Probably preaching to the choir here, but for those who are unaware, be sure that .git directories are not accessible by web clients. It will lead to source code disclosure, and if you've checked in any secrets, credential exposure as well.
That and if the webserver can write to .git it can also invisibly modify the history to ensure that you continue to check out the backdoored code no matter how far you go back.
An example: a few weeks ago I shared on my FB profile the Mozilla Foundation petition link for the EU copyright reform[1] and it was removed with this motivation:
"We removed this post because it looks like spam and doesn't follow our Community Standards."
An anecdote: when my semiotics professor talked about this composition for the first time, I was recording the lecture, and when colleagues asked for a copy, I sent them only the pauses between the sentences. When art meets sarcasm, it spreads really fast.
Hmm. To me, it seems not. Or at least, it seems an everyday expertise knowledge, derived from direct experience. He does not seem to be a qualified expert. The goal here is to sell the books.
Yes, I read that sentence before writing and your argument about the website expenses can be valid. It does not change my main point: when it is about health one should search for information from qualified professionals. For example:
A personal experience can be illuminating sometimes but it cannot be considered an alternative approach. For this reason, I do not consider it a good source. Just my opinion.
You could be right, but on the other hand many qualified professionals prescribe Zoloft or Xanax and be done with it. A personal account (which in fact many of the comments here on HN are) can be very helpful, if only as a reference when talking to real professionals.
This reminds me about the Scaly-foot gastropod[1] mollusc which "possesses a trilayered structure comprised of a mineralized iron sulfide–based outer layer (OL) containing greigite..."[2]
It depends on the exploit and on the reader. If, for example, the reader supports javascript then it can be attacked, apart from other weaknesses. Chrome on Linux executes javascript in PDF, while Firefox does not.