17·
3 months agoI use uMatrix (uBlock’s big brother), so sites that do this generally lose first-party JS privileges real fast.
valaramech
- 0 Posts
- 5 Comments
Joined 2 years ago
Cake day: June 14th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
31·9 months agoIn my experience, first-party JavaScript is more likely to be updated so rarely that bugs and exploits are more likely than supply chain attacks. If I heard about NPM getting attacked as often as I hear about CDNs getting attacked, I’d be more concerned.
I actively do this with uMatrix - granted, I only block non-first-party JavaScript. Most sites I visit only require a few domains to be enabled to function. The ones that don’t are mostly ad-riddled news sites.
There are a few exceptions to this - AWS and Atlassian come to mind - but the majority of what I see on the internet does actually work more or less fine when you block non-first-party JavaScript and some even when you do that. uMatrix also has handy bundles built-in for certain things like sites that embed YouTube, for example, that make this much easier.
Blocking non-first-party like I do does actually solve this issue for the most part, since, according to the article, only bundles that come from the cdn.polyfill.io domain itself that were the problem.
A PiHole functions has a full DNS server. You can configure it to serve any arbitrary records you like - which is basically how it overrides ad domains to prevent them from loading.
So, if you know the IP address that a particular domain is supposed to route to, you configure the PiHole to respond with that IP address for that domain. So, it doesn’t matter that the major DNS servers return junk because your PiHole never asks them.
My understanding is that running most of BlueSky is possible on small to moderate hardware. However, running all of BlueSky requires basically cloning 100% of all the content on BlueSky (which, as of Nov 2024, was ~5 TB).
So, like, yes, one can run part of BlueSky or a clone of BlueSky which has none of the main instance’s user’s content without much trouble, but actually running an entire BlueSky stack is eventually going to become cost prohibitive.
I found this write-up to be enlightening on the subject.