14:28:56 <tomman> https://www.theregister.com/2024/06/25/polyfillio_china_crisis/ the JavaScript pandemic hits again~
14:33:41 <tomman> let me guess: the "solution" will be "we only support latest Chrome beta and nothing else, no more polyfills!"
15:12:17 <frg_Away> compromised polyfill.io is bad. Whitelised it on one site recently too. Seems not to have used a bad script but need to check now.
15:13:34 <frg_Away> Now I kniw why I rarely see it these days in noscript.
15:33:28 <frg_Away> Make sure to update the ublock badware list. Now in
16:54:47 <nsITobin> if this article mentions the phrase "the supply chain" ...
16:55:24 <nsITobin> CALLED IT
16:55:54 <nsITobin> oh my god.. this is EXACTLY a situation I predicted back in the mid-2010s
16:58:12 <nsITobin> I didn't even know polyfill.io died
16:59:31 <nsITobin> and why the HELL didn't someone keep the domain active.. even if it 404'd or null routed requests..
17:01:00 <nsITobin> this is all being spun tho to bring in the need to secure javascript its self..
17:02:40 <nsITobin> I predict javascript will require digital certificates verificing the authinticity of scripts if not bytecode as a requirement to secure the web against these attacks
17:02:48 <nsITobin> frg_Away tomman
17:07:23 <frg_Away> They sold it so it was active.... :)
17:08:57 <nsITobin> dweio
17:09:01 <nsITobin> they sold it
17:09:09 <nsITobin> irresponsibly
17:09:16 <nsITobin> they should be held accountable
17:25:03 <njsg> nsITobin: what, you mean someone'll claim SSL isn't enough? :-)
17:25:21 <nsITobin> Yes
17:25:43 <nsITobin> it already isn't enough just like only TWO factors wasn't enough
17:26:15 <nsITobin> nothing is ever enough when it A is shrounded in the OpenWeb and B is in the name of security