Honeypot.net logo Honeypot.net

Polyfill supply chain attack hits 100K+ sites:

The polyfill.js is a popular open source library to support older browsers. 100K+ sites embed it using the cdn.polyfill.io domain. Notable users are JSTOR, Intuit and World Economic Forum. However, in February this year, a Chinese company bought the domain and the Github account. Since then, this domain was caught injecting malware on mobile devices via any site that embeds cdn.polyfill.io.

This is fine.

The pattern matching on this shirt pocket makes me smile every time I see it.

A photo of a shirt pocket. The cloth is white with a grid of small blue and yellow lines. The pocket is so aligned with the shirt that it’s nearly invisible, except that a large coin is sticking out the top to highlight where pocket ends and shirt begins. Someone was paying attention at that factory.

I’ll be seeing this in my nightmares tonight.

A store window is full of porcelain baby dolls sitting on cotton clouds. Many are dressed as angels. Their eyes look haunted. They can see you.

Crab cake Benedict, Red House Cafe, Pacific Grove, California.

A plate of poached eggs Benedict over a croissant, and rosemary roasted potatoes.

I just got the happy news that a Firewalla Gold Pro 10Gbps firewall is on its way soon. Today we’re limited to 2.5Gbps Internet connections because that’s what the current Firewalla Gold supports. Of course, now I also have to upgrade our other switches to match it.

This is shaping up to be an early Christmas.

Never doubt that Apple is the master of packaging. My replacement credit card came in the mail today in this unnecessarily beautiful wrapper.

A slightly off-white heavy stock envelope with rounded corners and an embossed Apple logo.

The envelope itself has an NFC chip. You touch your phone to it to activate the card inside.

A rainbow-colored cardboard sleeve with a titanium credit card nestled inside a perfectly-sized cutout.

For Science™ I read the NFC with my Flipper Zero. It didn’t seem to contain any personal information. My guess is it’s a code that the phone interprets as “open the Wallet app and activate that credit card we told you was on the way”.

Oakland Mayor Sheng Thao's home raided by FBI agents - CBS San Francisco

Oakland Mayor Sheng Thao’s home raided by FBI agents - CBS San Francisco:

In an emailed statement to CBS News Bay Area, the FBI said, “The FBI is conducting court authorized law enforcement activity on Maiden Lane. We are unable to provide additional information at this time.”

Election officials just announced that Thao’s recall election petitions met the criteria to be put to ballot. This hasn’t been a pleasant week for her.

EU today decided to postpone a vote of their ridiculous “Chat Control” anti-privacy law. That a government would even consider it is a reminder of the critical importance of distributed, federated systems. A website operated out of Brazil isn’t subject to EU law. A Mastodon server in France can ignore bad US laws. A private mailserver in California doesn’t care about China’s laws.

Huge companies like Meta and Google with international business presences have to follow dumb regulations from around the whole world. You and I do not. This is our strength.