Apple already had that "strategic moat" with Objective-C. It was already a language you could effectively only use on Apple platforms (the runtime and the standard library only run on Darwin) and for which Apple controlled the compiler (they have their own fork of Clang).

Go famously tried to bypass macOS's libc and directly use the underlying syscall ABI, which is unstable, and then a macOS update came out and broke everything, which taught them the error of their ways (https://github.com/golang/go/issues/17490). I wonder if this will happen to Zig too.

The same on OpenBSD

Another example of tiny details being used to catch sex offenders is this story about marks on people's hands: https://www.wired.com/story/sue-black-forensics-hand-marking... / https://archive.is/89vOJ

It turns out that, even if all you can see is the assailant's hands, that may be enough to identify them.

Why on earth does the HTML sanitiser allow blacklisting?! That can't ever be safe to use, the set of HTML elements can always change.

Note that the API is split into XSS-safe and XSS-unsafe calls. The XSS-safe calls [0] have this noted for each of them (emphasis mine):

> Then drop any elements and attributes that are not allowed by the sanitizer configuration, and any that are considered XSS-unsafe (even if allowed by the configuration)

The XSS-unsafe functions are all named "unsafe". Although considering web programmers, maybe they should have been named "UnsafeDoNotUseOrYouWillBeFired".

[0] https://developer.mozilla.org/en-US/docs/Web/API/HTML_Saniti...

I mean, at least they eventually came to their senses, but it does not inspire confidence!

https://developer.chrome.com/blog/sanitizer-api-deprecation/

That's the old sanitizer API. That was already removed and what you linked earlier is the new sanitizer API.

The most interesting thing to me wasn't the equals signs, which I knew are from quoted-printable, but the fact that when an equals sign appears, a letter that should have been preceding or following it is missing. It's as if an off-by-one error has occurred, where instead of getting rid of the equals sign, it's gotten rid of part of the actual text. Perhaps the CRLF/LF thing is part of it.

The article goes into exactly why this happens!

That's exactly how you end up with mystery missing characters in something that's supposed to be evidence

In one of the email PDFs I saw an XML plist with some metadata that looked like it was from Apple's Mail.app, so these might be extracted from whatever internal format that uses.

Adobe Animate also has HTML5 export features.

Does anyone remember a similar commercial(?) application from maybe 10~20 years ago that was focussed specifically on point-and-click Myst-like adventure games? I think it didn't have scripting, at least not of the kind that AGS has. I can't remember what it was called.

Edit: Oh, it was Adventure Maker! And it had a free version: https://www.adventuremaker.com/ — Apparently stuff like scripting and sprites do exist, but only in the paid version. It's cool the website is still around.

Adventure Maker and Bryce3D were an S-tier way of making very nonsensical games as a child!

It would be cool to have a FOSS redux of it, to be honest.

Very cool! This reminds me of Ejecta, which was something like this for 2D games on iOS, a very long time ago: https://impactjs.com/ejecta

I remember reading about Ejecta a long time ago! I had completely forgotten about it, but it is similar! The funny thing is to support UI elements, I had to also support canvas2d through Skia (although not 100% yet), so maybe impact could even work at some point (would require extensive testing obviously).

And their system has the same problems as all the others: https://estoniaevoting.org/

Looks like. More recent papers still find vulnerabilities too.

Steelmanning: They're putting the effort in so we don't have to. Either they find a way and it'll be awesome, or at some point they become an object lesson.

edit: Or third path: They muddle along just well enough with a system that can't work in theory, but ends up nearly working in practice, stochastically? (see also: email, wikipedia, or a hundred other broken things that can't possibly work but are still hanging on. )