was a quiet but significant victory, especially if it will be used for future operations. The entire mission lasted about an hour, from liftoff to splashdown. Earlier, there had been some delays due to a minor hydraulic fault on the tower arm, forcing them to cancel the attempt the day before.
This was the first Starship flight since October of last year, and it marked the introduction of the V3 design. The version has third-generation Raptor engines, which are expected to be more easier to work with and have a faster turnaround. Although the booster did not return and the ship went up in the water, the hardware met a number of key objectives: it separated cleanly, delivered the payload on time, and ran steadily even after one of the engines failed. Now, the teams will review all of the data to see where they can make changes for the next round.
The power of a regular fan, but for personal, portable use, the Dyson HushJet Mini Cool outputs a stream of high-speed air. It’s a little loud on its maximum fan speed, but when you need maximum cooling performance it’s a fair trade-off. Extremely compact and flexible in use, the Dyson HushJet Mini Cool’s fan is effective even on the lowest speed. If you want the most powerful portable fan, this is the one to buy.
Exceptionally powerful
Lowest speed actually useful
Small and flexible
Loud on the higher settings
Key Features
Advertisement
Review Price:
£99.99
Long lasting
Advertisement
Up to six hours’ battery life on the lowest setting
Powerful
Advertisement
Blows air faster than a regular, full-size fan
Introduction
After years of the handheld fan market being dominated by cheap, underwhelming devices, the big boys are here to show how it’s really done. In this case, with the Dyson HushJet Mini Cool, the company has taken everything it knows about making big fans and has distilled that into a tiny, portable model.
Exceptionally powerful, this tiny fan packs a punch, but should it be your travel companion of choice? Check out my full review to find out.
Advertisement
Advertisement
Design and features
Small and light
Simple controls
Decent range of accessories
Given how many people I see carrying portable fans around, it’s a little surprising that it’s taken so long for the bigger fan manufacturers to catch on. First, I had the Shark ChillPill and now I have the Dyson HushJet Mini Cool.
While comparisons between the two devices are inevitable, they’re both slightly different in what they do and how they work. The Shark ChillPill is a slightly larger but more versatile device, which is a fan, mister and cooling pad; the Dyson HushJet Mini Cool is a fan, built with the company’s latest technology to give a powerful jet of air.
Portable devices are often as much about style as they are about performance, so the Dyson HushJet Mini Cool is available in three colour combinations: the pink (Stone/Blush) that I have on review here, plus blue (Ink/Cobalt) and red (Carnelian/Sky).
Image Credit (Trusted Reviews)
It’s a very small device, with a 38mm diameter. That’s an important measurement for Dyson, with the PencilWash and PencilVac both having wands with the same diameter.
Advertisement
Advertisement
At just 210g, the Dyson HushJet Mini Cool is also very light and easy to carry, even more so than the slightly larger ChillPill.
In the hand, the HushJet Mini feels a bit like holding a microphone, easily fitting in your hand when you want to use it.
At the top, you’ll notice the jet-engine-inspired head, which is designed to reduce turbulence and increase air flow. It’s effectively a smaller version of the Dyson HushJet Purifier Compact. This head can be rotated 360°, letting me angle the air where I want it.
Image Credit (Trusted Reviews)
Controls are very simple. There’s a switch to turn the fan on or off, with the Dyson HushJet Mini Cool starting on fan speed one. The +/- buttons can be used to cycle between the five fan speeds, or you can press and hold the + button to temporarily engage the boost mode.
Image Credit (Trusted Reviews)
Advertisement
With the switch set to off, the + button shows battery life via the LEDs (each of the five lights represents 20% of battery power). That’s useful as an indicator, but there’s no way to tell how much battery power is left while the fan is on.
Advertisement
While the fan is an easy-to-use handheld, there are other options, and Dyson includes a Charging Stand, Neck Dock, and Travel Pouch in the box.
Image Credit (Trusted Reviews)
The Neck dock slides around the fan’s body, with the choice to have the controls facing towards your body or away from it. I prefer away, but it’s nice to have the choice.
Image Credit (Trusted Reviews)
Wearing the fan makes a lot of sense, and the rotating head makes it easy to get the air where you want it.
Advertisement
Image Credit (Trusted Reviews)
The Charging stand is a handy desktop accessory that keeps the fan upright so you can use it when you’re not moving.
Image Credit (Trusted Reviews)
Optionally, you can buy a Universal Mount or Grip Clip (for attaching to a bag) if you need more flexibility.
Charging is via the USB-C port on the rear. Use a fast charger, and the 5000mAh battery can be topped up in three hours. Handily, the Dyson HushJet Mini Cool can be used on fan speed one when it’s charging, so you don’t have to stop cooling.
Image Credit (Trusted Reviews)
Advertisement
When travelling, or when not in use, everything can slip into the drawstring travel bag.
Advertisement
Image Credit (Trusted Reviews)
At the bottom of the fan is the air intake, which looks a bit like the one on the Dyson Supersonic. On the Dyson HushJet Mini Cool, you can’t remove the bottom section, but you should use a cloth or brush to clean it down regularly.
Image Credit (Trusted Reviews)
Performance
Decent battery life
Very powerful
Loud on its maximum setting
The Dyson HushJet Mini Cool is exceptionally powerful. While its airflow is more concentrated than that of a regular fan, the airspeed is just as fast, if not faster.
Advertisement
Measuring from 15cm away, on fan speed one I got air flow of 2.6m/s; on the middle speed 5.5m/s; and 8.1m/s on the highest setting; Turbo increased the fan speed to a, frankly, ridiculous 11.3m/s.
That’s a lot more airflow than I got from the ChillPill, which topped out at 4m/s on its maximum setting.
Higher air speeds are useful, as the Dyson HushJet Mini Cool doesn’t have to be as close to you to feel the benefits, and I could run it at lower speeds.
Advertisement
Image Credit (Trusted Reviews)
That’s important when looking at battery life. On the lowest setting, the Dyson HushJet Mini Cool can last around six hours; on its highest setting, it’s around an hour. The Shark ChillPill lasts for 11 hours on its lowest setting, and up to 1.5 hours on its highest.
But, the Dyson HushJet Mini Cool’s middle speed is similar to the ChillPill’s highest speed, and speed one is still highly effective. Overall, then, I think you’ll get similar real-world battery life out of either device.
Advertisement
Although it’s called the HushJet, this fan can get quite loud. On its highest setting, there’s a lot of noise, and I measured it at 78dB from 15cm away. On the middle fan speed, I measured 72.7dB. Things are better on the lowest setting at 60.6dB, but the small space that air comes out of means that a larger fan will be quieter.
Should you buy it?
Advertisement
You want a powerful portable fan
If you want the power of a desktop fan for personal, portable use, this one is a brilliant choice.
Advertisement
If you want more than just a fan, look for a portable one that has different attachments for different jobs.
Final Thoughts
After years of putting up with cheap, horrible portable fans, I feel we’re spoilt for choice with the Dyson HushJet Mini Cool and the Shark ChillPill. Which one’s best will depend on what you want.
Advertisement
The ChillPill is more versatile, with misting and its chill plate giving some different options, but its fan is not as powerful, and it’s bulkier. The Dyson HushJet Mini Cool is slimmer and easier to carry around, and it’s much more powerful, working effectively even on its lowest fan speed. If you want the power of a regular fan in a handheld unit, this is the one to buy.
For alternative options, you can read my guide to the best fans.
How We Test
We test every fan we review thoroughly over an extended period of time. We use industry standard tests to compare features properly. We’ll always tell you what we find. We never, ever, accept money to review a product.
Find out more about how we test in our ethics policy.
Advertisement
Used as our main fan for the review period
We measure the fan speed using an anemometer so that we can accurately compare performance between models
FAQs
How long does the Dyson HushJet Mini Cool’s battery last?
You can get up to six hours on the lowest setting.
Can you use the Dyson HushJet Mini Cool while it’s charging?
Yes, you can use it on fan speed one while charging.
Engineering design makes all kinds of tradeoffs. Power trades off with torque, strength trades off with weight, and cost can trade off with quality. For designing a hydroelectric turbine, one of the main tradeoffs is hydraulic head with flow rate. Many large dams meant for bulk power generation will go with high head (or medium) designs, and for small dams with low head it’s usually not cost effective to build any generation. But if you’re really determined, you’ll want to build a low head water turbine like this one.
The build aims to use easy-to-find materials and simple tools. It uses 110mm and 160mm PVC pipe to not only siphon water up and over a dam, but to house the turbine as well. The turbine is built from a computer fan and sits inside the pipe with a shaft running through a Y-type fitting to the generator. The generator is built from a scavenged hoverboard wheel, and outputs a reported 3.3A DC at 60V for around 200 watts of power with only around 3m of head. The design allows the turbine to be placed at the point in the pipe that best suits the environment.
[OpenSourceLowTech], the creators of this project, make a compelling case that this build is cheaper than a 150W solar panel and it might even be able to produce more energy as well over certain timeframes, provided there’s a reliable source of water available and the owners of the dam don’t mind someone siphoning water over it continuously. The build video is worth a watch as well if for nothing else than the animation, which documents the build in excellent detail. Generating usable energy from hydropower doesn’t even need this big of a dam; if all you need is to charge your phone this tiny waterwheel will get the job done.
The Xiaomi 17T series is officially set to launch globally on May 28. Through a post on X, the company hinted at an upcoming launch with the tagline “The T is coming.” While Xiaomi has not shared any official details yet, reports suggest the teaser belongs to the Xiaomi 17T smartphone.
According to recent leaks, Xiaomi may not launch the Xiaomi 17T Pro in India. Instead, the company is expected to introduce only the standard Xiaomi 17T in the country. This launch is notable because Xiaomi skipped the Indian release of the 12T, 13T, and 14T series smartphones. As a result, the return of the T-series could give Indian users access to Xiaomi’s premium features once again.
Some worlds were never meant to stay distant.
Get ready to capture what others can’t reach. The T is coming. Standards are about to change. pic.twitter.com/YZulx7opto
Leaks suggest that the Xiaomi 17T and Xiaomi 17T Pro could look nearly identical from the outside. The phones may feature flat rear panels paired with square camera islands, giving them a clean and premium appearance. Xiaomi is also expected to place the power and volume controls on the right side of the devices. The Xiaomi 17T Pro could feature a 6.83-inch display with up to 144Hz refresh rate support, whereas the standard model may offer a 6.59-inch 1.5K AMOLED panel.
Furthermore, Xiaomi may feature the Xiaomi 17T with the MediaTek Dimensity 8500-Ultra chipset, or the Dimensity 9500 processor. Xiaomi may also include large batteries in both smartphones. The standard model could pack a 6,500mAh battery. Meanwhile, the Pro variant may feature a 7,000mAh battery.
Leica-Tuned Triple Camera Setup
The Xiaomi 17T series will focus heavily on its camera capabilities. The company has announced Leica cameras for the upcoming series, while teaser images have shown a square-shaped rear camera module design. According to reports, this series may include a triple-rear camera system consisting of a 50MP main camera, a telephoto lens, and a 12MP ultrawide lens.
Xiaomi 17T Expected Price in India
Recent leaks suggest that Xiaomi may introduce the Xiaomi 17T as a premium smartphone in India. The starting variant of the phone with 12GB RAM and 256GB storage is expected to cost Rs 74,999, while the variant with 512GB storage might launch at Rs 84,999. Such a pricing scheme would allow the smartphone to compete with other high-end flagships from OnePlus, Vivo X series, and iQOO.
Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns.
FIOD arrested a 57-year-old suspect, who was the company director, and a 39-year-old who headed a separate firm that provided internet connectivity.
According to the authorities, the suspects indirectly provided economic resources to Russian and Belarusian entities sanctioned by the European Union (EU).
The investigation focuses on the activities of web hosting firm Stark Industries, founded on February 10, 2022, shortly before Russia’s invasion of Ukraine.
Advertisement
“The [Dutch] web hosting company, according to the research team, provided support to actions by the Russian Federation that undermine democracy and security, including through information manipulation and disruption of public and economic systems,” FIOD says.
The EU added Stark Industries to the list of sanctioned entities last year on May 20. Following this restriction, the web hosting infrastructure was transferred to a newly created Dutch company that investigators believe acted as a front for the sanctioned entities.
In the recent action, FIOD conducted multiple raids in data centers in Dronten and Schiphol-Rijk, as well as searches in Enschede and Almere, where they seized 800 servers, laptops, phones, and administrative records.
From the FIOD raids Source: FIOD
According to a report from the De Volkskrant publication, the name of this Dutch entity is WorkTitans B.V. and provides hosting services under the brand THE.Hosting.
The same outlet alleges that Danish authorities and infrastructure providers linked WorkTitans to attacks by the pro-Russian hacktivist group NoName057(16), which has previously targeted key organizations with distributed denial-of-service (DDoS) attacks.
Advertisement
Mirhosting, based in Almere, operated physical servers, provided colocation, and supplied high-capacity connectivity to major internet exchanges in Amsterdam and Frankfurt, acting as the transport layer through which Stark’s traffic entered Europe to reach the WorkTitans infrastructure.
It’s worth noting that WorkTitans did not respond to de Volkskrant’s requests for a statement, while Mirhosting denied knowingly supporting illegal operations, claiming they quickly intervened upon receipt of abuse complaints.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Almost a year since its announcement, and nine months after its planned launch, the Trump phone has finally arrived — albeit looking different to the one originally unveiled.
The Trump phone, officially known as the Trump Mobile T1, arrived with us this week. CNET placed a preorder back with a $100 deposit back in June 2025, and it’s worth noting that Trump Mobile expedited our shipment so that we could review the T1. (It’s typical for a phone company to set aside review units for journalists, but Trump Mobile did not do this.)
Trump Mobile launched in June 2025 with a $47.45-a-month mobile phone plan, and it announced that the T1 would be made in the US and launch in August 2025. But when it became obvious that domestic large-scale smartphone manufacturing would not be possible, Trump Mobile dropped the “made in the US” claim and delayed the launch.
The Android phone was delayed due to production issues, the company said last week, when it confirmed the handset would begin shipping to customers.
“The technology business is more difficult than some may realize, as parts must be tested for quality assurances,” Trump Mobile CEO Pat O’Brien said in a statement to CNET last week. “We have experienced delays during a variety of steps in getting the T1 to completion, but those delays were worth it in our minds as we are delivering an amazing product.”
This long weekend, I’ll be testing the phone in a real-world environment, using it as my main phone during the Memorial Day long weekend. I’ll live blog my experiences as I go, updating with any anecdotes or tests I run.
The T1 Trump Phone Is the Same Color as Scrooge McDuck’s Gold Coins
Compact action cameras keep getting better at fitting into everyday life without slowing anyone down. This GO Ultra Creator Bundle from Insta360 delivers a complete setup built around a camera so small it feels like an afterthought until the footage starts rolling in. At the current price of about $425 (was $500), the package bundles the core camera with enough mounts and extras to handle vlogging, sports, or simple point-of-view recording straight out of the box.
When you open the box, you’ll discover the Action Pod, a Magnet Pendant, a Quick Release Safety Cord, a Magnetic Easy Clip, a Quick Release Mount, the Mini 2-in-1 Tripod 2.0, and the Pivot Stand, all ready to use. Save the microSD cards for now, as the rest of the gear is ready to use right out of the box. Clip the camera to your hat brim or shirt collar with the magnetic gubbins and you’ll nearly forget it’s there while it shoots great smooth footage.
In The Box: 1x Standalone Camera, 1x Action Pod, 1x Magnet Pendant, 1x Quick Release Safety Cord, 1x Magnetic Easy Clip, 1x Mini 2-in-1 Tripod 2.0, 1x…
Hands-Free POV & Wearable – Magnetic mounting lets you clip the camera to a cap or wear it with the Magnet Pendant, freeing up your hands for a…
Lightweight & Portable – 53g and the size of a watch, built for conveniently getting 4K footage from any angle. Great for cycling, running, diving…
The camera is approximately the size of a small watch, but it has a 1/1.28-inch sensor capable of recording 4K video at 60 frames per second and sharp 50 megapixel still images. Then there’s the 156-degree field of view, which is a good angle without needing to step back to see everything. Plus, there’s some clever stabilization technology called FlowState that keeps the horizon from wobbling and movements from appearing jerky even when you’re running or riding a bike. Low-light situations are also much easier to manage, thanks to the PureVideo mode, which captures more information than previous models.
Advertisement
Battery life is actually much better than expected for a little camera of this size. The camera alone lasts about 70 minutes, and the Action Pod extends it to about 200. Recharge is very speedy; going from zero to 80 percent in 12 minutes should be plenty to get you through a great workout. Of course, the pod includes a flip screen, allowing you to frame shots while sitting on a tripod or mount.
The possibilities for mounting this camera are near infinite. You can hang the Magnet Pendant around your neck for some good chest-level POV footage, clip the Easy Clip and Quick Release Mount to helmets, bags, or automobiles, or use the Mini Tripod and Pivot Stand to make it into a decent desk or vlogging platform. Everything fits together remarkably simply and stays there even while you’re active.
Whatever you choose, the audio will sound clear, and the program can even perform some basic edits for you, such as removing highlights, adding simple transitions, and selecting music to fit. FreeFrame mode allows you to crop and reframe images as you see fit, or into whatever form you need for social media. The camera is waterproof up to 33 feet and can go deeper with one of the available cases, allowing you to film in the rain or shallow water whenever you want.
On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised maintainer account.
Sigstore worked exactly as designed: it verified the package was built in a CI environment, confirmed a valid certificate was issued, and recorded everything in the transparency log. What it cannot do is determine whether the person holding the credentials authorized the publish — and that gap turned the last automated trust signal in npm into camouflage.
One day earlier, StepSecurity documented an attack on the Nx Console VS Code extension, a widely used developer tool with more than 2.2 million lifetime installs. Version 18.95.0 was published using stolen credentials on May 18 and stayed live for under 40 minutes — but Nx internal telemetry showed approximately 6,000 activations during that window, most through auto-update, compared to just 28 official downloads. The payload harvested Claude Code configuration files, AWS keys, GitHub tokens, npm tokens, 1Password vault contents, and Kubernetes service account tokens.
The Mini Shai-Hulud campaign, attributed by multiple researchers to a financially motivated threat actor identified as TeamPCP, hit the npm registry at 01:39 UTC on May 19. Endor Labs detected the initial wave when two dormant packages, jest-canvas-mock and size-sensor, published new versions containing an obfuscated 498KB Bun script — neither had been updated in over three years, making a sudden version with raw GitHub commit hash dependencies a detection signal, but only if the tooling is watching.
Advertisement
By 02:06 UTC, the worm had propagated across the @antv data visualization ecosystem and dozens of unscoped packages, including echarts-for-react (~1.1 million weekly downloads). Socket raised the total to 639 compromised versions across 323 unique packages in this wave. Across the full campaign lifecycle, Socket has tracked 1,055 malicious versions across 502 packages spanning npm, PyPI, and Composer.
StepSecurity confirmed the payload contained full Sigstore integration. The attacker didn’t just steal credentials; they could sign and publish downstream npm packages that carried valid provenance attestations.
These two incidents aren’t isolated. Research teams at Endor Labs, Socket, StepSecurity, Adversa AI, Johns Hopkins, Microsoft MSRC, and LayerX independently proved that the developer tool verification model is broken, and no vendor framework audits all of the attack surfaces that failed.
Seven attack surfaces failed in the 48 hours between May 18 and May 19 — npm provenance forgery, VS Code extension credential theft, MCP server auto-execution, CI/CD agent prompt injection, agent framework code execution, IDE credential storage exposure, and shadow AI data exposure — and the audit grid below maps each.
Advertisement
The verification model is broken across all four major AI coding CLIs
Adversa AI disclosed TrustFall on May 7, demonstrating that Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI all auto-execute project-defined MCP servers the moment a developer accepts a folder trust prompt. All four default to “Yes” or “Trust.” One keypress spawns an unsandboxed process with the developer’s full privileges.
The MCP server runs with enough privilege to read stored secrets and source code from other projects. On CI runners using Claude Code’s GitHub Action in headless mode, the trust dialog never renders. The attack executes with zero human interaction.
Johns Hopkins researchers Aonan Guan, Zhengyu Liu, and Gavin Zhong published “Comment and Control,” proving that a malicious instruction in a GitHub pull request title caused Claude Code Security Review to post its own API key as a comment. The same attack worked on Google’s Gemini CLI Action and GitHub’s Copilot Agent. Anthropic rated the vulnerability CVSS 9.4 Critical through its HackerOne program.
Microsoft MSRC disclosed two critical Semantic Kernel vulnerabilities on May 7. One routes attacker-controlled vector store fields into a Python eval() call; the other exposes a host-side file download method as a callable kernel function — meaning one poisoned document in a vector store launches a process on the host.
Advertisement
LayerX security researchers separately demonstrated that Cursor stores API keys and session tokens in unprotected storage, meaning any browser extension can access developer credentials without elevated permissions.
The threat actors hunting these credentials doubled their operational tempo
The Verizon 2026 Data Breach Investigations Report, released May 19, found that 67% of employees access AI services from non-corporate accounts on corporate devices. Shadow AI is now the third most common non-malicious insider action in DLP datasets. Source code leads all data types submitted to unauthorized AI platforms — the same asset class the npm worm campaign targeted.
STARDUST CHOLLIMA tripled its operational tempo against financial entities in Q4 2025. CrowdStrike documented the group using AI-generated recruiter personas on LinkedIn and Telegram, sending malicious coding challenges that looked like technical assessments, and running fake video calls with synthetic environments. The targets are GitHub PATs, npm tokens, AWS keys, and CI/CD secrets. The shadow AI exposure in grid row 7 is the door they walk through.
Advertisement
Developer Tool Stolen-Identity Audit Grid
No vendor framework currently scopes all seven surfaces. This grid maps each one to the research that exposed it, what your stack cannot see, and the audit action to take before the next vendor renewal.
Attack Surface
Disclosed By
What Verification Failed
Advertisement
What Your Stack Cannot See
Audit Action
1. npm provenance forgery
Endor Labs, Socket (May 19)
Advertisement
Sigstore certificates generated from stolen OIDC tokens pass automated verification
EDR and SAST do not validate whether the CI identity that signed a package authorized the publish
Require publish-time two-party approval for packages with more than 10,000 weekly downloads. Do not treat a green Sigstore badge as proof of legitimacy
2. VS Code extension credential theft
Advertisement
StepSecurity (May 18)
VS Code Marketplace accepted a malicious extension version published with a stolen contributor token
Extension auto-updates bypass endpoint detection. Marketplace window 12:30 to 12:48 UTC; overall exposure (including Open VSX) 12:30 to 13:09 UTC
Enforce minimum-age policies for extension updates. Pin critical extension versions. Audit all extensions with access to terminal or file system APIs
Advertisement
3. MCP server auto-execution
Adversa AI, TrustFall (May 7)
All four CLI trust dialogs default to “Yes/Trust” without enumerating which executables will spawn
EDR monitors process behavior, not what an LLM instructs an MCP server to do. WAF inspects HTTP payloads, not tool-call intent
Advertisement
Disable project-scoped MCP server auto-approval in Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI. Block .mcp.json in CI pipelines unless explicitly allowlisted
4. CI/CD agent prompt injection
Johns Hopkins, Comment and Control (April 2026)
GitHub Actions workflows using pull_request_target inject secrets into runner environments that AI agents process as instructions
Advertisement
SIEM logs show an API call from a legitimate GitHub Action. The call itself is the attack. No anomalous network signature exists
Migrate AI code review workflows to pull_request trigger. Audit all workflows using pull_request_target with secret access for AI agent integrations
5. Agent framework code execution
Microsoft MSRC (May 7)
Advertisement
Semantic Kernel Python SDK routed vector store filter fields into eval(). .NET SDK exposed host file-write as a callable kernel function
Application firewalls inspect input payloads. They do not inspect how an orchestration framework parses those payloads internally
Update Semantic Kernel Python SDK to 1.39.4 and .NET SDK to 1.71.0. Audit all agent frameworks for functions tagged as model-callable that access host file system or shell
6. IDE credential storage exposure
Advertisement
LayerX (April 2026)
Cursor stores API keys and session tokens in unprotected storage accessible to any installed browser extension
DLP monitors data in transit. Cursor credentials at rest are invisible to DLP because no egress event occurs until the extension exfiltrates
Audit developer tools for credential storage practices. Require protected storage (OS keychain, encrypted credential stores) for all AI coding tool configurations
Advertisement
7. Shadow AI data exposure
Verizon 2026 DBIR (May 19)
67% of employees access AI services from non-corporate accounts on corporate devices. Source code is the leading data type submitted
CASB policies cover sanctioned SaaS. Non-corporate AI accounts on corporate devices operate outside CASB scope entirely
Advertisement
Deploy browser-layer AI governance that monitors non-corporate AI usage on corporate devices. Inventory AI browser extensions across the organization
Security director action plan
Security directors may want to run this grid against current vendor contracts before Q2 renewals close — asking each vendor which of the seven surfaces their product covers, and treating the non-answers as the gap map.
Any credential accessible from a developer machine or CI runner that installed affected npm packages between 01:39 and 02:18 UTC on May 19 should be considered compromised. That includes GitHub PATs, npm tokens, AWS access keys, Kubernetes service account tokens, HashiCorp Vault tokens, SSH keys, and 1Password vault contents.
AI coding agent integrations running in CI/CD pipelines with pull_request_target workflows deserve a close look. Each one is a prompt injection surface that processes PR comments as agent instructions.
Advertisement
Procurement teams evaluating AI coding tools should consider adding a stolen-identity resistance dimension to vendor assessments. The question worth asking: can the vendor demonstrate how their tool distinguishes a legitimate maintainer publish from an attacker using compromised credentials? If they cannot, the tool is not a verification layer.
The developer tool supply chain has the same problem IAM had a decade ago: credentials prove who you claim to be, not who you are. IAM got a 10-year head start on compensating controls before nation-state groups turned credential theft into an industrial operation. The AI coding tool ecosystem is starting that clock now.
MOON by Simaudio has expanded its Compass Collection with the new MOON 491 Network Player/Preamplifier and MOON 461 Power Amplifier, a Canadian-made streaming and amplification pairing built for listeners who want one serious high-end system without turning the rack into a wiring nightmare.
Designed and handcrafted just outside Montréal, the 491 combines a network player, preamplifier, DAC, MM/MC phono stage, and headphone amplifier in one chassis, while the 461 delivers 150 watts per channel and borrows MOON’s distortion-cancelling amplifier architecture from the flagship North Collection.
The timing feels right. MOON has built a reputation for delivering strong performance for the money in the high-end category, and this new pairing arrives with the same kind of momentum currently rattling Bell Centre glass during the Canadiens’ unexpected 2026 Stanley Cup Playoffs run.
“As a pairing, the 491 and 461 represent a complete expression of the Compass Collection,” said Etienne Gautier, CCO of Simaudio. “Together they deliver outstanding musical performance and system flexibility, while also forming a visually striking statement that will look exceptional in any environment, from contemporary interiors to traditional spaces. The MOON 491 and MOON 461 are the True Direction.”
Advertisement
That “complete expression” part matters. The 491 is not just another streamer with a nice faceplate. With MiND 2 streaming, Roon Ready support, AirPlay, Bluetooth, Qobuz Connect, TIDAL Connect, Spotify Connect, analog and digital inputs, adjustable MM/MC phono support, headphone output, and MOON’s Hybrid Power supply, it is clearly designed to be the hub for $6,500 USD.
Add the 461 power amplifier, with MOON Hybrid Power and MDCA technology, and the Compass Collection starts to look less like a lifestyle stack and more like a proper no-nonsense two-box high-end system with Canadian muscle. No poutine theatrics required. This is more like a smoked meat sandwich from Lester’s with fries and a hearty karnatzel on the side: straightforward, satisfying, and built to do the job without asking for applause.
MOON 491 Network Player/Preamplifier: One Box to Run Streaming, Vinyl, Digital and Headphones
MOON 491
The MOON 491 Network Player/Preamplifier is designed to be the control center of a serious two-channel system. It combines a network player, preamplifier, DAC, MM/MC phono stage, and headphone amplifier in one chassis, which means it can manage streaming, digital sources, analog components, turntables, headphones, and system volume without requiring five separate boxes and a weekend with cable labels.
At the center of the 491 is MOON’s proprietary MiND 2 streaming platform. It works as a UPnP renderer, a Roon Ready endpoint, and supports AirPlay and Bluetooth. The MOON MiND Controller app for iOS and Android provides access to Qobuz, TIDAL, Deezer, and Spotify, while direct platform support includes Qobuz Connect, TIDAL Connect, and Spotify Connect. That gives users multiple ways to stream without being forced into one control path. Having used MiND 2 at AXPONA 2026, I can attest to its relatively easy learning curve.
The 491 also takes vinyl seriously. Its built-in phono stage supports both MM and MC cartridges, with adjustments for loading, capacitance, gain, and equalization through the on-screen menu.
Advertisement
Analog connectivity includes one RCA line-level input, one balanced XLR input, and one phono input. Outputs include fixed and variable RCA, variable balanced XLR, and a 1/4 inch headphone jack. The large color display shows volume, album art, and track information, while control is handled through the app, front-panel buttons, and the aluminum CRM-4 remote.
MOON’s Hybrid Power supply is also part of the package, blending linear and switch-mode power supply technologies to provide stable, low-noise DC power. According to MOON, the design operates beyond the audio band to avoid contaminating sensitive audio circuits, helping lower the noise floor and improve dynamic range.
Digital inputs: HDMI ARC, S/PDIF, Toslink, AES-EBU
Ethernet: 2 inputs
Input sensitivity: 0.3 V to 5 V
Input impedance: 22 kΩ
Gain: 10 dB
Frequency response: 10 Hz to 200 kHz, +0.5/-3.0 dB
Total harmonic distortion + noise: 0.0004%
Intermodulation distortion: 0.0004%
Dimensions: 16.9 x 3.5 x 14.1 inches / 42.9 x 8.7 x 35.7 cm
Shipping weight: 20 lbs / 9 kg
Finish: Black chassis with bead-blasted aluminum cheeks in black or silver
Remote: CRM-4 aluminum remote control
Display: Large color display with volume, album art, and playback information
MOON 461 Power Amplifier: Serious Power for the Compass Collection
The MOON 461 Power Amplifier is the dedicated power amplifier in Simaudio’s Compass Collection. It is designed to take the signal from a preamplifier and drive loudspeakers with high output, low distortion, and stable performance across different speaker loads. It is the most powerful model in the Compass Collection, rated at 150 watts per channel into 8 ohms, 300 watts per channel into 4 ohms, and 450 watts in mono into 8 ohms.
At the center of the 461 is MOON’s proprietary MDCA, or MOON Distortion-Cancelling Amplifier architecture, which was first developed for the flagship North Collection. The design is intended to reduce distortion and improve linearity, helping the amplifier preserve clarity, accuracy, and control as output demands increase.
Advertisement
The 461 also uses two MOON Hybrid Power supply modules, with one dedicated to each channel. That dual-mono layout is designed to improve channel separation, reduce crosstalk, and deliver stronger current into lower-impedance loudspeakers. A Stereo / Bridged Mono / Bi-Amping Mono mode switch adds useful system flexibility for listeners who may want to run a single amplifier now and expand later.
Visually, the 461 follows the Compass Collection design with a black chassis, bead-blasted aluminum cheeks in black or silver, and a clean front panel. It is not flashy, which is probably the point. This is a power amplifier, not a Cirque du Soleil audition. Think more Montreal Metro in February: not glamorous, but it moves a lot of current and usually gets you where you need to go.
MOON 461 Power Amplifier Specifications:
Product type: Analog stereo power amplifier
Collection: MOON Compass Collection
Amplifier architecture: MOON Distortion-Cancelling Amplifier architecture, or MDCA
Power supply: Two proprietary MOON Hybrid Power supply modules
Power supply layout: Dual-mono implementation, with one MHP module dedicated to each channel
Total harmonic distortion + noise at 150 W: 0.003%
Damping factor: 425
Power consumption, idle: 35 W
Power consumption, full power standby: 34 W
Power consumption, low power standby: 1 W
Dimensions: 16.9 x 3.5 x 14.5 inches / 42.9 x 8.7 x 36.8 cm
Shipping weight: 24 lbs / 11 kg
Finish: Black chassis with bead-blasted aluminum cheeks in black or silver
The Bottom Line
The MOON 491 Network Player/Preamplifier and MOON 461 Power Amplifier make the most sense as a clean, high-performance two-box system for listeners who want modern streaming, vinyl playback, DAC functionality, headphone listening, and serious loudspeaker control without building a rack that looks like Bell Centre after triple overtime.
The 461 is the matching muscle. With 150 watts per channel into 8 ohms, 300 watts into 4 ohms, and 450 watts in mono, it gives the Compass Collection real amplifier authority. MOON’s MDCA amplifier architecture, borrowed from the flagship North Collection, and dual MOON Hybrid Power modules add some meaningful trickle-down engineering. The stereo, bridged mono, and bi-amping modes also make it more flexible as a long-term system anchor.
What is missing? The 491 is not a full integrated amplifier, so passive loudspeakers still require a power amplifier like the 461. Otherwise, the feature set is quite complete: HDMI ARC, four digital inputs, two Ethernet jacks, MiND 2 streaming, Roon Ready support, Qobuz Connect, TIDAL Connect, Spotify Connect, MM/MC phono, DAC, headphone output, and preamplifier functionality.
Advertisement
The only obvious omission from the supplied information is any confirmation of higher-resolution Bluetooth codec support such as LDAC, aptX HD, or aptX Lossless.
Pricing & Availability
This pairing is not entry-level, but it is very MOON: designed and handcrafted in Canada, backed by a 10-year warranty, and built for listeners who want long-term performance rather than feature churn.
You must be logged in to post a comment Login