A remarkable investigation by Nepal police suggests some climbers were made ill for an insurance scam. CC-licensed photo by Mark Horrell on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 9 links for you. Elevated. I’m @charlesarthur on Twitter. On Threads: charles_arthur. On Mastodon: https://newsie.social/@charlesarthur. On Bluesky: @charlesarthur.bsky.social. Observations and links welcome.
Apple at 50: the roots of a tech revolution • Financial Times
Patrick McGee:
»
Vicki Amon-Higa, whom [Steve] Jobs hired in early 1990 from the power utility Florida Power & Light, characterises his approach at the time as “brute force and great people”.
The idea was that you hire geniuses, lock them in a room and apply pressure until brilliant products emerge. Process, by contrast, sounded bureaucratic and stultifying. Process was not just absent from Jobs’ thinking; it was antithetical to it. Amon-Higa says Jobs understood “small q quality” (a narrow focus on product) but did not grasp “big Q quality” (how to enforce standards across the entire organisation).
…She invited her mentor, Noriaki Kano, a quality expert who emphasised customer satisfaction, and Juran — the so-called “architect of quality” whose writings had been promoted by Sarasohn — to speak with NeXT. The impact was profound.
Jobs tended to think that talent was innate, but Kano taught him that people needed to be coached and developed, to bring out their best. Juran, then in his eighties, convinced Jobs to empower the individuals actually doing the work to make improvements and taught him the value, Jobs later said, of “seeing everything as a repetitive process, and to instrument that process, and find out how it’s running”.
He particularly liked that for Juran, quality was just one aspect of a broader system that did not sound stifling. “Dr Juran was one of the few people that I met that had a real down-to-earth approach to it, that didn’t think that quality was the second coming,” Jobs said for a Juran documentary, in late 1991. “He approached it much more scientifically.”
Jobs called Juran’s philosophy “a radically different approach to business processes than the traditional one” — but it was too late for NeXT. Their pipeline of products had no market fit and, by 1993, Jobs was forced to abandon manufacturing.
«
McGee is the author of “Apple in China”, which has been highly praised for its research and writing. This piece traces the origins of Apple’s success in manufacturing back to Japan’s rebirth after World War 2 as a manufacturing giant.
unique link to this extract
Everest guides “secretly poisoned” climbers to trigger costly helicopter rescues’ as part of £15m scam • Daily Mail Online
Perkin Amalaraj:
»
Guides taking tourists up and down Mount Everest have allegedly been secretly lacing climbers’ food to trigger costly helicopter rescues as part of a £15million insurance scam, according to a new investigation.
Poor weather and patchy communications at the world’s tallest mountain have allegedly led to a cottage industry that sees shifty pilots, guides and doctors charging insurance companies for services not rendered.
According to the Kathmandu Post, the fake rescue racket works by getting a climber to stage a medical emergency. A helicopter is then called and taken to a nearby hospital. An insurance claim is then filed that bears little resemblance to what actually happened.
Nepal Police’s Central Investigation Bureau (CIB) identified two ways this scam is manufactured. The first involved tourists who don’t want to walk all the way back down. Treks can take up to two weeks on foot, so guides tell climbers to fake a medical emergency so that a helicopter comes.
But the second method is far more troubling, and involves tricking climbers into thinking they’re having a medical emergency. Above 3,000m, altitude sickness is common. Symptoms include headaches, tingling in the body’s extremities, and a drop in blood oxygen saturation. In most cases, this can be resolved with rest, hydration or a gradual descent.
But Nepal’s CIB says that some guides and hotel staff are told to terrify tourists into thinking an evacuation to a hospital is the only thing that will save them. If this doesn’t work, investigators found that in some instances, guides tried to induce symptoms by giving tourists suffering mild altitude sickness tablets and excessive water.
In at least one case, baking powder was mixed into tourists’ food to make them physically unwell.
«
An amazing storry, apparently all done by the Nepal Police investigating.
unique link to this extract
Lessons from your petrol pump • Financial Times
Tim Harford:
»
In 2002, the economist David Popp published a study of “induced innovation”, tracking the response by inventors to the oil shocks of the 1970s.
The oil price leapt in 1973 and surged further in 1979, before sliding lower throughout the early 1980s. Popp found that patent activity tracked the oil price — for example, there were 10 successful patent applications in the field of solar energy in 1972, but more than 100 in 1974 and about 300 a year in the late 1970s. As the oil price fell back, so did patent activity, with fewer than 50 successful solar patents a year from the mid-1980s onward.
Popp found that a similar story could be told for batteries (a natural complement to solar energy), and patent applications for deriving liquid and gaseous fuels from coal. In each case, the few years of high oil prices led to a few years in which oil-saving patent activity was also high.
Today’s high oil price sends more signals: to find oilfields outside the Gulf region; to build new pipelines and tanker ports that are further from harm; to find ways to defend vulnerable shipping. In fact, there are far too many to list, and that is the point: a price signal — which, of course, is also a monetary incentive — is an invitation to everyone, everywhere, to do things a little differently.
«
There’s plenty more (Harford is always thorough) but the key question seems to be: how long does the price signal have to last before it permeates through all that’s affected?
unique link to this extract
Anthropic is having a month • TechCrunch
Connie Loizos:
»
Here’s what happened on Tuesday: When Anthropic pushed out version 2.1.88 of its Claude Code software package, it accidentally included a file that exposed nearly 2,000 source code files and more than 512,000 lines of code — essentially the full architectural blueprint for one of its most important products. A security researcher named Chaofan Shou noticed almost immediately and posted about it on X. Anthropic’s statement to multiple outlets was nonchalant as these things go: “This was a release packaging issue caused by human error, not a security breach.” (Internally, we’d guess things were less measured.)
Claude Code isn’t a minor product. It’s a command-line tool that lets developers use Anthropic’s AI to write and edit code and has become formidable enough to unsettle rivals. According to the WSJ, OpenAI pulled the plug on its video generation product Sora just six months after launching it to the public to refocus its efforts on developers and enterprises — partly in response to Claude Code’s growing momentum.
What leaked was not the AI model itself but the software scaffolding around it — the instructions that tell the model how to behave, what tools to use, and where its limits are. Developers began publishing detailed analyses almost immediately, with one describing the product as “a production-grade developer experience, not just a wrapper around an API.”
Whether this turns out to matter in any lasting way is a question best left to developers. Competitors may find the architecture instructive; at the same time, the field moves fast.
«
These Raspberry Pi price hikes are no joke • The Verge
Stevie Bonifield:
»
As of today, the price of the 16GB version of the Raspberry Pi 5 is going up by $100, a price bump that’s almost as much as the original $120 price tag. Driven by the ongoing RAM shortage, Raspberry Pi is raising prices on over a dozen of its bare-bones computers, after previous increases in December and February. The increases range from $11.25 to $150.
In a blog post announcing the price increases, Raspberry Pi CEO Eben Upton reiterated that they won’t be permanent, stating, “The circumstances in which we find ourselves are challenging, but in the future they will abate. When they do, we will reverse our price increases, and until they do, we will continue to work hard to limit their impact in every way we can.”
«
And, Upton was obliged to point out, this was not an April Fools joke.
unique link to this extract
Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected • VentureBeat
Louis Columbus:
»
Attackers stole a long-lived npm access token belonging to the lead maintainer of
axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a cross-platform remote access trojan (RAT). The malicious releases target macOS, Windows, and Linux. They were live on thenpmregistry for roughly three hours before removal.Axios gets more than 100 million downloads per week. Wiz reports it sits in approximately 80% of cloud and code environments, touching everything from React front-ends to CI/CD pipelines to serverless functions. Huntress detected the first infections 89 seconds after the malicious package went live and confirmed at least 135 compromised systems among its customers during the exposure window.
…The attacker took over the
npmaccount of @jasonsaayman, a leadaxiosmaintainer, changed the account email to an anonymous ProtonMail address, and published the poisoned packages throughnpm'scommand-line interface. That bypassed the project’s GitHub Actions CI/CD pipeline entirely.The attacker never touched the
axiossource code. Instead, both release branches received a single new dependency: plain-crypto-js@4.2.1. No part of the codebase imports it. The package exists solely to run a postinstall script that drops a cross-platform RAT onto the developer’s machine.The staging was precise. Eighteen hours before the
axiosreleases, the attacker published a clean version of plain-crypto-js under a separatenpm'saccount to build publishing history and dodge new-package scanner alerts. Then came the weaponized 4.2.1. Both release branches hit within 39 minutes. Three platform-specific payloads were pre-built. The malware erases itself after execution and swaps in a clean package.json to frustrate forensic inspection.StepSecurity, which identified the compromise alongside Socket, called it among the most operationally sophisticated supply chain attacks ever documented against a top-10
npm'spackage.…Three
npm'ssupply chain compromises in seven months. Every one started with a stolen maintainer credential.The Shai-Hulud worm hit in September 2025. A single phished maintainer account gave attackers a foothold that self-replicated across more than 500 packages, harvesting npm tokens, cloud credentials, and GitHub secrets as it spread. CISA issued an advisory. GitHub overhauled npm’s entire authentication model in response.
Then in January 2026, Koi Security’s PackageGate research dropped six zero-day vulnerabilities across npm, pnpm, vlt, and Bun that punched through the very defenses the ecosystem adopted after Shai-Hulud. Lockfile integrity and script-blocking both failed under specific conditions. Three of the four package managers patched within weeks. npm closed the report.
Now
axios. A stolen long-lived token published a RAT through both release branches despite OIDC, SLSA, and every post-Shai-Hulud hardening measure in place.«
This would have been very, very serious if it had laasted any longer. It was bad even for the minute it lasted.
unique link to this extract
Renewables hit 49.4% of global electricity capacity in 2025 • The Register
Brandon Vigliarolo:
»
It was a strong year for renewable power expansion in 2025, with solar installations helping push renewables to nearly half of global electricity capacity, but that does not mean the world is yet on pace to meet its renewable energy commitments.
The International Renewable Energy Agency’s (IRENA) 2026 Renewable Capacity Statistics report, published on Wednesday, found that renewables dominated new power additions last year, accounting for 85.6% of global capacity expansion. Solar, in turn, was the dominant renewable technology, accounting for nearly three-quarters of last year’s renewable capacity additions.
Those additions totalled 692 GW in 2025, lifting installed renewable capacity by a record 15.5% year over year, IRENA noted. By the end of last year, renewables accounted for 49.4% of global installed electricity capacity, while variable renewable sources such as solar and wind represented roughly 35% of total capacity.
For reference, it was only in 2023 that renewable energy sources crossed the threshold of generating 30% of the world’s electricity.
As IRENA notes in a press release, renewable energy is back in the spotlight amid the US conflict in Iran causing a spike in fuel prices and energy (i.e., oil) instability. According to IRENA Director General Francesco La Camera, conflicts like the Iranian mess are a perfect reason to push for more renewable adoption.
«
35,000 pints of stolen Guinness, 950 wheels of pilfered cheese: can the UK’s cargo theft crisis be stopped? • The Guardian
Stuart McGurk:
»
Cargo theft operates according to the law of supply and demand. When a truck carrying 400 50-litre kegs of Guinness – the equivalent of 35,000 pints – was stolen from a logistics hub in Northamptonshire in December 2024, it was widely seen as the cause of a nationwide shortage. This wasn’t quite true – the truck was targeted because there was a shortage in the first place – but it only made the scarcity worse, which in turn only made the stolen Guinness more valuable.
The cost of living crisis has made food and beverages an increasingly attractive target, with thefts rising as much as 79% in 2024 according to one report. In October of that year, 950 wheels of premium cheddar were stolen in London, an incident soon dubbed “the grate cheese heist”. (Jamie Oliver asked the public to keep an eye out for “lorryloads of posh cheese”.) Last week, a truck carrying KitKats went missing after setting off from Italy. A spokesperson for Nestlé said criminals had “made a break” with more than 400,000 bars. In some ways, it’s the perfect crime. If stolen cargo isn’t found within the first few hours, it’s as good as gone. It re-enters the supply chain, and, soon after, the evidence will get eaten. At present, Dawber says, olive oil is a popular target. With the value of Italian extra virgin hovering around £10 a litre, the average truckload is worth about £250,000, making it more valuable than most wine.
When accounting for lost revenues, VAT and insurance costs, cargo crime is estimated to cost the UK economy about £700m a year. For freight companies, often operating on minuscule profit margins, the impact can be crippling. Insurance premiums rise with every claim. Excesses are regularly in the thousands. Many haulage companies have to absorb the costs and pay the customer for the goods lost.
For years, the industry has attempted to sound the alarm. One partial remedy, it argues, is maddeningly simple: make freight theft its own crime. (At present, it is categorised as “theft from motor vehicle”, the same offence as nicking a pair of sunglasses from a glovebox.) In parliament last year, Rachel Taylor MP introduced a bill that would do just this, meaning that sentences for criminals could be longer and accurate statistics on the scale of the crime could be collected. A second reading is due to take place next month.
«
Great, and timely, article. There’s a more formal one for the US; less entertaining.
unique link to this extract
Half of social-science studies fail replication test in years-long project • Nature
Nicola Jones:
»
A massive seven-year project exploring 3,900 social-science papers has ended with a disturbing finding: researchers could replicate the results of only half of the studies that they tested1.
The conclusions of the initiative, called the Systematizing Confidence in Open Research and Evidence (SCORE) project, have been “eagerly awaited by many”, says John Ioannidis, a metascientist at Stanford University in California who was not involved with the programme. The scale and breadth of the project is impressive, he says, but the results are “not surprising”, because they are in line with those from smaller, earlier studies.
Researchers have been investigating a ‘crisis’ in the reliability of scientific results for more than a decade. They’ve found that many scientific experiments can’t be repeated — not just in the social sciences, but also in the biomedical field.
The SCORE findings — derived from the work of 865 researchers poring over papers published in 62 journals and spanning fields including economics, education, psychology and sociology — don’t necessarily mean that science is being done poorly, says Tim Errington, head of research at the Center for Open Science, an institute that co-ordinated part of the project. Of course, some results are not replicable because of either honest mistakes or the rare case of misconduct, he says, but SCORE found that, in many cases, papers simply did not provide enough data or details for experiments to be repeated accurately. Fresh methods or analyses can legitimately lead to distinct results. This means that, rather than take papers at face value, researchers should treat any single study as “a piece of the puzzle”, Errington says.
«
The suspicion is that the problem comes straight from the “publish or perish” imperative imposed on so many researchers.
unique link to this extract
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Read Social Warming, my latest book, and find answers – and more. |
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 