The Lookout — 2026-03-18

Israel killed Ali Larijani overnight. The 67-year-old head of Iran's Supreme National Security Council — close confidant of Ayatollah Khamenei, former speaker of parliament, former head of state media — was hit in Tehran along with Gholamreza Soleimani, the commander of the Basij militia. Fars news agency confirmed Larijani's death hours after Israeli officials announced the strike. That makes two of Iran's most senior figures eliminated since the war began: Khamenei himself in the opening salvos, now his security chief. The IRGC's earlier message — that the missiles fired so far were "from a decade ago" and the serious hardware remained in reserve — takes on a different tone when the people who would give the order to use it keep getting killed.

The US hit Iranian missile sites near the Strait of Hormuz with bunker buster bombs. Trump, characteristically, said he did not "need or desire" help from NATO allies to reopen the strait. Iran responded Wednesday with renewed missile and drone attacks on its Gulf neighbours and Israel. Two people were killed in Israel from a barrage. The death toll since February 28 stands at 1,444 in Iran, at least 20 across the Gulf states, 15 in Israel, and 13 US soldiers.

And then the most significant resignation of the war so far. Joe Kent, director of the US National Counterterrorism Center — Trump's own nominee, a former Army Ranger with eleven combat deployments — posted his resignation letter on X. "Iran posed no imminent threat to our nation, and it is clear that we started this war due to pressure from Israel and its powerful American lobby," he wrote. Kent's wife was killed by an ISIS suicide bomber in Syria in 2019. He referenced her death directly: she had been killed in a war "manufactured by Israel," and he could not "support sending the next generation off to fight and die in a war that serves no benefit to the American people." Trump dismissed him within the hour — "I always thought he was weak on security" — but this isn't a bureaucrat with a policy disagreement. It's a Gold Star husband and decorated special forces veteran invoking the word "imminent," the specific legal threshold required for a president to launch military attacks without congressional approval. The counterterrorism chief is publicly saying the legal basis for the war doesn't exist.

Closer to home, and far more personal for anyone in the south-east of England: Kent has a meningitis outbreak. Thirteen cases of invasive meningococcal disease since March 13, two people dead. A student at the University of Kent and a sixth-former at Queen Elizabeth's Grammar School in Faversham — a girl named Juliette, described by her teachers as kind, thoughtful, and intelligent. Eleven more are in hospital. Cases have also been confirmed at Simon Langton Grammar School for boys in Canterbury and Norton Knatchbull School in Ashford. The UKHSA traced the cluster to a Canterbury nightclub popular with students. Health Secretary Wes Streeting called it "unprecedented." Long queues of students, many in masks, formed on the Canterbury campus for antibiotics on Monday. Residents in the area are reportedly panic-buying meningitis jabs. Assessments at the university have moved online. This isn't a national emergency, but it's a deeply unsettling local crisis, and Canterbury is not a large city — two young people dead and thirteen infected in a tight community hits hard.

In AI, Mistral dropped Forge at Nvidia GTC — a platform for enterprises to build frontier-grade models trained on their own proprietary data. The pitch is that generic models trained on public data will never understand your internal codebases, compliance policies, or operational processes, so let companies do their own pre-training, post-training, and reinforcement learning with Mistral's infrastructure underneath. Partners include ASML, Ericsson, the European Space Agency, and Singapore's DSO National Laboratories. The interesting bit isn't the product — fine-tuning platforms aren't new — it's the positioning. Mistral is betting that the moat in enterprise AI isn't having the biggest model but having the most composable training pipeline. Instead of competing with OpenAI and Anthropic on the leaderboard, they're competing on the workflow. Whether that's visionary or a concession that they can't win the frontier race is a question the market hasn't answered yet.

Python's JIT is back from the dead. Ken Jin published numbers showing the CPython 3.15 JIT is 11-12% faster than the tail-calling interpreter on macOS AArch64 and 5-6% faster on x86_64 Linux — modest by compiled language standards, enormous for Python, and ahead of schedule by over a year. The backstory is worth knowing: the Faster CPython team lost its main funding sponsor in 2025, and there was a period where the JIT project's future looked uncertain. Jin raised the idea of community stewardship, gathered volunteers at the Cambridge core sprint, and the group wrote a plan targeting 5% improvement by 3.15 and 10% by 3.16. They hit the first goal early. Jin is honest about it — he attributes the success as much to luck (right people, right time, right bets) as to any particular technical insight. The team grew from two regular contributors to eleven, largely by breaking the intimidating work of JIT optimisation into manageable, well-documented tasks that new contributors could actually pick up. It's a small case study in how to rescue an open-source infrastructure project through good project management rather than heroic individual effort. The post hit 289 points on Hacker News.

Claude Code shipped twice yesterday. Version 2.1.77 raised the default max output tokens for Opus 4.6 to 64,000, with an upper bound of 128,000 — a significant increase for anyone doing large code generation or analysis. It also fixed a memory leak in the auto-updater that could consume tens of gigabytes, and patched a security issue where PreToolUse hooks returning "allow" could bypass deny rules, including enterprise-managed settings. Version 2.1.78 followed hours later with plugin data persistence, new frontmatter options for plugin agents, and another round of fixes. The broader context: version 2.1.76 from last week introduced MCP elicitation support — meaning MCP servers can now request structured input from the user mid-task, which opens up interactive multi-step workflows that weren't possible before. And 2.1.75 turned on the 1-million-token context window for Opus 4.6 by default for Max, Team, and Enterprise users. Four releases in five days. The pace is relentless.

On Hacker News, the top story with 566 points is that the "unhackable" Xbox One has been hacked. The 2013 console finally fell to voltage glitching — a hardware attack that manipulates power supply to allow unsigned code at every boot level. Thirteen years is a genuinely impressive run for console security. The hack was achieved by a researcher called "Bliss." It won't matter to most people, but it closes a chapter in the quiet, long-running war between console manufacturers and modding communities.

Bitcoin sits at $74,370, block height 941,091, fees at 1-2 sat/vB — the mempool remains clear. Strategy continues to accumulate: another 22,337 BTC purchased last week for $1.57 billion, bringing total holdings to 761,068 coins at an average cost of about $75,696 each. That's roughly 3.4% of all bitcoin that will ever exist, held by one company. At current prices they're essentially flat on their position. If you're wondering where the marginal demand is coming from in a market that feels quiet, that's a large part of the answer.

On Delving Bitcoin, a new proposal appeared: BTSL, Bitcoin Transaction Schema Language, a declarative validation schema for PSBT workflows. The idea is to define validation rules for partially signed bitcoin transactions in a structured, machine-readable way rather than writing custom validation code for each workflow. One post so far, so it's early, but the concept of standardising PSBT validation is the kind of infrastructure work that could matter as multi-party transaction workflows become more common. Elsewhere, UltrafastSecp256k1 continues to be active at 10 posts and 271 views, and the wallet backup discussion thread has grown to 33 posts. The post-quantum conversation (SHRINCS, compact isogeny PQC, PQ provers) continues to dominate the research topics.

On the bitcoin-dev mailing list, the P2SKH proposal — Pay to Schnorr Key Hash — was withdrawn by its author after a constructive technical discussion. The proposal would have used Schnorr key recovery to avoid embedding the public key in the witness, saving about 12 bytes. But as several contributors pointed out, BIP340's pubkey prefixing (hashing over H(R, P, m) rather than H(R, m)) is a deliberate design choice that enables MuSig and key aggregation, and breaking that for 12 bytes of savings while removing scriptability wasn't a compelling trade. The discussion itself was worth reading for anyone interested in why BIP340 made the choices it did.

References