What to Expect When Expecting Content Security Policy Reports
Zach Tollman goes deep on Content Security Policy reporting in browsers.
Blog
-
Shortcake Bakery
GitHub – wp-shortcake/shortcake-bakery: A fine selection of shortcodes for WordPressA fine selection of shortcodes for WordPress. Contribute to wp-shortcake/shortcake-bakery development by creating an account on GitHub.
Shortcake + Shortcake Bakery = Easy PDF, JavaScript, iFrame, Facebook post, Scribd & Genius embeds from the team at Fusion.
There’s also a really nice image comparison tool. If you’re into that sort of thing. Which I am.
-
Scaling WordPress queries with Elasticsearch
Scaling WP Queries with Elasticsearch – The Agile Content Platform | WordPress VIPTo try and surface better content to users, there are taxonomies and meta queries that normally don’t get used anywhere else.
File under: Cool shit you can do with Elasticsearch.
-
Stop using tail -f (mostly)
Stop using tail -f (mostly)Stop using tail -f (mostly)Despite using the
lesscommand frequently, I had no clue that it could be used in place oftail -f. So useful! -
The WordPress Talent Shortage Might Be a Pricing Problem
The WordPress Talent Shortage Might Be a Pricing Problem | Andy AdamsAn interesting article — and ensuing discussion down in the comments — from Andy Adams. Definitely worth a read if you make even just a fraction of your living from doing WordPress dev work.
-
Too Many Images
GitHub – addyosmani/tmi: TMI (Too Many Images) – discover your image weight on the webTMI (Too Many Images) – discover your image weight on the web – GitHub – addyosmani/tmi: TMI (Too Many Images) – discover your image weight on the webI love single use command line tools. This one helps you determine a URL’s image weight and even lets you know where you should start optimizing.
-
Implementing Public Key Pinning
Implementing Public Key PinningWhile HPKP — which helps reduce the attack surface for man-in-the-middle attacks against HTTPS traffic — is only supported in a very small handful of recent Chrome and Firefox builds, it never hurts to get ahead of the curve. Especially when it comes to your site’s security.
-
Cacio e Pepe Ramen
In a flash of epicurean genius, Sarah decided to whip up a batch of David Chang‘s Cacio e Pepe Ramen for dinner last night. And while it’s not something I’d eat all the time — it was actually super rich — I wouldn’t be against downing another bowl of it at some point in the (nearish) future.
-
Debunking the Hot Buttered Hype
Bulletproof Coffee: Debunking the Hot Buttered HypePeople are putting butter in their coffee. And hey, if you’re just craving a new flavor experience, more power to you. The problem is that Bulletproof Coffee, the company behind the trend, is claiming that drinking a mug of fatty joe every morning instead of eating breakfast is a secret shortcut to weight loss and…
Great in-depth analysis from Gizmodo covering every last bullshit claim made about Bulletproof Coffee.
-
WPScan Licensing
WPScan LicensingWhen you first release software online you don’t put too much thought into the software license (I didn’t at least). You have no idea if the project will tak…
It looks like the WordPress security tool WPScan is looking to move away from the GNU GPL license for their software. That’s rather unfortunate, but after reading about companies trying to repackage and sell WPScan as their own work, I totally get where they’re coming from.
Chasing these companies takes time, sometimes a whole day of emails back and forth arguing the intricacies of the GNU GPL while they try and weasel their way out of complying to our license. This takes a lot of my time away from the important stuff, working on WPScan and the WPScan Vulnerability Database. Because of this I decided to add a clause to the license. If you want to sell WPScan you can pay for a commercial license, otherwise you can use it under the GNU GPL.
After a few months with this license it was pointed out to me that the GNU GPL does not allow these kind of clauses. What some individuals and companies decided was a ‘loophole’.
Their new (proposed) license has been posted as a Gist — which I’ve embedded below — and the developers are welcoming feedback.
If you’re schooled in Public/Open Source software licenses and are interested in the future of WordPress security tools, go leave a comment!