Very interesting, I didnโ€™t realise that subresource integrity was entirely missing from the ESM spec. So what this would mean is that, with ESM, any code loaded from any CDN could contain a potential government backdoor. How is this not a bigger issue?

https://github.com/skypackjs/skypack-cdn/issues/135

(Iโ€™m saying a government backdoor because it would most likely take a state-level actor to force a CDN company to do that but it could, of course, be a disgruntled employee or cracker.)

#js #security #esm #cdn #backdoor



๐™‰๐™ซ๐™ž๐™™๐™ž๐™– ๐™‡๐™ž๐™ฃ๐™ช๐™ญ ๐™™๐™ง๐™ž๐™ซ๐™š๐™ง๐™จ ๐™˜๐™–๐™ช๐™จ๐™ž๐™ฃ๐™œ ๐™ง๐™–๐™ฃ๐™™๐™ค๐™ข ๐™๐™–๐™ง๐™™ ๐™˜๐™ง๐™–๐™จ๐™๐™š๐™จ ๐™–๐™ฃ๐™™ ๐™ฃ๐™ค๐™ฌ ๐™– ๐™ข๐™–๐™Ÿ๐™ค๐™ง ๐™จ๐™š๐™˜๐™ช๐™ง๐™ž๐™ฉ๐™ฎ ๐™ง๐™ž๐™จ๐™  ๐™จ๐™ฉ๐™ž๐™ก๐™ก ๐™ฃ๐™ค๐™ฉ ๐™›๐™ž๐™ญ๐™š๐™™ ๐™–๐™›๐™ฉ๐™š๐™ง ๐™›๐™ž๐™ซ๐™š ๐™ข๐™ค๐™ฃ๐™ฉ๐™๐™จ

The Nvidia Linux drivers have never been good but whatever has been happening at Nvidia for the past decade has to stop today.

This bug causes hard irrecoverable crashes from driver 440+. This issue is still happening 5+ months later with no end in sight.

#news #nvidia #vulnerability #linux #security #bug