valaramech

valaramech , 2 days ago

Just went ahead and Googled it and I can find no credible source that he actually said these words at any time. So, if you'd like to bandy out that source, I think we'd all appreciate it.

valaramech , 3 days ago

Direct linking via a specific CDN was the problem. This is solved by bundlers, not caused by it.

The polyfill.js is a popular open source library to support older browsers. 100K+ sites embed it using the cdn.polyfill.io domain. ... However, in February this year, a Chinese company bought the domain and the Github account. Since then, this domain was caught injecting malware on mobile devices via any site that embeds cdn.polyfill.io.

valaramech , 4 days ago

I actively do this with uMatrix - granted, I only block non-first-party JavaScript. Most sites I visit only require a few domains to be enabled to function. The ones that don't are mostly ad-riddled news sites.

There are a few exceptions to this - AWS and Atlassian come to mind - but the majority of what I see on the internet does actually work more or less fine when you block non-first-party JavaScript and some even when you do that. uMatrix also has handy bundles built-in for certain things like sites that embed YouTube, for example, that make this much easier.

Blocking non-first-party like I do does actually solve this issue for the most part, since, according to the article, only bundles that come from the cdn.polyfill.io domain itself that were the problem.

valaramech , 4 days ago

In my experience, first-party JavaScript is more likely to be updated so rarely that bugs and exploits are more likely than supply chain attacks. If I heard about NPM getting attacked as often as I hear about CDNs getting attacked, I'd be more concerned.

valaramech , 13 days ago

Nah, that would be "socialism".

valaramech , 14 days ago

A PiHole functions has a full DNS server. You can configure it to serve any arbitrary records you like - which is basically how it overrides ad domains to prevent them from loading.

So, if you know the IP address that a particular domain is supposed to route to, you configure the PiHole to respond with that IP address for that domain. So, it doesn't matter that the major DNS servers return junk because your PiHole never asks them.

valaramech , 14 days ago

The US Constitution prevents this: https://constitution.congress.gov/constitution/amendment-22/

valaramech , 1 month ago

I would, however, point out that the specific page on https://en.wikipedia.org/wiki/Cannabis_sativa lists them as subspecies. So, it appears there isn't even consensus on Wikipedia.

valaramech , 1 month ago

Serious question, is the president allowed to do this kind of thing unilaterally? I feel like this is an "act of Congress" kind of thing that the president likely has little control over aside from causing delays - like he's already done. Is it really fair to lay this shit as Biden's feet?