There are tons of posts and reporting about Anthropic's problems with meeting demand, usage limits (on paid plans, especially during peak hours), fast growth (your link confirms that), and problems with infrastructure.

Some links:

https://uk.finance.yahoo.com/news/anthropic-throttles-claude...

https://techcrunch.com/2026/03/28/anthropics-claude-populari...

As far as I know it's the opposite, Anthropic struggles to satisfy demand, they have tons of paying customers and their customer base is growing fast.

But the heat shield is just not mentioned in this article. They actually made significant changes to it in the new version. They added added new seals between the tiles, improved attachment points, and redesigned the shielding in specific areas.

A big problem with their work on the heat shield is that they lost the ship before reentry multiple times for various reasons. They were making changes to the heat shield on previous versions, but couldn't test them as they were repeatedly losing the ship before the heat shield was actually used.

Also, from their description of the planned launch of Starship V3:

> The Starship upper stage will target multiple in-space and reentry objectives, including the deployment of 22 Starlink simulators, similar in size to next-generation Starlink satellites. The last two satellites deployed will scan Starship’s heat shield and transmit imagery down to operators to test methods of analyzing Starship’s heat shield readiness for return to launch site on future missions. Several tiles on Starship have been painted white to simulate missing tiles and serve as imaging targets in the test.

> For Starship entry, a single heat shield tile has been intentionally removed to measure the aerodynamic load differences on adjacent tiles when there is a tile missing.

https://www.spacex.com/launches/starship-flight-12

So they're still working on the heat shield. Things like space data centers may be economical only if Starship is fully reusable, otherwise the idea is dead on arrival.

https://github.com/anthropics/claude-code/issues/40741 (gcc version "Red Hat 14.3" included in system version at the bottom)

https://docs.oracle.com/en/database/oracle/tuxedo/22/otxig/s...

> High: A significant problem, typically exploitable for nearly all users in a default installation of Ubuntu. Includes serious remote denial of service, local root privilege escalations, local data theft, and data loss.

> Before you can patch: disable the algif_aead module.

> echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf

> rmmod algif_aead 2>/dev/null || true

Edit: and I can confirm that on my system with kernel 6.19.8 the above fixes the exploit.

Somewhere in the files there was a key with full API permissions. The author had no intent of having the LLM use that key, and wasn't aware that LLM can access that key. That key was created to manage some domains, and that was unrelated to the LLM's work. The author wasn't aware how dangerous the key was and is surprised that it could be used to delete a volume.

Essentially I agree with gwerbin that the situation comes down to mishandling of the key. The author makes it seem like the key was allowed to do something that it shouldn't be allowed to, but it was just a full access key, no scoping possible for that type of key (Railway has also other, less privileged types of keys/APIs).

Btw, I partially agree with author's criticisms, ideally these keys should be scoped, and maybe the UI should give more warnings when creating that type of key. But this situation could still happen as long as you put a wrong key in a wrong place (and specifically a place accessible to LLMs).

It sounds like the token the author created just didn't have any scope, it had full permissions. From the post:

> Tokens are not scoped by operation, by environment, or by resource at the permission level. There is no role-based access control for the Railway API — every token is effectively root. The Railway community has been asking for scoped tokens for years. It hasn't shipped.

So it wasn't "a narrowly scoped API token", it was a full access token, and I suspect the author didn't have any reason to think it was some special specific purpose token, he just didn't think about what the token can do. What he's describing is his intent of creating the token (how he wanted to use it), not some property of the token.

Author said in an X post[0] that it was an "API token", not a "project token", which allows "account level actions"[1], with a scope of "All your resources and workspaces" or "Single workspace"[2], with no possibility of specifying granular permissions. Account token "can perform any API action you're authorized to do across all your resources and workspaces". Workspace token "has access to all the workspace's resources".

[0] https://x.com/lifeof_jer/status/2047733995186847912

[1] https://docs.railway.com/cli#tokens

[2] https://docs.railway.com/integrations/api#choosing-a-token-t...

> The Railway CLI token I created to add and remove custom domains had the same volumeDelete permission as a token created for any other purpose. Tokens are not scoped by operation, by environment, or by resource at the permission level. There is no role-based access control for the Railway API — every token is effectively root. The Railway community has been asking for scoped tokens for years. It hasn't shipped.

So every token that can be created has "root" permissions, and the author accidentally exposed this token to the agent. What was the author's planned purpose for the token doesn't matter if the token has no scope. "token I created to add and remove custom domains" - if that's just the author intent, but not any property of the token, then it's kinda irrelevant why the token was created, the author created a root token and that's it. Of course having no scope on tokens is bad on Railway's part, but it sounds more like "lack of a feature" than a bug. It wasn't "domain management token" that somehow allowed wrong operations, it was just a root token the author wanted to use for domain management. Unless Railway for some reason allows you to select an intent of the token, that does literally nothing (as "every token is effectively root").

[0] https://globalenergymonitor.org/projects/global-wind-power-t...

Scotland seems to be a perfect place for pumped storage. I see that UK has 4 pumped storage stations, 2 in Wales, 2 in Scotland. But Scotland being quite far from most of UK's population may not be ideal if we're talking about supporting the whole country with pumped storage. It would be like 600km to the south of England.

The thing is, it's nowhere near 90% in general. 90% is the generation right now, with sunlight and good wind. On the site you can see that renewables were 66% in the last 24h, 46% in the last week, and 42% in the last year. I don't think it's possible to have 90% renewable generation overall without massive energy storage.

Timestamps from the video:

2:46 Truck requests crossing

2:51 ATC allows it to cross

2:53 Truck confirms

2:58 ATC: "Frontier 4195 stop there please"

3:02 ATC: "stop stop stop stop truck one stop stop stop"

3:15 ATC: "tower, truck one, stop, ..."

Crash probably a couple seconds later, wouldn't rely on the video for the exact timing.

So it seems that ATC made an error by allowing the truck to cross, and then the order to stop wasn't communicated clearly enough. I wouldn't place much blame on the truck.

Edit: Looking at some other videos with that audio, I'm also not sure if the video I linked represents the time between communications correctly, transmission at 3:15 may have been right after the one at 3:02. Anyway, the best thing is to wait for the investigation.

I try to verify important numbers and facts in what I read, and seriously, there's so much fake or misrepresented info everywhere, on every political side, that it's depressing, and it makes me don't believe literally anything without a source, unless I verify it myself. Of course when someone provides a source, I often look into the source, and sometimes it turns out that the text misinterpreted/misrepresented the meaning of the source. On Wikipedia, I also check if what is written is actually in the source, because sometimes the editor writes his own opinion while only loosely basing the text on a source (or basing it on nothing).

Verification can take some time, and that's the effort passed from the author of unsourced claim to its many readers, unless they just trust it or ignore the claim.

When I write anything I try to include sources for important things. If I wouldn't include a source, and someone asked "Source?" I wouldn't think "what an annoying guy", I'd think "oh, I could have linked that in the first place". And I usually upvote "Source?" comments (unless it's a thing that anyone can check in 30 seconds). I usually double-check the facts in what I'm writing, and many times I almost wrote something from memory that wasn't true, but looking for a source saved me from that.