Moscow fires its heaviest salvo of the war while NATO tanks up on drones in Berlin; Pakistan edges two shooting powers toward a deal; Stortinget moves on Epstein — unanimously.

Russia’s largest overnight strike kills 16 across Ukraine

Russia launched 44 missiles and 659 drones overnight on April 15–16 — one of the largest strike packages of the war — killing at least 16 people: four in Kyiv (including a 12-year-old boy and a 35-year-old woman), eight in Odesa, and two in Dnipro, with 54 injured in Kyiv alone. Ukrainian air defenses intercepted 667 aerial assets; ballistic missiles and drone debris caused widespread destruction across residential districts. “The attacks show Russia wants war instead of peace,” Zelensky said. Russia has now conducted back-to-back mass strikes on consecutive nights.

Sources: Ukrainska Pravda: 44 missiles, 659 drones · UP: Kyiv — 4 killed including child · UP: Odesa — 8 killed, 16 injured · UP: Dnipro — 2 killed, 27 injured · Guardian · Al Jazeera · BBC · Aftenposten · NRK

Ramstein delivers $60B and the UK’s largest-ever drone package

NATO defence ministers meeting in Berlin pledged ~$60 billion in military support for Ukraine in 2026, with roughly $4B earmarked for air defense and $1.5B for drones. The UK announced its biggest-ever drone package — 120,000 units including long-range strike, ISR, and maritime variants, with deliveries already begun. The Netherlands added €248M for drone procurement, and Germany launched “Industrial Ramstein” to rebuild Ukraine’s own defense manufacturing capacity. Støre and Zelensky signed a parallel Norwegian deal to manufacture Ukrainian drones on Norwegian soil, pushing Norway up Kiel Institute’s ranking of military contributors. Meanwhile, JD Vance called ending US military aid to Ukraine “one of the proudest achievements” of the Trump administration — crystallizing the transatlantic split.

Sources: Kyiv Post · UK Government · Ukrainska Pravda: Netherlands €248M · EuroMaidan: Industrial Ramstein · TU.no: Norge–Ukraina dronesatsing · Aftenposten: Norge klatrer på Kiel-listen · Kyiv Independent: Vance

Pakistan mediates US–Iran “major breakthrough” as blockade holds

Indirect US–Iran talks are gaining pace with Pakistan as mediator. Pakistani officials report a “major breakthrough” tied to Iran’s nuclear programme, with a new round of talks in Islamabad expected within days. The Economist frames the challenge cleanly: Trump needs to prove the war’s heavy costs were worth it, while Iran must choose between immediate or delayed settlement. A fragile two-week ceasefire holds. Meanwhile, the US has stacked three carrier groups and 10 destroyers to enforce the Hormuz blockade — Iran-linked vessels are halting or reversing course. “Xi will give me a big, fat hug,” Trump said, framing the cordon as beneficial to global trade, China’s included.

Sources: Al Jazeera · Al Jazeera (video) · BBC · Economist · The National News: blockade · SMH: blockade working

Stortinget, unanimously: an Epstein commission

Norway’s parliament voted unanimously on April 15 (Innst. 200 S 2025–2026) to establish a formal investigation commission mandated to examine matters brought to light by the public release of Epstein documents — including the confirmed e-mail contact between Crown Princess Mette-Marit and Epstein. All parties supported the measure; the commission has a broad mandate, with the Presidency of Parliament retaining authority over composition.

Sources: Stortinget · Dagsavisen · Reddit

Markets

Indicator	Value	Change
S&P 500	—	+0.79%
Gold	—	−1.04%
Oil	—	−1.02%
EUR/USD	1.0843	—
USD/NOK	10.82	—
VIX	18.11	—
BTC	$74,775	+1.58%
ETH/BTC	0.0314	—

Oil −1% despite Hormuz blockade — the carrier-group cordon appears to be containing Iranian shipping rather than disrupting global flows.
Gold −1%, S&P +0.8% — risk-on rotation as Pakistan-brokered talks advance.
VIX at 18 — notably low for a week that included naval combat, a Senate war-powers failure, and threats to fire the Fed chair.

Fire at the scene of the Russian strike on Kyiv. Photo: State Emergency Service of Ukraine.

“Xi will give me a big, fat hug.”

— Trump, on opening Hormuz for China

World

Israel demolishing southern Lebanon; triple-tap strike kills paramedics

BBC Verify analysis using satellite imagery found Israel has destroyed more than 1,400 buildings in southern Lebanon since March 2. In a separate incident, Israeli forces killed three to four Lebanese paramedics in a “triple-tap” strike — targeting rescuers who responded to an initial strike, then targeting them again. Lebanon’s government condemned the attack as a “flagrant crime”; one of the paramedics had recently been featured in a BBC report. Bombing continued in Bint Jbeil district. Separately, Trump announced on social media that Israeli and Lebanese leaders would speak on Thursday — the first direct contact in 34 years, he claimed. Lebanese officials then told reporters they were unaware of any such meeting.

Sources: BBC (demolitions) · BBC (paramedics) · Al Jazeera · Al Jazeera: Trump–Lebanon claim

US military kills 177+ in Pacific drug-boat strikes — fifth attack in a week

A fifth US military strike on alleged drug-trafficking boats in the Eastern Pacific killed three more people, bringing the week’s death toll to at least 177. Human rights groups call the strikes “unlawful.” The campaign is now central to moves against Defense Secretary Hegseth: House Democrats filed six articles of impeachment, citing “high crimes and misdemeanors” for both the unauthorized Iran attack and the boat strikes. The Senate separately rejected a war powers resolution on Iran for the fourth time, leaving Trump’s campaign without explicit congressional authorization.

Sources: Guardian (strike) · Al Jazeera · Guardian: Hegseth impeachment

Pope Leo and Trump: an unprecedented public standoff

The public feud continues to escalate, with leading conservative Catholics backing the pope over Trump. Pope Leo — in Cameroon on an African tour — responded to fresh Trump attacks by calling for a “message of peace,” drawing huge crowds. Religious experts told NPR the confrontation is historically unprecedented in the directness of a pope challenging a US president; commentators note Pope Leo has modeled a form of resistance that other world leaders have avoided.

Sources: Reuters / Reddit · BBC · NPR · Al Jazeera opinion

China’s ambiguous role: satellites for Iran, diplomatic gains, energy risk

Analysis finds China strategically uncomfortable as the war drags on. Beijing gains some diplomatic leverage but faces energy security and economic stability risks — Iran is a key oil supplier. New reporting: Iran bought an in-orbit Chinese satellite with ongoing ground control services from China, using it to target US military sites in the region. Separately, China successfully tested an electro-hydrostatic actuator capable of severing undersea cables at 3,500m depth, with state media hinting at “deployment readiness.” Undersea cables carry ~95% of global internet and financial traffic.

Sources: Guardian · Tom’s Hardware: satellite · Tom’s Hardware: cable cutter · BBC (Gardner)

Trump threatens to fire Fed Chair Powell; Russian oil waiver expires

Trump renewed threats to dismiss Federal Reserve Chair Jerome Powell before his term ends in May, calling for lower interest rates and repeating claims about a discredited probe of the central bank. An unprecedented removal would potentially destabilize markets during Iran war-driven uncertainty. Separately, a Trump waiver that had permitted continued Russian oil sales expired — but analysts say Moscow already walked away with billions during the waiver period, effectively subsidizing Russian war funding.

Sources: BBC: Powell · NPR: Powell · Kyiv Independent: oil waiver

South Africa names apartheid-era negotiator as US ambassador

South Africa has appointed Roelf Meyer — a key white negotiator during the talks that ended apartheid — as its new ambassador to Washington. The choice reads as a deliberate signal aimed at repairing relations after the Trump administration’s inflammatory and inaccurate “white genocide” claims.

Sources: Guardian · BBC

Sri Lanka repatriates 238 Iranian sailors after US torpedo attack killed 104

Sri Lanka repatriated 238 survivors of the US attack on the Iranian vessel Iris Dena, which killed 104 people. One of the first visible humanitarian consequences of direct US–Iran naval combat, occurring while ceasefire talks remain fragile.

Sources: BBC

Sudan: $1bn pledged at Berlin conference as crisis enters year four

Three years after Sudan’s civil war began, donors at a Berlin conference pledged over £1bn ($1.15bn) to address the world’s largest humanitarian crisis. Over 60% of the population is sliding into extreme poverty; the UN warns 34 million Sudanese could face extreme poverty. Norway’s development minister Åsmund Aukrust called the situation “the worst in the world” and announced increased Norwegian aid. Ceasefire prospects remain distant. BBC reporter Mohamed Suleiman, phone offline for three years in conflict zones, described the scale of destruction as incomprehensible when connectivity returned.

Sources: Guardian · BBC: reporter · BBC: three years · NRK: norsk bistand · NRK: FN-advarsel

Orbán’s 16-year rule ends; Magyar demands rapid power transition

Following Viktor Orbán’s defeat, opposition leader Péter Magyar met with Hungary’s president to press for parliament to convene in early May, accelerating the transfer of power. The outcome is being watched as a test of democratic resilience in Central Europe.

Sources: BBC

Newly arrived Sudanese refugees at Oure Cassoni camp in Chad receive food aid. Photo: Getty Images.

Also today

Palestinian leader Marwan Barghouti assaulted three times in a month in Israeli prison; in one incident, guards reportedly set a dog on him. Prison service denies allegations. — Guardian · BBC
El Salvador publishes law allowing life sentences for children as young as 12 — Al Jazeera · NPR
France protests the ICE detention of 86-year-old widow Marie-Therese Ross in Alabama — Guardian · NPR
Iran to execute first woman over anti-regime protests — Toronto Sun
Greenland PM: citizens “don’t feel safe” following Trump’s annexation threats — NBC News
Turkey: nine killed in second school shooting in two days — BBC
Pentagon secretly ramping up planning for potential Cuba operation — USA Today
North Korea: IAEA warns of “very serious” progress on more nuclear weapons — Guardian
AMOC collapse significantly more likely than prior models suggested; implications for European climate — Guardian
~250 missing after migrant boat sinks in Indian Ocean — BBC

Ukraine

Donetsk: intense pressure on Kostyantynivka, no Russian breakthrough

Russian forces intensified assaults on Kostyantynivka with ~2,500 civilians still trapped and all access routes under fire, but analysts assess Russia cannot yet threaten Kramatorsk from the south and is taking high casualties. DeepState confirmed Russian advances near three Donetsk and two Zaporizhzhia settlements. Ukraine recorded 153 combat clashes in the past day — the fiercest tempo on the Pokrovsk front (36 attacks). CinC Syrskyi reported Ukrainian forces recaptured ~50 km² of territory in March.

Sources: UP: 153 clashes · UP: DeepState · UP: 2,500 trapped · Ukrinform: 50 km² regained

Ukraine’s deepest confirmed strike: 1,500 km into Bashkortostan

Ukrainian drones struck the Sterlitamak Petrochemical Plant in Bashkortostan — ~1,500 km from the border, Ukraine’s deepest confirmed strike — targeting Russia’s only neodymium synthetic rubber producer and a key jet fuel additive supplier. Concurrent strikes hit a refinery in Tuapse (Krasnodar Krai), an oil depot in Valuyki (Belgorod Oblast), and an oil pumping station near Volgograd: a coordinated day against Russian energy and defense-industrial infrastructure.

Sources: Kyiv Independent · UP: Krasnodar fire

Ukraine captures Russian position using only drones and ground robots

Ukraine reported successfully capturing a Russian defensive position using only unmanned ground robots and drones — no infantry deployed. A claimed first, the development signals a meaningful evolution in autonomous warfare tactics as the UK drone pipeline accelerates.

Sources: Business Insider

Russia publishes European drone factory addresses as targets

Russia published the addresses of European drone manufacturing facilities, labeling them potential military targets. Moscow called European drone transfers to Ukraine “escalation” — a threat designed to deter the accelerating supply pipeline as the UK and Netherlands commitments make the chain increasingly visible.

Sources: United24 · Kyiv Independent

Zelenskyj og Støre signerer avtale om tettere forsvarssamarbeid — inkludert ukrainsk droneproduksjon på norsk jord.

Also today

Offiser i Forsvaret siktet av Økokrim for misbruk av Nansen-programmets Ukraina-støtte — utstyret ble aldri levert. TU.no

Norway

Asle Toje møtte Etiopias makthavere uten å fortelle hvem han jobbet for

Aftenposten avslører at Asle Toje — medlem av Den norske Nobelkomité — reiste til Etiopia som betalt konsulent for et gruveselskap uten å oppgi oppdragsgiver da han ba en norsk diplomat arrangere møter med landets myndigheter. Diplomaten satt igjen med inntrykk av at Toje var på ferd som nobelrepresentant. Saken har utløst skarpe reaksjoner.

Sources: Aftenposten · Reddit

Telia sporet 2 millioner kunder i tre år — Nkom åpner tilsyn

En konfigurasjonsfeil fra 2023 har gjort det mulig for hvem som helst med et Telia-SIM å finne posisjonen til enhver Telia-abonnent med 100–200 meters nøyaktighet i byer, uten at mottaker trengte å svare på anropet. Feilen utnyttet VoLTE på 4G-nettet og lekket celletårn-ID ved innkommende anrop. Eksponerte abonnenter inkluderte ansatte i Forsvarsdepartementet, NSM, politiet og stortingspolitikere. Sikkerhetsforsker Harrison Sand oppdaget feilen 20. mars 2026; NRK varslet Telia 13. april og den ble rettet i løpet av natten. Digitaliseringsminister Karianne Tung beskriver det som «et alvorlig sikkerhetsbrudd». Datatilsynet advarer om at omfanget kan være langt større enn Telias egen avviksmelding indikerer.

Sources: NRK — hovedsak · NRK — Datatilsynet · NRK — digitaliseringsministeren · Digi.no — Nkom-tilsyn · Aftenposten · Reddit

Nordic Mining får fortsette dumping i Førdefjorden

Gulating lagmannsrett forkastet kravet om midlertidig stans av utslipp fra Nordic Mining i Førdefjorden. Gruveselskapet kan dermed fortsette å dumpe gruveslagg mens saken behandles av Høyesterett i slutten av april. Naturvernforbundet og Natur og Ungdom fikk ikke medhold og ble i tillegg dømt til å betale 3,75 millioner kroner i sakskostnader.

Sources: NRK — lagmannsretten · NRK

Stø-utviklere har ikke håndkodet på et halvt år

Stø AS — selskapet bak BankID og BankAxept, eid av 104 norske banker — har gått all inn på AI-assistert utvikling. Utviklerne bruker GitHub Copilot Enterprise med tilgang til Claude Opus/Sonnet/Haiku og OpenAI Codex, og har ikke skrevet kode for hånd på seks måneder. CTO Christoffer Hernæs understreker at agentene bærer ingen leveranseansvar og at menneskelig kontroll er obligatorisk før kode når produksjon. Utvikler Tarald Riise sier skiftet flytter ham fra «Code Monkey» mot større produkteierskap. Norges kritiske digitale infrastruktur — i agentens hender.

Sources: Kode24 · Reddit

North Tandem konkurs etter NRK-avsløring

Bergens-baserte lakseeksportør North Tandem er slått konkurs etter at NRK avslørte at selskapet i flere år solgte skadet og såret fisk til utlandet med falske etiketter fra etablerte norske lakseselskaper. Fire personer er siktet etter matloven og straffeloven. Myndighetene frøs selskapets bankkontoer — opprettholdt av Høyesterett — og etterlot 39 millioner i gjeld mot bare 900 000 i aktiva.

Sources: NRK

Skrap T-banetunnelen, sier Ruter og Sporveien

En ny rapport fra Ruter og Sporveien anbefaler å skrote planene om en andre T-banetunnel gjennom Oslo sentrum. Konklusjonen: riktig vedlikehold og oppgraderinger av eksisterende nett er tilstrekkelig. Dette snur lengre konsensus om at Oslo-T-banen ville kollapse uten ny sentrumskapasitet.

Sources: NRK · TU.no

Kjernekraft-rapport: Betinget ja — første reaktor mulig i 2040

En ny rapport fra et statlig utvalg ledet av Kristin Halvorsen gir i praksis et betinget ja til kjernekraft i Norge — uten å bruke ordene eksplisitt. Konsulentselskapene Amentum og Multiconsult mener de første reaktorene kan kobles til det norske strømnettet allerede i 2040. Kongsberg-sjef Eirik Lie advarer mot at Stortingets utsettelse av langtrekkende luftvern er et «faresignal for Europa».

Sources: TU.no — rapporten · TU.no — 2040

Microsoft investerer 13 milliarder i AI-anlegg i Narvik

Nscale utvider avtalen med Microsoft i Narvik og kjøper 30 000 Nvidia Rubin-grafikkprosessorer til det voksende AI-datasenteret. Totalinvesteringen ligger på rundt 13 milliarder kroner, noe som gjør Narvik til et av de største AI-infrastrukturprosjektene i Norden.

Sources: Digi.no

Statens IT-lisenser: opp 40 %, over 5 mrd. i året

Statens kostnader til programvarelisenser har vokst med 40 prosent og passert 5 milliarder kroner i året. En dansk kommune faset ut en rekke amerikanske IT-systemer etter store prisøkninger og beskriver prosessen som «relativt enkel» — en erfaring som er relevant for norsk offentlig sektor.

Sources: Digi.no — statens lisenser · Digi.no — dansk kommune

Norse Atlantic stuper 50 %; Fredriksen inn bakveien

Norse Atlantic Airways mistet halvparten av børsverdien sin på én dag. Nordea-forvalter Robert Næss mener selskapet ikke har en fremtid som flyselskap, men ser verdi i en leasingmodell. John Fredriksen øker eierandelen i Norse gjennom bakveien — og er allerede største eier i Norwegian.

Sources: DN — børsfall · DN — Fredriksen

Norgespris dyrere enn planlagt — Støre lover å ta regningen

Statsminister Støre erkjenner at norgespris-ordningen, som skal gi rabattert strøm til husholdninger, har blitt langt dyrere enn planlagt som følge av økte strømpriser.

Sources: TU.no

Kartvisualisering av hvordan Telia-feilen lekket posisjonen til en mobilabonnent via VoLTE.

«Vi blir knapt nok tatt fram til festbruk.»

— Skoltesamer, som ikke er invitert til 200-årsmarkeringen av riksgrensen mellom Norge og Russland

Økonomi og politikk

Frp på sin sterkeste måling på 17 år; folket delt om Støres fremtid som statsministerkandidat i 2029 — Dagsavisen · Aftenposten
Norges Bank og renten: Høyre-topper Asheim og Astrup anklager Ap for politisering — DN · Dagsavisen
Statlig lønnsoppgjør starter med høy konfliktrisiko; byggfagsoppgjøret avverget streik — NRK · DN
Elkjøp/Eplehuset-oppkjøp under utvidet vurdering av Konkurransetilsynet — NRK
Fødselstallene fortsetter å stige — 1 363 flere fødsler i 2025 — NRK
Boutgiftene flater ut, men aleneboere bruker nesten halvparten av inntekten på bolig — NRK

Street level

Fagforening og tips: Tre ansatte ved Kverneriet Solli nektet 200 000 i tips etter at de ble med i Fellesforbundet; arbeidsgiver avviser hevnmotiv. Forlik er inngått, men ansatte har sluttet. — E24
IT-jobbmarkedet: Reddit-tråden rundt Digi.nos 40 %-tall viser uro blant norske utviklere; driftstillinger er hardest rammet, mens utvikler- og designerstillinger har bedret seg noe siden høsten 2025 — Digi.no
Skoltesamer ekskludert fra 200-årsmarkering av riksgrensen — NRK

Også i dag

Rivertonprisen: Jo Nesbø vant for fjerde gang — NRK · Dagsavisen
Storhamar NM i ishockey for tiende gang — 4–1 i sjette finale mot Frisk Asker — NRK
Champions League: Arsenal og Bayern til semifinale; mulig norsk duell Ødegaard mot Sørloth — NRK
Gjerdrum-drap: Tiltalte erkjenner nå også drapet på datteren May Elin — NRK
UiO skyter snart opp sin aller første satellitt for å måle solstormer mot Jorden — TU.no
EU lanserer app for aldersverifisering på sosiale medier; Norge «vurderer ulike løsninger» — NRK

Tech

Cybersecurity is now a computational proof-of-work race

Drew Breunig argues AI has turned security into an arms race analogous to crypto’s proof-of-work: winning is no longer about cleverness but about token budget. AISI analysis shows AI exploit-finding has no diminishing returns even at 100M tokens per attempt. Hardening a system therefore requires spending more tokens finding vulnerabilities than attackers will spend exploiting them — reframing security spending as market-determined by exploit value. Practical implications: open source benefits from distributed scrutiny, development splits into build/review/harden phases, and hardening becomes autonomous agent work bounded by budget. Companion reading: RedSun, a public GitHub tool exploiting a vulnerability introduced in the April 2026 Windows Update to gain SYSTEM access on 10, 11, and Server.

Sources: dbreunig.com · Lobsters · RedSun GitHub

RCT (n=1,222): AI assistance reduces persistence — and hurts independent performance

A randomized controlled trial found that just ~10 minutes of AI-assisted work made people significantly more likely to give up on tasks and perform worse when AI was unavailable. The proposed mechanism: AI conditions users to expect immediate solutions, depriving them of the chance to work through difficulty. Since persistence is one of the strongest predictors of long-term learning and skill acquisition, the dependency has costs beyond any short-term productivity gain. Reads as a useful counterweight to Stø’s “no hand-coding in six months” (see Norway).

Sources: arXiv (2604.04721) · Lobsters

Stop using Ollama — use llama.cpp directly

A detailed critique finds Ollama runs up to 1.8x slower than upstream llama.cpp, reintroduces fixed bugs, uses a proprietary model storage format for lock-in, and misleadingly relabels models (distilled DeepSeek variants labeled simply “DeepSeek-R1”). It has also quietly begun routing some requests to third-party cloud providers. The recommended alternative: llama.cpp’s own llama-server directly, with GUI frontends like LM Studio, Jan, or Msty layered on top.

Sources: Sleeping Robots · Hacker News

Darkbloom: decentralized private AI inference on idle Macs

Darkbloom (by Eigen Labs) routes encrypted AI inference requests to idle Apple Silicon Macs instead of centralized cloud servers. Requests remain encrypted end-to-end — node operators cannot see inference data — with hardware verification via Apple’s secure enclave. It exposes an OpenAI-compatible API at roughly half OpenRouter’s price, with node operators keeping 100% of revenue.

Sources: Darkbloom · Hacker News

yk: retrofitting a meta-tracing JIT into C interpreters with ~400 lines

Laurie Tratt describes yk, a meta-tracing JIT system that derives a JIT compiler automatically from an existing C interpreter with minimal code changes — demonstrated by JIT-compiling a Lua VM with under 400 lines added and fewer than 50 modified. Key techniques: basic-block tracing via inserted annotations, LLVM IR serialization baked into the binary for runtime optimization, yk_promote() for burning runtime values into traces as guarded constants, and deoptimization via LLVM stackmaps. Result: ~2x benchmark speedups, full compatibility with the reference interpreter, and painless version upgrades (Lua 5.4.6 → 5.5.0 in under 2 hours).

Sources: tratt.net · Lobsters

simdutf now builds without libc++ or libc++abi

Mitchell Hashimoto documents his work making simdutf — the high-performance SIMD UTF encoding/decoding library used in Zig, Node.js, and others — buildable without a C++ standard library. Removing the libc++/libc++abi dependency had been painful for systems-level projects embedding it. The post walks through how the C++ stdlib was entangled in the build and what it took to disentangle it.

Sources: mitchellh.com · Lobsters

Medical breakthroughs: CRISPR silencing chromosome 21; Oslo patient cured of HIV

New PNAS research demonstrates CRISPR-based silencing of chromosome 21 in Down syndrome cells — an approach that targets the underlying trisomy rather than individual symptoms. Early-stage but meaningful proof-of-concept for chromosomal silencing as therapy. Separately, researchers at Oslo University Hospital found no traces of active HIV virus in the blood, bone marrow, or intestines of a Norwegian patient — the seventh person in the world likely cured — after receiving a bone marrow transplant from his brother. First known case where a family member (rather than an unrelated donor) cleared the infection.

Sources: Medical Xpress: CRISPR · Forskning.no: Oslo-pasienten · Gizmodo

Stealth filecasting bypasses Iran’s internet blackout

Iran’s near-total communications shutdown — blocking internet, VPNs, SMS, and mobile calls since early 2026 — is being circumvented by Toosheh, a system from NetFreedom Pioneers that encodes files inside ordinary satellite TV broadcast signals. Because satellite broadcasts are one-way and bypass terrestrial internet infrastructure, they’re far harder to block. The regime has responded by mounting terrestrial jamming antennas at elevation to flood satellite frequency bands with noise; the broadcast method continues getting information through.

Sources: IEEE Spectrum · Hacker News

Google shared user location and IP data with ICE — no advance notice

EFF reports Google provided ICE with subscriber metadata — IP addresses, physical address, session times/durations — in response to an administrative subpoena, without giving the user advance notice to contest it. Google’s stated policy is to notify users before complying with legal process; the post-hoc notification came only after the data had already been handed over. The metadata combination was enough to build a detailed surveillance profile without accessing message content. A companion read to the Telia story (see Norway).

Sources: EFF · Hacker News

“You are not connected” — a photo collage illustrating satellite TV bypass of Iran’s internet blackout. IEEE Spectrum.

Also today

Modern Common Lisp with FSet: functional data structures for idiomatic CL — sets, maps, sequences, bags — shifting CL toward a more Clojure/Haskell-like standard library — fset.common-lisp.dev · Lobsters
Xata: open-source Postgres platform with copy-on-write branching (OpenEBS CoW — branch a TB-scale DB in seconds), scale-to-zero, auto-scaling, SQL over HTTP/WebSockets — GitHub · Lobsters
Zero-copy page management in Rust: using lifetimes as the tool for expressing “this memory is borrowed from this page” instead of copying into owned structures — redixhumayun.github.io
Live Nation/Ticketmaster found by jury to have illegally monopolized the concert ticketing market — landmark antitrust verdict — Bloomberg
KI er blitt så avansert at tradisjonelle benchmarks ikke lenger måler fremgangen — Digi.no

Linux & Infrastructure

AICS: session search and management for Claude Code and Codex CLI

AICS is a CLI tool for searching and managing Claude Code (and Codex) sessions — find old conversations, resume them, search by content. MIT licensed and developed over months of daily use. Useful if you accumulate many sessions and want to navigate them.

Sources: GitHub · Reddit

ask-cli: pipe any command output through a local Ollama LLM

A minimal CLI utility that lets you pipe shell output through a local LLM via Ollama: cat README.md | ask "what does this do?". Supports structured output (CSV, JSON) for chaining with jq. A composable primitive for integrating LLM reasoning into shell pipelines.

Sources: GitHub · Reddit

Drop: high-level Linux sandboxing for terminal workflows

Drop creates lightweight sandboxed environments using Linux user namespaces, preserving your username, working directory, and selected config files — unlike containers which strip everything down. Useful for running untrusted scripts or LLM agents with filesystem and network isolation. Networking supports off or isolated (internet access but no localhost). Written in Go, requires passt/pasta. Terminal-only; no GUI app support.

Sources: GitHub · Reddit

Limine as a Lanzaboote/GRUB replacement for NixOS secure boot

A user switched from Lanzaboote + systemd-boot to Limine for dual-booting Windows (BitLocker) and NixOS with secure boot. Limine handles secure boot signing natively, removing the need for Lanzaboote as a separate flake input. Worked on the first try and eliminates one layer of complexity from the secure boot stack.

Sources: NixOS module example · Reddit

nixpkgs-notifier: self-hosted web app for package update alerts

A Go + PostgreSQL web app with a NixOS deployment module that notifies you when nixpkgs packages get new versions. Useful for pinned flake inputs — subscribe to packages and get alerted early, before updates reach your channel. Supports email (SMTP or Resend) and webhooks, with OIDC authentication. Core functionality is production-ready.

Sources: GitHub · Reddit

NixOS Upgrades On Shutdown flake module

A standalone flake module that triggers nixos-rebuild switch at shutdown when the machine is on AC power or has sufficient battery. Updates only happen on shutdown (not reboot). A tidy solution for keeping machines current without scheduled rebuild timers.

Sources: GitHub · Discourse

Generating GitHub Actions workflows from Nix config

Two projects surface for generating GitHub workflow YAML from Nix: github-actions-nix and actions.nix. Both let you define CI pipelines declaratively in Nix and generate the workflow files — a natural fit for NixOS-managed repos that already declare everything else in Nix.

Sources: github-actions-nix · Reddit

Hyprsettings: GUI Hyprland config editor with Nix support

A Python/PyWebviewGTK app (5+ months in development) that edits your existing hyprland.conf in-place, preserving comments and structure exactly as written. Features: multi-file config support (source discovery, globbing), color/gradient/Bezier editors, offline wiki, searchable settings. Has dedicated Nix install logic alongside Arch. Auto-updates.

Sources: GitHub · Reddit

QML language server with Quickshell + Hyprland singleton support

A Go-based LSP for QML with no CGO dependency, designed to understand Quickshell and Hyprland singletons. Provides completions, go-to-definition, find references, hover docs, semantic highlighting, and inlay hints. Useful for anyone writing Quickshell bars or widgets without guessing at available properties. Integrates with Neovim and VS Code.

Sources: GitHub · Reddit

Wax: Rust Wayland clipboard manager — 3.8x faster than cliphist

A minimal Wayland clipboard manager written in Rust (~98% Rust) that works like cliphist — daemon stores history, rofi/wofi recalls entries — but benchmarks at 3.79x faster (wax list in ~2ms vs cliphist’s ~7.5ms). Stores both text and images, configurable size limits with automatic cleanup. AUR available; no NixOS package yet but simple enough to package.

Sources: GitHub · Reddit

Housekeeping & rug-pulls

Tailscale raises free tier from 3 to 6 users — blog
borg-webui v2.0 switches to freemium, breaking open-source promise — GitHub · Reddit
Cal.com moves enterprise features to closed source in v6.4 — Reddit
Whoogle Search reaches end of life at v1.2.4; Google’s blocking of JS-free queries since early 2025 cited — release
Mosquitto 7.x breaks large Zigbee2MQTT setups: new max_packet_size default (2MB) dropped from 256MB — Reddit

Nix notes

Nix HTTP/2 default causes 10x slower downloads on some connections; --option http2 false restores speed — Discourse
Community thread: NixOS defaults worth changing (e.g., systemd-timesyncd → chrony) — Discourse
NixCon 2026: Kraków, September 25–28, tickets on sale — 2026.nixcon.org
Nix Vegas at DEF CON 34: August 6–9, CFP open through June 15 — nix.vegas

Hyprland

Vaxry at OMACON — different talk from the FUTO one — YouTube (t=14907s)

cd ~/repos/ratatosk && claude --resume 3e039810-b176-4c39-9f28-52fcf20af280