PSA: Adblock is non optional for personal and enterprise security.
My gf told me they blocked all addons at work, including adblock. Told her to recommend to the IT department that adblock be mandatory on all computers. Ad networks make too much money not to look the other way on malvertising.
One of the things which really annoys me is the idea that it's every acceptable to blindly "curl -fsSL" bullshit .sh scripts.
Even large companies have adopted this crap and you don't know whether there's any digital signing going on or whether they're downright stealing anything you have of value.
It's not difficult to generate a rpm, deb, tgz and relevant detatched .asc PGP signature or if you hate PGP use openssh signatures or something.
Oh yes. Ok, that's probably on bash, but you look at the script and it's like 200 lines of code. Then you read the alternate install instructions and it goes like "download binary, make executable, add to $PATH, run" - ???
Agreed. I was using mise to install Claude (via it's npm package) and keep it updated, and then they nagged me to switch to the 'curl | bash' method. Now I get to keep it updated manually, plus they helped train all my peers to continue just executing random scripts right off the Internet
> If this how google chooses to go out, then their death cannot come fast enough.
> Alphabet (Google) reported historic financial results for fiscal year 2025 (ending Dec 31, 2025), with annual revenue surpassing $400 billion for the first time. The company showed strong profit growth, with Q4 2025 net income at $34.5 billion, a 30% increase year-over-year. Key growth drivers were AI integration, YouTube ads, and a surging Cloud segment.
The least they could do is show subdomains, so that when you click on squarespace.com it doesn't take you to a virus. They will show https: but not subdomains? Excellent UI.
My experience is very different. Even in a private window with no ad-blocker and Google signed out, Claude.ai is always at the top spot.
And yes, the ad was clearly malicious. I'd never click on ad-link, though (even if it was the official site).
Feels like the author is using Google for the first time? This has been a feature as long as the ads have.
You can literally find this exact same blog post from approximately 20 years ago. Absolutely nothing has changed since then!
Well, I lied. A lot has changed. Drive-by attacks are gone, largely thanks to Google. 15 years ago you would’ve been hacked immediately after you clicked the ad.
PSA: Stop using Google for search.
PSA: Adblock is non optional for personal and enterprise security.
My gf told me they blocked all addons at work, including adblock. Told her to recommend to the IT department that adblock be mandatory on all computers. Ad networks make too much money not to look the other way on malvertising.
One of the things which really annoys me is the idea that it's every acceptable to blindly "curl -fsSL" bullshit .sh scripts.
Even large companies have adopted this crap and you don't know whether there's any digital signing going on or whether they're downright stealing anything you have of value.
It's not difficult to generate a rpm, deb, tgz and relevant detatched .asc PGP signature or if you hate PGP use openssh signatures or something.
Oh yes. Ok, that's probably on bash, but you look at the script and it's like 200 lines of code. Then you read the alternate install instructions and it goes like "download binary, make executable, add to $PATH, run" - ???
Agreed. I was using mise to install Claude (via it's npm package) and keep it updated, and then they nagged me to switch to the 'curl | bash' method. Now I get to keep it updated manually, plus they helped train all my peers to continue just executing random scripts right off the Internet
> If this how google chooses to go out, then their death cannot come fast enough.
> Alphabet (Google) reported historic financial results for fiscal year 2025 (ending Dec 31, 2025), with annual revenue surpassing $400 billion for the first time. The company showed strong profit growth, with Q4 2025 net income at $34.5 billion, a 30% increase year-over-year. Key growth drivers were AI integration, YouTube ads, and a surging Cloud segment.
The least they could do is show subdomains, so that when you click on squarespace.com it doesn't take you to a virus. They will show https: but not subdomains? Excellent UI.
The URL they show doesn't even have to match anything about the actual URL you go to by clicking on the link. I've been burnt by that one before.
My experience is very different. Even in a private window with no ad-blocker and Google signed out, Claude.ai is always at the top spot. And yes, the ad was clearly malicious. I'd never click on ad-link, though (even if it was the official site).
Feels like the author is using Google for the first time? This has been a feature as long as the ads have.
You can literally find this exact same blog post from approximately 20 years ago. Absolutely nothing has changed since then!
Well, I lied. A lot has changed. Drive-by attacks are gone, largely thanks to Google. 15 years ago you would’ve been hacked immediately after you clicked the ad.
No they say there they block ads, and I do as well, so maybe they're not used to seeing this kind of crap.