No they didn’t. After Trump started making noise about their CEO, Lip-bu Tan, being Chinese they then took the shares at a “…discount to the current market price.”[1]
And the money for this _deal_ was primarily from the CHIPS act funds they were already awarded but had not been sent to them yet
> Of the total, $5.7 billion of the government funds will come from grants under the CHIPS Act that had been awarded but not paid, and $3.2 billion will come from separate government awards under a program to make secure chips.[1]
This was at gunpoint from the government’s monopoly on violence.
The government had passed a law appropriating funds to subsidize semiconductor manufacturing in the US and spent some of it buying intel stock. How is that the government seizing Intel at gunpoint? I mean aside from the libertarian argument that the taxation necessary to raise those funds is theft?
Why would you think nationalising is a violent process?
As soon as the nation owns enough stock to profit from government decisions (and to compound the influence of those decisions) you essentially have a partially nationalised business.
10% of OpenAI might easily be enough to reach a meaningful "partially nationalised" threshold, once you factor in any holdings in federal pension plans and the active level of government policymaking.
It is very clear Sam Altman wants this, too, because this whole "take 10%" thing in Trump's mind was his idea back in early 2025, and OpenAI have been following up on it recently.
So, your link shows that they probably have like $1 billion in sales per month (but they publicly overstated this by 30%), and that's the struggle to find customers?
There are tons of posts and reporting about Anthropic's problems with meeting demand, usage limits (on paid plans, especially during peak hours), fast growth (your link confirms that), and problems with infrastructure.
Starship V2 heat shield was good enough to allow the ship to perform a landing on the ocean in one piece, in a precise spot. But a safe landing is not enough, the ship needs to be in a good enough condition to be flown again, with low refurbishment costs. We still don't know what condition Starship is in after landing (they need to actually land it on land first). I wouldn't say the heat shield is failing, it didn't cause any failure of the ship, it protected it successfully to the sea level.
But the heat shield is just not mentioned in this article. They actually made significant changes to it in the new version. They added added new seals between the tiles, improved attachment points, and redesigned the shielding in specific areas.
A big problem with their work on the heat shield is that they lost the ship before reentry multiple times for various reasons. They were making changes to the heat shield on previous versions, but couldn't test them as they were repeatedly losing the ship before the heat shield was actually used.
Also, from their description of the planned launch of Starship V3:
> The Starship upper stage will target multiple in-space and reentry objectives, including the deployment of 22 Starlink simulators, similar in size to next-generation Starlink satellites. The last two satellites deployed will scan Starship’s heat shield and transmit imagery down to operators to test methods of analyzing Starship’s heat shield readiness for return to launch site on future missions. Several tiles on Starship have been painted white to simulate missing tiles and serve as imaging targets in the test.
> For Starship entry, a single heat shield tile has been intentionally removed to measure the aerodynamic load differences on adjacent tiles when there is a tile missing.
So they're still working on the heat shield. Things like space data centers may be economical only if Starship is fully reusable, otherwise the idea is dead on arrival.
14.3 seems to come from some Red Hat-specific GCC version, which can be reported as "gcc (GCC) 14.3.1 20250617 (Red Hat 14.3.1-2)". See these random examples I found by googling:
Strange that it's not classified as "high", which specifically includes "local root privilege escalations".
> High: A significant problem, typically exploitable for nearly all users in a default installation of Ubuntu. Includes serious remote denial of service, local root privilege escalations, local data theft, and data loss.
It's possible that the WSL kernel has that code compiled-in rather than as a loadable module. If they ship the kernel config somewhere, you could verify with
Using bpftrace to watch calls to module_request, openat, etc., it looks like when the kernel calls modprobe, it doesn't even look at the disable-algif.conf file:
Restart WSL2, run the bpftrace, and try `sudo modprobe algif-aead`, and that shows it looking at (or I guess opening) other files in /etc/modprobe.d, including the new one.
> what they thought was a narrowly scoped API token, and they very clearly state that they never would have given an AI full access if they realized it had the ability to do stuff like this with that token
It sounds like the token the author created just didn't have any scope, it had full permissions. From the post:
> Tokens are not scoped by operation, by environment, or by resource at the permission level. There is no role-based access control for the Railway API — every token is effectively root. The Railway community has been asking for scoped tokens for years. It hasn't shipped.
So it wasn't "a narrowly scoped API token", it was a full access token, and I suspect the author didn't have any reason to think it was some special specific purpose token, he just didn't think about what the token can do. What he's describing is his intent of creating the token (how he wanted to use it), not some property of the token.
Author said in an X post[0] that it was an "API token", not a "project token", which allows "account level actions"[1], with a scope of "All your resources and workspaces" or "Single workspace"[2], with no possibility of specifying granular permissions. Account token "can perform any API action you're authorized to do across all your resources and workspaces". Workspace token "has access to all the workspace's resources".
Then you need to reread the article. The author made a key for the LLM that didn't have permissions to delete a volume. The agent then found ANOTHER key with those permissions and used that instead.
You're not contradicting my comment, I was talking specifically about the key with full permissions that the LLM found (the article doesn't talk about other keys that LLM could have had, unless I missed something).
Somewhere in the files there was a key with full API permissions. The author had no intent of having the LLM use that key, and wasn't aware that LLM can access that key. That key was created to manage some domains, and that was unrelated to the LLM's work. The author wasn't aware how dangerous the key was and is surprised that it could be used to delete a volume.
Essentially I agree with gwerbin that the situation comes down to mishandling of the key. The author makes it seem like the key was allowed to do something that it shouldn't be allowed to, but it was just a full access key, no scoping possible for that type of key (Railway has also other, less privileged types of keys/APIs).
Btw, I partially agree with author's criticisms, ideally these keys should be scoped, and maybe the UI should give more warnings when creating that type of key. But this situation could still happen as long as you put a wrong key in a wrong place (and specifically a place accessible to LLMs).
It sounds like the keys just don't have any scoping. From the post:
> The Railway CLI token I created to add and remove custom domains had the same volumeDelete permission as a token created for any other purpose. Tokens are not scoped by operation, by environment, or by resource at the permission level. There is no role-based access control for the Railway API — every token is effectively root. The Railway community has been asking for scoped tokens for years. It hasn't shipped.
So every token that can be created has "root" permissions, and the author accidentally exposed this token to the agent. What was the author's planned purpose for the token doesn't matter if the token has no scope. "token I created to add and remove custom domains" - if that's just the author intent, but not any property of the token, then it's kinda irrelevant why the token was created, the author created a root token and that's it. Of course having no scope on tokens is bad on Railway's part, but it sounds more like "lack of a feature" than a bug. It wasn't "domain management token" that somehow allowed wrong operations, it was just a root token the author wanted to use for domain management. Unless Railway for some reason allows you to select an intent of the token, that does literally nothing (as "every token is effectively root").
Per their docs they have both “account” tokens and role-based tokens; the former have wide latitude (and might be used for DNS or root-access type stuff), while the latter are intended to be used for maintenance and have strong security boundaries. OP gave access to the former type without realizing it.
In most orgs, those would be behind some escalation control. Unless the token creator didn’t know what they were doing/creating, which tracks for a non-expert.
Agree. My point is that other secret should have been inaccessible without an escalation. The fact that it was available to the agent implies a lack of basic security controls; in fact I would expect that an agentic workload would have even more robust compensating controls.
reply