World

Trump orders ‘shoot-to-kill’ as Hormuz blockade tightens

The US Navy has intercepted 33 vessels carrying Iranian oil under the new blockade, and Trump has authorised warships to fire on any boat caught laying mines in the Strait. Trump claimed “total control” of the strait and said Iran’s leadership was paralysed by infighting — a claim Iranian officials dismissed, saying the nation is “one soul.” The US boarded at least one tanker in the Indian Ocean. The Pentagon abruptly dismissed Navy Secretary John Phelan amid reported tensions over military policy.

Sources: BBC · Guardian · Al Jazeera · r/worldnews · r/worldnews (boarding)

Six months to clear the mines

In a classified House Armed Services briefing, the Pentagon said clearing Iranian mines from Hormuz could take at least six months — and no clearing will begin until the conflict ends. Iran has deployed 20+ devices, including GPS-guided remotely controlled mines that are harder to detect. Tanker transits are in single digits most days. The Pentagon spokesperson pushed back on the reporting as “cherry-picking leaked information,” underscoring the political sensitivity of the timeline. BBC analysis of an Iranian “ship seizure” video found it was partially filmed hours after the supposed event — a staged propaganda production.

Sources: Washington Post · r/geopolitics · BBC (staged video) · Axios via r/worldnews · Guardian

Oil $106, jet fuel thins, airlines cancel

Crude broke $106 as the deadlock extended. Middle East jet fuel supply chains are disintegrating, and European carriers are cancelling tens of thousands of flights; regulators warn of a physical shortage if stocks aren’t replenished soon. Reports indicate China pre-positioned unusually large strategic and commercial oil reserves in the months before the conflict — sophisticated hedging, foreknowledge, or both — leaving Beijing less exposed than spot-market-dependent importers. IEA chief Fatih Birol told CNBC the episode is, in structural terms, the single largest energy security threat in recorded history.

Sources: Al Jazeera ($106) · NPR (airlines) · UNN (China reserves) · r/geopolitics · CNBC/IEA

Ceasefires extended — Israel says it’s waiting for the green light

Trump extended both the Israel-Lebanon ceasefire and the broader US-Iran pause indefinitely, without a new deadline — a break from his pattern of short extensions with hard expiry warnings. Skeptics note indefinite ceasefires can calcify into frozen conflicts. Meanwhile, Israel’s defence minister said openly that Israel is awaiting a US green light to “return Iran to the age of darkness and stone,” and Israeli forces are maintaining a military zone inside southern Lebanon — stirring fears of a Gaza-style “Yellow Line” arrangement. Gaza’s Health Ministry puts the death toll at 72,568.

Sources: CNBC · Times Now · Iran News Wire · Al Jazeera (day 56) · Guardian (live) · r/worldnews (green light)

The alliance fractures — Pentagon floats suspending Spain, UK sends Typhoons

A Pentagon email reportedly proposed suspending Spain from NATO as part of punitive options over Madrid’s opposition to the Iran war — an extraordinary threat against a key ally. Simultaneously, Britain offered to deploy RAF Typhoons from Qatar to patrol over Hormuz as part of a 30-country multinational mission jointly organised by France. The War Powers Act 60-day clock runs out May 1; the administration has not said how it plans to proceed. Al Jazeera documented a parallel information operation: AI-generated images of Iranian female victims going viral to manufacture justification for continued strikes.

Sources: r/worldnews (Spain/NATO) · Guardian (Typhoons) · Al Jazeera (May 1) · Al Jazeera (fake AI victims) · Al Jazeera (dissent)

Iran flexes; China and Russia quietly exploit

Reuters reports Iran has staged visible demonstrations of Hormuz dominance — naval exercises, intercepts, IRGC statements — after US-Iran peace talks broke down, positioning itself as the party that survived military pressure. Foreign Affairs details how Russia has shared upgraded Shahed designs with Tehran — improvements derived from the Ukraine battlefield — while both Moscow and Beijing are supplying signals and imagery intelligence for targeting. Moscow also banked a windfall as Trump waived Iran-related sanctions on Russian oil to manage prices. CNBC-aired experts separately characterised the US negotiating team as “out of their league” and not focused on reaching a deal.

Sources: Reuters · Foreign Affairs · r/geopolitics (FA) · CNBC (team analysis) · r/geopolitics (team)

Iran recruits diaspora in Canberra; Germany’s 2039 plan

Tehran’s embassy in Canberra is using a Telegram channel to recruit Australian-based Iranians into a paramilitary campaign; diaspora groups are calling for the embassy’s closure. A similar appeal went out from the Iranian embassy in Germany. In the background, Germany published Verantwortung für Europa, a 20-year roadmap to Europe’s strongest conventional military by 2039: active duty from 185,000 to 260,000, reserves from 60,000 to 200,000 — 460,000 combat-ready. Russia is named as the primary threat; conscription remains in reserve; recruitment is currently 10% above last year.

Sources: Guardian (Iran/Australia) · Defense News (Germany) · r/geopolitics

The first Polymarket insider-trading case

Gannon Ken Van Dyke, a US Army Special Forces soldier who participated in the January Maduro capture, was charged with turning classified operational intelligence into more than $400,000 on Polymarket. It is the first time suspected insider trading on a prediction market has led to US criminal charges; he faces up to 60 years. In a thematically adjacent case, French police are investigating suspected tampering with a physical weather monitoring device to sway a Polymarket bet on Paris rainfall. Political prediction markets are now producing the kind of insider-trading surface that equities spent a century constructing.

Sources: BBC · Guardian · NPR (Maduro) · NPR (Paris) · Al Jazeera · CNN · DOJ · HN

White House accuses China of industrial-scale AI model theft

A White House memo by AI policy lead Michael Kratsios accuses Chinese firms of “wrongfully distilling” US AI models — using US-developed systems as training data to build competitors at a fraction of the cost. The administration is framing this as a national security issue as DeepSeek narrows the capability gap. The accusation echoes concerns that have circulated since DeepSeek’s debut; proving it is another matter.

Sources: BBC · NPR · r/worldnews

US and China converge on Southeast Asian scam centres

In a rare alignment, the US DOJ’s new Scam Center Strike Force and China’s Foreign Minister Wang Yi both moved against the industrial fraud compounds in Myanmar, Cambodia, and Laos — operations that have enslaved tens of thousands to run crypto scams, many trafficked Chinese citizens among them. The convergence of US law enforcement and Chinese diplomatic pressure suggests the networks have become politically untenable for both — though past crackdowns have proven the enterprises deeply resilient.

Sources: DOJ · Straits Times · r/geopolitics (DOJ) · r/geopolitics (China)

China’s Antarctic play; the Malacca dilemma; a dry run for Taiwan

Three linked pieces of the Indo-Pacific puzzle. The Soufan Center details China’s five-station Antarctic buildout: the Qinling facility runs a satellite ground station capable of collecting SIGINT from Australia and New Zealand, and the Antarctic Treaty’s resource restrictions come up for review in 2048, with ~500 billion tons of oil under the ice. A new US-Indonesia defence pact gives Washington enhanced access to surveillance infrastructure near Malacca — through which 80% of China’s oil imports flow. And Singapore FM Vivian Balakrishnan called the current Hormuz disruption a dry run for a US-China conflict — the global supply chain stress test every government should be studying. War on the Rocks pushed back on proposals for a formal Indo-Pacific defence pact, warning it could trigger a “peak power” miscalculation from Beijing.

Sources: Soufan Center · r/geopolitics (Antarctica) · SCMP (Malacca) · Fortune (Singapore) · War on the Rocks

Trump threatens UK tariffs over digital services tax; India protest

Trump threatened tariffs on the UK unless it scraps its digital services tax on US tech firms, accusing Britain of trying to “make an easy buck” from American companies. India’s foreign ministry called it “obviously uninformed, inappropriate and in poor taste” after Trump amplified a post calling India a “hellhole” and Indians “gangsters with laptops”; Delhi opted for restrained diplomacy rather than escalation.

Sources: Guardian (UK/DST) · Guardian (India) · r/worldnews

Accountability: Duterte, Ramaphosa, Tanzania

ICC judges unanimously confirmed crimes-against-humanity charges against Rodrigo Duterte, who will face a full trial at The Hague over the anti-drugs killings. South Africa’s Ramaphosa suspended national police commissioner Fannie Masemola over a $21m health services contract. An official Tanzanian inquiry found over 500 killed in the recent election violence, though it declines to attribute blame.

Sources: Guardian (Duterte) · BBC (SA) · Al Jazeera (SA) · BBC (Tanzania)

Ukraine

The €90bn is final; Mirage transfer floated; Putin to Miami?

The European Council formally adopted the final legislation underpinning the €90bn Ukraine loan and approved the 20th Russia sanctions package, closing the file Hungary blocked for months. Ursula von der Leyen called it “good news”; Zelenskyy urged the first tranche be disbursed by May or June. Latvia added €70m of its own. France offered Greece a Rafale discount if Athens transfers all its Mirage 2000s to Ukraine — a potentially significant fighter uplift. On the other side of the ledger: the Washington Post reports Trump plans to invite Putin to the G20 summit in Miami, saying it would be “very helpful.” European allies are expected to object. Germany separately published a new military strategy that reduces reliance on the US.

(See also Germany’s 2039 plan in World.)

Sources: EU Council · Kyiv Independent · Guardian · Al Jazeera · NPR · r/UkrainianConflict (Mirage) · Ukrainska Pravda (G20) · WaPo (Putin G20) · Politico (Germany)

“No ersatz membership”

Ukrainian FM Sybiha publicly dismissed EU proposals reportedly circulating for a tiered or “symbolic” membership that would grant some benefits without full accession. “We will not accept any ersatz membership,” he said. The statement creates a public standoff with Brussels at a moment when several member states are quietly exploring intermediate arrangements as a political off-ramp from full accession.

Sources: Kyiv Independent · r/geopolitics

Odesa struck; four refineries suspended; FSB command post hit

Russian drones killed two and injured 15 in overnight residential strikes in Odesa, while a merchant vessel heading to an Odesa Oblast port was separately hit and caught fire. A Russian USV aimed at the port was intercepted and destroyed. On the offensive side, four Russian refineries have suspended operations in April — Syzran, Tuapse, Nizhny Novgorod, Novokuibyshev — as the deep-strike campaign accumulates strategic impact. Ukrainian forces also struck an FSB special forces command post in occupied Donetsk, killing 12 officers.

Sources: Ukrainska Pravda (Odesa) · Ukrainska Pravda (vessel) · Ukrainska Pravda (USV) · r/UkrainianConflict (refineries) · Telegraph (FSB)

Putin admits the internet outages; Russians pull cash

In his first direct public acknowledgment, Putin defended Russia’s mobile internet outages as a security necessity during Ukrainian drone strikes, ordering the government to whitelist essential services (banking, transport) after the fact. The admission confirms the policy is damaging everyday life. Reports have emerged of Russians withdrawing billions in cash as internet disruption erodes trust in digital banking. On the Ukrainian side, the General Staff dismissed the commanders of the 14th Mechanised Brigade and 10th Army Corps after reports of troops near Kupiansk losing consciousness from food shortages.

Sources: ISW · r/ukraine (cash) · Ukrainska Pravda (dismissals) · Kyiv Post (hunger)

194 clashes; Lyman mechanised assault staging; “flag-raising” geolocation exposes stunt

Combat tempo rose to 194 clashes over the past day (up from 159). Russian forces are concentrating equipment for a mechanised assault in the Lyman direction and intensifying strikes on Ukrainian logistics there. Russia confirmed its seizure of Myropilske east of Sumy City and is pressing 2–3 km deep along the border, prioritising the southeastern axis. Open-source analysts geolocated a Perviy Kanal “flag-raising in Hryshyne” clip to Mykailivka — roughly 40 km from the claimed location — exposing a staged propaganda stunt.

Sources: Ukrainska Pravda (194) · ISW · Ukrainska Pravda (losses)

UK sanctions evasion: Essar’s Mauritius switch; MPs target Kyrgyzstan network

An investigation revealed that Essar Energy, owner of the UK’s Stanlow refinery, moved loans from VTB — Russia’s state bank, nicknamed “Putin’s piggy bank” — to an offshore Mauritius subsidiary where UK sanctions did not apply, in the days after Russia’s invasion. Separately, more than 20 UK MPs and peers have called on the foreign secretary to sanction institutions in Kyrgyzstan allegedly facilitating Russian sanctions evasion, including through a ruble-pegged cryptocurrency called A7A5.

Sources: Guardian (Essar) · Guardian (Kyrgyzstan)

Druzhba pump station struck days after restoring Hungary deliveries

Ukraine destroyed a Druzhba pipeline pump station shortly after having restored oil deliveries to Hungary via the same line. The timing — flow restored, then infrastructure destroyed — reads as deliberate signalling, though the exact intent is unclear. Russia, for its part, warned European states against hosting French nuclear-capable bombers, as France reportedly explores forward-basing such assets to strengthen European deterrence.

Sources: Kyiv Post via r/worldnews · Reuters via r/worldnews

Tech & AI

Anthropic’s unusually candid post-mortem

Anthropic published a post-mortem confirming the community’s observations were accurate: three compounding bugs quietly degraded Claude Code between March and April. (1) Reasoning effort was downgraded from high to medium on March 4 to reduce latency, making the model feel less intelligent for weeks; (2) a caching bug introduced March 26 dropped thinking blocks every turn, making Claude appear forgetful and burning usage limits; (3) a system-prompt “≤25 words between tool calls” cap pushed April 16 caused a measured 3% drop on coding benchmarks. Because the issues hit different segments on different timelines, the combined effect looked like broad degradation. All three fixed in v2.1.116 (April 20); usage limits reset for all subscribers April 23. Anthropic committed to better testing and gradual rollouts.

Sources: Anthropic Engineering · HN · r/ClaudeAI

Cache TTL cut from 1 hour to 5 minutes — not in the post-mortem

Separately, Anthropic reduced Claude Code’s prompt cache TTL from 1 hour to 5 minutes in early April, framing it as “reverting to default” with no announcement. One tracked user saw cache busts jump from 39 to 199 per day and costs nearly triple — $6.28 → $15.54/day, ~+$277/month projected. The change disproportionately hurts long agentic sessions where any pause over 5 minutes forces a full expensive context rebuild. No rollback has been announced.

Sources: XDA Developers · r/ClaudeAI

Opus 4.7: mixed reactions, and the reasoning_effort dial decoded

Multiple practitioners report Opus 4.7 (April 17) feels shallower and less instruction-adherent than 4.6 despite more agentic posturing — one tracking 6,852 sessions saw 80× more API requests and 170× more input tokens for subjectively worse output. A common emerging pattern: Codex/GPT-5.4 for research/architecture and Claude Code for automation, with Claude-created PRs reviewed by Codex. A detailed 220-run benchmark of Claude’s reasoning_effort parameter found the dial mainly controls output token volume rather than input processing. Opus 4.7 uniquely scales thinking per turn (18% of tokens at low → 93% at max); older models think on nearly every turn regardless. Sonnet 4.6 at high delivers 5.1× more tokens per dollar than Opus 4.7 at the same setting. Separately, Opus 4.6 still holds the top of the MRCR v2 long-context retrieval benchmark. New tiered daily limits (“Claude Design” research preview; “routine runs” quota) have also appeared without documentation.

Sources: Jock’s Thoughts · r/ClaudeAI (weird) · r/ClaudeAI (Codex) · George Liu · r/ClaudeAI (effort) · r/ClaudeAI (MRCR) · r/ClaudeAI (new tiers)

DeepSeek V4(-Pro) and GPT-5.5

DeepSeek released V4 (also V4-Pro on Hugging Face), claiming the best open model for math and coding a year after shaking global tech markets. OpenAI announced GPT-5.5, an incremental update in the GPT-5 family.

Sources: DeepSeek API Docs · HN (DeepSeek) · Al Jazeera · OpenAI · HN (GPT-5.5)

Karpathy’s CLAUDE.md at 81k stars

A CLAUDE.md file encoding four of Andrej Karpathy’s LLM coding guidelines has accumulated 81k+ GitHub stars. The principles: think before coding, simplicity first, surgical changes, goal-driven execution with verifiable criteria. Works as Claude Code plugin, per-project CLAUDE.md, or Cursor rules — reflecting growing interest in configuration-as-behavior for agents.

Sources: GitHub · r/ClaudeAI

AI scientists execute but don’t reason — 25,000-run study

A paper (arXiv 2604.18805) evaluated LLM-based scientific agents across 8 domains with 25,000+ runs. The findings: agents ignore gathered evidence 68% of the time, update beliefs only when contradicted 26% of the time, and never revise hypotheses in 71% of runs. The underlying model explains 41% of performance variance; the agent framework explains only 1.5%. Showing agents examples of successful scientific reasoning didn’t help. Conclusion: current AI scientists execute the form of science (hypothesise → experiment → result) without the substance (evidence-driven belief revision). Training has to target reasoning loops, not task completion.

Sources: arXiv via AlphaXiv · r/MachineLearning

OCR: cheaper and older models often beat flagships

An open-source benchmark of 18 LLMs across 7,000+ OCR calls found that mini/older models frequently match or beat flagship models on document extraction — suggesting most teams are overpaying. Practical implication for AI-heavy stacks: OCR/extraction is commodity work where cost-optimised routing (Haiku, 4o-mini) can cut costs substantially without accuracy loss.

Sources: GitHub · r/MachineLearning

Ubuntu 26.04 LTS “Resolute Raccoon”

26.04 ships with TPM-backed full-disk encryption, expanded memory-safe components, improved app permission controls, and Livepatch extended to Arm. Five years of maintenance; all nine official flavours out simultaneously. A Zellic audit of rust-coreutils found 113 issues and 43 CVEs (CVE-2026-35338 through 35381); eight TOCTOU bugs remain unpatched in cp/mv/rm, so 26.04 continues shipping GNU coreutils for those three. Target for full rust-coreutils: 26.10.

Sources: LWN · Ubuntu release notes · HN · Lobsters · Ubuntu Discourse (coreutils) · Lobsters (audit)

Why openat() matters — Flatpak CVE-2026-34078

A deep dive into why path-based file APIs are fundamentally insecure: a path string is not a reference to a file but a namespace lookup, vulnerable to symlink attacks and TOCTOU races. The correct primitive is openat() with file descriptors, which pins inodes in the kernel. Flatpak recently patched CVE-2026-34078, where trusted-input code was directly exposed to untrusted callers through paths — requiring extensive refactoring to thread file descriptors throughout the codebase.

Sources: Sebastian Wick · Lobsters

Bitwarden CLI npm package backdoored in Checkmarx campaign

@bitwarden/cli v2026.4.0 was backdoored via a compromised GitHub Action in Bitwarden’s CI/CD pipeline, inserting credential-harvesting code that targets GitHub tokens, AWS/Azure/GCP credentials, npm tokens, and SSH keys — exfiltrating to audit.checkmarx.cx. The payload also injects persistence into .bashrc/.zshrc and propagates by stealing npm tokens. Affected orgs: remove immediately, rotate all credentials, audit CI/CD logs.

Sources: Socket · HN

MeshCore splits over undisclosed AI use and a unilateral trademark

The mesh-networking project MeshCore has split after contributor Andy Kirby was found to have used Claude to generate major firmware and app components without disclosure, then filed for the MeshCore trademark unilaterally. A community Discord poll found significant skepticism about AI-generated firmware in critical infrastructure. The original team (Scott, Liam Cottle, Recrof, FDLamotte, Oltaco) has moved to meshcore.io/meshcore.gg; Kirby’s faction continues at meshcore.co.uk as “MeshOS”. 38k+ global nodes and 100k+ app users in play.

Sources: MeshCore Blog · HN

Crawshaw’s exe.dev; a For You feed from a home PC

David Crawshaw (Go net package) is launching exe.dev, rebuilding cloud from first principles: direct CPU/memory provisioning (no VMs coupling them), local NVMe with async replication, built-in TLS proxies, anycast networking — addressing 10× IOPS penalties from remote storage and 10×-above-cost egress. He ties the urgency to AI agents: more generated code means more cloud usage, and current abstractions don’t hold up. In a similar vein, a developer runs a popular Bluesky For You feed serving 72k daily users from a home gaming PC (9950X3D, 96GB, 4TB NVMe) — ~$30/month vs $245 equivalent in cloud, 15–25 req/s at 37% CPU, two 400GB+ SQLite files holding interaction data, Tailscale proxy via a small VPS to hide the home IP. He estimates the current hardware could theoretically serve all ~1M active Bluesky users.

Sources: crawshaw.io · Lobsters (Crawshaw) · AT Protocol Blog · Lobsters (feed)

Editors, assembly desktops, Firefox config

A Linux desktop written entirely in x86_64 assembly — a tour of how thin the actual kernel interface really is. Nev, a keyboard-driven editor targeting both terminal and GUI. A comprehensive guide to configuring Firefox — privacy, performance, workflow customisations beyond the defaults.

Sources: Lobsters (asm) · HN (Nev) · Lobsters (Firefox)

Long COVID & ME/CFS

Endothelial senescence as the self-reinforcing engine

Nunes, Kell, Pretorius et al. published a peer-reviewed mechanistic review in Cell Death & Disease (Nature) proposing that virus-induced endothelial senescence is a central, self-reinforcing driver of ME/CFS and Long COVID. The key immune angle: senescent endothelial cells upregulate HLA-E, which engages inhibitory NKG2A receptors on CD8+ T cells — actively suppressing their activation and cytotoxic function. This is a concrete mechanism for why circulating CD8+ memory cells are depleted and functionally impaired: they’re being immunosuppressed by dysfunctional endothelium, not merely exhausted. The SASP (senescence-associated secretory phenotype) also drives vasoconstriction, a procoagulant state, and perpetuates the immune-dysfunction loop. Therapeutic implication: senolytics (dasatinib + quercetin, fisetin) target this mechanism directly, though no LC trial data exists yet.

Nunes et al., Cell Death & Disease, Jan 2026 · PubMed 41513611

Stellate ganglion block — Phase 4 launches in Toronto

A Phase 4 sham-controlled trial has launched at UHN Toronto testing stellate ganglion block (SGB) — a cervical anesthetic injection — for COVID-induced dysautonomia. 78 participants, real vs. sham, 6-week protocol. SGB blocks sympathetic outflow at the stellate ganglion and has been used off-label for PTSD and hot flashes; the rationale here is sympathetic overdrive from the elevated β-adrenergic and AT1 autoantibodies seen in LC dysautonomia. Not yet recruiting as of April 21; contact emad.al-azazi@uhn.ca.

The Sick Times, April 21