The xz compromise having demonstrated that FOSS projects are totally immune to interference from state actors…

That seems too harsh a penalty, it makes using an additional PU likely to mean starting from the back for ~5 races. It’d also hurt smaller teams worse - if your average qualifying position is 16th you’d be starting from the back for about 12 races.

Botnets targeting android devices are a thing, here’s an example: https://blog.fox-it.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/

In this example, they’re renting access for thousands of dollars. These people have a clear motivation to find ways to exploit devices and unpatched CVEs are an easy way for them to do that.

Try it. The worst that happens is that it makes things slower and then you turn it back off.

You’re right, my bad. (Source: https://help.kagi.com/kagi/search-details/search-sources.html)

They pay Microsoft for access to the bing index