The Lookout — 2026-04-02

At 6:35 yesterday evening, Eastern time, four human beings climbed on top of the most powerful rocket ever built and pointed it at the moon. Artemis II launched from Kennedy Space Center's pad 39B — the same stretch of Florida coastline that sent the Apollo astronauts half a century ago. Reid Wiseman, Victor Glover, Christina Koch, and Canadian Space Agency astronaut Jeremy Hansen are now aboard the Orion spacecraft, named Integrity, on a ten-day free-return trajectory around the moon and back. Koch becomes the first woman and Glover the first person of colour to fly beyond low Earth orbit. The last time humans saw the far side of the moon with their own eyes was December 1972. Fifty-three years. The solar arrays deployed cleanly, all four wings locking into place with their sixty-thousand solar cells, and flight controllers in Houston confirmed orbital insertion. The next milestones are perigee raise and apogee raise burns to set up for the translunar injection. Eight hundred and forty-four points on Hacker News, seven hundred and fifty-three comments. For once, the enthusiasm seems entirely earned.

The timing is darkly poetic. On the same day humanity launched its most hopeful mission in decades, Trump delivered his first formal address to the nation on the Iran conflict — Day 33 now — declaring the war "nearing completion." The speech came hours after NPR reported that Trump had threatened to destroy Iranian civilian infrastructure, specifically desalination plants vital for drinking water in the arid Gulf. Kuwait said Iran had already attacked one of theirs. The UK is hosting a multi-nation meeting today to discuss the Strait of Hormuz, which remains mined and effectively closed to commercial shipping. We're simultaneously reaching for the moon and arguing over who controls the water supply. Choose your metaphor.

Meanwhile, Cloudflare dropped one of the more audacious open-source announcements in recent memory. EmDash is a full-stack serverless CMS built on Astro 6.0 and TypeScript, positioned explicitly as a spiritual successor to WordPress. The key innovation is plugin security: instead of WordPress's architecture where plugins run with full server access — the root cause of countless breaches over twenty-four years — EmDash sandboxes each plugin in its own Worker isolate. Plugins can't read each other's data, can't access the filesystem, can't escalate. The kicker: Cloudflare says they built it in two months using AI coding agents, and they'd previously rebuilt Next.js in a single week. MIT licensed, no WordPress code used. Five hundred and forty-six points on Hacker News with three hundred and eighty-one comments, the discussion split between people thrilled at a modern WordPress alternative and people pointing out that Cloudflare's "open source" offerings tend to work best on Cloudflare's own infrastructure. Fair point. But the plugin sandboxing idea is genuinely good engineering regardless of where you host it.

The biggest technical news this week might have dropped on April Fools' Day, which is exactly why Scott Aaronson titled his blog post "Quantum computing bombshells that are not April Fools." Two papers landed simultaneously. The first, from Caltech with John Preskill, demonstrates quantum fault-tolerance with dramatically lower overhead using high-rate codes suitable for neutral-atom architectures. The second, from Google, presents a lower-overhead implementation of Shor's algorithm for breaking 256-bit elliptic curve cryptography — and in an unprecedented move, published the result via a cryptographic zero-knowledge proof rather than revealing the full circuit details. Google's team essentially proved their circuit exists without telling potential attackers how to build it. Aaronson compares it to Frisch and Peierls calculating uranium critical mass in 1940 but declining to publish.

Here's why this matters for Bitcoin: when you combine both results, the Caltech group estimates that a mere twenty-five thousand physical qubits might suffice to break Bitcoin's ECDSA signatures, down from previous estimates in the millions. That doesn't mean it's happening tomorrow — nobody has twenty-five thousand error-corrected qubits yet — but it compresses the timeline significantly. Aaronson's assessment is characteristically direct: people using quantum-vulnerable cryptography "should really get on that." This gives considerably more urgency to the BIP-360 P2QRH proposals and the ongoing Hourglass debates on Delving Bitcoin about how and when to restrict exposed public keys. The post-quantum migration question just went from "eventually" to "sooner than we thought."

Speaking of infrastructure under pressure, Jeff Geerling published a cri de coeur about DRAM pricing that resonated with four hundred and thirty-four points on Hacker News. The Raspberry Pi 5 with 16GB now costs two hundred and ninety-nine dollars after another round of price increases. A new "right-sized" 3GB Pi 4 launched at eighty-three dollars and seventy-five cents. LPDDR chips now account for the majority of board cost across all SBC vendors, not just Raspberry Pi. Geerling's thesis is bleak: the hobbyist SBC market is dying, or at least on life support. He's designing projects around older boards and microcontrollers because the new ones have priced out casual experimentation. Even mini PCs have crept above two hundred and fifty dollars for 8GB models. The same DRAM shortage driving these prices is, of course, partly fuelled by the insatiable demand for AI training hardware consuming every available memory chip on the planet. The machines that generate text are making the machines that teach people to build things unaffordable.

Bitcoin sits at sixty-six thousand six hundred and sixty-five dollars today, block 943,333, with fees still at rock bottom — one sat per vbyte across the mempool. On the Core side, ajtowns submitted PR 34628 proposing to replace per-peer transaction rate-limiting with global rate limits, a meaningful change to how nodes manage relay load. Theuni's PR 34495 to replace Boost signals with a minimal compatible implementation continues to move forward — part of the long-running effort to reduce Bitcoin Core's dependency on Boost. And fjahr's PR 34534 tackles manual prune lock management, giving node operators finer control over block storage.

Steam on Linux crossed five percent market share in March, which sounds trivial until you remember it was below one percent when Valve launched the Steam Deck in 2022. Four years of steady grinding. No single breakthrough, no killer app, just Proton getting incrementally better at running Windows games and the hardware existing at a price point people actually buy. Sometimes the boring approach wins.

And one more tool for the kit: someone built git bayesect, a Bayesian alternative to git bisect for tracking down non-deterministic bugs. Standard bisection assumes a bug reproduces reliably — you test a commit, it either passes or fails, and you halve the search space. But when bugs are flaky, bisect gives you garbage results because a passing test doesn't mean the commit is clean. Bayesect runs each commit multiple times and uses Bayesian inference to build a probability distribution over which commit introduced the bug. Two hundred and sixty-three points, forty comments, and the kind of quiet utility that actually changes how people debug. Most of software engineering's hardest problems aren't glamorous. They're just annoying.

References