Ken Livingston (back when he was mayor) famously referred to the US Ambassador as a "chiselling little crook" for the continued nonpayment of fines (I think it was in the millions even then).

Fab, cheers.

Dare I ask what the adjective "hella" means in this context?

The issue with this is the same as with the mayoral system. The next tine the Tories get a turn, they replace it with FPTP and claim it's "more democratic".

The test case purported to be bad data, which you presumably want to test the correct behaviour of your dearchiver against.

Nothing this did looks to involve memory safety. It uses features like ifunc to hook behaviour.

The notion of reproducible CI is interesting, but there's nothing preventing this setup from repeatedly producing the same output in (say) a debian package build environment.

There are many signatures here that look "obvious" with hindsight, but ultimately this comes down to establishing trust. Technical sophistication aside, this was a very successful attack against that teust foundation.

It's definitely the case that the stack of C tooling for builds (CMakeLists.txt, autotools) makes obfuscating content easier. You might point at modern build tooling like cargo as an alternative - however, build.rs and proc macros are not typically sandboxed at present. I think it'd be possible to replicate the effects of this attack using that tooling.

It's all the files. Content-addreasable storage means that they might not take up any more space. Smart checkout means they might not require disk operations. But it's the whole tree.