How can Google vet an app store without vetting everything it could serve?

Very binary, much wow.

The phrase "no loose lottery" should be a red flag right away.

Buy games from indie developers on platforms like itch.io. You may have a negative view of the other people involved in funding and marketing a triple AAA game but they all contribute and get a share of the retail price. You don't get to pick and choose who deserves to get their slice.

It's interesting they've gone from a simple reskin to a downstream fork. I'm guessing there won't be much of value to find though.

Basically your only other option is to find the keys for each BluRay you own yourself. I did go through the hoops a while ago and wrote it up: https://www.bennee.com/~alex/blog/2011/04/18/playing-blu-ray-under-linux/#playing-blu-ray-under-linux

However it's a pain sourcing the encryption keys you need for each disk. While I work hard to prefer FLOSS apps over their propriety equivalents in this case I'm happy to pay the small fee for a perpetual licence of MakeMKV.

Don't be too hard on Collin. Looking back on the threads it's fairly clear he's been the victim of a social engineering attack on an overworked maintainer. People were pressuring him to hand over maintainership while expressing disappointment at the slow pace of development. The off-list contact by Jia must have seemed like a helpful enthusiastic solution to a burnt out developer.

Well the account is focused on one particular project which makes sense if you expect to get burned at some point and don't want all your other exploits to be detected. It looks like there was a second sock puppet account involved in the original attack vector support code.

We should certainly audit other projects for similar changes from other psudoanonymous accounts.

It's looking more like a long game to compromise an upstream.

Time to audit all their contributions although it looks like they mostly contribute to xz. I guess we'll have to wait for comments from the rest of the team or if the whole org needs to be considered comprimised.

Yes training is the most expensive but it's still an additional trillion or so floating point operations per generated token of output. That's not nothing computationally.

While shell based RC systems do offer flexibility they also have downsides including copy and paste leading to subtly different behaviour across units. Dependency resolution was also a bit of a hack on top of scripts to deal with concepts like run levels.

The declarative approach of a proper configuration is a better and more scalable solution.