oof.

(I say, as though I don’t use my phone 4x more than my laptop, which is honestly a bad habit I need to break because programming on phone suuucks.)

curl | bash for the Windows crowd.

honestly it’s exactly as secure as running a binary you downloaded from their website. no more, no less (since https.)

the only computer user?!

specifically this is how QUANTUMINSERT worked (from the Snowden leaks.) also China used the same technique, injecting malicious JS through the GFW to get bystanders to DDoS github, in a much more obvious and indiscriminate way.

nobody here is remotely likely to be targeted by NSA, of course, but you can actually do such attacks on a budget if you compromise any router in the chain. combined with a BGP hijack it’s not far out of reach for even a ransomware gang to pull something like that these days.

Zalgo captchas would go so hard.

oh hey that’s the jerk that called me a Trump supporter for refusing to back Newsom after all the anti-trans shit he agreed with Charlie Kirk about on his podcast.