Europe's €2B sovereign cloud bet is undermined by US-controlled processors, Fisker's bankrupt EV owners ship open-source firmware, and AI has made CTF competitions unplayable

Electrek

Fisker Went Bankrupt and Owners Built an Open Source Car Company from the Ashes

When Fisker Inc. filed for bankruptcy in June 2024, around 11,000 Ocean SUV owners discovered that their vehicles' cloud-dependent features stopped working — locking features, navigation, and over-the-air updates all tied to servers the company could no longer afford to run. The Fisker Owners Association formed a nonprofit, reverse-engineered the proprietary firmware, and released open-source patches, diagnostic tools, and a distributed repair network to keep the cars operational. The story is a live demonstration of what right-to-repair advocates have long argued: software-defined products create a new class of abandonment risk where the physical product is functional but the software dependency makes it inoperable. The community's success makes a policy case for mandatory software escrow funds and open-source fallback provisions — conditions that could be attached to EV type approvals the same way crash-test requirements are.

abgeo.dev

Cheap Smart Doorbell Allows Fleet-Wide Account Takeover and Call Hijacking

A security researcher found a chain of critical vulnerabilities in the Smart Doorbell X3, sold on Temu: hardcoded authentication using a fixed, forgeable SHA1 signature; sequential device IDs that make the entire device fleet enumerable; and leaked per-device credentials that allow any attacker to silently intercept and answer doorbell calls for any device in the world. The vulnerabilities are not edge cases — they are architectural choices that make the attack trivial to execute at scale. Without over-the-air update capability, affected owners have no remediation path beyond network segmentation or hardware replacement. The research is a useful data point in the ongoing debate about baseline IoT security requirements: features like secure boot, cryptographically unique device identity, and mandatory OTA patching are not engineering niceties but prerequisites for operating a device on the public internet.

Hacker News

OpenClaw Creator Spent $1.3M on OpenAI Tokens in 30 Days

OpenAI employee Peter Steinberger shared data showing roughly 600 billion tokens consumed during a single month of developing OpenClaw, his AI agent framework — approximately $1.3 million at standard API rates. As an OpenAI employee Steinberger likely has subsidized access, and external developers using cheaper tiers would see a monthly bill in the $12,000–$15,000 range for comparable usage. The HN thread draws parallels to earlier tech-bubble excess: significant compute consumption without clear unit economics or evidence that the throughput produces proportional value. The disclosure matters less as gossip and more as a signal about the cost structure of serious agentic development — and the degree to which subsidized internal access at frontier labs distorts practitioners' intuitions about what is economically viable to build.

arXiv

δ-mem: Efficient Online Memory for Large Language Models

Researchers propose δ-mem, a lightweight memory mechanism that augments LLMs without expensive context window expansion: historical information is compressed into a fixed-size 8×8 state matrix, which generates low-rank corrections to standard attention calculations at inference time. The approach achieves 1.10× performance improvement over baseline models and 1.15× over competing memory architectures, with no model retraining required. The design is explicitly targeted at long-running assistant and agent deployments where retaining information across sessions matters but growing context windows are prohibitively expensive. It sits in an emerging class of solutions — alongside retrieval-augmented generation and compressed KV-cache approaches — that treat the memory problem as distinct from the context problem, rather than solving it by simply increasing the context budget.

seangoedecke.com

DeepSeek-V4-Flash Means LLM Steering Is Interesting Again

LLM steering — the practice of injecting activation vectors to shift model behavior at inference time — has been theoretically appealing but practically limited to models too weak for production use. DeepSeek-V4-Flash changes that equation: it is capable enough to be useful and open enough to allow full activation access, making steering a viable research path on real-world tasks for the first time. The author remains skeptical that steering will outperform prompting in practice, since prompting achieves comparable behavioral shifts at far lower engineering cost, but acknowledges that the open-source tooling ecosystem (including DwarfStar 4) is now mature enough that the question can be answered empirically rather than argued theoretically. This is a useful reframe: steering was never uninteresting, it was just untestable at useful scale.

Blocks & Files

Kioxia and Dell Cram 10 PB into a Slim 2RU Server

Kioxia and Dell have combined Kioxia's LC9 QLC SSDs — 245.76 TB per drive, 40 drives per chassis — with Dell's PowerEdge R7725xd to deliver approximately 10 petabytes of flash storage in 2 rack units. AMD EPYC 9005 processors and up to 5× 400 Gbps network interfaces round out the configuration. A fully populated rack of 20 such servers would deliver roughly 196 petabytes — enough to store around 20 years of high-definition video in a standard rack footprint. The milestone reflects QLC flash maturing from a cost compromise to the density leader: whereas earlier QLC generations traded endurance for capacity, the LC9's application profile suggests the technology has crossed the threshold for primary storage workloads, not just cold archive tiers.

kabir.au

The CTF Scene Is Dead

The author argues that frontier AI models have crossed the threshold where they can reliably solve CTF challenges autonomously, making competition leaderboards an unreliable proxy for human cybersecurity skill. The problem is structural rather than marginal: AI agents don't cheat by having faster reflexes, they solve the underlying problem domain that the challenge was designed to test. Attempts to detect or penalize AI-assisted solutions face the same adversarial dynamics as any detection problem — and the gap between what a determined team with AI agents can field versus what a detection system can identify is growing. The competitive format, where leaderboard position is the product, is likely irreversibly compromised; the networking and learning value of the broader CTF community remains intact.

Frank M Taylor's Blog

You Don't Know HTML Lists

A thorough look at five HTML list types that developers routinely collapse into a single mental model: control lists (select, datalist), ordered lists, description lists (dl/dt/dd), menus, and unordered lists. The author's organizing principle is that semantic meaning — not visual appearance — should drive element selection: if changing item order would alter the list's meaning, it is ordered; if items represent key-value pairs or metadata, description lists are the correct choice. The description list and datalist elements are highlighted as particularly underused: dl/dt/dd provides native key-value semantics that divs with CSS cannot replicate, and datalist works across input types most developers haven't tried. The piece is a practical corrective to the tendency to choose list elements based on what they look like by default rather than what they mean.

unstack.io

Halt and Catch Fire

The phrase 'Halt and Catch Fire' originated as a joke among programmers about undocumented three-letter mnemonics that could cause CPUs to stop functioning or physically overheat. The article traces the history of these dangerous opcodes across the IBM System/360, Motorola 6800, and the 6502, documenting how engineers paradoxically used them intentionally for hardware diagnostics — the erratic oscilloscope patterns produced by a crashing processor turned out to be useful fault signatures. This tradition of weaponizing undefined behavior for diagnostic purposes persisted through processor generations until the Pentium F00F bug in 1997, where a specific undocumented instruction sequence locked up any Pentium regardless of privilege level, requiring a microcode patch pushed through the operating system to intercept and neutralize. The story is a reminder that the boundary between 'dangerous undocumented behavior' and 'useful diagnostic primitive' has always been thinner than processor architects would prefer.