Claiming that he had no choice but to release the bugs publicly seems like nonsense to me. His blog posts doesn't really make him appear rational either.

It seems to be as straight forward as presenting the SNI and Host header of the malicious target domain while making a connection to a CDN edge node fronting the malicious service. While they do go into a few closely related scenarios describing how to bypass or fool detection methods based on domain name blacklists, that seems to be the essence of it. The technique essentially amounts to (1) performing a domain name lookup to a benign service hosted behind a CDN, then (2) making a connection to the resolved IP address with your own malicious domain name as SNI and Host header in order to direct traffic to this backend rather than to that of the benign service. But they want to sell security products and services so I suppose this warranted its own website.

Yes. One hour closer.

That is a very naive take.

The Git command line utility itself is also bloated nowadays.

Allegedly.

It was not a random website. It was the official CPUID site, as far as I understood.

Tabs are stupid. Sorting windows into tabs should be delegated to the window manager.

Agreed. Google's Android applications are mostly awful.

Overlapping windows was a stupid idea in the 1980s and is still just as stupid. Not that this has anything to do with memory footprint, of course.

You are so original for posting this. No one here has ever done it before. Magnificent contribution to the discussion.

Hahaha. Oh, wait, you're serious? Let me laugh even harder. HAHAHA.

Which is why the general direction is towards hybrid schemes, where non-PQC algorithms are combined with the new PQC algorithms.

Nevermind, I misread your comment.

The general strategy for an attacker is to avoid detection. Releasing a completely new version that no developer recognizes goes counter to that.