valaramech
@valaramech@fedia.io
- Comment on How can i make myself poisonous to mosquitos? 3 months ago:
The value of LD50 for a substance is the dose required to kill half the members of a tested population after a specified test duration
This is, effectively, how oral flee/tick medications work in animals. It basically turns the animal's blood into a mild poison. The poison is mild enough that it doesn't affect the animal but it's enough to kill small insects like flees, ticks, or mosquitoes.
- Comment on The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites 4 months ago:
In my experience, first-party JavaScript is more likely to be updated so rarely that bugs and exploits are more likely than supply chain attacks. If I heard about NPM getting attacked as often as I hear about CDNs getting attacked, I'd be more concerned.
- Comment on The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites 4 months ago:
I actively do this with uMatrix - granted, I only block non-first-party JavaScript. Most sites I visit only require a few domains to be enabled to function. The ones that don't are mostly ad-riddled news sites.
There are a few exceptions to this - AWS and Atlassian come to mind - but the majority of what I see on the internet does actually work more or less fine when you block non-first-party JavaScript and some even when you do that. uMatrix also has handy bundles built-in for certain things like sites that embed YouTube, for example, that make this much easier.
Blocking non-first-party like I do does actually solve this issue for the most part, since, according to the article, only bundles that come from the cdn.polyfill.io domain itself that were the problem.