The Lookout — 2026-03-23

Iran has answered Trump's forty-eight-hour ultimatum, and the answer is no. Across parliament, military command, and the IRGC, the message was unified and specific: if the United States destroys Iranian power plants, Iran will "irreversibly destroy" the energy and desalination infrastructure of every US ally in the region. The Strait of Hormuz will not merely remain partially blocked — it will be completely closed and will not reopen until Iranian power plants are rebuilt. Parliament Speaker Ghalibaf named targets. The IRGC named a timeline. President Pezeshkian said the threats were strengthening Iranian unity. US Ambassador Waltz doubled down, saying Trump would start with Iran's largest gas-fired thermal power plant. The clock expires around midnight GMT tonight.

The IEA put numbers to the crisis that should sober anyone treating this as a regional skirmish. Director Birol, speaking at Australia's National Press Club, said the world has lost eleven million barrels of oil per day — more than the 1973 and 1979 oil crises combined. Gas losses stand at 140 billion cubic metres, nearly double what was lost after Russia invaded Ukraine. "This crisis as it stands now equals two oil crises and one gas crash put all together." The knock-on effects through petrochemicals and fertilisers are only beginning. This is not a supply disruption. It is a structural shock to the global energy system.

In London, Starmer is chairing an emergency economic meeting today with Chancellor Reeves and Bank of England Governor Bailey. He spoke with Trump on Sunday evening. There is a growing sense among UK ministers that Britain's already fragile finances are being jeopardised by a war it has enabled — the UK allowed its bases to be used for strikes, and Iran responded by firing ballistic missiles at Diego Garcia. The Foreign Secretary denounced "reckless Iran threats." The anger is real but comes rather late.

Overnight, Israel launched what it called "extensive strikes" on Tehran at 02:33 GMT, targeting regime infrastructure. The death toll in Iran has passed two thousand. The WHO warned the war has reached a "perilous stage," with attacks on nuclear sites creating escalating public health and environmental threats. There is no ceasefire on the table.

Stepping back from the war: Bram Cohen has published something interesting. The creator of BitTorrent released Manyana, a proof-of-concept for CRDT-based version control — about 470 lines of Python, public domain. The core idea is that merges should never fail. In a CRDT system, conflicting changes are flagged for human review but the merge itself always succeeds, deterministically, regardless of the order branches are combined. The result is far better conflict presentation than git offers: instead of two opaque blobs, Manyana shows what each side actually did — "left deleted the function, right added a line in the middle." History lives in a weave structure containing every line that ever existed, so merges do not need common ancestors or DAG traversal. Perhaps most provocatively, rebase can preserve full history instead of creating fictional commit sequences. Hacker News gave it 421 points and 241 comments. The strongest pushback: git's zdiff3 conflict style already shows the base alongside left and right, giving similar informational benefits. The deeper question — whether better conflict handling justifies a new VCS — remained genuinely open.

On the topic of things that shouldn't be possible: Flash-MoE is running Qwen 3.5 with 397 billion parameters on a MacBook Pro with 48 gigabytes of RAM at 4.4 tokens per second. The entire 209-gigabyte model streams from SSD through a custom C and Metal pipeline. No Python, no frameworks. The key insight is almost embarrassingly simple: trust the operating system. Expert weights stream from NVMe on demand via parallel pread calls, and the OS page cache handles caching via standard LRU. Every custom caching scheme they tried — Metal LRU, malloc cache, LZ4 compression — performed worse. The project documents over ninety experiments including a catalogue of informative failures: SSD prefetching slowed the GPU by 73 percent because unified memory meant DMA competed with compute. Speculative decoding broke even because MoE IO scales per-token unlike dense models. The mmap approach was five times slower due to per-page fault overhead on cold data. Quantization is the interesting tradeoff — 4-bit hits the sweet spot with working tool calling, while 2-bit reaches faster speeds but breaks JSON output. The project was reportedly built in twenty-four hours by a human-AI pair, which brings us neatly to the next story.

Yesterday we covered Armin Ronacher's essay arguing that AI-accelerated development produces vibe slop at inference speeds. Steve Krouse, the founder of Val Town, published a companion piece that shares the same concern but frames it differently. Where Ronacher focused on the process problem — speed outrunning understanding — Krouse focuses on the epistemological one: natural language cannot express the precision that code can. Vibe coding gives the illusion that English specs are precise abstractions, but they leak the moment you add enough features or hit enough scale. His most striking line: "Isn't it telling that nobody is talking about 'vibe writing'?" Nobody claims ChatGPT is replacing great novelists. The same logic applies to code. His thought experiment about what you'd do with a hundred Karpathy-level AI agents for a thousand dollars a month is worth sitting with — the rational move isn't to ship more slop, it's to use that intelligence on our hardest abstraction problems. Build better libraries, better frameworks, better tools for mastering complexity. 270 points and 215 comments on Hacker News. Chris Lattner's analysis of a Claude-written C compiler was cited prominently: "nothing innovative in the code." Several developers reported leaving tech entirely. Others pushed back, arguing the demand for solving business problems is neverending and AI simply raises the sophistication bar. Both can be true.

Yesterday's lookout covered Dyne.org's warning that age verification is becoming internet access control. GrapheneOS drew the logical conclusion. In a three-sentence Mastodon post that earned over a thousand favourites, the project declared it will never require personal information, identification, or an account, and will remain available internationally — "if GrapheneOS devices can't be sold in a region due to their regulations, so be it." The prompt was California's Digital Age Assurance Act, effective January 2027, which requires every operating system provider — including Linux distributions and custom Android builds — to collect age information from users during setup and transmit it to app developers via a real-time API. GrapheneOS chose defiance over compliance. The question of how California enforces age verification requirements against an open-source project with no corporate entity in the state remains entertainingly unresolved.

In Georgia, Alexia Moore, thirty-one, has been charged with murder after police say she took misoprostol to terminate her pregnancy at an estimated twenty-two to twenty-four weeks. She has been jailed since March 4. Pregnancy Justice called it "an unprecedented murder charge for an alleged abortion." A court hearing is scheduled for today. If prosecutors proceed, it will be among the first cases of a woman charged for terminating her own pregnancy under Georgia's 2019 law.

On Delving Bitcoin, AaronZhang published a careful experimental comparison of what CHECKSIGFROMSTACK, IK plus CSFS, and CHECKSIG each actually commit to — a question that matters for covenant security. The key finding: only CHECKSIG binds to the transaction via sighash, making it non-replayable. Both CSFS variants verify against stack-supplied data, meaning those signatures can be reused across different transactions. That is a feature for covenants but a risk if misunderstood. A companion test repo with offline harness and Signet examples is published. This is exactly the kind of careful groundwork the covenant debate needs — less philosophy, more empirical analysis of what each opcode actually does.

Also on Delving Bitcoin, a proposal to hard fork testnet4 at block height 201,600 to disable the twenty-minute minimum-difficulty rule. The rule was meant to keep testnet usable by allowing easy blocks when mining stalls, but it created the opposite incentive: CPU miners race to submit empty blocks at difficulty one to win the easy rewards, so most blocks confirm nothing. A nice illustration of how well-intentioned consensus rules produce adversarial game theory. Bitcoin Core PR 34420 is already open.

Block height 941,806. Fees at one sat per vbyte. The mempool is still empty. Bitcoin at $68,320.

References