Search
1000 results for “basepi”
-
Leaving time and leaving space are both inclusive. Let others join your conversation, by leaving a slice of physical space, and making space in your conversation with a little silence.
“Silence is golden.”
💜
-
The lady in front of my has been watching Fox News throughout 100% of this flight. I can’t even imagine what it must feel like being in her head. 🙈
-
Just realized I haven't seen a copy of #MoneyStuff in my inbox for months. I wonder if they blacklisted duck.com email addresses? Damn trackers.
-
It’s not *quite* merged, but I’m very pleased with my single day of sprints today. Thanks to Malcolm Smith and @freakboy3742 for the help. Fun to be able to go from zero to a decent contribution in a single day!
-
Recently moved from my TrueNAS setup to an M2 Mac mini with a QNAP DAS. It’s been awesome!
Also I can’t believe I waited this long to set up #Tautulli and #Tailscale. So nice!
-
#Amazon: This item ships for free and can arrive by tomorrow!
Me: Ok, cool, buy now.
Amazon: Psych! It’s coming on your Amazon day in 5 days
Me: Oh, that’s weird, I thought it was one-day…can I edit the shipping speed?
Amazon: Nope, have to cancel and reorder. By the way, changing shipping speed via “buy now” actually takes more clicks than buying via “add to cart”
Me: …can I disable #AmazonDay?
Amazon: fuck no! That would be user-friendly! We’re in the #enshittification phase! Fuck you!
-
#Amazon: This item ships for free and can arrive by tomorrow!
Me: Ok, cool, buy now.
Amazon: Psych! It’s coming on your Amazon day in 5 days
Me: Oh, that’s weird, I thought it was one-day…can I edit the shipping speed?
Amazon: Nope, have to cancel and reorder. By the way, changing shipping speed via “buy now” actually takes more clicks than buying via “add to cart”
Me: …can I disable #AmazonDay?
Amazon: fuck no! That would be user-friendly! We’re in the #enshittification phase! Fuck you!
-
#Amazon: This item ships for free and can arrive by tomorrow!
Me: Ok, cool, buy now.
Amazon: Psych! It’s coming on your Amazon day in 5 days
Me: Oh, that’s weird, I thought it was one-day…can I edit the shipping speed?
Amazon: Nope, have to cancel and reorder. By the way, changing shipping speed via “buy now” actually takes more clicks than buying via “add to cart”
Me: …can I disable #AmazonDay?
Amazon: fuck no! That would be user-friendly! We’re in the #enshittification phase! Fuck you!
-
Microsoft Sentinel Baseline Deployment
A Practical, Microsoft-Aligned Walkthrough Series
Part 1 – Sentinel Foundations: Designing the Baseline You Won’t Regret
Microsoft Sentinel can be enabled in minutes. A good Sentinel deployment takes planning.
I will post a 3 part mini-series on Microsoft Sentinel Baseline from Day 0 to Operations.
-
This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now
997 words, 5 minutes read time.
If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.
This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.
What this scam actually is
You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.
It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:
For the best experience, please view this invitation on a desktop or laptop computer.
If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.
And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.
Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.
Why this is an absolute nightmare for security teams
Let me give you the numbers that no one is putting in the official advisories:
- As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
- Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
- This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
- Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.
I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.
This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.
How to not get burned
I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.
For everyone
- Real Punchbowl invites will only ever come from an address ending in
@punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately. - Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
- Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.
For SOC Analysts and Security Teams
These are the steps you can go and implement right now before you finish reading this post:
- Add an email detection rule for the exact string
for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate. - Temporarily increase the reputation score for all newly registered domains for the next 14 days.
- Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
- If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.
Closing Thought
The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.
If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
- Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
- CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
- Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
- Punchbowl Official Public Warning
- Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
- Proofpoint Threat Insight: Punchbowl Phishing Campaign
- MITRE ATT&CK T1566.001: Spearphishing Link
- Verizon DBIR 2025: Phishing Effectiveness
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#attackVector #boardroomRisk #breachPrevention #CISAAlert #CISO #credentialTheft #cyberResilience #cyberattack #cybercrime #cybersecurityAwareness #defenseInDepth #desktopOnlyPhishing #detectionRule #DKIM #DMARC #emailFilterBypass #emailGateway #emailHygiene #emailSecurity #emailSecurityGateway #endpointProtection #incidentResponse #indicatorsOfCompromise #initialAccess #IoCs #lateralMovement #linkSafety #logAnalysis #maliciousLink #malware #MITREATTCK #mobileEmailRisk #phishingCampaign #phishingDetection #phishingScam #phishingSimulation #phishingStatistics #PunchbowlPhishing #ransomwarePrecursor #RemcosRAT #sandboxEvasion #securityAlert #SecurityAwarenessTraining #securityBestPractices #securityLeadership #securityMonitoring #securityOperationsCenter #securityStack #SOCAnalyst #socialEngineering #spearPhishing #SPF #suspiciousEmail #T1566001 #threatActor #threatHunting #threatIntelligence #userTraining #zeroTrust -
This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now
997 words, 5 minutes read time.
If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.
This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.
What this scam actually is
You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.
It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:
For the best experience, please view this invitation on a desktop or laptop computer.
If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.
And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.
Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.
Why this is an absolute nightmare for security teams
Let me give you the numbers that no one is putting in the official advisories:
- As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
- Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
- This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
- Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.
I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.
This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.
How to not get burned
I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.
For everyone
- Real Punchbowl invites will only ever come from an address ending in
@punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately. - Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
- Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.
For SOC Analysts and Security Teams
These are the steps you can go and implement right now before you finish reading this post:
- Add an email detection rule for the exact string
for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate. - Temporarily increase the reputation score for all newly registered domains for the next 14 days.
- Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
- If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.
Closing Thought
The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.
If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
- Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
- CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
- Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
- Punchbowl Official Public Warning
- Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
- Proofpoint Threat Insight: Punchbowl Phishing Campaign
- MITRE ATT&CK T1566.001: Spearphishing Link
- Verizon DBIR 2025: Phishing Effectiveness
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#attackVector #boardroomRisk #breachPrevention #CISAAlert #CISO #credentialTheft #cyberResilience #cyberattack #cybercrime #cybersecurityAwareness #defenseInDepth #desktopOnlyPhishing #detectionRule #DKIM #DMARC #emailFilterBypass #emailGateway #emailHygiene #emailSecurity #emailSecurityGateway #endpointProtection #incidentResponse #indicatorsOfCompromise #initialAccess #IoCs #lateralMovement #linkSafety #logAnalysis #maliciousLink #malware #MITREATTCK #mobileEmailRisk #phishingCampaign #phishingDetection #phishingScam #phishingSimulation #phishingStatistics #PunchbowlPhishing #ransomwarePrecursor #RemcosRAT #sandboxEvasion #securityAlert #SecurityAwarenessTraining #securityBestPractices #securityLeadership #securityMonitoring #securityOperationsCenter #securityStack #SOCAnalyst #socialEngineering #spearPhishing #SPF #suspiciousEmail #T1566001 #threatActor #threatHunting #threatIntelligence #userTraining #zeroTrust -
This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now
997 words, 5 minutes read time.
If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.
This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.
What this scam actually is
You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.
It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:
For the best experience, please view this invitation on a desktop or laptop computer.
If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.
And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.
Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.
Why this is an absolute nightmare for security teams
Let me give you the numbers that no one is putting in the official advisories:
- As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
- Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
- This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
- Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.
I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.
This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.
How to not get burned
I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.
For everyone
- Real Punchbowl invites will only ever come from an address ending in
@punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately. - Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
- Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.
For SOC Analysts and Security Teams
These are the steps you can go and implement right now before you finish reading this post:
- Add an email detection rule for the exact string
for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate. - Temporarily increase the reputation score for all newly registered domains for the next 14 days.
- Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
- If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.
Closing Thought
The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.
If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
- Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
- CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
- Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
- Punchbowl Official Public Warning
- Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
- Proofpoint Threat Insight: Punchbowl Phishing Campaign
- MITRE ATT&CK T1566.001: Spearphishing Link
- Verizon DBIR 2025: Phishing Effectiveness
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#attackVector #boardroomRisk #breachPrevention #CISAAlert #CISO #credentialTheft #cyberResilience #cyberattack #cybercrime #cybersecurityAwareness #defenseInDepth #desktopOnlyPhishing #detectionRule #DKIM #DMARC #emailFilterBypass #emailGateway #emailHygiene #emailSecurity #emailSecurityGateway #endpointProtection #incidentResponse #indicatorsOfCompromise #initialAccess #IoCs #lateralMovement #linkSafety #logAnalysis #maliciousLink #malware #MITREATTCK #mobileEmailRisk #phishingCampaign #phishingDetection #phishingScam #phishingSimulation #phishingStatistics #PunchbowlPhishing #ransomwarePrecursor #RemcosRAT #sandboxEvasion #securityAlert #SecurityAwarenessTraining #securityBestPractices #securityLeadership #securityMonitoring #securityOperationsCenter #securityStack #SOCAnalyst #socialEngineering #spearPhishing #SPF #suspiciousEmail #T1566001 #threatActor #threatHunting #threatIntelligence #userTraining #zeroTrust -
----------------
🛠️ Tool
===================Opening: openclaw-ops is an operational skill and script collection designed to manage local or self-hosted OpenClaw gateways. The package focuses on continuous monitoring, automated repair workflows, update/change detection, session-level analysis, and pre-installation security auditing of third-party skills. The bundle was tested against OpenClaw 2026.4.11 and documents a minimum supported baseline of v2026.2.12 due to prior critical fixes including CVE-2026-25253.
Key Features:
• Includes a dedicated skill /openclaw-ops to triage gateway configuration and runtime components: gateway, auth, exec approvals, cron jobs, channels, sessions, and installation state.
• Provides single-purpose scripts such as heal.sh (one-shot auto-fix), post-update.sh (post-update orchestrator), and watchdog.sh (periodic liveness restarter with escalation).
• Offers session tooling: session-monitor.sh for behavioral checks over JSONL session logs, session-search.sh for full-text search with structured, redacted output, and session-resume.sh to compact a session into a markdown resume with failure context.
• Supplies operational checks: check-update.sh for version-change detection and explainers, health-check.sh for declarative URL/process checks, and security-scan.sh to score configuration and credential exposure (0–100).Technical Implementation:
• Scripts rely on standard runtime tools (Python3, curl, openssl, ripgrep) and read runtime metadata from ~/.openclaw/openclaw.json, with the option to override the gateway port via the OPENCLAW_GATEWAY_PORT environment variable.
• The post-update orchestrator sequences update detection, healing, workspace reconciliation (VPS-aware), security scan, and a sentinel trigger via a policy-guard state file (policy-guard.trigger).
• macOS-specific integration is provided for always-on supervision via a LaunchAgent installer wrapper (watchdog-install.sh), while non-macOS environments are expected to use scheduling alternatives.Use Cases:
• Continuous operations for small self-hosted deployments invoking automated healing and watchdog restarts.
• Pre-installation vetting of third-party skills via skill-audit.sh to reduce risky dependencies.
• Incident summarization through daily-digest.sh and a shared incident-manager.sh helper for lifecycle flows.Limitations:
• The watchdog installer is macOS-only; cross-platform uptime requires external schedulers.
• Several scripts depend on external binaries (e.g., rg, openssl, curl) and assume local file-system state in ~/.openclaw.
• No bundled remote orchestration; intended for local/self-hosted operators rather than managed SaaS. -
----------------
🛠️ Tool
===================Opening: openclaw-ops is an operational skill and script collection designed to manage local or self-hosted OpenClaw gateways. The package focuses on continuous monitoring, automated repair workflows, update/change detection, session-level analysis, and pre-installation security auditing of third-party skills. The bundle was tested against OpenClaw 2026.4.11 and documents a minimum supported baseline of v2026.2.12 due to prior critical fixes including CVE-2026-25253.
Key Features:
• Includes a dedicated skill /openclaw-ops to triage gateway configuration and runtime components: gateway, auth, exec approvals, cron jobs, channels, sessions, and installation state.
• Provides single-purpose scripts such as heal.sh (one-shot auto-fix), post-update.sh (post-update orchestrator), and watchdog.sh (periodic liveness restarter with escalation).
• Offers session tooling: session-monitor.sh for behavioral checks over JSONL session logs, session-search.sh for full-text search with structured, redacted output, and session-resume.sh to compact a session into a markdown resume with failure context.
• Supplies operational checks: check-update.sh for version-change detection and explainers, health-check.sh for declarative URL/process checks, and security-scan.sh to score configuration and credential exposure (0–100).Technical Implementation:
• Scripts rely on standard runtime tools (Python3, curl, openssl, ripgrep) and read runtime metadata from ~/.openclaw/openclaw.json, with the option to override the gateway port via the OPENCLAW_GATEWAY_PORT environment variable.
• The post-update orchestrator sequences update detection, healing, workspace reconciliation (VPS-aware), security scan, and a sentinel trigger via a policy-guard state file (policy-guard.trigger).
• macOS-specific integration is provided for always-on supervision via a LaunchAgent installer wrapper (watchdog-install.sh), while non-macOS environments are expected to use scheduling alternatives.Use Cases:
• Continuous operations for small self-hosted deployments invoking automated healing and watchdog restarts.
• Pre-installation vetting of third-party skills via skill-audit.sh to reduce risky dependencies.
• Incident summarization through daily-digest.sh and a shared incident-manager.sh helper for lifecycle flows.Limitations:
• The watchdog installer is macOS-only; cross-platform uptime requires external schedulers.
• Several scripts depend on external binaries (e.g., rg, openssl, curl) and assume local file-system state in ~/.openclaw.
• No bundled remote orchestration; intended for local/self-hosted operators rather than managed SaaS. -
is being "isolated from society" better than death penalty? to me, that's a good compromise.
when the crime is vile, violates social ethics and morals, the perpetrator shall be isolated from society and be ineligible for pardon or release.
we should adjust our baseline to; When intolerance is viewed as a violation of a social contract, it shifts the perspective to an agreed-upon rule for maintaining a stable society. You are protected by this framework until you break it
-
✨Mew Base Pack is up on my kofi shop✨
Kofi 🔗 https://ko-fi.com/s/d636256217
*Art Discord: https://discord.gg/ptNQtRJUnB
*Art Commissions: https://toyhou.se/Dandyliondreamer/characters/folder:2535139
-
Fear and Loathing of AI (Part III): “Learn AI” Is the New “Learn to Code”
By Cliff Potts, CSO, and Editor-in-Chief of WPS News
There is a sentence that shows up in every technological cycle right before the disappointment phase begins.
“Just learn the skill.”
It sounds empowering. It sounds reasonable. It sounds like personal agency.
It is also a lie we have been telling people for decades.
The obedience script
“Learn to code” was never about opportunity.
It was about discipline.It trained people to accept that:
- structural failures are personal problems,
- economic insecurity is an individual moral test,
- and survival depends on constant retraining at your own expense.
When the promised jobs didn’t materialize—or paid far less than advertised—the story shifted seamlessly: you didn’t learn the right language, the right framework, the right stack.
Now the phrase has been updated.
“Learn AI.”
Same script. Same pressure. Same outcome.
Skills don’t collapse — markets do
Coding did not fail because people were lazy or incapable. It failed because markets flooded, tools commoditized, and labor lost leverage.
AI will follow the same arc, only faster.
The moment a skill becomes:
- widely accessible,
- easily automated,
- and expected rather than rewarded,
it stops being a path to security and becomes a baseline requirement for staying afloat.
The reward for compliance is not prosperity.
It is continued participation.Training as cost transfer
Here is what “learn AI” really means in practice:
- You pay for the courses.
- You absorb the time cost.
- You shoulder the career risk.
- You adapt repeatedly as tools change.
- You accept lower pay because “AI makes you more efficient.”
None of that is accidental.
It is a system designed to push costs downward while extracting value upward.
The more often you are told to retrain, the clearer it becomes that training itself is the product.
The illusion of agency
People are encouraged to believe that mastery equals control.
But control does not come from skill alone.
It comes from:- ownership,
- bargaining power,
- regulation,
- and collective leverage.
Without those, skill is just labor dressed up as self-improvement.
Learning AI may help you keep your job a little longer.
It will not protect you from the logic of the system deploying it.What learning actually means now
This does not mean you should refuse to learn.
It means you should learn without illusions.
Learn AI the way you learn any tool:
- to reduce friction,
- to save time,
- to extend what you already do.
Do not learn it expecting salvation.
Do not learn it expecting loyalty from platforms.
Do not learn it expecting the market to reward you for effort.Markets reward leverage, not diligence.
The quiet truth
The most dangerous part of “learn AI” is not that it is false.
It is that it is incomplete.
It tells people how to adapt, but never who benefits.
It demands flexibility, but never offers stability.
It promises relevance, but never guarantees dignity.We have seen this cycle before.
And it did not end with freedom.
It ended with exhaustion.
For more social commentary, please see Occupy 2.5 at https://Occupy25.com
#AISkills #ArtificialIntelligence #economicPrecarity #futureOfWork #laborEconomics #learnToCode #Occupy25 #platformCapitalism #technologyHype #workforceRetraining #WPSNews -
https://www.europesays.com/es/525853/ Muere el pintor Georg Baselitz a los 88 años | Cultura #Alemania #Artistas #Cultura #DerSpiegel #DieWelt #Entertainment #Entretenimiento #ES #España #GeorgBaselitz #Obituarios #Pintores #Spain
-
I have had a bunch of different player-types at my tables over the past few years, and I thought I’d share some of their quirks. This isn’t an “RPG horror story,” though. People have fun in different ways, and I want to celebrate them!
Sometimes a player…
…plays in a game for years, and has no idea what the system is
This may be the type I grin at the most. Anyone who will sit down at a table, physical or virtual, and roll dice for years on end is someone I appreciate. When players do this while having no idea what game they’re actually playing all I can do is applaud.
…knows every aspect of how a game is designed, and will make their character all powerful
Some folks just enjoy min/maxing their characters, and will pursue this in any system they play.
…will play any system, but will almost never buy the books
Players of this type want to roll dice and have fun. Investing money in all the books, however, isn’t something that holds interest for them. They tend to be quick studies on the way a game works, however, and will try any game. I’m guessing this is the majority of folks around any table–with some folks picking up new systems faster than others.
…never plays a human
This player’s catch phrase is, “I play a human in real life every day.”
…is looking for catharsis
These players use the game to express things they feel they can’t in real life. This need may emerge from past trauma, a miserable job, or even just a bad day at work–but it often is expressed as, “See the thing, hit the thing.” Because everyone needs catharsis at some point, I’m pretty sure most players become this player-type at some point in their journey. I know there are days when I’m happy there are things I can hit in the game. I don’t manage to hit them because dice hate me, but I remain glad they exist.
…keeps trying to use 5e mechanics
It’s what these players know, and it’s what they like. But they also enjoy playing so will join any table to which they’re invited. At the same time, they will keep trying to make any game into 5e by trying to get attribute increases or new special moves when they level up. This often isn’t done on purpose, it’s just what they know so it’s how everything gets framed.
In reality, “5e” can be replaced with any system with which a player is most familiar. I’ve just encountered the phenomenon with 5e as the baseline. Grodnards talking about how armor class used to be descending, for example, also fit here.
…just wants to play 5e
They know what they like, and that’s where they’re gonna stay. They’ll try other systems, but have spent years understanding the nuances of 5e and will get back to it as fast as they can. That’s where they have fun, and since that’s what playing games is all about that’s ok by me. I just don’t get to play with them much since I don’t enjoy running 5e.
…enjoys the show
They want music, terrain, and lights–the full kit. They also get full into character and spend time developing how their PC acts and speaks. For these players the spectacle of the session is as important as what’s happening inside the world itself. This can be huge fun for everyone, triggering any number of memorable moments, but minimalist setups don’t hit their sweet spot.
…is a chaos demon
In any in-game situation these players will do something odd, bordering on non-sensical. This is often done to provide comic relief for the table, which can be a good thing. Sometimes, however, the chaos can derail serious moments or take attention away from important details. My super-hero character, The Bolt, frees me to play as a chaos demon and it’s a lot of fun. It does, however, take a bit of work to make sure it’s not taking away from other players.
…can’t lean into failures
Confession time. This was me when I jumped back into the hobby at the start of the pandemic. Dice hate me, and it was frustrating when my paladin swung a sword and missed while the casters all blew up the scene. I can say from experience, however, players who can’t lean into failure miss out on one of the more enjoyable aspects of the hobby–that moment when you have to deal with what happens next.
https://dmtales.com/2024/06/14/different-player-types/
#dd #DMing #DnD #DungeonsDragons #dungeonsAndDragons #GMing #RPG #TabletopRolePlayingGames #TTRPG
-
https://www.europesays.com/ch/50022/ KPMG and Alpaca Vietnam Form Strategic Alliance to Deploy Basel III Solutions in Compliance with Circular No. 14/2025/TT-NHNN #Alpaca #BankingSector #Basel #BaselIII #CapitalAdequacy #Circular14 #KPMG #RegulatoryCompliance #RiskGovernance #TechnologyPlatforms #Vietnam
-
Meet the Lagom mini 2: Option-O’s Compact Electric Grinder Evolves
There’s a strange chasm in the world of coffee grinders. On one side, you have the hefty, countertop-hogging electric grinders, beasts of burden that can churn out shot after shot. On the other, you have the admittedly excellent but arm-tiring manual grinders, the darlings of the purist set. For years, if you wanted electric convenience in a travel-friendly size, your options were, let’s just say, rather disappointing.
Option-O, after just six years in the grinder game, saw that gap and drove a truck through it with the original Lagom mini in 2022. Now they’re back with its successor, the Lagom mini 2. Externally, it’s a dead ringer for the original, save for a redesigned power button and a modern USB-C port replacing the old one. But while the shell is identical, what’s under the hood is a thoughtful evolution, not a revolution.
Before I dive in, a quick disclosure. My evaluation grinder wasn’t purchased; it was provided by Option-O (not a sponsor) through their Canadian retail partner, Cafuné (welcome to them as a new site sponsor!). I’m grateful to both for getting one to me, especially since high demand has created waiting lists for these unique grinders. This article is my detailed introduction to the mini 2 our full Snapshot Review is coming in the next few months.
The Original Lagom mini: A Quick Look Back
The first Lagom mini was a masterclass in purpose-built design (here’s my original intro article on it). While its size made it an excellent travel companion, its true calling was to be the ultimate minimalist grinder for the discerning coffee lover at home. It was engineered to look beautiful while taking up almost no space, its low 180 RPM motor prioritizing quality and excellent fines management over sheer quantity.
The original Lagom Mini, with the 48mm Moonshine burrs inside.It had its quirks, of course. The proprietary power brick was an awkward, outlet-hogging annoyance on the kitchen counter and a pain for travellers alike. And while the grinder’s design screamed minimalist chic, its un-numbered dial was a famously polarising choice.
The original mini’s power brick, a dedicated wall adapter that took up a lot of plug space.Still, the results were undeniable. I have nearly two years of experience with the original mini, and its grind quality is nothing short of phenomenal. In fact, it’s become a benchmark for conical burr grinders here at CoffeeGeek, because of its incredible output, build quality, and unique place in the market. My expectations for this new version, with its refined burrs, are deservedly high.
Familiar Form, Subtle Changes
If you liked the original mini’s look and feel, you’ll be happy to know the exterior is fundamentally unchanged. The mini 2 has the same compact footprint, satisfying 1.5 kg (3.3 lbs) heft, and premium, machined-from-a-single-block-of-aluminum feel. The fit and finish are superb, making many larger plastic grinders feel clumsy by comparison, and the magnetic catch cup still snaps into place with an authoritative click.
While the body is identical, I found a few subtle changes. Aesthetically, the tasteful, minimalist branding etched onto the original mini’s base is gone, leaving the new version completely unadorned. On a more practical note, the base now has a compliance sticker that can make the grinder slide around. My advice? Peel it off at your earliest convenience, and the grippy silicone base will keep the grinder planted.
Original mini on the right with subtle branding laser etched onto the grinder; the mini 2 on the left has no branding.The adjustment mechanism is almost identical to the original, save for the omission of a single hollowed-out marker dot near the zero point. The entire upper collar remains a stepless grind adjustment, threading smoothly into the main body. If you’ve ever dialled in an espresso shot with this style of infinite adjustment, you know how precise it can be.
Here’s the grind dials on both the mini 2 (left) and mini (right; note the original mini has a hollowed out “zero” dial (it wasn’t really a zero point), and a deeper, bigger indent to mark the grind setting.Internally, Option-O has again strengthened the gearing system and motor housing to improve torque. The same P-grade angular contact bearings are used to ensure the burrs remain perfectly aligned with minimal wobble. The workflow is still strictly single-dosing only, with a hopper capacity of around 30 to 35 grams for those who meticulously weigh their beans. It also still comes with the removable anti-popcorn device, which, let’s be honest, most of us remove because it can make pouring beans in a bit harder.
The Burrs: An In-House Evolution
This is the upgrade that will likely interest CoffeeGeek readers the most. The original Lagom mini’s burr options evolved over its lifespan: it launched with 38mm Obsidian burrs as standard, with an optional upgrade to a 48mm Moonshine burr set. The Moonshines developed such a strong reputation for clarity that Option-O eventually made them the standard offering. The new mini 2 continues this evolution, simplifying the lineup to a single, new 48mm Mizen burr set.
The original mini (left) and the new mini 2 (right); note the vanes in the grind chamber, and the outer burr assemblies.Option-O has taken a more hands-on role with the Mizen burrs. While they use third parties for manufacturing, the design is now done entirely in-house, with each burr set undergoing individual quality control before shipping. This gives them complete command over geometry and consistency. The Mizen 48MS burrs have a cut pattern that is nearly identical to the Moonshines, but the finish appears more matte. The high sheen on my well-used Moonshine burrs might just be the result of two years of polishing, but it’s a noticeable difference out of the box.
Beyond the burrs themselves, there’s a significant change to the grind chamber. The original mini had stepped clearing vanes and a lipped outer burr housing, which could trap a small amount of coffee grounds over time. The mini 2 now features single-height vanes and a flat burr housing, creating a wider sweep area. In my initial testing, this new design seems to do a much better job of clearing out ground coffee.
The moonshine burr on the left has a higher sheen and note the lip in the burr bottom; the Mizen on the right is flat across its bottom, and the burrs are more matte in finish.As for performance, Option-O describes the Mizen burrs as all-rounders, and my testing confirms this. They produce brews with medium-high clarity and good flavour separation, performing well from fine to coarse.
One critical note for owners of the original: these new Mizen burrs are not backwards compatible. You cannot install them in a first-generation Lagom mini.
Power: USB-C Changes Everything
Let’s have a moment of silence for the junk drawer full of proprietary power bricks we have all accumulated over the years from a wide variety of retired and deceased consumer appliances. The single biggest and most welcome change in the mini 2 is the switch to the universal USB-C standard.
This is not just any USB-C port, however. It requires a power source that supports Power Delivery 3.0 (PD3.0 or later) and can output a full 100 watts at 20V/5A. In simple terms, it needs a powerful, modern charger, like one you would use for a MacBook Pro.
Option-O sells the grinder direct, in two configurations:
- $299 USD / $415 CAD without a power adapter (you supply your own, like the Ugreen Nexode Pro 100W)
- $379 USD / $527 CAD with Option-O’s high end 100W USB-C power adapter.
That power adapter deserves special mention. It is not just a simple brick; it is a proper PD3.0 compliant multi-port GaN charger with two USB-C ports, one USB-A port, and a high-quality braided cable. In Canada, Cafuné offers the grinder for $499 CAD without the adapter and $599 CAD with it, which is a competitive price once you account for duty and shipping.
The 100W, PD3.0 compliant 20V/5A adapter for the Lagom mini 2: extra USB ports for your other devices!The move to USB-C also unlocks the grinder’s true potential for portability. It can be run from a 100W+ PD-compliant power bank. This flexibility elevates the mini 2 from just a small grinder to a genuinely portable one. I’m testing it with an INIU Cougar 100W 25,000mAh power bank, and it works fantastically well as a standalone grinding solution.
If you get yourself a PD3.0, 100W (minimum via one port) USB-C power bank, like this Iniu version, you can power the grinder all day long “off the grid”.Workflow: Smarter, Not Harder
The other major quality-of-life improvement is the introduction of an auto-off feature. The grinder’s internal logic now detects when the resistance drops, meaning the beans have all passed through the burrs. It continues to run for about ten seconds to clear the chamber and then shuts itself down.
If you have ever been sidetracked by a ringing phone or a boiling kettle, you might have returned to the sound of the original mini’s motor spinning away uselessly, slowly eating into its 600-hour rated lifespan. The auto-off function means less wear, less heat, and less stress on the motor. It also frees you up to prep your filter or tamp your espresso while the grinder finishes its job.
During that final ten-second spin-down, the mini 2 makes a soft “pffft, pffft” sound as it pulses to push out the last few particles. Retention seems improved, and static is noticeably lower than in the original. These are just my initial impressions, of course; we’ll be doing more rigorous testing on retention and static for the full Snapshot Review.
The Grind Dial: Precision with Visual Cues
And now we come to the dial. While it has no numbers, it does have dots! (this is a point of contention with some owners of the grinder who want numbers on the dial). The collar features a series of large dots interspersed with four smaller dots, giving you a solid visual reference for your grind setting. Option-O’s philosophy is to encourage dialing in by taste and feel, using these markers as waypoints, and they have steadfastly resisted calls to add numbers to the stepless adjustment. For those who want to mark specific settings, they include a sheet of tiny black and white dot stickers for further customization.
I’ve developed my own system with the stickers to keep things straight. I use a single white sticker placed directly on one of the laser etched black dots, to mark the effective zero point. My starting point for espresso is marked with a single black sticker above the seventh large dot. For pour over, which requires a full 360-degree rotation past zero, I use two white stickers over the fourteenth large dot. The two stickers are a quick visual reminder that I have to pass that point one full rotation first before reaching it again.
The grind dial on the mini 2; I use dots to indicate grind position and how many rotations to do. The black dot is espresso, the two white dots are V60 grind setting baseline.Honestly, I’m still on the fence about the whole numbers-versus-no-numbers debate. It’s a system that works well once you get used to it, but I understand the appeal of a simpler numerical reference. I’ll have a more definitive take in our full Snapshot Review.
Reliability and Final Thoughts
The Lagom mini 2 inherits the gearbox and motor improvements made in later production runs of the original, and even adds more beefing up and refinements to the system. The auto-off feature adds another layer of protection. The same duty cycle of 1:1 (eg 60 seconds on, 60 seconds off) applies, so this is not a machine for grinding large batches. But for its intended use of delivering a few exceptional doses per day, it should prove to be a reliable companion.
So, who is this grinder for? It’s for the person who values minimalism, counter space, and exceptional grind quality in small amounts. It is for the filter-first coffee drinker who enjoys the occasional espresso. It competes with top-tier manual grinders, and the debate boils down to this: do you prefer the tactile ritual of hand grinding, or would you rather just press a button? After years of daily hand grinding, the appeal of that button gets awfully strong.
And here’s the kicker, the part that seals the deal. In a world where every new version of a gadget seems to come with an automatic price hike, Option-O went the other way. If you bring your own compliant USB-C charger, the mini 2 is actually about a hundred bucks cheaper than its predecessor (excluding any possible Trump Taxes). Even if you opt for the bundle with their excellent new power adapter, it still rings in at about twenty dollars less than the old model with the dedicated power brick.
In my limited testing, the grinder did not exceed 55W power draw, even under load. But it was pulling a full 20V, which is the more crucial part and why having the right power brick (or power bank) is crucial for this grinder to work. I will test this further for the full review.The Lagom mini 2 is both an incremental and unique-features upgrade. It takes a product we already loved and refines it based on lots of user feedback. The Mizen burrs, improved motor, universal USB-C power, and the smart auto-off function are all excellent improvements that make a great grinder even better.
So, that’s my initial take. We’re now working on the full Snapshot Review for the grinder which should be along in a few months. If you’ve managed to get your hands on a Lagom mini 2, drop a comment below and let us know what you think. If you’ve got questions, fire away. Don’t be shy.
#coffeeGrinder #grinder #lagom #lagomMini2 #optionO #singleDose
-
I wrote a practical PHP guide: How to Parse Large XML Files in PHP Without Running Out of Memory
It focuses on large XML files, memory safety, XMLReader baseline, selected-node extraction, XML-to-array output.
https://dev.to/sbwerewolf/how-to-parse-large-xml-files-in-php-without-running-out-of-memory-234oThe pattern is intentionally boring: stream XML with XMLReader, match the records you need, convert them into plain PHP arrays, and keep application code away from cursor-level XML logic.
#PHP #XMLReader #ETL #XML #OpenSource -
Context parroting: A simple but tough-to-beat baseline for foundation models in scientific machine learning https://arxiv.org/abs/2505.11349
Context parroting relies on short stretches of time-series data (or context). As it moves through the time series, it scans for similar patterns or motifs that appeared earlier in the sequence, and uses those patterns to predict what might come
https://openreview.net/forum?id=EUAXc9Hlvm
https://www.santafe.edu/news-center/news/a-simple-baseline-for-ai-forecasting-in-machine-learning
-
Context parroting: A simple but tough-to-beat baseline for foundation models in scientific machine learning https://arxiv.org/abs/2505.11349
Context parroting relies on short stretches of time-series data (or context). As it moves through the time series, it scans for similar patterns or motifs that appeared earlier in the sequence, and uses those patterns to predict what might come
https://openreview.net/forum?id=EUAXc9Hlvm
https://www.santafe.edu/news-center/news/a-simple-baseline-for-ai-forecasting-in-machine-learning
-
Context parroting: A simple but tough-to-beat baseline for foundation models in scientific machine learning https://arxiv.org/abs/2505.11349
Context parroting relies on short stretches of time-series data (or context). As it moves through the time series, it scans for similar patterns or motifs that appeared earlier in the sequence, and uses those patterns to predict what might come
https://openreview.net/forum?id=EUAXc9Hlvm
https://www.santafe.edu/news-center/news/a-simple-baseline-for-ai-forecasting-in-machine-learning
-
Context parroting: A simple but tough-to-beat baseline for foundation models in scientific machine learning https://arxiv.org/abs/2505.11349
Context parroting relies on short stretches of time-series data (or context). As it moves through the time series, it scans for similar patterns or motifs that appeared earlier in the sequence, and uses those patterns to predict what might come
https://openreview.net/forum?id=EUAXc9Hlvm
https://www.santafe.edu/news-center/news/a-simple-baseline-for-ai-forecasting-in-machine-learning
-
Context parroting: A simple but tough-to-beat baseline for foundation models in scientific machine learning https://arxiv.org/abs/2505.11349
Context parroting relies on short stretches of time-series data (or context). As it moves through the time series, it scans for similar patterns or motifs that appeared earlier in the sequence, and uses those patterns to predict what might come
https://openreview.net/forum?id=EUAXc9Hlvm
https://www.santafe.edu/news-center/news/a-simple-baseline-for-ai-forecasting-in-machine-learning
-
Time Series Forecasting Analysis with Python
A practical workflow for finance data: clean the timeline, beat a baseline, and ship forecasts you can monitor.
This post walks through the real steps: missing dates, outliers, leakage-safe splits, baseline models, better models, and monitoring drift after deployment.:medium: https://medium.com/write-a-catalyst/time-series-forecasting-analysis-with-python-a8b518e54708