Code signing doesn't solve everything because there are so many places where malicious code can creep into downloadable software. Source attestation is like a bill of materials with signed receipts.

Responded to @kasparsd:

Found via: https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/

Using browser cache for cookie-less user tracking is really smart. Assigning an identifier as Last-Modified or Etag response header and then tracking those subsequent requests seems unstoppable.

Is this why cross-domain requests have their isolated caches even for things like Google fonts, JS libraries, etc?

Responded to @kasparsd:

Here is the job posting: https://boards.greenhouse.io/anthropic/jobs/4497958008

Please don't use AI when applying for AI jobs 😂

GitHub Copilot is catching up with Cursor:

– An "agent mode" that allows chat and edit to work across all project files.

– The improved autocomplete now suggests the next edits you might want to make outside of the current line of code (defining additional class attributes, for example).

– With prompt files you can have an AI-specific documentation within your project to provide context for code preferences, architecture, etc.

Here is a video walkthrough: https://www.youtube.com/watch?v=C95drFKy4ss

Today I learned that Twitter allows changing password without asking for the second factor. Anyone with access to a valid session can simply change the password and lock you out. Same with account email apparently.

They do have this additional toggle for password resets (if email access is compromised, for example) but that is also disabled by default.

Did you know that ChatGPT is adding utm_source to every link in the response sources and citations? Make sure you're tracking that in your analytics!

Responded to @jimniels:

@jimniels Most web servers compress the content for transport. I wonder if minifying the source has any impact on that compresses size, do you know?

Responded to @kasparsd:

Learn more: https://github.com/wpelevator/perf-bench

Created "Perf Bench" to generate all kinds of web performance tests. It is a single PHP file (inside Docker) that maps query args to feature flags. A helper script can generate all permutations of the supported feature flags which can then be used by any other benchmarking tool.

Boost your block theme performance in by preloading the new custom fonts added in WordPress 6.5. Here is how: https://wpelevator.com/guides/block-theme-performance

Why is that WordPress doesn’t offer system font stacks out of the box?

Tested a bunch of Meshtastic antennas for 868MHz (EU) frequencies and only two of them are actually usable. That's very frustrating for users because they will never know the reality without testing.

Responded to @kasparsd:

Learn more at: https://formcontrols.com

Just release version 0.10.0 of Controls for Contact Form 7 which enables native WordPress shortcodes in the form content.

Responded to @mattwiebe:

@mattwiebe Got it, thank you! Upgrade routines like that are a pain.

Responded to @mattwiebe:

@mattwiebe @jeremy @wilhelm @photomatt @pfefferle What was the issue? Do you have a link to the offending change?

To catch the hardest bugs, your WordPress development environment should be:

1. a sub-directory multisite,
2. with WP core in a sub-directory,
3. with wp-contents at the root (outside of core)

What am I missing?

Fonts create an immediate emotion. Some are classy and expensive while others are playful and fun. Good fonts are the ones you don't notice — they just add clarity to the message and brand.

I feel like Drupal could significantly improve the perception of their brand and value by updating the front stack.