stsquad

Sorry I was referring to: https://mcpelauncher.readthedocs.io/en/latest/

This is the way 😉 although the Minecraft launcher is pretty good these days running under Waydroid is considerably less hacky as it's not having to thunk between android and Linux userspace.

The man is a legend although I guess he has done prior experience with codecs through ffmpeg.

A lot of projects would be better served with a plain Makefile although for widely posted projects something is required.

Qemu has used a single readable POSIX shell script for configure although recently most of the tests are in meson (avoiding some Makefile shenanigans in the process). While it's a new syntax to learn at least the intent is clear and reviewable.

Yes it does. You can derive the domain from snooping DNS lookups but the URL is part of the encrypted get header.

An interesting piece but isn't this what VC investors do, not every play will result in a unicorn and those that do pay for the losses of those that don't. I expect more than a few billion will evaporate into vapourware as we crest this wave of generative ai hype.

Don't be too hard on Collin. Looking back on the threads it's fairly clear he's been the victim of a social engineering attack on an overworked maintainer. People were pressuring him to hand over maintainership while expressing disappointment at the slow pace of development. The off-list contact by Jia must have seemed like a helpful enthusiastic solution to a burnt out developer.

Well the account is focused on one particular project which makes sense if you expect to get burned at some point and don't want all your other exploits to be detected. It looks like there was a second sock puppet account involved in the original attack vector support code.

We should certainly audit other projects for similar changes from other psudoanonymous accounts.

It's looking more like a long game to compromise an upstream.

Time to audit all their contributions although it looks like they mostly contribute to xz. I guess we'll have to wait for comments from the rest of the team or if the whole org needs to be considered comprimised.

Microsoft has been working with a number of open source projects for some time now. It shouldn't be that surprising anymore.

The declarative approach also allows for better composability - user tweaks can just be the relevant lines on top of the packaged default config.