The Gulf war sets fire to a tanker in Dubai and zeroes out
Norway’s fuel tax, while the software supply chain takes hits from both
sides — attackers and defenders alike.
Spain Breaks Ranks
Spain closed its airspace to US military aircraft and denied access
to two jointly run bases in Andalusia — the sharpest European break with
Washington since the Iran campaign began. Defence minister called the
war “profoundly illegal and unjust.” Meanwhile, an Iranian drone set a
Kuwaiti tanker ablaze in Dubai port, Rubio floated reexamining NATO’s
merit, and Gulf allies privately urged Trump to fight until Iran is
decisively defeated — while publicly calling for restraint.
Veibruksavgift til null
From tomorrow, Norway’s road fuel tax drops to zero — 4.41 kr/liter
off petrol, 2.85 off diesel — after five parties forced the government’s
hand. Sp broke with the coalition to vote with the opposition. The
measure runs through September 1. Oslo Børs hit an all-time high on the
back of $116 oil and Equinor’s trillion-kroner valuation, but a rate
hike may follow: markets price in over 60% probability of a Norges Bank
hike on May 7.
The Axios RAT and the Vim
RCE
A compromised npm maintainer account pushed malicious axios versions
(1.14.1, 0.30.4) that install a cross-platform remote access trojan via
a fake plain-crypto-js dependency. Separately, Claude
discovered RCE vulnerabilities in both Vim and Emacs where opening a
crafted file triggers arbitrary code execution. Thomas Ptacek argues AI
will collapse the scarcity of attention that historically protected most
software — Carlini’s pipeline at Anthropic already generated 500
validated high-severity vulns by brute force. The question is no longer
who’s looking, but whether anyone can patch fast enough.
Artemis II: The Heat Shield
Problem
NASA is days away from launching four astronauts around the moon —
but the Orion heat shield suffered three potentially fatal damage modes
during the uncrewed Artemis I flight. Spalling, fragments
hitting the parachute compartment, erosion of separation bolts. No spare
hardware exists for testing. The agency built retroactive models to
justify flight safety. Maciej Ceglowski draws the comparison directly:
Challenger, Columbia, and now this. (Also covered in Tech)
Also today — Ukraine’s Baltic oil strikes halt
exports from Primorsk, Russia’s largest crude port · Israel passes
death-penalty law applying only to Palestinians · At least 70 killed in
Haiti gang attack · GitHub kills Copilot PR ads after 11,400 PRs found
with identical promotional text · Regjeringen utsetter langtrekkende
luftvern i fire år · Regjeringen vil lovfeste generell bevæpning av
politiet
Markets
|
Value |
Δ |
| Oil (Brent) |
$116 |
+4.5% |
| S&P 500 |
— |
−0.3% |
| Gold |
— |
−0.0% |
| VIX |
30.78 |
— |
| USD/NOK |
10.82 |
— |
| EUR/USD |
1.0843 |
— |
| BTC |
$67,237 |
— |
Oil on course for record monthly gain. VIX elevated as ~20% of global
fuel supply is disrupted.
World News
Iran War & Global Energy
Crisis
Ukraine–Russia
Israel–Palestine & Lebanon
Other International
- Nigeria: Opposition heavyweight Kwankwaso joins
ADC, positioning to challenge Tinubu in 2027. 48-hour curfew in Jos
after 22 killed in revenge attacks. (BBC)
- China bans storing ashes in “bone ash apartments” —
empty high-rises used as cemetery alternatives. (Guardian)
- Apple subsidiary fined £390k by UK for £635k in
Russia sanctions payments. (Guardian)
- Deripaska proposes 12-hour workday to save Russia’s
economy. (United24)
- Small boats deal between France and UK on verge of
collapse. (Guardian)
- Gao Zhen, US-based dissident artist, tried in China
over satirical Mao sculptures. (Guardian)
cd ~/repos/ratatosk && claude –resume
c7f147b0-752e-4ec0-8d98-30f5eeb62955
Ukraine
Ukraine’s strategic strike campaign against Russian Baltic Sea oil
infrastructure is delivering tangible economic impact — the Ukrainian
MoD confirmed that a week of strikes beginning March 23 has halted
exports from Primorsk, Russia’s largest Baltic crude port, and hit
facilities at Ust-Luga and the Kinef refinery in Kirishi. Satellite
imagery shows large fires at multiple sites. (Also covered in World News)
Overnight on March 29–30, Ukrainian drones also struck the Atlant
Aero drone plant and the Beriev Aircraft Plant in Taganrog (which
services Tu-95 bombers and A-50 AWACS), and hit the KuibyshevAzot
chemical plant in Tolyatti for the fourth time in March. Prominent
Russian ultranationalist commentators are openly describing this
trajectory as unsustainable, arguing that Western-backed drone
production will only scale further and Russia “cannot produce enough
interceptor missiles to compete.”
On the frontline, Ukraine’s Oleksandrivka counteroffensive has now
liberated 480 sq km — surpassing the earlier Dobropillia operation —
forcing Russia to redeploy forces from other axes. Russian milbloggers
acknowledge that Ukrainian counterattacks have disrupted Russia’s 2026
offensive plans. Russia captured Sviato-Pokrovske and Vasiukivka on the
Pokrovsk front and made marginal gains near Stepanivka and Myrne, but
its tempo has slowed in several sectors as units need replenishment.
Russia launched 289 drones overnight March 30–31; Ukraine intercepted
267 (92%), though strikes still hit energy infrastructure causing
outages in seven oblasts. Ukraine’s interceptor drone force destroyed
55% more targets in March than February, and Syrskyi announced a new
Direct Air Cover Forces Command under the Air Force.
Zelensky warned in an Axios interview that Trump’s team may pressure
Ukraine into withdrawing troops from its own territory as a path to
ending the war, saying recent talks with Witkoff and Kushner in Miami
“yielded no results.” He offered an Easter ceasefire — Russia dismissed
it. On the diplomatic front, Ukraine signed defense cooperation
agreements with Saudi Arabia, UAE, and other Gulf states, and offered
Ukrainian expertise to help unblock the Strait of Hormuz. Jordan,
Kuwait, Bahrain, and Oman also requested defense cooperation. Iran
accused Ukraine of “complicity” in the US-Iran conflict; Kyiv called it
a lie.
cd ~/repos/ratatosk && claude –resume
1a645398-a47f-4685-816b-e81c59836567
Norway
The fuel tax fight dominates the day. From April 1, all
veibruksavgift rates on petrol and diesel drop to zero — a cut of 4.41
kr/liter on petrol and 2.85 kr/liter on diesel — after a Storting
majority of five parties forced the government’s hand. The measure is
temporary (through September 1) and born of the energy crisis triggered
by the Iran conflict and Hormuz Strait disruptions. The political
fallout is significant: Sp broke with the coalition budget agreement to
vote with the opposition, the Greens signal they may pull back from
future budget cooperation, and Vedum is pushing the government to go
further still on diesel. Economists warn the cuts disproportionately
benefit higher earners and that the fiscal bill will come due later this
year.
Oslo Børs hit an all-time high on Monday, closing at 2,037.84 points
— up 2.84%, with year-to-date gains over 20%, making it one of the
world’s best-performing exchanges. Oil above $113/barrel and Equinor
crossing a 1-trillion-kroner valuation are driving the surge. But a rate
hike may be around the corner: markets now price in over 60% probability
of a Norges Bank hike at the May 7 meeting, driven by sticky
service-price inflation, commodity shocks, and rising inflation
expectations. Tuesday morning, the Børs is pulling back after the
record.
A man in his 50s died in an apartment fire on Grønland in Oslo
overnight. At least eight people were evacuated, several after inhaling
smoke. Separately, a dead person was found in Oslo’s harbour basin near
Langkaia, and three cars burned on Rommen. On the roads, a truck
accident on E18 at Sandefjord killed one driver and closed the motorway
in both directions.
Norway — Street Level
The dominant mood across Norwegian Reddit is anxiety about the
country’s direction under pressure — from multiple angles at once. The
government’s proposal to permanently arm all police officers is
generating heated debate; Norway has historically prided itself on an
unarmed police force, and many see this as a symbolic threshold being
crossed. Economic worry is palpable: analysts warn of up to three rate
hikes this year, potentially pushing rates to their highest since the
2008 financial crisis. NRK’s war preparedness series continues to land —
today’s discussion centers on whether homes should be legally required
to have wood stoves for crisis resilience. And a simmering frustration
with the media-reality gap: a Nettavisen piece about NRK telling
Finnmark residents to cycle instead of drive is being held up as proof
that Oslo-centric media has lost touch.
cd ~/repos/ratatosk && claude –resume
3499b267-c27c-48b1-93f6-6e76da6afc18
Tech
Supply Chain & Security
Axios
compromised on NPM — malicious versions drop remote access
trojan | HN
| Lobsters
— A maintainer account compromise led to malicious axios versions
(1.14.1 and 0.30.4) that install a fake plain-crypto-js
dependency dropping a cross-platform RAT. The payload contacts a C2
server, delivers platform-specific malware, then self-destructs. Safe
versions: 1.14.0 and 0.30.3. HN discussion surfaced practical defenses:
min-release-age=7 in npm/pnpm/bun/uv configs would have
caught this, ignore-scripts=true blocks the postinstall
attack vector, and bwrap sandboxing limits blast
radius.
Vulnerability
research is cooked | HN
— Thomas Ptacek argues AI agents will collapse the scarcity of attention
that historically protected most software — Carlini’s pipeline at
Anthropic generated 500 validated high-severity vulns by brute-force
prompting Claude across source files. HN discussion nuanced: tptacek
notes this tilts toward defenders (patching is straightforward, whole
bug classes can be swept), but the real bottleneck is remediation, not
discovery.
Claude
finds RCE in Vim and Emacs | Lobsters
— RCE vulnerabilities in both editors where opening a crafted file
triggers arbitrary command execution. Launches “MAD Bugs,” a month-long
April initiative showcasing AI-discovered vulnerabilities. The author
draws a parallel to early-2000s SQL injection.
- Fedware:
Government apps that spy harder than the apps they ban | HN
— Analysis of 13 federal apps found pervasive surveillance
infrastructure: the White House app contains Huawei Mobile Services
trackers and requests GPS/biometrics, the FBI app includes Google AdMob,
FEMA requests 28 permissions for basic weather alerts. CBP retains
facial data up to 75 years. Data brokers collect 15 billion location
points daily from 250 million devices without warrants.
Languages & Type Systems
Rust’s
next-generation trait solver | Lobsters
— The current solver rejects valid code when trait obligations form
self-referential loops. The new solver uses provisional caching —
marking solutions as “provisionally true” and confirming once all
obligations resolve. Already used for coherence checking in stable Rust;
76 remaining bugs before full stabilization.
A
couple million lines of Haskell: Production engineering at
Mercury | Lobsters
— Mercury runs ~2M lines of Haskell serving 300k+ businesses and $248B
in 2025 transaction volume. Most of their 1,500 engineers learned
Haskell on the job. Key philosophy: types encode operational procedures
that survive personnel changes, “purity is a boundary, not a property,”
and not all invariants belong in types.
Category
Theory Illustrated — Types | Lobsters
— Chapter presenting type theory as an alternative foundation to set
theory, arriving at the Curry-Howard-Lambek correspondence linking
intuitionistic logic, lambda calculus, and category theory.
Fixing
our own problems in the Rust compiler | Lobsters
— Trifecta Tech Foundation hit compiler issues during data compression
work and fixed them upstream: clippy lint bugs, missing Miri support for
libc functions, cfg_select! and C variadic function
support.
AI & Models
Space
- Artemis
II is not safe to fly | HN
— Maciej Ceglowski details how Orion’s heat shield suffered three
potentially fatal damage modes during uncrewed Artemis I (spalling,
fragments hitting the parachute compartment, erosion of separation
bolts), yet NASA is pressing ahead with a crewed flight on the same
design. NASA’s analysis tools failed to predict the problem, no spare
hardware exists for testing, and the agency built retroactive models to
justify flight safety — organizational dynamics compared directly to
Challenger and Columbia. (Also covered in World News)
Industry & Practice
cd ~/repos/ratatosk && claude –resume
fe51d8b7-533f-4b1d-a0ce-0e7677c7903b
Linux & Infrastructure
NixOS
NixOS
26.05 Feature Freeze & Release Blockers | NixOS
Discourse — Key dates: breaking changes restricted to
release-critical packages from April 13, all breaking changes frozen
from April 27. Only Qt-KDE has reported on blockers so far.
Nix-Bwrapper 1.0.0 —
modular bubblewrap sandboxing via NixOS modules | r/NixOS
— Declarative bubblewrap sandboxing with composable permission presets,
X11 sandboxing via xwayland-satellite, dbus filtering, and Flatpak
manifest import. A serious Flatpak alternative for NixOS.
NixOS
NAS on a Ugreen DXP4800 Plus — Full Config — Fully
declarative: mdadm RAID1+RAID5 with disko, btrfs with zstd compression,
NFS exports, SMART monitoring, Fail2Ban. Documents hardware quirks
including an out-of-tree kernel module for the ITE IT8613E fan
controller.
“The only
sane way to use Linux” | r/NixOS
— AI agents handle the syntax barrier, declarative configs provide git
auditability, and dependency pinning addresses supply-chain risks.
Practical examples of shell.nix dev environments.
Second
largest Nix monorepo — 15k lines with importPackagesTree —
Author shares practices and proposes upstreaming the
importPackagesTree helper for easier overlay
composition.
kube-parts:
poor man’s kubenix | r/NixOS
— Generates Kubernetes YAML from Nix expressions. Minimal alternative to
kubenix.
Hyprland & Wayland
- mdterm
v2.0.0 — TUI markdown viewer with syntax highlighting,
inline images, mermaid diagrams, math support
- blissify-rs
— Smart playlists from MPD library using audio analysis
- alt —
Stateless CLI proxy for GitHub Releases:
alt install user/repo
- mire —
Record and replay CLI E2E tests from exploratory testing sessions
Self-Hosted
Dawarich
1.6.0 — self-hosted location history with Immich
integration | r/selfhosted
— Google Timeline alternative. Deeper Immich and Photoprism integration
for importing photo geodata and displaying photos on the map. 8.5k
GitHub stars.
Super
Productivity v18 — automations, zen theme, better mobile
sync | r/selfhosted
— v18 adds trigger-based automations, deadline support, mobile swipe
gestures, clickable URLs in task titles. Offline-first, syncs via WebDAV
or Dropbox.
Devourer 2.0 —
self-hosted reader for books, manga, and comics | r/selfhosted
— Rebuilt with less Node.js. Server/client setup for managing and
reading collections.
Dispatcharr
v0.21.1 — IPTV stream & EPG management | r/selfhosted
— Middleware for managing IPTV streams and EPG data. Imports M3U,
EPG/XMLTV, and XC sources.
Home Automation
cd ~/repos/ratatosk && claude –resume
fb0cf319-862a-4ce1-8527-0aaf59962b4c
cd ~/repos/ratatosk && claude --resume cefffc71-2b66-4c82-b43a-3f3b64598522
Iranian police special forces in
downtown Tehran. The war’s ripple effects now span from Gulf shipping
lanes to European airspace.
A burning fragment
separates from the Orion heat shield during Artemis I re-entry.
Children play in a school
courtyard converted to a displacement camp in Beirut.
Artemis II crew members at
Kennedy Space Center on March 27, 2026.
Column of smoke rising from
Ukrainian drone strikes on Russian Baltic port infrastructure at
Ust-Luga.
Ukrainian forces on the
Oleksandrivka front where 480 sq km have been liberated.
Kristin Harila packing four bags
weighing over 20 kg each for her Everest expedition.
Illustration from NRK’s war
preparedness feature: what could daily life look like if war comes to
Norway?
Heat shield damage from
the Office of the Inspector General report: deep gouges and holes in
Avcoat blocks.
HyprMod’s monitor
configuration interface — drag-and-drop display layout editor.
Tuidal rendering album
art inline via the Kitty graphics protocol.