The A4 flyover at Brentford is more than 60 years old, and problems with it emerged almost immediately – and have only got worse since. CC-licensed photo by stevekeiretsu on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 9 links for you. Overlooked. I’m @charlesarthur on Twitter. On Threads: charles_arthur. On Mastodon: https://newsie.social/@charlesarthur. On Bluesky: @charlesarthur.bsky.social. Observations and links welcome.
Missing money, shipped chips and a 350,000% profit: key takeaways on AI “phantom investments” • The Guardian
Aisha Down:
»
A Guardian investigation has examined a series of massive AI investments announced by the government over the past two years, comparing what was promised with what has so far been delivered.
The investigation centres on two companies backed by the chipmaker Nvidia and central to the UK’s AI plans, Nscale and CoreWeave.
It has found that large, promised sums do not represent real investments into the UK’s economy, that new datacentres are not in fact new, and that a giant supercomputer set to be online later this year is still being used by a construction company in Essex.
Here are some of the key details at a glance.
1. A supercomputer centre set to be built this year is still a scaffolding yard in Loughton
The Guardian visited a site in Essex that is supposed to host “one of the most powerful AI computing centres ever built”, built by Nscale. The government and Nscale say this supercomputer is supposed to be up by the end of this year.The site is still being used as a scaffolding yard by a different company. While Nscale said more than a year ago that it had already bought the site, land records seem to show that it is not registered as the owner of the land. Nscale is very unlikely to finish constructing a “top tier” supercomputer there this year.
2. The UK government has not checked the numbers when it comes to massive AI investments
The Guardian asked the government about key investments worth billions of pounds, including from Nscale and CoreWeave. The government said that these numbers came from the companies themselves, and that it had no mechanism in place to audit them. It could not say what these investments involved: equipment, capital or something else.Asked about a contract it said had been signed to build the supercomputer in Loughton, the government did not answer. Instead, it said the entire related investment, $2.5bn, did not involve a formal contract, but an intention to commit capital.
«
There’s plenty more, all of it card-shuffling that would do a magician proud. The more closely one looks at all of the AI investments, the less real they seem to be; Potemkin financial villages.
unique link to this extract
Bluesky CEO Jay Graber is stepping down • WIRED
Kate Knibbs:
»
Jay Graber is stepping down as head of Bluesky, the social media platform exclusively announced to WIRED. Venture capitalist Toni Schneider will be the interim CEO until a permanent replacement is found.
“As Bluesky matures, the company needs a seasoned operator focused on scaling and execution, while I return to what I do best: building new things,” Graber wrote in a statement about the personnel change.
Graber joined Bluesky in 2019, when it was a research project within Twitter focused on developing a decentralized framework for the social web. She became the company’s first chief executive officer in 2021, when it spun out into an independent entity. She oversaw the platform’s remarkable rise and the growing pains it experienced as it transformed from a quirky Twitter offshoot to a full-fledged alternative to X.
Schneider tells WIRED that he intends to help Bluesky “become not just the best open social app, but the foundation for a whole new generation of user-owned networks.”
Schneider, who will continue working as a partner at the venture capital firm True Ventures while at Bluesky, was previously CEO of the WordPress parent company, Automattic, from 2006 to 2014. He also served as its CEO again in 2024 while top executive Matt Mullenweg went on a sabbatical. During that time, Schneider met Graber and became an adviser to Bluesky’s leadership. In a blog post announcing his new role, Schneider said he plans to emphasize scaling, describing his job as “to help set up Bluesky’s next phase of growth.”
This isn’t the end for Graber and Bluesky. She will transition to become the company’s chief innovation officer, a role focused on Bluesky’s technology stack rather than its business operations.
«
Graber and the moderation team have not been treated nicely by the users of the network, to put it mildly. It’s going to be quite the popcorn moment watching the reaction to a VC who will undoubtedly be looking to make Bluesky wash its face, financially speaking. What are the options? Advertising will be a tough sell (to both advertisers and users); and what is the compelling offering for subscriptions?
unique link to this extract
The forever bottleneck, part 1 • The roads.org.uk blog
Chris Marshall:
»
If you’re familiar with the M4 in West London, you’ll know only too well the narrow viaduct at Brentford. A three-lane motorway narrows to two lanes on the way in to London, resulting in a near-permanent traffic jam.
Just arrived, over on the website, is the complete booklet published in 1964 to mark the opening of this section of motorway, which ran from Chiswick to Langley (J1-5). It’s the latest addition to my collection of these commemorative publications.
Like all these booklets, it’s a fascinating window into another world. It offers photographs of the motorway under construction – including, most notably, that long elevated viaduct above the Great West Road through Brentford.
The booklet is understandably very proud of this feature: it was completely unique in the UK when it first opened, and considered a real achievement, not least since it had been built while traffic continued to flow on the A4 underneath. But that pride didn’t last long. Just eight years after it opened, the panel of the Layfield Inquiry described it like this:
»
“Present traffic on this road clearly demonstrates…the inadequacy of the dual 2 lane elevated section in the Chiswick/Brentford area. [The Ministry of Transport] gave evidence which indicated that widening of the present elevated road, either elevated or at ground level, was not possible within limits of conceivable expenditure.”
«
Because this brand-new road was already a problem, and the problem could not be solved, the panel had to conclude:
»
“It is clear that the M4 will have to be included in the primary principal road network, but clear also that every effort must be made to reduce or reroute some of the traffic it now carries…”
«
Within a decade of opening, planners wanted to encourage traffic away from the M4, thanks to a design flaw that could not be fixed. Something had gone very wrong.
«
Absolutely fascinating post (and only the first on the topic!) about a piece of road that almost everyone will have driven along, because it’s part of the arterial road from London to the west.
Read it if only for the solution to de-icing: can’t use salt as that would be bad for the concrete and iron rebar, so it had embedded electrical heating. With a demand of 8 MEGAWATTS: “at the UK’s current electricity prices would cost about £2,000 per hour to run.” Soon abandoned; salt was used instead, with deleterious results.
unique link to this extract
Anthropic’s AI hacked the Firefox browser. It found a lot of bugs • WSJ
Robert McMillan:
»
It took Anthropic’s most advanced artificial-intelligence model about 20 minutes to find its first Firefox browser bug during an internal test of its hacking prowess.
The Anthropic team submitted it, and Firefox’s developers quickly wrote back: This bug was serious. Could they get on a call? “What else do you have? Send us more,” said Brian Grinstead, an engineer with Mozilla, Firefox’s parent organization.
Anthropic did. Over a two-week period in January, Claude Opus 4.6 found more high-severity bugs in Firefox than the rest of the world typically reports in two months, Mozilla said.
Tools powered by AI are increasingly adept at spotting vulnerabilities and are beginning to rival the talents of seasoned security experts. Some experts worry that those same capabilities will unleash a new wave of cyberattacks as bugs are discovered and then exploited more quickly than ever before.
Claude’s bug bonanza began after Anthropic’s security team decided that it would be interesting to focus its software on a widely used and complex piece of browser software that has been under the microscope for years.
Firefox is the modern version of the Web’s first commercial browser, Netscape Navigator. Its code is now managed under the umbrella of the not-for-profit Mozilla Foundation. Navigator launched its first bug bounty program more than 30 years ago, offering cash to those who identify potential weaknesses that bad actors could abuse. Mozilla typically pays as much as $6,000 for high-severity bugs.
In the two weeks it was scanning, Claude discovered more than 100 bugs in total, 14 of which were considered “high severity.” That means that if the right “exploit code” had been created, they could have been used in a widespread attack on Firefox’s users.
…AI tools are both a blessing and a curse for software developers. In January, the makers of Curl software abandoned their own bug bounty program, citing “an explosion in AI slop reports.” Fewer than one in 20 bugs reported in 2025 were actually real, said Daniel Stenberg, Curl’s lead developer.
«
That’s the real problem: they’re great at highlighting what they think are bugs, but are they really? In Firefox yes; in curl no. Or m,aybe vice-versa? You’d really want the LLM to write some exploit code to demonstrate it, but that opens a whole new can of worms; Pandora’s bug reporter has been opened.
unique link to this extract
X suspends 800m accounts in one year amid ‘massive’ scale of manipulation attempts • The Guardian
Dan Milmo:
»
Elon Musk’s X said it had suspended 800m accounts over a 12-month period as it fights the “massive” scale of attempts to manipulate the platform.
The social media company told MPs it was continually fighting state-backed attempts to hijack the agenda on its network, with Russia the most prolific state actor, followed by Iran and China.
As part of the battle against such content, X suspended 800m accounts in 2024 for breaching its rules on platform manipulation and spam, although it did not reveal which of those suspensions related to foreign interference. X has approximately 300 million monthly users worldwide.
Wifredo Fernández, a government affairs executive at the platform’s parent company, X Corp, said: “There are efforts every single day to create inauthentic networks of accounts.”
Speaking to MPs on the foreign affairs committee via video link on Monday, Fernández said attempts to manipulate the platform or flood it with spam had not subsided and “several hundred million accounts” had been taken down in the latter part of last year as well. Fernández added he was “quite confident” that the remaining accounts on X were authentic.
X defines manipulative accounts as those that engage in “bulk, aggressive or disruptive activity that misleads others and/or disrupts their experience”. It refers to spam as “unsolicited, repeated actions” that affect other accounts, often meaning a stream of low-quality content.
«
So you’re saying there are lots and lots and lots and LOTS of bots on the platform? Useful to know.
unique link to this extract
US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine • TechCrunch
Lorenzo Franceschi-Bicchierai:
»
A mass hacking campaign targeting iPhone users in Ukraine and China used tools that were likely designed by US military contractor L3Harris, TechCrunch has learned. The tools, which were intended for Western spies, wound up in the hands of various hacking groups, including Russian government spooks and Chinese cybercriminals.
Last week, Google revealed that over the course of 2025, it discovered that a sophisticated iPhone-hacking toolkit had been used in a series of global attacks. The toolkit, dubbed “Coruna” by its original developer, was made of 23 different components first used “in highly targeted operations” by an unnamed government customer of an unspecified “surveillance vendor.” It was then used by Russian government spies against a limited number of Ukrainians and finally by Chinese cybercriminals “in broad-scale” campaigns with the goal of stealing money and cryptocurrency.
Researchers at mobile cybersecurity company iVerify, which independently analyzed Coruna, said they believed it may have been originally built by a company that sold it to the US government.
Two former employees of government contractor L3Harris told TechCrunch that Coruna was, at least in part, developed by the company’s hacking and surveillance tech division, Trenchant. The two former employees both had knowledge of the company’s iPhone hacking tools. Both spoke on condition of anonymity because they weren’t authorized to talk about their work for the company.
“Coruna was definitely an internal name of a component,” said one former L3Harris employee, who was familiar with iPhone hacking tools as part of their work at Trenchant.
«
Give it a few years we’ll probably all have a copy, at the rate this seems to be getting handed around.
unique link to this extract
Insider trading is going to get people killed • The Atlantic
Saahil Desai:
»
Polymarket traders swap crypto, not cash, and conceal their identities through the blockchain. Even so, investigations into insider trading are already under way: Last month, Israel charged a military reservist for allegedly using classified information to make unspecified bets on Polymarket.
The platform forbids illegal activity, which includes insider trading in the U.S. But with a few taps on a smartphone, anyone with privileged knowledge can now make a quick buck (or a hundred thousand). Polymarket and other prediction markets—the sanitized, industry-favored term for sites that let you wager on just about anything—have been dogged by accusations of insider trading in markets of all flavors. How did a Polymarket user know that Lady Gaga, Cardi B, and Ricky Martin would make surprise appearances during the Super Bowl halftime show, but that Drake and Travis Scott wouldn’t? Shady bets on war are even stranger and more disturbing. They risk unleashing an entirely new kind of national-security threat. The U.S. caught a break: The Venezuela and Iran strikes were not thwarted by insider traders whose bets could have prompted swift retaliation. The next time, we may not be so lucky.
The attacks in Venezuela and Iran—like so many military campaigns—were conducted under the guise of secrecy. You don’t swoop in on an adversary when they know you are coming. The Venezuela raid was reportedly so confidential that Pentagon officials did not know about its exact timing until a few hours before President Trump gave the orders.
…Consider if the Islamic Revolutionary Guard Corps had paid the monthly fee for a service that flagged relevant activity on Polymarket two hours before the strike. The supreme leader might not have hosted in-person meetings with his top advisers where they were easy targets for missiles. Perhaps Iran would have launched its own preemptive strikes, targeting military bases across the Middle East. Six American service members have already died from Iran’s drone attacks in the region; the death toll could have been higher if Iran had struck first. In other words, someone’s idea of a get-rich-quick scheme may have ended with a military raid gone horribly awry. (The Department of Defense did not respond to a request for comment.)
Maybe this all sounds far-fetched, but it shouldn’t. “Any advance notice to an adversary is problematic,” Alex Goldenberg, a fellow at the Rutgers Miller Center who has written about war markets, told me. “And these predictive markets, as they stand, are designed to leak out this information.”
«
CFO gets prison time after losing $35m of company money in crypto side hustle • Decrypt
Stephen Graves:
»
A Washington man has been sentenced to two years in prison after diverting $35m in funds from his former employer to his own DeFi platform—and losing nearly all of it.
Nevin Shetty, 42, was found guilty of wire fraud last November for taking and misusing funds from the private software company at which he worked.
Shetty, who drafted a “conservative” company investment policy, secretly moved $35m in company funds to his side business HighTower Treasury, after being told in April 2022 that his role as CFO would end due to performance issues. Those funds were then invested in high-yield DeFi lending protocols that promised returns of 20% or more.
Per the DOJ’s statement, Shetty planned to pay his employer a “comparatively small, fixed amount,” keeping the remainder of the returns for HighTower. Initially, the scheme paid off, earning some $133,000 in its first month for Shetty and his HighTower business partner.
The wheels came off in May 2022, following the Terra collapse and the subsequent crypto winter, with Shetty’s HighTower crypto investments plummeting in value from $35m to near zero.
After confessing to colleagues at his employer, Shetty was fired from the company, which, according to trial judge Tana Lin, suffered “significant and severe effects” as a result of his theft, adding that his actions “almost put the company out of business.”
«
Two years, but the prosecution was looking for nine. Hard to know if longer jail terms are really a deterrent to rank stupidity combined with venality and, one suspects, a bit of resentment about the company letting him go the first time.
unique link to this extract
Musk’s spam frustration was ‘confusing’ to ex-Twitter executives • Bloomberg via BloombergLaw
Isiah Poritz and Kurt Wagner:
»
Two former top executives at Twitter Inc. sought to beat back Elon Musk’s narrative at a jury trial that they lied to him about the makeup of the platform’s user base when he was purchasing the company in 2022.
Parag Agrawal, who was chief executive officer, and Ned Segal, the chief financial officer, took the witness stand Friday in an investor trial over Musk’s tumultuous $44 billion buyout of the company.
But the two men, both of whom were fired right as Musk took control of the social networking platform, offered few detailed recollections of the chaotic weeks surrounding his attempt to back out of the deal and stopped short of criticizing his behavior.
Agrawal was asked for his reaction to Musk’s May 13, 2022, tweet at the heart of the case stating the purchase agreement was “temporarily on hold.” Testifying Friday in jeans and a t-shirt, Agrawal was brief, saying, “It did not make sense to me.”
Segal, who testified most of Thursday, also was concise. “I was displeased,” was his only reaction to another tweet from Musk blasting Twitter’s methodology for counting how much of its user base was fake accounts, or bots.
The investors claim Musk’s public bashing of the company was actually an effort to drive down the stock price and gain himself a better bargaining position.
The two days of testimony from Agrawal and Segal pushed back on Musk’s own recollection that he was always committed to the deal, but genuinely believed that Twitter had lied to him about the percentage of spam accounts.
Musk told the jury he was “stunned” that Agrawal, Segal and other Twitter executives could not provide more details about the bot count methodology during their first meeting on May 6 after signing the acquisition agreement. Musk said the bot issue was important, likening it to investigating a termite infestation while purchasing a house.
«
If that’s what Musk thinks the problem is like, he’s definitely let it completely undermine the foundations since then.
unique link to this extract
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Read Social Warming, my latest book, and find answers – and more. |
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 