-
tommantheregister.com/2024/06/25/polyfillio_china_crisis the JavaScript pandemic hits again~
-
tommanlet me guess: the "solution" will be "we only support latest Chrome beta and nothing else, no more polyfills!"
-
frg_Awaycompromised polyfill.io is bad. Whitelised it on one site recently too. Seems not to have used a bad script but need to check now.
-
frg_AwayNow I kniw why I rarely see it these days in noscript.
-
frg_AwayMake sure to update the ublock badware list. Now in
-
nsITobinif this article mentions the phrase "the supply chain" ...
-
nsITobinCALLED IT
-
nsITobinoh my god.. this is EXACTLY a situation I predicted back in the mid-2010s
-
nsITobinI didn't even know polyfill.io died
-
nsITobinand why the HELL didn't someone keep the domain active.. even if it 404'd or null routed requests..
-
nsITobinthis is all being spun tho to bring in the need to secure javascript its self..
-
nsITobinI predict javascript will require digital certificates verificing the authinticity of scripts if not bytecode as a requirement to secure the web against these attacks
-
nsITobinfrg_Away tomman
-
frg_AwayThey sold it so it was active.... :)
-
nsITobindweio
-
nsITobinthey sold it
-
nsITobinirresponsibly
-
nsITobinthey should be held accountable
-
njsgnsITobin: what, you mean someone'll claim SSL isn't enough? :-)
-
nsITobinYes
-
nsITobinit already isn't enough just like only TWO factors wasn't enough
-
nsITobinnothing is ever enough when it A is shrounded in the OpenWeb and B is in the name of security