It’s like you didn’t read the message and understand the context.

That really doesn’t appear to be what people are describing

Telegram is a social network masquerading as a messaging app, not a “secure messaging” app.

Sounds like you’re in good hands. Enjoy the ride, plenty to learn and to feel good about understanding :)

You actually have a point, the guy is openly discussing ways to harm his kids and is in all evidence not a safe person for them to be with.

It is, see https://github.com/m4tx/curl-bash-attack

No, it is different, as it adds an entire layer of indirection and unknown to the mix, increasing the risk in the process.

Yes, this is the correct approach from a security perspective.

Please tell me you are not seriously equating a highly sophisticated attack line the Solarwind compromise with piping curl to bash?

This is a bit like saying crossing the street blindfolded while juggling chainsaws and crossing the street on a pedestrian crossing while the light is red for cars both carry risk. Sure. One’s a terrible idea though.

Oh the example in the article is the nice version if this attack.

Checking the script as downloaded by wget or curl and then piping curl to bash is still a terrible idea, as you have no guarantee you’ll get the same script in both cases:

• Detecting the use of “curl | bash” server side
• Recent implementation of this attack

Most people don’t know how to use ftp anymore. It’s a pretty limited protocol (and requires 2 open ports to function). It’s hard to integrate with good modern auth solutions. Probably more, that’s off the top of my head.

Sure, but the us (and Israel) don’t recognise the international court of justice, despite helping found it, so what are the chances of something coming out of that?

I’m not sure you are fully aware of the Tor threat model. The exit node is not supposed to be specifically trusted.

This.

It’s factual, public, relevant info, it can and should be on Wikipedia.

Of course it can’t replace it, it’s a point-in-time archive.

Sure but, again, the files are in a relatively low quality.

It’s got lots of great ideas (combining what’s essentially a giant git repo with bit torrent), but in practice it’s pretty slow to do anything

You assume a whole lot of thought and strategy from “the boss” :)

I dont disagree though, fundamentally.

How big is said workplace? Can you respectfully ask for an exemption? Don’t say Windows will make you miserable (it makes everyone miserable, apart from a few Microsoft bootlickers), talk about loss of productivity, reduced security and increased risk, and – if you can – challenge the grounds on which the change is being made.

Often, they are incapable of providing proper justification for the change. May not help, but you’ll have the minor satisfaction of knowing it is bullshit.