Well , there isn’t also the opposite take from TechCrunch where they say: Why Paris may be the most important AI city outside Silicon Valley. [0]
While the EU loves its regulation, I still feel it’s too early to write it down in the AI race. It will not replace Anthropic or OpenAI any time soon, but even Google and Meta fail to do that.
If AI continue to grow and expand, there is enough space for many more unicorns.
What an interesting article. I did not assume I would read it until the end when I opened it, but the writing was super clear and easy to follow.
At the end, I admire the craft and patience to try to solve code diff rendering, and wish the folks at GitHub could put the same effort to improve their platform.
On a side note, I feel that we’re going to see more and more of this type of agentic usage, in well defined sub tasks, and the ability of a model to try many possibilities is a huge gift here.
I wouldn't know, somehow this game I bought maybe 15 years ago is no longer playable for me, my account was supposed to be migrated from Mojang to Microsoft or similar, but then that never happened or something, and trying to login now asks me to contact Microsoft support, which I've tried 3-4 times, never had anyone respond to me so who knows how the game is today? I stopped trying at this point...
Personally, once a game I own is janked from my hands because of organizational decisions, that's the time I'll stop consider the game "in good shape", but I'm sure the people who had to buy the same game a second time still enjoy it.
Yes, the account migration was a mess. Support response times were at least 30 days, if you ever actually received a response at all (I never did). I did buy the game a second time in order to play with my kids.
They deleted my account from 2010 because I didn't convert it to a Microsoft one. They baked an incredibly aggressive chat filter into multiplayer, even if you're not playing on official servers. They've added microtransactions for things that we previously free (skins, resource packs). They force you into their shitty, bloated, user-hostile launcher with adverts.
It's been nonstop content-slop since the acquisition. New mobs, new blocks, new items, new blocks, new items, new mobs, new mobs, new biomes. Some of them are good but the totality of adding a bunch of stuff has been to destroy the simplicity that was one of the draws of the original game. Now it's an exploration and niche-mechanics-exploitation game more than a virtual legos game. You don't go mining any more, you find trading loops with villagers.
This was happening to some degree pre-acquisition, but since the acquisition it's been this non-stop.
Some of it's good. The Nether and the oceans were really boring before their respective updates.
They should have called Minecraft "done" around the acquisition time and started on Minecraft 2.
One of the biggest issues I see with Upload Queues here that is not talked about is the added complexity on the package managers themselves (PyPI, NPM, crates.io ...).
They are already complex beasts of software, extremely important for the ecosystems, and not always well funded. Adding all this extra complexity, with official bypasses (for security reasons), monitoring APIs (for security review while a new version is in the queue), and others is not cheap.
And if somehow, they get the funding to do this, will they also get the funding for the maintenance in the long term?
I don't think the benefits here (which is only explicitly model the cooldown) are enough to offset the downsides.
Artifact attestation are indeed another solution based on https://www.sigstore.dev/ . I still think Asfaload is a good alternative, making different choices than sigstore:
- Asfaload is accountless(keys are identity) while sigstore relies on openid connect[1], which will tie most user to a mega corp
- Asfaload ' backend is a public git, making it easily auditable
- Asfaload will be easy to self host, meaning you can easily deploy it internally
- Asfaload is multisig, meaning event if GitHub account is breached, malevolent artifacts can be detected
- validating a download is transparant to the user, which only requires the download url, contrary to sigstore [2]
So Asfaload is not the only solution, but I think it has some unique characteristics that make it worth evaluating.
Yes, that's why I aim to make the checks transparant to the user. You only need to provide the download url for the authentication to take place. I really need to record a small demo of it.
With the recent incidents affecting Trivy and litellm, I find it extremely useful to have a guide on what to do to secure your release process.
The advices here are really solid and actionable, and I would suggest any team to read them, and implement them if possible.
The scary part with supply chain security is that we are only as secure as our dependencies, and if the platform you’re using has non secure defaults, the efforts to secure the full chain are that much higher.
While the EU loves its regulation, I still feel it’s too early to write it down in the AI race. It will not replace Anthropic or OpenAI any time soon, but even Google and Meta fail to do that.
If AI continue to grow and expand, there is enough space for many more unicorns.
[0] https://techcrunch.com/2026/05/28/why-paris-may-be-the-most-...