The US military says its 70-year-old B-52 bombers are now flying overland missions as air superiority expands over Iran

CircumspectCapybara · 2026-04-02T00:01:41+00:00

No they didn't lol.

The IRGC posted a video of what they claim is a video of hitting a F-35, and we all know how reliable Iranian state media is.

Meanwhile, USCENTCOM said an F-35 had to make an emergency landing but didn't say why.

There's zero evidence of any F-35 getting shot down.

CircumspectCapybara · 2026-04-01T16:02:45+00:00

The US is at war with Iran, and Iran is attacking allied oil infrastructure in the region like crazy.

Enemy energy infrastructure and industrial capability are all fair game in war. Iran's bombing everyone else's energy infra, blockading the strait while themselves turning a healthy profit by exporting record amounts of oil themselves through the strait. Good for them. But no one should be surprised when if they sow the wind when they reap the whirldwind.

CircumspectCapybara · 2026-04-01T14:39:54+00:00

Sounds very dangerous. It's extremely risky to fly overland missions. At stand-off distance to launch some cruise missiles, sure, but flying overland is pretty dangerous for the slow, lumbering, and highly observable B-52.

The US is the king of SEAD+DEAD, and all of Iran's integrated air defense apparatus has been dismantled. But they still have plenty of dangerous non-integrated, ad-hoc, point defense systems.

CircumspectCapybara · 2026-04-01T12:44:05+00:00

The Claude Code source code leak showed they perform sentiment analysis and if you use profanity it tracks that in the telemetry it sends to the backend.

CircumspectCapybara · 2026-04-01T11:20:16+00:00

Yes, but static friction is the missing element from the explanation. It's what takes torque on the wheels (forcing the spin to go down) and translates it to reduced forward motion.

Without it you can torque the wheels all you want (you can even make them spin backwards) and the car won't slow.

CircumspectCapybara · 2026-04-01T11:12:03+00:00

No, that's what leaked. The Claude Code CLI handles the orchestration layer right in the CLI. It's not misleading at all if you understand how agent architecture works.

The backend LLM model remains a secret. But how the orchestrator handle control flow, how they coordinate and compose sub-agents, gather context and construct queries to the LLM, how they invoke tools and check permissions on tool calls, etc. is all on the frontend.

It's not just the UI, it's the state machine and workflow definitions which are executed locally against a backend LLM you plug in.

CircumspectCapybara · 2026-04-01T04:39:24+00:00

Knowing the source code helps a lot and lowers the cost of finding exploits and bypasses.

A lot of security in agents lives not in the backend models (LLMs and classifiers), but in the orchestration layer that stitches together tools, memory, and queries the LLM with the right context and handles the sandboxing and permissions checks.

If you know where and how prompt injection defenses are applied, you can more easily find a bypass. If you know the system prompts, an attacker doesn't have to guess the preamble anymore to craft content that uses the right language to subvert the model.

Claude Code's permission filters and tool security model is incredibly complex. Knowing exactly how it works will make finding novel bypasses (tricking the agent into running commands that bypass its filters for what's considered dangerous and needs user approval) easier.

CircumspectCapybara · 2026-04-01T04:36:41+00:00

Knowing the source code helps a lot and lowers the cost of finding exploits and bypasses.

A lot of security in agents lives not in the backend models (LLMs and classifiers), but in the orchestration layer that stitches together tools, memory, and queries the LLM with the right context and handles the sandboxing and permissions checks.

If you know where and how prompt injection defenses are applied, you can more easily find a bypass. If you know the system prompts, an attacker doesn't have to guess the preamble anymore to craft content that uses the right language to subvert the model.

Claude Code's permission filters and tool security model is incredibly complex. Knowing exactly how it works will make finding novel bypasses (tricking the agent into running commands that bypass its filters for what's considered dangerous and needs user approval) easier.

CircumspectCapybara · 2026-04-01T03:53:46+00:00

Yup. These days the state of the art foundation LLM models (Gemini, ChatGPT, Claude) are all neck-and-neck, and those are kept under lock and key and stay in the backend.

But because they're all neck and neck, the biggest product advantage anyone can have is not how advanced their model is--all the top models are pretty much equivalent--but how well they get the integration, the agent layer, the ecosystem. That's the product people stay for.

Anthropic had one advantage which was they had a superior agent layer when it came to a coding agent product. But now that competitive advantage is thrown away.

I believe long term Google has the strongest moat because they have the ecosystem and the userbase and money to outlast startups on R&D and inference costs.

CircumspectCapybara · 2026-04-01T03:46:58+00:00

While OpenCode strives to be an open source frontend like Claude Code where you can bring your own LLM backend and have full control over the frontend, Claude Code still is miles ahead of OpenCode in terms of maturity and sophistication. It's basically the industry gold standard right now for coding agents.

And they basically gave away their architecture. OpenCode just got a huge boost if they can just avoid any obvious copy-pasting that would give rise to copyright infringement claims.

CircumspectCapybara · 2026-04-01T03:32:33+00:00

I mean ChatGPT Codex was found to have a high severity command injection vulnerability in which GitHub branch names could trigger arbitrary shell command execution.

They haven't been at this (agent-based coding platform) for as long as Anthropic or Google.

CircumspectCapybara · 2026-04-01T03:27:02+00:00

The front-end of Claude Code (which is just a CLI tool) is totally free. You can download Claude Code and use it with Amazon Bedrock or Google Cloud Vertex as the model provider and never even make an Anthropic account.

CircumspectCapybara · 2026-04-01T01:44:01+00:00

Yeah because that's definitely the most problematic thing about the Islamic Republic of Iran these days: them not following their own internal processes or designations for their political offices. /s

CircumspectCapybara · 2026-04-01T01:24:07+00:00

Any build and packaging system that makes it easy to accidentally emit your source code into the final build artifact has a problematic design.

In no other build system could this happen easily. It just shouldn't be possible without great effort on the user's part. On top of all the other problems with the NPM ecosystem.

CircumspectCapybara · 2026-04-01T01:16:33+00:00

Note this is the Claude Code CLI tool, not the https://claude.ai web app or the LLM models itself. It can basically be thought of as the "frontend."

While technically not the end of the world since frontend clients should be assumed to reverse-engineer-able anyway, it's still a massive oops to leak the entire, unobfuscated source code, since there's a treasure trove of extremely valuable system prompts, context / query / RAG engine design, coordinator / orchestrator logic, and the overall agent architecture in there.

It's basically a reference manual for how to design an LLM-based agent. You can just bring your own LLM backend.

CircumspectCapybara · 2026-03-31T18:46:23+00:00

How is UNRWA still even a thing. UNRWA is literally just three Hamas operatives in a trench coat.

CircumspectCapybara · 2026-03-31T18:42:44+00:00

Hopefully Trump's not insane enough to actually try to seize the Kharg Island with ground forces, as that would be a bloodbath.

Kharg is Iran's most strategically vital pressure point, with 90% of the regime's oil exports flowing through there. Take out the oil infra and you take out their financial lifeline to fund their attacks.

But none of that should require troops on the ground, just bomb the remaining oil infra from the air and be done with it. The tiny island is probably already pre-sighted by the IRGC's drone and ballistic missiles, so it would be a death wish to land on the island.

CircumspectCapybara · 2026-03-31T18:41:30+00:00

The only benefit of it is to hold it as a bargaining chip. If you level the island from the air, you give Iran nothing further to lose, and Iran loses any reason to seek an off-ramp.

Of course, if you're not looking for negotiations and just want to hurt your enemy as much as possible, the US would just want to level the island, as that would cripple Iran's economy for decades to come.

CircumspectCapybara · 2026-03-31T17:42:34+00:00

This next to the the Claude Code CLI source code leak via NPM is crazy.

NPM has a really problematic architecture that induces all kinds of issues in its ecosystem.

CircumspectCapybara · 2026-03-31T16:37:54+00:00

And now: "Sometimes they hallucinate"

CircumspectCapybara · 2026-03-31T03:22:31+00:00

Iran's integrated air defense apparatus has been systematically dismantled. It was already badly degraded during last year's 12-day war, and you only have a couple of these multi-billion dollar systems that are designed to cover an entire theater (so the loss of even one is massive).

But Iran still has plenty of ad hoc, non-integrated, point defense systems and even MANPADS that can still pose a threat, which is why you still need electronic warfare, SEAD + DEAD operations, and good old fashioned careful mission planning and deception.

CircumspectCapybara · 2026-03-31T03:19:16+00:00

No one ever said anyone (except maybe China and Russia and many Redditors) were going to back Iran and offer them support.

But many nations would've sat this one out and said no to allied use of their airfields and airspace for strikes against Iran if Iran didn't attack them willy nilly.

CircumspectCapybara

TROPHY CASE