I have no idea what the last four paragraphs are replying to.

Mate, I made no suggestions, you just went off on your merry horse there :)

There’s no such thing as “side loading”, they literally made up that term some years back in a release of android tools (adb).

It’s just installing software.

A “well armed militia” that is completely and willingly surveiled by private corporations that work with the government is fundamentally, critically impaired.

The fact gun nuts harp on about what is, at this point, a fantasy of rising against tyrannical government while being nearly completely blind to operational matters like communication, organisation, surveillance, etc. is frankly ridiculous.

If these people were serious about this, they’d be building infrastructure, communication systems, etc.

How many of you are also trying to mindfully disengage from our phones, just pause for thought every time you pick it up?

It’s now at 96, which is amusing

This is more than a job — it’s a cultural exchange powered by an incredibly versatile flavor

Good luck with that, don’t die.

Some place in Rone when I was about 10 on a trip with my parents. Cut out of a massive rectangle, ate in the street, it was memorable.

Sounds like you’re in good hands. Enjoy the ride, plenty to learn and to feel good about understanding :)

EXACTLY.

🫶

Gemini was kind of entertaining, but I wouldn’t go as far as calling it “good”.

Ah yes, great book. The film is fun but completely fails to adapt the point of the book.

At first I thought it was just fully rusted.

You actually have a point, the guy is openly discussing ways to harm his kids and is in all evidence not a safe person for them to be with.

It is, see https://github.com/m4tx/curl-bash-attack

No, it is different, as it adds an entire layer of indirection and unknown to the mix, increasing the risk in the process.

Yes, this is the correct approach from a security perspective.

Please tell me you are not seriously equating a highly sophisticated attack line the Solarwind compromise with piping curl to bash?

This is a bit like saying crossing the street blindfolded while juggling chainsaws and crossing the street on a pedestrian crossing while the light is red for cars both carry risk. Sure. One’s a terrible idea though.

Oh the example in the article is the nice version if this attack.

Checking the script as downloaded by wget or curl and then piping curl to bash is still a terrible idea, as you have no guarantee you’ll get the same script in both cases:

• Detecting the use of “curl | bash” server side
• Recent implementation of this attack