irfn

To save 1 litre of imported crude, India is spending 2,860 litres of groundwater. That's the single statistic missing from the entire E85 debate. E20 is done. The government's draft notification for E85 (85% ethanol, 15% petrol) is ready. Most reactions are either "great, energy independence" or "my mileage dropped." Both are shallow. Here is the actual trade India is making. The economic logic is real: India imports 85%+ of its crude. The FY25 import bill was ~$137 billion. Ethanol blending has already saved ₹1.08 lakh crore in forex and put ~₹92,000 crore in farmers' hands since inception. Every 1% of blending = ~$1 billion in annual savings. But ethanol is not a free lunch: 🔹 Ethanol has 33% less energy per litre than petrol. 🔹 US DoE data: FFVs on E85 get 15 to 27% fewer miles per gallon than on petrol. 🔹 The offset is octane. E85 rates ~105 vs petrol's 91. In purpose-built engines (turbo, high-compression, direct injection), higher octane recovers most of the energy loss. The catch. India's fleet is 90% E10-ready at best. You cannot pour E85 into a Swift. Flex-fuel vehicles need stainless fuel lines, upgraded pumps, 30% larger injectors, ethanol content sensors, and recalibrated engine maps. The hidden cost nobody is pricing: 🔸 E20 at today's consumption needs ~1,016 crore litres of ethanol annually. 🔸 At 2,860 litres of water per litre of ethanol, that is ~2.9 trillion litres of water per year. The annual water footprint of 200+ million Indians. 🔸 E85 scales this 4x+. 🔸 60% of India's ethanol now comes from maize and broken rice. India, a net corn exporter, imported 1 million tonnes of corn in 2024 because of ethanol diversion. 🔸 Retail sugar moved from ₹40 to ₹45/kg in two years partly due to cane diversion. The reframe most people miss: The ethanol programme is not an energy policy. It is an agricultural subsidy dressed as an energy policy. The forex savings are real. The farmer income transfer is real. Both are the actual goals. The mileage drop is a tolerated cost. The water and food inflation risk is the hidden tax. E85 will happen anyway. The listed winners sit in three buckets: 🔸 Sugar and distillery players with integrated ethanol capacity 🔸 Auto ancillaries making ethanol-compatible injectors, pumps, fuel lines, sensors 🔸 OEMs going flex-fuel first (Toyota, Maruti and Hyundai are already prototyping) Energy independence is not free. India is trading barrels of oil for billions of litres of water and millions of tonnes of grain. Whether it's worth it depends on which constraint matters more in 2040 — your oil bill, or your aquifer.

The Forest Advisory Committee has approved a plan to fell approximately 123,000 trees. The clearing of this massive tract of contiguous jungle in Maharashtra’s Gadchiroli is to be offset by planting replacement forest 1,000 kilometres away, in 23 fragmented patches, on land the government’s own data shows is already largely forested. https://t.co/j6l27nPAXx

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

‼️ China's biggest cybersecurity company, Qihoo 360 (461M users), just leaked their own wildcard SSL private key inside the public installer for their new AI assistant "360 Security Claw." The private key for *.myclaw.360.cn was bundled directly in the download package under /namiclaw/components/OpenClaw/openclaw.7z/credentials. The cert is valid until April 2027. Attackers can now impersonate their servers, intercept user traffic, and forge login pages. Fun fact: the founder promised the product would "never leak passwords."