valaramech

@valaramech@fedia.io

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨How can i make myself poisonous to mosquitos?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

The value of LD50 for a substance is the dose required to kill half the members of a tested population after a specified test duration

This is, effectively, how oral flee/tick medications work in animals. It basically turns the animal's blood into a mild poison. The poison is mild enough that it doesn't affect the animal but it's enough to kill small insects like flees, ticks, or mosquitoes.
⁨Comment⁩ on ⁨The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
In my experience, first-party JavaScript is more likely to be updated so rarely that bugs and exploits are more likely than supply chain attacks. If I heard about NPM getting attacked as often as I hear about CDNs getting attacked, I'd be more concerned.
⁨Comment⁩ on ⁨The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I actively do this with uMatrix - granted, I only block non-first-party JavaScript. Most sites I visit only require a few domains to be enabled to function. The ones that don't are mostly ad-riddled news sites.

There are a few exceptions to this - AWS and Atlassian come to mind - but the majority of what I see on the internet does actually work more or less fine when you block non-first-party JavaScript and some even when you do that. uMatrix also has handy bundles built-in for certain things like sites that embed YouTube, for example, that make this much easier.

Blocking non-first-party like I do does actually solve this issue for the most part, since, according to the article, only bundles that come from the cdn.polyfill.io domain itself that were the problem.