I started working on the itch.io desktop app over 4 years ago.

It has arguably been my main project ever since, along with companion projects like butler, capsule and many smaller libraries.

I’m fuzzy on the initial history, but I remember the codebase went through a lot of changes. As early as 2014, the whole codebase was ported from vanilla JavaScript to TypeScript. In 2016, I released a timeline of all the changes. In 2018, I released a postmortem for v25 (which I then deleted).

Despite their peaceful appearance, game developers actually lead thrilling lives! Here are three things I learned (or re-learned) about yesterday that I’d like to share with you, in the form of assumptions that revealed false.

VSync is relatively straightforward. Right?

As an obsessive-compulsive, bipolar, perfectionist game dev, getting your game to run smoothly on all kinds of operating systems, graphics cards, and drivers combination is something of a holy grail. Many look for it, but let’s be honest here, it never really turns out as expected.

Welcome back!

In the last article, we did foundational work on minipak, our ELF packer.

It is now able to receive command-line arguments, environment variables, and auxiliary vectors. It can parse those command-line arguments into a set of options. It can make an ELF file smaller using the LZ4 compression algorithm, and pack it together with stage1, our launcher.

On September 8 2025, around 13:00 UTC, someone compromised Josh Junon’s npm account (qix) and started publishing backdoored versions of his package.

Someone noticed and let Josh know:

Josh confirmed he’d gotten pwned by a fake 2FA (two-factor authentication) reset e-mail:

The phishing e-mail came from npmsj.help (registered 3 days prior) and claimed users had to reset their 2FA:

Part 1

The day 5 challenge actually looks fun!

Our input looks like this:

[D] [N] [C] [Z] [M] [P] 1 2 3 move 1 from 2 to 1 move 3 from 1 to 3 move 2 from 2 to 1 move 1 from 1 to 2

Which is a visual representation of stacks, and so, for once, we have some serious parsing to do, and that means I finally have a good reason to bust out the nom crate.

Once upon a time, @Cinememer wrote some alternative lyrics to “Under The Sea”. I couldn’t resist singing them!

I unfortunately lost the audio files for this. Oh well.

• Instrumental (Neverland Orchestra)

Day 9’s problem statement is convoluted - the “ah maybe that’s why I don’t usually do Advent of Code” kind of convoluted, but let’s give it a go anyway.

So, we have a series of numbers, like so:

35 20 15 25 47 40 62 55 65 95 102 117 150 182 127 219 299 277 309 576

And uh the first N numbers are a “preamble” and every number that comes after that must be the sum of any two of the numbers that come before it.

Alright. ALRIGHT. I know, we’re all excited, but let’s think about what we’re doing again.

So we’ve managed to look at real network traffic and parse it completely. We’ve also taken some ICMP packets, parsed them, and then serialized them right back and we got the exact same result.

So I know what you’re thinking - let’s just move our way down the stack again - stuff that ICMP packet in an IP packet, then in an Ethernet frame, and then serialize the whole thing.

A little while ago, I wrote an article on things that can go wrong when downloading, it listed a series of reasons, from network problems to invalid content to imperfect hardware that may occur when initially installing a game.

This article discusses what methods we can use to upgrade a game to a later version, when an older version has been successfully installed.

Some bugs are merely fun. Others are simply delicious!

Today’s pick is the latter.

Reproducing the issue, part 1

(It may be tempting to skip that section, but reproducing an issue is an important part of figuring it out, so.)

I’ve never used Emacs before, so let’s install it. I do most of my computing on an era-appropriate Ubuntu, today it’s Ubuntu 22.10, so I just need to: