Podcasts about WebP

Francois Daost is a W3C staff member and co-chair of the Web Developer Experience Community Group. We discuss the W3C's role and what it's like to go through the browser standardization process. Related links W3C TC39 Internet Engineering Task Force Web Hypertext Application Technology Working Group (WHATWG) Horizontal Groups Alliance for Open Media What is MPEG-DASH? | HLS vs. DASH Information about W3C and Encrypted Media Extensions (EME) Widevine PlayReady Media Source API Encrypted Media Extensions API requestVideoFrameCallback() Business Benefits of the W3C Patent Policy web.dev Baseline Portable Network Graphics Specification Internet Explorer 6 CSS Vendor Prefix WebRTC Transcript You can help correct transcripts on GitHub. Intro [00:00:00] Jeremy: today I'm talking to Francois Daoust. He's a staff member at the W3C. And we're gonna talk about the W3C and the recommendation process and discuss, Francois's experience with, with how these features end up in our browsers. [00:00:16] Jeremy: So, Francois, welcome [00:00:18] Francois: Thank you Jeremy and uh, many thanks for the invitation. I'm really thrilled to be part of this podcast. What's the W3C? [00:00:26] Jeremy: I think many of our listeners will have heard about the W3C, but they may not actually know what it is. So could you start by explaining what it is? [00:00:37] Francois: Sure. So W3C stands for the Worldwide Web Consortium. It's a standardization organization. I guess that's how people should think about W3C. it was created in 1994. I, by, uh, Tim Berners Lee, who was the inventor of the web. Tim Berners Lee was the, director of W3C for a long, long time. [00:01:00] Francois: He retired not long ago, a few years back. and W3C is, has, uh, a number of, uh. Properties, let's say first the goal is to produce royalty free standards, and that's very important. Uh, we want to make sure that, uh, the standard that get produced can be used and implemented without having to pay, fees to anyone. [00:01:23] Francois: We do web standards. I didn't mention it, but it's from the name. Standards that you find in your web browsers. But not only that, there are a number of other, uh, standards that got developed at W3C including, for example, XML. Data related standards. W3C as an organization is a consortium. [00:01:43] Francois: The, the C stands for consortium. Legally speaking, it's a, it's a 501c3 meaning in, so it's a US based, uh, legal entity not for profit. And the, the little three is important because it means it's public interest. That means we are a consortium, that means we have members, but at the same time, the goal, the mission is to the public. [00:02:05] Francois: So we're not only just, you know, doing what our members want. We are also making sure that what our members want is aligned with what end users in the end, need. and the W3C has a small team. And so I'm part of this, uh, of this team worldwide. Uh, 45 to 55 people, depending on how you count, mostly technical people and some, uh, admin, uh, as well, overseeing the, uh, the work, that we do, uh, at the W3C. Funding through membership fees [00:02:39] Jeremy: So you mentioned there's 45 to 55 people. How is this funded? Is this from governments or commercial companies? [00:02:47] Francois: The main source comes from membership fees. So the W3C has a, so members, uh, roughly 350 members, uh, at the W3C. And, in order to become a member, an organization needs to pay, uh, an annual membership fee. That's pretty common among, uh, standardization, uh, organizations. [00:03:07] Francois: And, we only have, uh, I guess three levels of membership, fees. Uh, well, you may find, uh, additional small levels, but three main ones. the goal is to make sure that, A big player will, not a big player or large company, will not have more rights than, uh, anything, anyone else. So we try to make sure that a member has the, you know, all members have equal, right? [00:03:30] Francois: if it's not perfect, but, uh, uh, that's how things are, are are set. So that's the main source of income for the W3C. And then we try to diversify just a little bit to get, uh, for example, we go to governments. We may go to governments in the u EU. We may, uh, take some, uh, grant for EU research projects that allow us, you know, to, study, explore topics. [00:03:54] Francois: Uh, in the US there, there used to be some, uh, some funding from coming from the government as well. So that, that's, uh, also, uh, a source. But the main one is, uh, membership fees. Relations to TC39, IETF, and WHATWG [00:04:04] Jeremy: And you mentioned that a lot of the W3C'S work is related to web standards. There's other groups like TC 39, which works on the JavaScript spec and the IETF, which I believe worked, with your group on WebRTC, I wonder if you could explain W3C'S connection to other groups like that. [00:04:28] Francois: sure. we try to collaborate with a, a number of, uh, standard other standardization organizations. So in general, everything goes well because you, you have, a clear separation of concerns. So you mentioned TC 39. Indeed. they are the ones who standardize, JavaScript. Proper name of JavaScript is the EcmaScript. [00:04:47] Francois: So that's tc. TC 39 is the technical committee at ecma. and so we have indeed interactions with them because their work directly impact the JavaScript that you're going to find in your, uh, run in your, in your web browser. And we develop a number of JavaScript APIs, uh, actually in W3C. [00:05:05] Francois: So we need to make sure that, the way we develop, uh, you know, these APIs align with the, the language itself. with IETF, the, the, the boundary is, uh, uh, is clear as well. It's a protocol and protocol for our network protocols for our, the IETF and application level. For W3C, that's usually how the distinction is made. [00:05:28] Francois: The boundaries are always a bit fuzzy, but that's how things work. And usually, uh, things work pretty well. Uh, there's also the WHATWG, uh, and the WHATWG is more the, the, the history was more complicated because, uh, t of a fork of the, uh, HTML specification, uh, at the time when it was developed by W3C, a long time ago. [00:05:49] Francois: And there was been some, uh, Well disagreement on the way things should have been done, and the WHATWG took over got created, took, took this the HTML spec and did it a different way. Went in another, another direction, and that other, other direction actually ended up being the direction. [00:06:06] Francois: So, that's a success, uh, from there. And so, W3C no longer works, no longer owns the, uh, HTML spec and the WHATWG has, uh, taken, uh, taken up a number of, uh, of different, core specifications for the web. Uh, doing a lot of work on the, uh, on interopoerability and making sure that, uh, the algorithm specified by the spec, were correct, which, which was something that historically we haven't been very good at at W3C. [00:06:35] Francois: And the way they've been working as a, has a lot of influence on the way we develop now, uh, the APIs, uh, from a W3C perspective. [00:06:44] Jeremy: So, just to make sure I understand correctly, you have TC 39, which is focused on the JavaScript or ECMAScript language itself, and you have APIs that are going to use JavaScript and interact with JavaScript. So you need to coordinate there. The, the have the specification for HTML. then the IATF, they are, I'm not sure if the right term would be, they, they would be one level lower perhaps, than the W3C. [00:07:17] Francois: That's how you, you can formulate it. Yes. The, the one layer, one layer layer in the ISO network in the ISO stack at the network level. How WebRTC spans the IETF and W3C [00:07:30] Jeremy: And so in that case, one place I've heard it mentioned is that webRTC, to, to use it, there is an IETF specification, and then perhaps there's a W3C recommendation and [00:07:43] Francois: Yes. so when we created the webRTC working group, that was in 2011, I think, it was created with a dual head. There was one RTC web, group that got created at IETF and a webRTC group that got created at W3C. And that was done on purpose. Of course, the goal was not to compete on the, on the solution, but actually to, have the two sides of the, uh, solution, be developed in parallel, the API, uh, the application front and the network front. [00:08:15] Francois: And there was a, and there's still a lot of overlap in, uh, participation between both groups, and that's what keep things successful. In the end. It's not, uh, you know, process or organization to organization, uh, relationships, coordination at the organization level. It's really the fact that you have participants that are essentially the same, on both sides of the equation. [00:08:36] Francois: That helps, uh, move things forward. Now, webRTC is, uh, is more complex than just one group at IETF. I mean, web, webRTC is a very complex set of, uh, of technologies, stack of technologies. So when you, when you. Pull a little, uh, protocol from IETFs. Suddenly you have the whole IETF that comes with you with it. [00:08:56] Francois: So you, it's the, you have the feeling that webRTC needs all of the, uh, internet protocols that got, uh, created to work Recommendations [00:09:04] Jeremy: And I think probably a lot of web developers, they may hear words like specification or standard, but I believe the, the official term, at least at the W3C, is this recommendation. And so I wonder if you can explain what that means. [00:09:24] Francois: Well. It means it means standard in the end. and that came from industry. That comes from a time where. As many standardization organizations. W3C was created not to be a standardization organization. It was felt that standard was not the right term because we were not a standardization organization. [00:09:45] Francois: So recommend IETF has the same thing. They call it RFC, request for comment, which, you know, stands for nothing in, and yet it's a standard. So W3C was created with the same kind of, uh thing. We needed some other terminology and we call that recommendation. But in the end, that's standard. It's really, uh, how you should see it. [00:10:08] Francois: And one thing I didn't mention when I, uh, introduced the W3C is there are two types of standards in the end, two main categories. There are, the de jure standards and defacto standards, two families. The de jure standards are the ones that are imposed by some kind of regulation. so it's really usually a standard you see imposed by governments, for example. [00:10:29] Francois: So when you look at your electric plug at home, there's some regulation there that says, this plug needs to have these properties. And that's a standard that gets imposed. It's a de jure standard. and then there are defacto standards which are really, uh, specifications that are out there and people agree to use it to implement it. [00:10:49] Francois: And by virtue of being used and implemented and used by everyone, they become standards. the, W3C really is in the, uh, second part. It's a defacto standard. IETF is the same thing. some of our standards are used in, uh, are referenced in regulations now, but, just a, a minority of them, most of them are defacto standards. [00:11:10] Francois: and that's important because that's in the end, it doesn't matter what the specific specification says, even though it's a bit confusing. What matters is that the, what the specifications says matches what implementations actually implement, and that these implementations are used, and are used interoperably across, you know, across browsers, for example, or across, uh, implementations, across users, across usages. [00:11:36] Francois: So, uh, standardization is a, is a lengthy process. The recommendation is the final stage in that, lengthy process. More and more we don't really reach recommendation anymore. If you look at, uh, at groups, uh, because we have another path, let's say we kind of, uh, we can stop at candidate recommendation, which is in theoretically a step before that. [00:12:02] Francois: But then you, you can stay there and, uh, stay there forever and publish new candidate recommendations. Um, uh, later on. What matters again is that, you know, you get this, virtuous feedback loop, uh, with implementers, and usage. [00:12:18] Jeremy: So if the candidate recommendation ends up being implemented by all the browsers, what's ends up being the distinction between a candidate and one that's a normal recommendation. [00:12:31] Francois: So, today it's mostly a process thing. Some groups actually decide to go to rec Some groups decide to stay at candidate rec and there's no formal difference between the, the two. we've made sure we've adopted, adjusted the process so that the important bits that, applied at the recommendation level now apply at the candidate rec level. Royalty free patent access [00:13:00] Francois: And by important things, I mean the patent commitments typically, uh, the patent policy fully applies at the candidate recommendation level so that you get your, protection, the royalty free patent protection that we, we were aiming at. [00:13:14] Francois: Some people do not care, you know, but most of the world still works with, uh, with patents, uh, for good, uh, or bad reasons. But, uh, uh, that's how things work. So we need to make, we're trying to make sure that we, we secure the right set of, um, of patent commitments from the right set of stakeholders. [00:13:35] Jeremy: Oh, so when someone implements a W3C recommendation or a candidate recommendation, the patent holders related to that recommendation, they basically agree to allow royalty-free use of that patent. [00:13:54] Francois: They do the one that were involved in the working group, of course, I mean, we can't say anything about the companies out there that may have patents and uh, are not part of this standardization process. So there's always, It's a remaining risk. but part of the goal when we create a working group is to make sure that, people understand the scope. [00:14:17] Francois: Lawyers look into it, and the, the legal teams that exist at the all the large companies, basically gave a green light saying, yeah, we, we we're pretty confident that we, we know where the patterns are on this particular, this particular area. And we are fine also, uh, letting go of the, the patterns we own ourselves. Implementations are built in parallel with standardization [00:14:39] Jeremy: And I think you had mentioned. What ends up being the most important is that the browser creators implement these recommendations. So it sounds like maybe the distinction between candidate recommendation and recommendation almost doesn't matter as long as you get the end result you want. [00:15:03] Francois: So, I mean, people will have different opinions, uh, in the, in standardization circles. And I mentioned also W3C is working on other kind of, uh, standards. So, uh, in some other areas, the nuance may be more important when we, but when, when you look at specification, that's target, web browsers. we've switched from a model where, specs were developed first and then implemented to a model where specs and implementing implementations are being, worked in parallel. [00:15:35] Francois: This actually relates to the evolution I was mentioning with the WHATWG taking over the HTML and, uh, focusing on the interoperability issues because the starting point was, yeah, we have an HTML 4.01 spec, uh, but it's not interoperable because it, it's not specified, are number of areas that are gray areas, you can implement them differently. [00:15:59] Francois: And so there are interoperable issues. Back to candidate rec actually, the, the, the, the stage was created, if I remember correctly. uh, if I'm, if I'm not wrong, the stage was created following the, uh, IE problem. In the CSS working group, IE6, uh, shipped with some, version of a CSS that was in the, as specified, you know, the spec was saying, you know, do that for the CSS box model. [00:16:27] Francois: And the IE6 was following that. And then the group decided to change, the box model and suddenly IE6 was no longer compliant. And that created a, a huge mess on the, in the history of, uh, of the web in a way. And so the, we, the, the, the, the candidate recommendation sta uh, stage was introduced following that to try to catch this kind of problems. [00:16:52] Francois: But nowadays, again, we, we switch to another model where it's more live. and so we, you, you'll find a number of specs that are not even at candidate rec level. They are at the, what we call a working draft, and they, they are being implemented, and if all goes well, the standardization process follows the implementation, and then you end up in a situation where you have your candidate rec when the, uh, spec ships. [00:17:18] Francois: a recent example would be a web GPU, for example. It, uh, it has shipped in, uh, in, in Chrome shortly before it transition to a candidate rec. But the, the, the spec was already stable. and now it's shipping uh, in, uh, in different browsers, uh, uh, safari, uh, and uh, and uh, and uh, Firefox. And so that's, uh, and that's a good example of something that follows, uh, things, uh, along pretty well. But then you have other specs such as, uh, in the media space, uh, request video frame back, uh, frame, call back, uh, requestVideoFrameCallback() is a short API that allows you to get, you know, a call back whenever the, the browser renders a video frame, essentially. [00:18:01] Francois: And that spec is implemented across browsers. But from a W3C specific, perspective, it does not even exist. It's not on the standardization track. It's still being incubated in what we call a community group, which is, you know, some something that, uh, usually exists before. we move to the, the standardization process. [00:18:21] Francois: So there, there are examples of things where some things fell through the cracks. All the standardization process, uh, is either too early or too late and things that are in spec are not exactly what what got implemented or implementations are too early in the process. We we're doing a better job, at, Not falling into a trap where someone ships, uh, you know, an implementation and then suddenly everything is frozen. You can no longer, change it because it's too late, it shipped. we've tried, different, path there. Um, mentioned CSS, the, there was this kind of vendor prefixed, uh, properties that used to be, uh, the way, uh, browsers were deploying new features without, you know, taking the final name. [00:19:06] Francois: We are trying also to move away from it because same thing. Then in the end, you end up with, uh, applications that have, uh, to duplicate all the properties, the CSS properties in the style sheets with, uh, the vendor prefixes and nuances in the, in what it does in, in the end. [00:19:23] Jeremy: Yeah, I, I think, is that in CSS where you'll see --mozilla or things like that? Why requestVideoFrameCallback doesn't have a formal specification [00:19:30] Jeremy: The example of the request video frame callback. I, I wonder if you have an opinion or, or, or know why that ended up the way it did, where the browsers all implemented it, even though it was still in the incubation stage. [00:19:49] Francois: On this one, I don't have a particular, uh, insights on whether there was a, you know, a strong reason to implement it,without doing the standardization work. [00:19:58] Francois: I mean, there are, it's not, uh, an IPR (Intellectual Property Rights) issue. It's not, uh, something that, uh, I don't think the, the, the spec triggers, uh, you know, problems that, uh, would be controversial or whatever. [00:20:10] Francois: Uh, so it's just a matter of, uh, there was no one's priority, and in the end, you end up with a, everyone's happy. it's, it has shipped. And so now doing the spec work is a bit,why spend time on something that's already shipped and so on, but the, it may still come back at some point with try to, you know, improve the situation. [00:20:26] Jeremy: Yeah, that's, that's interesting. It's a little counterintuitive because it sounds like you have the, the working group and it, it sounds like perhaps the companies or organizations involved, they maybe agreed on how it should work, and maybe that agreement almost made it so that they felt like they didn't need to move forward with the specification because they came to consensus even before going through that. [00:20:53] Francois: In this particular case, it's probably because it's really, again, it's a small, spec. It's just one function call, you know? I mean, they will definitely want a working group, uh, for larger specifications. by the way, actually now I know re request video frame call back. It's because the, the, the final goal now that it's, uh, shipped, is to merge it into, uh, HTML, uh, the HTML spec. [00:21:17] Francois: So there's a, there's an ongoing issue on the, the WHATWG side to integrate request video frame callback. And it's taking some time but see, it's, it's being, it, it caught up and, uh, someone is doing the, the work to, to do it. I had forgotten about this one. Um, [00:21:33] Jeremy: Tension from specification review (horizontal review) [00:21:33] Francois: so with larger specifications, organizations will want this kind of IPR regime they will want commit commitments from, uh, others, on the scope, on the process, on everything. So they will want, uh, a larger, a, a more formal setting, because that's part of how you ensure that things, uh, will get done properly. [00:21:53] Francois: I didn't mention it, but, uh, something we're really, uh, Pushy on, uh, W3C I mentioned we have principles, we have priorities, and we have, uh, specific several, uh, properties at W3C. And one of them is that we we're very strong on horizontal reviews of our specs. We really want them to be reviewed from an accessibility perspective, from an internationalization perspective, from a privacy and security, uh, perspective, and, and, and a technical architecture perspective as well. [00:22:23] Francois: And that's, these reviews are part of the formal process. So you, all specs need to undergo these reviews. And from time to time, that creates tension. Uh, from time to time. It just works, you know. Goes without problem. a recurring issue is that, privacy and security are hard. I mean, it's not an easy problem, something that can be, uh, solved, uh, easily. [00:22:48] Francois: Uh, so there's a, an ongoing tension and no easy way to resolve it, but there's an ongoing tension between, specifying powerful APIs and preserving privacy without meaning, not exposing too much information to applications in the media space. You can think of the media capabilities, API. So the media space is a complicated space. [00:23:13] Francois: Space because of codecs. codecs are typically not relative free. and so browsers decide which codecs they're going to support, which audio and video codecs they, they're going to support and doing that, that creates additional fragmentation, not in the sense that they're not interoperable, but in the sense that applications need to choose which connect they're going to ship to stream to the end user. [00:23:39] Francois: And, uh, it's all the more complicated that some codecs are going to be hardware supported. So you will have a hardware decoder in your, in your, in your laptop or smartphone. And so that's going to be efficient to decode some, uh, some stream, whereas some code are not, are going to be software, based, supported. [00:23:56] Francois: Uh, and that may consume a lot of CPU and a lot of power and a lot of energy in the end. So you, you want to avoid that if you can, uh, select another thing. Even more complex than, codecs have different profiles, uh, lower end profiles higher end profiles with different capabilities, different features, uh, depending on whether you're going to use this or that color space, for example, this or that resolution, whatever. [00:24:22] Francois: And so you want to surface that to web applications because otherwise, they can't. Select, they can't choose, the right codec and the right, stream that they're going to send to the, uh, client devices. And so they're not going to provide an efficient user experience first, and even a sustainable one in terms of energy because they, they're going to waste energy if they don't send the right stream. [00:24:45] Francois: So you want to surface that to application. That's what the media, media capabilities, APIs, provides. Privacy concerns [00:24:51] Francois: Uh, but at the same time, if you expose that information, you end up with ways to fingerprint the end user's device. And that in turn is often used to track users across, across sites, which is exactly what we don't want to have, uh, for privacy reasons, for obvious privacy reasons. [00:25:09] Francois: So you have to balance that and find ways to, uh, you know, to expose. Capabilities without, without necessarily exposing them too much. Uh, [00:25:21] Jeremy: Can you give an example of how some of those discussions went? Like within the working group? Who are the companies or who are the organizations that are arguing for We shouldn't have this capability because of the privacy concerns, or [00:25:40] Francois: In a way all of the companies, have a vision of, uh, of privacy. I mean, the, you will have a hard time finding, you know, members saying, I don't care about privacy. I just want the feature. Uh, they all have privacy in mind, but they may have a different approach to privacy. [00:25:57] Francois: so if you take, uh, let's say, uh, apple and Google would be the, the, I guess the perfect examples in that, uh, in that space, uh, Google will have a, an approach that is more open-ended thing. The, the user agents has this, uh, should check what the, the, uh, given site is doing. And then if it goes beyond, you know, some kind of threshold, they're going to say, well, okay, well, we'll stop exposing data to that, to that, uh, to that site. [00:26:25] Francois: So that application. So monitor and react in a way. apple has a more, uh, you know, has a stricter view on, uh, on privacy, let's say. And they will say, no, we, the, the, the feature must not exist in the first place. Or, but that's, I mean, I guess, um, it's not always that extreme. And, uh, from time to time it's the opposite. [00:26:45] Francois: You will have, uh, you know, apple arguing in one way, uh, which is more open-ended than the, uh, than, uh, than Google, for example. And they are not the only ones. So in working groups, uh, you will find the, usually the implementers. Uh, so when we talk about APIs that get implemented in browsers, you want the core browsers to be involved. [00:27:04] Francois: Uh, otherwise it's usually not a good sign for, uh, the success of the, uh, of the technology. So in practice, that means Apple, uh, Microsoft, Mozilla which one did I forget? [00:27:15] Jeremy: Google. [00:27:16] Francois: I forgot Google. Of course. Thank you. that's, uh, that the, the core, uh, list of participants you want to have in any, uh, group that develops web standards targeted at web browsers. Who participates in working groups and how much power do they have? [00:27:28] Francois: And then on top of that, you want, organizations and people who are directly going to use it, either because they, well the content providers. So in media, for example, if you look at the media working group, you'll see, uh, so browser vendors, the ones I mentioned, uh, content providers such as the BBC or Netflix. [00:27:46] Francois: Chip set vendors would, uh, would be there as well. Intel, uh, Nvidia again, because you know, there's a hardware decoding in there and encoding. So media is, touches on, on, uh, on hardware, uh, device manufacturer in general. You may, uh, I think, uh, I think Sony is involved in the, in the media working group, for example. [00:28:04] Francois: and these companies are usually less active in the spec development. It depends on the groups, but they're usually less active because the ones developing the specs are usually the browser again, because as I mentioned, we develop the specs in parallel to browsers implementing it. So they have the. [00:28:21] Francois: The feedback on how to formulate the, the algorithms. and so that's this collection of people who are going to discuss first within themselves. W3C pushes for consensual dis decisions. So we hardly take any votes in the working groups, but from time to time, that's not enough. [00:28:41] Francois: And there may be disagreements, but let's say there's agreement in the group, uh, when the spec matches. horizontal review groups will look at the specs. So these are groups I mentioned, accessibility one, uh, privacy, internationalization. And these groups, usually the participants are, it depends. [00:29:00] Francois: It can be anything. It can be, uh, the same companies. It can be, but usually different people from the same companies. But it the, maybe organizations with a that come from very, a very different angle. And that's a good thing because that means the, you know, you enlarge the, the perspectives on your, uh, on the, on the technology. [00:29:19] Francois: and you, that's when you have a discussion between groups, that takes place. And from time to time it goes well from time to time. Again, it can trigger issues that are hard to solve. and the W3C has a, an escalation process in case, uh, you know, in case things degenerate. Uh, starting with, uh, the notion of formal objection. [00:29:42] Jeremy: It makes sense that you would have the, the browser. Vendors and you have all the different companies that would use that browser. All the different horizontal groups like you mentioned, the internationalization, accessibility. I would imagine that you were talking about consensus and there are certain groups or certain companies that maybe have more say or more sway. [00:30:09] Jeremy: For example, if you're a browser, manufacturer, your Google. I'm kind of curious how that works out within the working group. [00:30:15] Francois: Yes, it's, I guess I would be lying if I were saying that, uh, you know, all companies are strictly equal in a, in a, in a group. they are from a process perspective, I mentioned, you know, different membership fees with were design, special specific ethos so that no one could say, I'm, I'm putting in a lot of money, so you, you need to re you need to respect me, uh, and you need to follow what I, what I want to, what I want to do. [00:30:41] Francois: at the same time, if you take a company like, uh, like Google for example, they send, hundreds of engineers to do standardization work. That's absolutely fantastic because that means work progresses and it's, uh, extremely smart people. So that's, uh, that's really a pleasure to work with, uh, with these, uh, people. [00:30:58] Francois: But you need to take a step back and say, well, the problem is. Defacto that gives them more power just by virtue of, uh, injecting more resources into it. So having always someone who can respond to an issue, having always someone, uh, editing a spec defacto that give them more, uh, um, more say on the, on the directions that, get forward. [00:31:22] Francois: And on top of that, of course, they have the, uh, I guess not surprisingly, the, the browser that is, uh, used the most, currently, on the market so there's a little bit of a, the, the, we, we, we, we try very hard to make sure that, uh, things are balanced. it's not a perfect world. [00:31:38] Francois: the the role of the team. I mean, I didn't talk about the role of the team, but part of it is to make sure that. Again, all perspectives are represented and that there's not, such a, such big imbalance that, uh, that something is wrong and that we really need to look into it. so making sure that anyone, if they have something to say, make making sure that they are heard by the rest of the group and not dismissed. [00:32:05] Francois: That usually goes well. There's no problem with that. And again, the escalation process I mentioned here doesn't make any, uh, it doesn't make any difference between, uh, a small player, a large player, a big player, and we have small companies raising formal objections against some of our aspects that happens, uh, all large ones. [00:32:24] Francois: But, uh, that happens too. There's no magical solution, I guess you can tell it by the way. I, uh, I don't know how to formulate the, the process more. It's a human process, and that's very important that it remains a human process as well. [00:32:41] Jeremy: I suppose the role of, of staff and someone in your position, for example, is to try and ensure that these different groups are, are heard and it isn't just one group taking control of it. [00:32:55] Francois: That's part of the role, again, is to make sure that, uh, the, the process is followed. So the, I, I mean, I don't want to give the impression that the process controls everything in the groups. I mean, the, the, the groups are bound by the process, but the process is there to catch problems when they arise. [00:33:14] Francois: most of the time there are no problems. It's just, you know, again, participants talking to each other, talking with the rest of the community. Most of the work happens in public nowadays, in any case. So the groups work in public essentially through asynchronous, uh, discussions on GitHub repositories. [00:33:32] Francois: There are contributions from, you know, non group participants and everything goes well. And so the process doesn't kick in. You just never say, eh, no, you didn't respect the process there. You, you closed the issue. You shouldn't have a, it's pretty rare that you have to do that. Uh, things just proceed naturally because they all, everyone understands where they are, why, what they're doing, and why they're doing it. [00:33:55] Francois: we still have a role, I guess in the, in the sense that from time to time that doesn't work and you have to intervene and you have to make sure that,the, uh, exception is caught and, uh, and processed, uh, in the right way. Discussions are public on github [00:34:10] Jeremy: And you said this process is asynchronous in public, so it sounds like someone, I, I mean, is this in GitHub issues or how, how would somebody go and, and see what the results of [00:34:22] Francois: Yes, there, there are basically a gazillion of, uh, GitHub repositories under the, uh, W3C, uh, organization on GitHub. Most groups are using GitHub. I mean, there's no, it's not mandatory. We don't manage any, uh, any tooling. But the factors that most, we, we've been transitioning to GitHub, uh, for a number of years already. [00:34:45] Francois: Uh, so that's where the work most of the work happens, through issues, through pool requests. Uh, that's where. people can go and raise issues against specifications. Uh, we usually, uh, also some from time to time get feedback from developers and countering, uh, a bug in a particular implementations, which we try to gently redirect to, uh, the actual bug trackers because we're not responsible for the respons implementations of the specs unless the spec is not clear. [00:35:14] Francois: We are responsible for the spec itself, making sure that the spec is clear and that implementers well, understand how they should implement something. Why the W3C doesn't specify a video or audio codec [00:35:25] Jeremy: I can see how people would make that mistake because they, they see it's the feature, but that's not the responsibility of the, the W3C to implement any of the specifications. Something you had mentioned there's the issue of intellectual property rights and how when you have a recommendation, you require the different organizations involved to make their patents available to use freely. [00:35:54] Jeremy: I wonder why there was never any kind of, recommendation for audio or video codecs in browsers since you have certain ones that are considered royalty free. But, I believe that's never been specified. [00:36:11] Francois: At W3C you mean? Yes. we, we've tried, I mean, it's not for lack of trying. Um, uh, we've had a number of discussions with, uh, various stakeholders saying, Hey, we, we really need, an audio or video code for our, for the web. the, uh, png PNG is an example of a, um, an image format which got standardized at W3C and it got standardized at W3C similar reasons. There had to be a royalty free image format for the web, and there was none at the time. of course, nowadays, uh, jpeg, uh, and gif or gif, whatever you call it, are well, you know, no problem with them. But, uh, um, that at the time P PNG was really, uh, meant to address this issue and it worked for PNG for audio and video. [00:37:01] Francois: We haven't managed to secure, commitments by stakeholders. So willingness to do it, so it's not, it's not lack of willingness. We would've loved to, uh, get, uh, a royalty free, uh, audio codec, a royalty free video codec again, audio and video code are extremely complicated because of this. [00:37:20] Francois: not only because of patterns, but also because of the entire business ecosystem that exists around them for good reasons. You, in order for a, a codec to be supported, deployed, effective, it really needs, uh, it needs to mature a lot. It needs to, be, uh, added to at a hardware level, to a number of devices, capturing devices, but also, um, uh, uh, of course players. [00:37:46] Francois: And that takes a hell of a lot of time and that's why you also enter a number of business considerations with business contracts between entities. so I'm personally, on a personal level, I'm, I'm pleased to see, for example, the Alliance for Open Media working on, uh, uh, AV1, uh, which is. At least they, uh, they wanted to be royalty free and they've been adopting actually the W3C patent policy to do this work. [00:38:11] Francois: So, uh, we're pleased to see that, you know, they've been adopting the same process and same thing. AV1 is not yet at the same, support stage, as other, codecs, in the world Yeah, I mean in devices. There's an open question as what, what are we going to do, uh, in the future uh, with that, it's, it's, it's doubtful that, uh, the W3C will be able to work on a, on a royalty free audio, codec or royalty free video codec itself because, uh, probably it's too late now in any case. [00:38:43] Francois: but It's one of these angles in the, in the web platform where we wish we had the, uh, the technology available for, for free. And, uh, it's not exactly, uh, how things work in practice.I mean, the way codecs are developed remains really patent oriented. [00:38:57] Francois: and you will find more codecs being developed. and that's where geopolitics can even enter the, the, uh, the play. Because, uh, if you go to China, you will find new codecs emerging, uh, that get developed within China also, because, the other codecs come mostly from the US so it's a bit of a problem and so on. [00:39:17] Francois: I'm not going to enter details and uh, I would probably say stupid things in any case. Uh, but that, uh, so we continue to see, uh, emerging codecs that are not royalty free, and it's probably going to remain the case for a number of years. unfortunately, unfortunately, from a W3C perspective and my perspective of course. [00:39:38] Jeremy: There's always these new, formats coming out and the, rate at which they get supported in the browser, even on a per browser basis is, is very, there can be a long time between, for example, WebP being released and a browser supporting it. So, seems like maybe we're gonna be in that situation for a while where the codecs will come out and maybe the browsers will support them. Maybe they won't, but the, the timeline is very uncertain. Digital Rights Management (DRM) and Media Source Extensions [00:40:08] Jeremy: Something you had, mentioned, maybe this was in your, email to me earlier, but you had mentioned that some of these specifications, there's, there's business considerations like with, digital rights management and, media source extensions. I wonder if you could talk a little bit about maybe what media source extensions is and encrypted media extensions and, and what the, the considerations or challenges are there. [00:40:33] Francois: I'm going to go very, very quickly over the history of a, video and audio support on the web. Initially it was supported through plugins. you are maybe too young to, remember that. But, uh, we had extensions, added to, uh, a realplayer. [00:40:46] Francois: This kind of things flash as well, uh, supporting, uh, uh, videos, in web pages, but it was not provided by the web browsers themselves. Uh, then HTML5 changed the, the situation. Adding these new tags, audio and video, but that these tags on this, by default, support, uh, you give them a resources, a resource, like an image as it's an audio or a video file. [00:41:10] Francois: They're going to download this, uh, uh, video file or audio file, and they're going to play it. That works well. But as soon as you want to do any kind of real streaming, files are too large and to stream, to, to get, you know, to get just a single fetch on, uh, on them. So you really want to stream them chunk by chunk, and you want to adapt the resolution at which you send the stream based on real time conditions of the user's network. [00:41:37] Francois: If there's plenty of bandwidth you want to send the user, the highest possible resolution. If there's a, some kind of hiccup temporary in the, in the network, you really want to lower the resolution, and that's called adaptive streaming. And to get adaptive streaming on the web, well, there are a number of protocols that exist. [00:41:54] Francois: Same thing. Some many of them are proprietary and actually they remain proprietary, uh, to some extent. and, uh, some of them are over http and they are the ones that are primarily used in, uh, in web contexts. So DASH comes to mind, DASH for Dynamic Adaptive streaming over http. HLS is another one. Uh, initially developed by Apple, I believe, and it's, uh, HTTP live streaming probably. Exactly. And, so there are different protocols that you can, uh, you can use. Uh, so the goal was not to standardize these protocols because again, there were some proprietary aspects to them. And, uh, same thing as with codecs. [00:42:32] Francois: There was no, well, at least people wanted to have the, uh, flexibility to tweak parameters, adaptive streaming parameters the way they wanted for different scenarios. You may want to tweak the parameters differently. So they, they needed to be more flexibility on top of protocols not being truly available for use directly and for implementation directly in browsers. [00:42:53] Francois: It was also about providing applications with, uh, the flexibility they would need to tweak parameters. So media source extensions comes into play for exactly that. Media source extensions is really about you. The application fetches chunks of its audio and video stream the way it wants, and with the parameters it wants, and it adjusts whatever it wants. [00:43:15] Francois: And then it feeds that into the, uh, video or audio tag. and the browser takes care of the rest. So it's really about, doing, you know, the adaptive streaming. let applications do it, and then, uh, let the user agent, uh, the browser takes, take care of the rendering itself. That's media source extensions. [00:43:32] Francois: Initially it was pushed by, uh, Netflix. They were not the only ones of course, but there, there was a, a ma, a major, uh, proponent of this, uh, technical solution, because they wanted, uh, they, uh, they were, expanding all over the world, uh, with, uh, plenty of native, applications on all sorts of, uh, of, uh, devices. [00:43:52] Francois: And they wanted to have a way to stream content on the web as well. both for both, I guess, to expand to, um, a new, um, ecosystem, the web, uh, providing new opportunities, let's say. But at the same time also to have a fallback, in case they, because for native support on different platforms, they sometimes had to enter business agreements with, uh, you know, the hardware manufacturers, the whatever, the, uh, service provider or whatever. [00:44:19] Francois: and so that was a way to have a full back. That kind of work is more open, in case, uh, things take some time and so on. So, and they probably had other reasons. I mean, I'm not, I can't speak on behalf of Netflix, uh, on others, but they were not the only ones of course, uh, supporting this, uh, me, uh, media source extension, uh, uh, specification. [00:44:42] Francois: and that went kind of, well, I think it was creating 2011. I mean, the, the work started in 2011 and the recommendation was published in 2016, which is not too bad from a standardization perspective. It means only five years, you know, it's a very short amount of time. Encrypted Media Extensions [00:44:59] Francois: At the same time, and in parallel and complement to the media source extension specifications, uh, there was work on the encrypted media extensions, and here it was pushed by the same proponent in a way because they wanted to get premium content on the web. [00:45:14] Francois: And by premium content, you think of movies and, uh. These kind of beasts. And the problem with the, I guess the basic issue with, uh, digital asset such as movies, is that they cost hundreds of millions to produce. I mean, some cost less of course. And yet it's super easy to copy them if you have a access to the digital, uh, file. [00:45:35] Francois: You just copy and, uh, and that's it. Piracy uh, is super easy, uh, to achieve. It's illegal of course, but it's super easy to do. And so that's where the different legislations come into play with digital right management. Then the fact is most countries allow system that, can encrypt content and, uh, through what we call DRM systems. [00:45:59] Francois: so content providers, uh, the, the ones that have movies, so the studios here more, more and more, and Netflix is one, uh, one of the studios nowadays. Um, but not only, not only them all major studios will, uh, would, uh, push for, wanted to have something that would allow them to stream encrypted content, encrypted audio and video, uh, mostly video, to, uh, to web applications so that, uh, you. [00:46:25] Francois: Provide the movies, otherwise, they, they are just basically saying, and sorry, but, uh, this premium content will never make it to the web because there's no way we're gonna, uh, send it in clear, to, uh, to the end user. So Encrypting media extensions is, uh, is an API that allows to interface with, uh, what's called the content decryption module, CDM, uh, which itself interacts with, uh, the DR DRM systems that, uh, the browser may, may or may not support. [00:46:52] Francois: And so it provides a way for an application to receive encrypted content, pass it over get the, the, the right keys, the right license keys from a whatever system actually. Pass that logic over to the, and to the user agent, which passes, passes it over to, uh, the CDM system, which is kind of black box in, uh, that does its magic to get the right, uh, decryption key and then the, and to decrypt the content that can be rendered. [00:47:21] Francois: The encrypted media extensions triggered a, a hell of a lot of, uh, controversy. because it's DRM and DRM systems, uh, many people, uh, uh, things should be banned, uh, especially on the web because the, the premise of the web is that the, the user has trusts, a user agent. The, the web browser is called the user agent in all our, all our specifications. [00:47:44] Francois: And that's, uh, that's the trust relationship. And then they interact with a, a content provider. And so whatever they do with the content is their, I guess, actually their problem. And DRM introduces a third party, which is, uh, there's, uh, the, the end user no longer has the control on the content. [00:48:03] Francois: It has to rely on something else that, Restricts what it can achieve with the content. So it's, uh, it's not only a trust relationship with its, uh, user agents, it's also with, uh, with something else, which is the content provider, uh, in the end, the one that has the, uh, the license where provides the license. [00:48:22] Francois: And so that's, that triggers, uh, a hell of a lot of, uh, of discussions in the W3C degenerated, uh, uh, into, uh, formal objections being raised against the specification. and that escalated to, to the, I mean, at all leverage it. It's, it's the, the story in, uh, W3C that, um, really, uh, divided the membership into, opposed camps in a way, if you, that's was not only year, it was not really 50 50 in the sense that not just a huge fights, but the, that's, that triggered a hell of a lot of discussions and a lot of, a lot of, uh, of formal objections at the time. [00:49:00] Francois: Uh, we were still, From a governance perspective, interestingly, um, the W3C used to be a dictatorship. It's not how you should formulate it, of course, and I hope it's not going to be public, this podcast. Uh, but the, uh, it was a benevolent dictatorship. You could see it this way in the sense that, uh, the whole process escalated to one single person was, Tim Burners Lee, who had the final say, on when, when none of the other layers, had managed to catch and to resolve, a conflict. [00:49:32] Francois: Uh, that has hardly ever happened in, uh, the history of the W3C, but that happened to the two for EME, for encrypted media extensions. It had to go to the, uh, director level who, uh, after due consideration, uh, decided to, allow the EME to proceed. and that's why we have a, an EME, uh, uh, standard right now, but still re it remains something on the side. [00:49:56] Francois: EME we're still, uh, it's still in the scope of the media working group, for example. but the scope, if you look at the charter of the working group, we try to scope the, the, the, the, the updates we can make to the specification, uh, to make sure that we don't reopen, reopen, uh, a can of worms, because, well, it's really a, a topic that triggers friction for good and bad reasons again. [00:50:20] Jeremy: And when you talk about the media source extensions, that is the ability to write custom code to stream video in whatever way you want. You mentioned, the MPEG-DASH and http live streaming. So in that case, would that be the developer gets to write that code in JavaScript that's executed by the browser? [00:50:43] Francois: Yep, that's, uh, that would be it. and then typically, I guess the approach nowadays is more and more to develop low level APIs into W3C or web in, in general, I guess. And to let, uh. Libraries emerge that are going to make lives of a, a developer, uh, easier. So for MPEG DASH, we have the DASH.js, which does a fantastic job at, uh, at implementing the complexity of, uh, of adaptive streaming. [00:51:13] Francois: And you just, you just hook it into your, your workflow. And that's, uh, and that's it. Encrypted Media Extensions are closed source [00:51:20] Jeremy: And with the encrypted media extensions I'm trying to picture how those work and how they work differently. [00:51:28] Francois: Well, it's because the, the, the, the key architecture is that the, the stream that you, the stream that you may assemble with a media source extensions, for example. 'cause typically they, they're used in collaboration. When you hook the, hook it into the video tag, you also. Call EME and actually the stream goes to EME. [00:51:49] Francois: And when it goes to EME, actually the user agent hands the encrypted stream. You're still encrypted at this time. Uh, encrypted, uh, stream goes to the CDM content decryption module, and that's a black box well, it has some black, black, uh, black box logic. So it's not, uh, even if you look at the chromium source code, for example, you won't see the implementation of the CDM because it's a, it's a black box, so it's not part of the browser se it's a sand, it's sandboxed, it's execution sandbox. [00:52:17] Francois: That's, uh, the, the EME is kind of unique in, in this way where the, the CDM is not allowed to make network requests, for example, again, for privacy reasons. so anyway, the, the CDM box has the logic to decrypt the content and it hands it over, and then it depends, it depends on the level of protection you. [00:52:37] Francois: You need or that the system supports. It can be against software based protection, in which case actually, a highly motivated, uh, uh, uh, attacker could, uh, actually get access to the decoded stream, or it can be more hardware protected, in which case actually the, it goes to the, uh, to your final screen. [00:52:58] Francois: But it goes, it, it goes through the hardware in a, in a mode that the US supports in a mode that even the user agent doesn't have access to it. So it doesn't, it can't even see the pixels that, uh, gets rendered on the screen. There are, uh, several other, uh, APIs that you could use, for example, to take a screenshot of your, of your application and so on. [00:53:16] Francois: And you cannot apply them to, uh, such content because they're just gonna return a black box. again, because the user agent itself does not see the, uh, the pixels, which is exactly what you want with encrypted content. [00:53:29] Jeremy: And the, the content decryption module, it's, if I understand correctly, it's something that's shipped with the browsers, but you were saying is if you were to look at the public source code of Chromium or of Firefox, you would not see that implementation. Content Decryption Module (Widevine, PlayReady) [00:53:47] Francois: True. I mean, the, the, um, the typical examples are, uh, uh, widevine, so wide Vine. So interestingly, uh, speaking in theory, these, uh, systems could have been provided by anyone in practice. They've been provided by the browser vendors themselves. So Google has Wide Vine. Uh, Microsoft has something called PlayReady. Apple uh, the name, uh, escapes my, uh, sorry. They don't have it on top of my mind. So they, that's basically what they support. So they, they also own that code, but in a way they don't have to. And Firefox actually, uh, they, uh, don't, don't remember which one, they support among these three. but, uh, they, they don't own that code typically. [00:54:29] Francois: They provide a wrapper around, around it. Yeah, that's, that's exactly the, the crux of the, uh, issue that, people have with, uh, with DRMs, right? It's, uh, the fact that, uh, suddenly you have a bit of code running there that is, uh, that, okay, you can send box, but, uh, you cannot inspect and you don't have, uh, access to its, uh, source code. [00:54:52] Jeremy: That's interesting. So the, almost the entire browser is open source, but if you wanna watch a Netflix movie for example, then you, you need to, run this, this CDM, in addition to just the browser code. I, I think, you know, we've kind of covered a lot. Documenting what's available in browsers for developers [00:55:13] Jeremy: I wonder if there's any other examples or anything else you thought would be important to mention in, in the context of the W3C. [00:55:23] Francois: There, there's one thing which, uh, relates to, uh, activities I'm doing also at W3C. Um. Here, we've been talking a lot about, uh, standards and, implementations in browsers, but there's also, uh, adoption of these browser, of these technology standards by developers in general and making sure that developers are aware of what exists, making sure that they understand what exists and one of the, key pain points that people, uh. [00:55:54] Francois: Uh, keep raising on, uh, the web platform is first. Well, the, the, the web platform is unique in the sense that there are different implementations. I mean, if you, [00:56:03] Francois: Uh, anyway, there are different, uh, context, different run times where there, there's just one provided by the company that owns the, uh, the, the, the system. The web platform is implemented by different, uh, organizations. and so you end up the system where no one, there's what's in the specs is not necessarily supported. [00:56:22] Francois: And of course, MDN tries, uh, to document what's what's supported, uh, thoroughly. But for MDN to work, there's a hell of a lot of needs for data that, tracks browser support. And this, uh, this data is typically in a project called the Browser Compat Data, BCD owned by, uh, MDN as well. But, the Open Web Docs collective is a, uh, is, uh, the one, maintaining that, uh, that data under the hoods. [00:56:50] Francois: anyway, all of that to say that, uh, to make sure that, we track things beyond work on technical specifications, because if you look at it from W3C perspective, life ends when the spec reaches standards, uh, you know, candidate rec or rec, you could just say, oh, done with my work. but that's not how things work. [00:57:10] Francois: There's always, you need the feedback loop and, in order to make sure that developers get the information and can provide the, the feedback that standardization can benefit from and browser vendors can benefit from. We've been working on a project called web Features with browser vendors mainly, and, uh, a few of the folks and MDN and can I use and different, uh, different people, to catalog, the web in terms of features that speak to developers and from that catalog. [00:57:40] Francois: So it's a set of, uh, it's a set of, uh, feature IDs with a feature name and feature description that say, you know, this is how developers would, uh, understand, uh, instead of going too fine grained in terms of, uh, there's this one function call that does this because that's where you, the, the kind of support data you may get from browser data and MDN initially, and having some kind of a coarser grained, uh, structure that says these are the, features that make sense. [00:58:09] Francois: They talk to developers. That's what developers talk about, and that's the info. So the, we need to have data on these particular features because that's how developers are going approach the specs. Uh. and from that we've derived the notion of baseline badges that you have, uh, are now, uh, shown on MDN on can I use and integrated in, uh, IDE tool, IDE Tools such as visual, visual studio, and, uh, uh, libraries, uh, linked, some linters have started to, um, to integrate that data. [00:58:41] Francois: Uh, so, the way it works is, uh, we've been mapping these coarser grained features to BCDs finer grained support data, and from there we've been deriving a kind of a, a batch that says, yeah, this, this feature is implemented well, has limited availability because it's only implemented in one or two browsers, for example. [00:59:07] Francois: It's, newly available because. It was implemented. It's been, it's implemented across the main browser vendor, um, across the main browsers that people use. But it's recent, and widely available, which we try to, uh, well, there's been lots of discussion in the, in the group to, uh, come up with a definition which essentially ends up being 30 months after, a feature become, became newly available. [00:59:34] Francois: And that's when, that's the time it takes for the, for the versions of the, the different versions of the browser to propagate. Uh, because you, it's not because there's a new version of a, of a browser that, uh, people just, Ima immediately, uh, get it. So it takes a while, to propagate, uh, across the, uh, the, the user, uh, user base. [00:59:56] Francois: And so the, the goal is to have a, a, a signal that. Developers can rely on saying, okay, well it's widely available so I can really use that feature. And of course, if that doesn't work, then we need to know about it. And so we are also working with, uh, people doing so developer surveys such as state of, uh, CSS, state of HTML, state of JavaScript. [01:00:15] Francois: That's I guess, the main ones. But also we are also running, uh, MDN short surveys with the MDN people to gather feedback on. On the, on these same features, and to feed the loop and to, uh, to complete the loop. and these data is also used by, internally, by browser vendors to inform, prioritization process, their prioritization process, and typically as part of the interop project that they're also running, uh, on the site [01:00:43] Francois: So a, a number of different, I've mentioned, uh, I guess a number of different projects, uh, coming along together. But that's the goal is to create links, across all of these, um, uh, ongoing projects with a view to integrating developers, more, and gathering feedback as early as possible and inform decision. [01:01:04] Francois: We take at the standardization level that can affect the, the lives of the developers and making sure that it's, uh, it affects them in a, in a positive way. [01:01:14] Jeremy: just trying to understand, 'cause you had mentioned that there's the web features and the baseline, and I was, I was trying to picture where developers would actually, um, see these things. And it sounds like from what you're saying is W3C comes up with what stage some of these features are at, and then developers would end up seeing it on MDN or, or some other site. [01:01:37] Francois: So, uh, I'm working on it, but that doesn't mean it's a W3C thing. It's a, it's a, again, it's a, we have different types of group. It's a community group, so it's the Web DX Community group at W3C, which means it's a community owned thing. so that's why I'm mentioning a working with a representative from, and people from MDN people, from open Web docs. [01:02:05] Francois: so that's the first point. The second point is, so it's, indeed this data is now being integrated. If you, and you look, uh, you'll, you'll see it in on top of the MDN pages on most of them. If you look at, uh, any kind of feature, you'll see a, a few logos, uh, a baseline banner. and then can I use, it's the same thing. [01:02:24] Francois: You're going to get a baseline, banner. It's more on, can I use, and it's meant to capture the fact that the feature is widely available or if you may need to pay attention to it. Of course, it's a simplification, and the goal is not to the way it's, the way the messaging is done to developers is meant to capture the fact that, they may want to look, uh, into more than just this, baseline status, because. [01:02:54] Francois: If you take a look at web platform tests, for example, and if you were to base your assessment of whether a feature is supported based on test results, you'll end up saying the web platform has no supported technology because there are absolutely no API that, uh, where browsers pass 100% of the, of the, of the test suite. [01:03:18] Francois: There may be a few of them, I don't know. But, there's a simplification in the, in the process when a feature is, uh, set to be baseline, there may be more things to look at nevertheless, but it's meant to provide a signal that, uh, still developers can rely on their day-to-day, uh, lives. [01:03:36] Francois: if they use the, the feature, let's say, as a reasonably intended and not, uh, using to advance the logic. [01:03:48] Jeremy: I see. Yeah. I'm looking at one of the pages on MDN right now, and I can see at the top there's the, the baseline and it, it mentions that this feature works across many browsers and devices, and then they say how long it's been available. And so that's a way that people at a glance can, can tell, which APIs they can use. [01:04:08] Francois: it also started, uh, out of a desire to summarize this, uh, browser compatibility table that you see at the end of the page of the, the bottom of the page in on MDN. but there are where developers were saying, well, it's, it's fine, but it's, it goes too much into detail. So we don't know in the end, can we, can we use that feature or can we, can we not use that feature? [01:04:28] Francois: So it's meant as a informed summary of, uh, of, of that it relies on the same data again. and more importantly, we're beyond MDN, we're working with tools providers to integrate that as well. So I mentioned the, uh, visual Studio is one of them. So recently they shipped a new version where when you use a feature, you can, you can have some contextual, uh. [01:04:53] Francois: A menu that tells you, yeah, uh, that's fine. You, this CSS property, you can, you can use it, it's widely available or be aware this one is limited Availability only, availability only available in Firefox or, or Chrome or Safari work kit, whatever. [01:05:08] Jeremy: I think that's a good place to wrap it up, if people want to learn more about the work you're doing or learn more about sort of this whole recommendations process, where, where should they head? [01:05:23] Francois: Generally speaking, we're extremely open to, uh, people contributing to the W3C. and where should they go if they, it depends on what they want. So I guess the, the in usually where, how things start for someone getting involved in the W3C is that they have some

In this episode of Talking Drupal, we dive into the world of Drupal user groups and meetups with guests Lee Walker, Bernardo Martinez, and Bo Shipley. Our guests share their experiences in organizing and participating in Drupal communities and the vital role these meetups play in fostering continuous learning and professional development. We also explore the newest features of Drupal Core 11.2 in the Module of the Week. For show notes visit: https://www.talkingDrupal.com/508 Topics Meet the Guests: Lee, Bo, and Bernardo Module of the Week: Drupal Core 11.2 Diving into Drupal User Groups and Meetups Personal Journeys into Drupal User Groups The Role of Meetup.com in Drupal Communities Organizing and Attending Meetups vs. Conferences Challenges and Strategies for Growing Meetups Virtual and Hybrid Meetups: Impact on Attendance Success Tips for Organizing Meetups Keeping Meetups Simple and Engaging Preventing Organizer Burnout Challenges and Changes in Meetup Cadence Finding and Retaining Meetup Members Communication Tools for Meetup Groups The Importance of In-Person Meetups Advice for Starting or Restarting Meetups Conclusion and Contact Information Resources Drupal.org Events The Drop Times Events Meetup.com Drupal Chattanooga Drupal Users Group Chattanooga Drupal Camp Guests Lee Walker - www.codejourneymen.com mr_scumbag Bo Shipley - simplyshipley Bernardo Martinez - linkedin bernardm28 Hosts Stephen Cross - stephencross John Picozzi - epam.com johnpicozzi JD Leonard - modernbizconsulting.com jdleonard Module of the Week with Martin Anderson-Clutz - mandclu.com mandclu Drupal Core 11.2 Single Directory Components (SDCs) have been a focus of excitement for Drupal's front end developers since they were added to Drupal 10.1 as an experimental module, and merged into 10.3 as a stable feature. With Drupal 11.2, SDCs now have a concept of variants, to allow for different ways of presenting a component's information. Some component frameworks like Storybook have a somewhat different concept of variants, which is really a set of property value presets that are useful for testing. Variants with Drupal SDCs strike me as being analogous to view modes for content types, in that you can have separate template files for each variant, or you can have conditional logic within a single template based on the variant in use. Our own nicxvan, chx, and some others put some significant work into allowing preprocess hooks to be defined as OOP classes, which bring us a significant step closer to not needing .module files anymore. Hooks (and .module files) are Drupalisms, so removing the need for them is a big improvement for Developer Experience, and makes it easier for developers to get started with Drupal In Drupal 11.2 the module installer has been updated to only rebuild the container after several modules have been installed, which significantly speeds up installing multiple modules at once. Drupal 11.2 also brings us a Recipe Unpack composer extension, so when you composer require a recipe, the dependencies get automatically added to your site's composer.json file, so you can apply and then remove the recipe and still have a fully functional site Package Manager is now a hidden module in Drupal core, which is critical for initiative like Automatic Updates and Project Browser, that the community has been working on for years Drupal core now also supports the next-generation AVIF format, with WEBP as a fallback with servers that don't support generating them Of course there are also a variety of dependency updates as well, for CKEDitor, Symfony, composer and more, as well as too many minor improvements and bugfixes to cover in detail here

API hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and revisiting the infamous NSO group WebP bug.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/279.html[00:00:00] Introduction[00:00:28] Next.js and the corrupt middleware: the authorizing artifact[00:06:15] Pwning Millions of Smart Weighing Machines with API and Hardware Hacking[00:20:37] oss-sec: Three bypasses of Ubuntu's unprivileged user namespace restrictions[00:32:10] CimFS: Crashing in memory, Finding SYSTEM (Kernel Edition)[00:43:18] Blasting Past Webp[00:47:50] We hacked Google's A.I Gemini and leaked its source code (at least some part)Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks ago. https://isc.sans.edu/diary/Sitecore%20%22thumbnailsaccesstoken%22%20Deserialization%20Scans%20%28and%20some%20new%20reports%29%20CVE-2025-27218/31806 Blasting Past Webp Google s Project Zero revealed details how the NSO BLASTPASS exploit took advantage of a Webp image parsing vulnerability in iOS. This zero-click attack was employed in targeted attack back in 2023 and Apple patched the underlying vulnerability in September 2023. But this is the first byte by byte description showing how the attack worked. https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html Splunk Vulnerabilities Splunk patched about a dozen of vulnerabilities. None of them are rated critical, but a vulnerability rated High allows authenticated users to execute arbitrary code. https://advisory.splunk.com/ Firefox 0-day Patched Mozilla patched a sandbox escape vulnerability that is already being exploited. https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/

Skip the Queue is brought to you by Rubber Cheese, a digital agency that builds remarkable systems and websites for attractions that helps them increase their visitor numbers. Your host is Paul Marden.If you like what you hear, you can subscribe on iTunes, Spotify, and all the usual channels by searching Skip the Queue or visit our website rubbercheese.com/podcast.If you've enjoyed this podcast, please leave us a five star review, it really helps others find us. And remember to follow us on Twitter for your chance to win the books that have been mentioned in this podcast. Special Clips from our previous guests:Understanding Sustainability Reporting https://skipthequeue.fm/episodes/polly-bucklandPolly Buckland sat on the client side in a marketing manager role at BMW (UK) Ltd before co-founding The Typeface Group in 2010. She's an ideas person, blending creativity and commercial awareness to get the best outcomes for our clients.The Typeface Group is a B Corp Communications Agency + Design Studio based in North Hampshire. Their mission is to counteract digital chatter by championing authentic and strategic communication. Team TFG work with brilliant minds in business to extract, optimise and amplify their expertise, cutting through content clutter and stimulating saleswhile reducing digital waste at all costs.  The Typeface Group have been B Corp certified since October 2021 and is currently going through recertification. Digital Sustainability and the Elephant in the Room https://skipthequeue.fm/episodes/james-hobbsJames Hobbs is a people-focused technologist with over 15 years experience working in a range of senior software engineering roles with a particular focus on digital sustainability.He is Head of Technology at creative technology studio, aer studios, leading the technology team delivering outstanding work for clients including Dogs Trust, BBC, Historic Royal Palaces, and many others. Prior to joining aer studios, James was Head of Engineering at digital agency Great State, where he led a multi-award-winning software engineering team working with clients including the Royal Navy, Ministry of Defence, Honda Europe, the Scouts, and others.He also has many years experience building and running high-traffic, global e-commerce systems while working at Dyson, where he headed up the global digital technical team. Making Holkham the UK's most pioneering and sustainable rural estatehttps://skipthequeue.fm/episodes/lucy-downing-and-sue-penlingtonLucy Downing - Head of Marketing and Sue Penlington - Sustainability Manager at Holkham Estates.  Transcription:  Paul Marden: Welcome to Skip the Queue, a podcast for people working in and working with visitor attractions. Paul Marden: When consumers are asked if they care about buying environmentally and ethically sustainable products, they overwhelmingly answer yes. A recent study by Nielsen IQ found that 78% of us consumers say that a sustainable lifestyle is important to them. And while attractions have been great at a wide range of initiatives to improve their sustainability, this year's Visitor Attraction Website Survey will show that as a sector, we're lagging behind on digital sustainability. Paul Marden: So in today's episode, I'm going to talk about the learning journey I've been on personally, along with my colleagues at Rubber Cheese, to understand digital sustainability and how to affect real change. Paul Marden: I'll talk about what I've learned from hosting this podcast and how we've started to make real changes to our processes and our client sites to make them more sustainable. Welcome to Skip the queue. I'm your host, Paul Marden. Paul Marden: Back in April, I spoke to Polly Buckland from The Typeface Group about the importance of sustainability reporting. Polly Buckland: There's buckets of research out there as to the relationship between consumer behaviour and sustainability. So McKinsey did a study. “60% of customers actively prioritise purchasing from sustainable businesses.” Capgemini, “77% of customers buy from and remain loyal to brands that show their social responsibility.” I could literally keep quoting stats as to why businesses should take their sustainability goals very seriously and the communication of their sustainability initiatives very seriously, because it's becoming clearer. There was another stat about primarily women making the decisions based on sustainability of a business, and Millennials and Gen Z being sort of high up the list of people that are taking sustainability creds into consideration when they're making a purchase. So, I mean, it's a barrel load of stats that suggest if you don't have your eye on sustainability reporting and communicating your sustainability goals, you perhaps should have. Paul Marden: Of course, many attractions have been blazing a trail on the subject of sustainability for years. Going back in the archives of Skip the Queue to 2021, Kelly spoke to Lucy Downing, the Head of Marketing, and Sue Penlington, the Sustainability Manager for the Holkham Estate. First, let's hear from Kelly and Lucy. Kelly Molson: Lucy, I wondered if you could just give us an overview of Holkham Estates for our listeners that might not be aware of you or visited there themselves. Lucy Downing: So if you sort of picture it, most of the time when you think about stately homes, you picture a stately home with a garden. At Holkham, we are very much a landscape with a stately home. So 25,000 acres. We have a national nature reserve. A beach, b eautiful beach. It's been in Shakespeare in love. If you know the final scenes of Gwyneth Paltrow walking across the sands, that's Holkham, a bsolutely stunning. We're a farm, but at the centre of that, we've also got our 18th century palladian style mansion and that's home to Lord Lady Leicester and their family. They live in the halls. It's a lived in family home. But then we also have all of our visitor facing businesses. Lucy Downing: So we've got the hall, our Holkham stories experience, which is an attraction museum telling us all history and the now and the future of Holkham. Lucy Downing: We've got a high ropes course, cycle hire, boat hire, normally a really buzzing events calendar. We have accommodations. We've got Victoria Inn, which is near the beach. We've also got Pine Woods, which is a holiday park with caravans and lodgers. We have our self catering lodges, which within the park. And then we've got farming, conservation, gamekeeping, land and properties. We've got nearly 300 properties on the estate that are tenanted. A lot of those people work for Holkham, or if not, they work in the local community. We've got forestry and then we've also officiated and it's won lovely awards for the best place to work in the UK. It's a stunning landscape that surrounds it and we've got. I don't know if you've heard of her, but Monica Binnedo, which is global jewellery brand, she's based at Longlands at the offices. Lucy Downing: She decided a few years back to base her whole business there. She got all of her shops around the world, but that's where her business is. And I think she's ahead of the times, ahead of this year. She sort of knew how wonderful it would be to be working, I suppose, and not in a city centre, so I hope that gives you a flavour. But, yeah, I think it's 25,000 acres of beauty, landscapes with a house in the middle and lots of wildlife. Kelly Molson: I mean, it really is one of the most beautiful places and that stretch of the world holds a really special place in our hearts. It's somewhere that we visit very frequently and it's stunningly beautiful. Paul Marden: Later in that episode, Sue shared her insights on their sustainability strategies. Sue Penlington: So we've got three main themes. One is pioneering environmental gain I, which is all about connecting ecosystems and biodiversity and habitats. One is champion low carbon living, which is all about carbon emissions, our impact on construction and housing, our leisure operations. That sort of thing, and farming. And then the last one is the one that we always talk about. Tread lightly, stamp out waste. So that's all about recycling, reducing single use plastics and that sort of thing. So those three themes are what we're running with for 2021. We've got three goals, which are quite ambitious as well. And for me, I just see 2021 as that year of change where we'll make an impact. So we've done quite a lot of talking, and rightly so, and we want to take our visitors on that journey and really start to chip away at those goals. Paul Marden:  Now, let's talk a little bit about the fears around talking about sustainability. I think one of the things that is getting in the way of an open discourse around digital sustainability is fear. We're afraid of being judged by our actions and our intentions. In a recent survey by Unilever of social media influencers, 38% were afraid to openly discuss sustainability for fear of being accused of greenwashing. Again, let's hear from Polly, which is. Polly Buckland: Why, again, that storytelling part of the impact reporting is really important for me, because I will say we are not perfect. These are the things that we know we need to work on, but these are the things we've done better. And that's what I really like. The BCorp BIA assessment and their framework is because it takes you across five categories of measurement, and no one's perfect in any of them, but what it does do is it provides a framework for you to better. Paul Marden: Yes, absolutely. Polly Buckland: And measure yourself against. Yeah, I think if. I think the messaging behind your sustainability is really important. If you're professing to be perfect and you're not, you will get stung, because I think people can see through that. But if you are showing that you're trying to better, I don't think many people could argue with that. Paul Marden: Now, let's rewind a little and talk about my interest in digital sustainability. When I spoke to James Hobbs of the aer studios about digital sustainability back in July, we talked about my ignorance. So my background was at British Airways and I was there for ten years. It really wasn't that hard to spot the fact that environmentally, that we have a challenging problem, because when you stood on the end of Heathrow Runway, you can see what's coming out the back end of a 747 as it takes off. But I don't think I ever quite understood the impact of what I do now and how that's contributing more to CO2 emissions than what I was doing previously, which, yeah, I just don't think there's an awareness of that more broadly. James Hobbs: No, yeah, I'd agree. And it's complicated. Paul Marden: In what way? James Hobbs: I guess it's complicated to quantify the carbon impact of the type of work that we do in the digital industry because I guess there's what we're shipping to end users, which is one thing, but most modern websites and applications and stuff are built on a big tower of cloud services providers and all of their equipment has to be manufactured which has a carbon impact and rare earth metals need to be mined out of the grid. All of that stuff. Theres a big supply chain backing all this stuff and we can influence some of that directly, but a large chunk of it, we cant. So it makes choosing your suppliers quite important. Paul Marden: But in a presentation by my friend Andy Eva-Dale, now CTO of the agency Tangent, he opened my eyes to the impact that the digital sector has on the environment. The Internet consumes 1021 terawatt hours of electricity per year. That's more than the entire United Kingdom. Globally, the average webpage consumes approximately 0.8 grammes of CO2 per page view. For a website with 10,000 monthly page views, that's 102 kilos of CO2 per year. And as we'll see in a bit, the Rubber Cheese Visitor Attraction Website Survey shows this year that the websites in our sector are anything but average. But let's talk about my learning journey. I've used this podcast as a way to learn about the sector and to drill down into sustainability itself. My interviews with Polly and James taught me a lot. It's one of the real benefits of running a podcast. Paul Marden: I can sit and ask people questions that in real life they may not want to talk about. Beginning from absolute first principles. Following the advice from James in the podcast, I've gone and studied the online materials published by the Green Software foundation, including their green software practitioners certificate. Some of that is quite technical, but a lot of what's in there is a real interest to a lot of people. Now let's talk a little bit about what I've learned along that journey. In an interesting conversation with Andy Povey the other day, he talked about people's innate reaction to digital sustainability and that for many people, the move to digital feels sustainable. I'm not printing things out anymore, so it must be sustainable. Of course, all that computation and networking has a massive global impact on greenhouse gas emissions, so not every website is sustainable. Paul Marden: In another conversation I had recently, someone said to me, why does all of this digital sustainability stuff matter? If I host my site on a green hosting server, there's no harmful emissions from the server. But that's only one part of a complex web. The power needed to connect up all the servers in the world and to all of the endpoint devices is immense. Of course, the carbon emitted to generate power varies country by country as well as by time. And that's not really in our control. But we can definitely control the impact our website has on all of that infrastructure. As the web page is in flight over the Internet to somebody's mobile device, the power it uses and consequently the carbon emitted along the way is therefore something that's definitely in our control. Paul Marden: The other source of learning for us this year has been the sustainability elements of the rubber cheese survey of visitor attraction websites. We made sustainability a core theme of this year's survey and we found some really interesting things. 80% of attractions in our survey have got some sort of sustainability policy, which is an amazing achievement and sets a benchmark for the sector. Also, a number of attractions are taking active steps to improve the sustainability of their website. But we found that this isn't necessarily being done in a framework of measuring and monitoring the sustainability of their website. So the changes that people are making could be making improvements to the sustainability of their site, but at worst, some of the techniques being used could actually harm the performance and sustainability of the website. Paul Marden: The thing is, if you're not testing and measuring, you can't ever know whether the changes that you're making are effective. The Green Business Bureau talk about how benchmarks provide a reference point to assess trends and measure progress and baseline global data. They say, "Companies have begun measuring sustainability performance, which allows them to make continuous assessments, evaluate where they lie on the sustainability agenda and make data driven decisions and policies. Measuring sustainability requires proper selection of key sustainability metrics and a means of making effective process improvements. These measures provide real time data and much needed quantitative basis for organisations to strategise and mitigate environmental and social and economic risks." I'll come back to making process improvements later, but for now let's just stick with measures. Back to James Hobbs, who talked about the ways in which you can measure the CO2 emissions on our website. James Hobbs: There are some tools out there that you can use to help you quantify the carbon impact of what you've got out there in the wild now. So the big one that most people talk about is websitecarbon.com, which is the website carbon calculator that was built by, I think a combination of an agency and some other organisations come up with an algorithm, it's obviously not going to be 100% accurate because every single website app is slightly different and so on, and as a consistent benchmark for where you are and a starting point for improvement. Tools like that are really good. Ecograder is another one. Those offer non technical routes to using them. Paul Marden: Now, both of these websites use similar technologies and methodologies to understand the CO2 emissions of a website. But the survey shows more than half of attractions have never tested the CO2 emissions of their site. This got me thinking. If it's that easy to test the sustainability of a single webpage and you can run them on any website, but most attractions aren't doing it, then what can we as Rubber Cheese do to help? So in this year's survey, we've run the largest audit of visitor attraction sustainability scores that we're aware of. So working with our lovely podcast producer Wenalyn, who also supports me with the survey, firstly, I run a proof of concept gathering and comparing data for a small number of attractions in our database this year. Paul Marden: Once we began to better understand the data, Wenalyn went and ran this against all of the sites that were in our database. With this, we hope to support the sector with a benchmark of webpage sustainability that can be used by anyone in the sector. And what this has shown us is that 58% of attraction websites are rated f by Website Carbon. That's 8% worse than the general population of all websites. But the sobering thing for me as an agency owner is that the sites that we build were in that 58%. The work that we've been doing recently isn't good enough from a sustainability perspective. So this triggered a number of projects internally for us to improve the sustainability posture of the sites that we design and build. Paul Marden: So I'm going to dig into one of those sites and the journey we've been on to remediate the sustainability of their site, because I think it can give a really nice understanding of the journey that you have to go on, the changes that you can make, and what the impact of those changes could be. Now, we started by benchmarking the scores for the site in question from Website Carbon and Ecograder. And this site was a grade F and marked 51 out of 100 by Ecograder. From there, we drove our improvements off of the feedback that Ecograder gave us. We worked as a team to estimate the work involved in the feedback from Ecograder to identify the tasks with the lowest estimated effort and the highest potential impact. Paul Marden: Essentially going for the quick wins, we implemented a number of really simple measures, we implemented lazy loading of images. This is making the browser only download images when they're just about to show on screen. If you don't lazy load an image on a page, then when the webpage opens, the browser will go and grab the image, calculate the size, and redraw the webpage with that image in it, even though the image is off screen. If the user then clicks something in the top part of the screen, maybe in the top navigation, and they never scroll down, they will never see that image. So all that network traffic that was used, all the computation in the browser to be able to figure out the size and paint the screen, was completely wasted because the user never got to see the image. Paul Marden: So by lazy loading, it means that if a person doesn't scroll all the way down the page, then an image near the bottom of the page will never get loaded. And it's an incredibly simple code change that you can write in now. This used to be something that you had to write custom code to implement, but most browsers now support lazy loading, so it should be really easy for people to implement that. Paul Marden: Another thing that we did was to correctly size images. We found that, but with best rule in the world, our editors were uploading images that were very high resolution, very big images, even though on screen we might only show a thumbnail. By resizing the images inside WordPress, we've made it easy for our editors to upload whatever size image that they like. But we only share the smaller image when somebody views the webpage, again, cutting down network traffic as a result of that. One other thing that we made a change on was to make the website serve more modern image formats. Paul Marden: Again, we used a WordPress package to do this, called imagify, and it means that our editors can upload images using the file formats that they're familiar with, like JPEG, GIF and PNG, but that we convert them to more modern formats like WebP inside WordPress. And that has better compression, making the images smaller without any discernible loss of quality, and making the whole webpage smaller, lighter, faster as a result of it, which has the impact of reducing the CO2 emissions that are needed to be able to use that webpage just as a guide. We measure everything that we do in the business in terms of the time it takes us to do things. So we're real sticklers for time tracking, but it was really important in this project for sustainability to work out what the differences were that were making. Paul Marden: So these changes, those three that I just outlined there cost us about a day and a half of development effort and much of that was done by one of our junior developers. So it wasn't hugely complex work that was done by an expensive, experienced developer. But in return for those changes, that one and a half days of effort, we've seen an improvement in rating by website carbon from F  to B and on eco grader from 54 out of 100 to 83 out of 100. This puts the site well into the realm of better than most websites on the Internet and better than 84% of attractions in this year's survey. Is it enough? No, of course not. We can do more and in fact, there are still technical improvements that we can make that don't impinge at all on the user's experience. Paul Marden: We can and we will make more changes to move the site from B to A or even to A+. But there's no doubt that following the old 80-20 rule, these marginal gains will be progressively harder and more costly to achieve. And there may be changes that are needed that will impinge on the user experience. Some things you cannot improve from a sustainability perspective without changing what the user is going to experience. If you've got an auto playing video on your website that consumes bandwidth, it generates network traffic. You cannot remove that video without removing the video entirely and changing it to be something that isn't autoplay but plays w hen a button presses that will have an impact on the user experience. Not everyone will click that button. Paul Marden: Not everyone will watch that video and say not everyone will necessarily have the same feeling about the attraction that they got when there was an autoplay video in place. But there are undoubtedly lots of things that can be done that don't impact the user experience of the site. One of the changes that we still haven't made, which is a little bit more effort, it's a little bit more complexity, and adds a little bit of costs to the hosting of the website is the introduction of a Content Delivery Network or CDN. Here's James Hobbs again from aer. James Hobbs: From a technical angle, I think one of the most impactful things you can do, beyond making sure that your code is optimised and is running at the right times, at the right place, is simply to consider using a content delivery network. And for your listeners who aren't familiar with a content delivery network, a CDN is something that all of us have interacted with at one point or another, probably without realising. In the traditional way of serving or having a website, you've got some service somewhere in a data centre somewhere. When someone types your website address in, it goes and fetches that information from the web server and back comes a web page in the simplest sense. James Hobbs: Now, if your website servers live in Amsterdam and your users on the west coast of America, that's a big old trip for that information to come back and forth, and it's got to go through lots of different hops, uses up lots of energy. A Content Delivery Network is basically lots and lots of servers dotted all over the planet in all of the major cities and things like that can keep a copy of your website. So that if someone from the West Coast of America says, "Oh, I'm really interested in looking at this w ebsite.", types the address in, they get the copy from a server that might be 10,20, 50 miles away from them, instead of several thousand across an ocean. James Hobbs: So it loads quicker for the user, which is great from a user experience, SEO, but it's also great from an energy point of view, because it's coming from somewhere nearby and it's not having to bounce around the planet. That's one thing that you could do that will make a massive and immediate impact commercially and from a sustainability point of view. Paul Marden: So there's another example of something that you can do that has very little impact on the experience of the website. In fact, it massively improves the user experience of the website, takes relatively little effort, but offers a huge improvement. Those are all things that we've done to one individual website. Let's talk a little bit about how we bake that into our process. In a 2022 article in the Harvard Business Review about how sustainability efforts fall apart, they recommend embedding sustainability by design into every process and trade off decision making. I found that language really interesting. It's similar to the language used widely in technology and security that was popularised during the launch of the EU General Data Protection Legislation, which talks a lot about having a security by design approach. Paul Marden: So taking this idea of designing sustainability into every process and trading off the decision making, we've incorporated it into our sales proposal, writing, designing and testing processes. Our people responsible for selling need to bake sustainability into the contract. We want to hold ourselves and our clients accountable for the sometimes difficult decisions around meeting a sustainability target. So we'll discuss that target at the beginning of the project and then hold ourselves to that throughout the design and build process, thereby not needing to do all the remediations that we've just done on the other website, because it's typically much easier, quicker, cheaper for us to implement a lot of those things. The first time through the project, as opposed to as a remediation at the end. We've also baked sustainability testing into our process. Paul Marden: No site goes live without having been tested by both website carbon and eco grader to make sure that the site meets the criteria that we set out at the beginning of the work. So we've thought a lot about how we can improve what we do and we've started to go back and remediate over some of the work that we've done more recently to make improvements. But my learning journey hasn't been entirely smooth. There are challenges that I've hit along the way. I think there's a few interesting challenges that are to be expected as you're going about learning things that I wanted to share. For example, we've done work to remediate the scores of one of our sites and been super excited with the impact score. Paul Marden: I mean, went from bottom of the Fs to A+, only to deploy those changes into production and it didn't move the dial at all on the production website. And that was heartbreaking. Once we looked into that in more detail, thinking that we've done loads of changes, move the dial such a dramatic amount, only to launch it into the wild and it barely touched things. What we realised that in the test environment that we used, we had password protection in place and the website carbon and Ecograder were testing the password screen, not the actual homepage underneath it. So there was a lesson learned for us. The other area where we've made lots of learnings is during the survey when we created our sustainability benchmark. We've seen test results so good that they can't be explained. We've seen somebody hitting 100 on Ecograder. Paul Marden: We've also seen scores that were contradictory on Ecograder and Website Carbon, and also scores that have dropped dramatically. When we first tested in August and did a validation test checked last week, we're still working our way through these wrinkles and I think some of it is because we're looking at many hundreds of websites rather than trying to learn by testing and improving just one site. But beyond the kind of technical challenges, there remain some things that I simply don't understand. And my mission going forward is to fill those gaps. Firstly, while both Ecograder and Website Carbon use the same underlying principles and tools to calculate CO2 emissions, they often can and do give different results. Paul Marden: Not just in the fact that one is A+, a F score and the other is out of 100, but that the basic page sizing in kilobytes and consequently the CO2 can and often is different depending on which tool you look at. And I don't understand why that is, and I need to look into that. And I'm sure we'll come back to the podcast and talk more about that once I do understand it better. But the other problem is that I'm struggling with the size of the problem and the size of the prize. There's no doubt in my mind that making these improvements is the morally right thing to do, and commercially it's right as well, because it improves your outcomes on the website as well as the sustainability. Paul Marden: I'm just struggling with the business case, because if I had an unlimited budget, I do make every change in business that improves the sustainability posture of the business. But most marketers, most people that listen to this podcast don't have an infinite budget. They have a very finite budget, and so they have to put their budget to work where it's going to have the most impact. And what's the return on investment of spending 5k on improving the website versus changing light bulbs to leds, or moving away from gas powered water heaters in the outside toilets by the penguins? It's really difficult at the moment for me to be able to understand where this is the right and sensible investment of sustainability funding within an organisation. So I've shared my learning journey over the year. What about you? What can you do next? Paul Marden: For one last thought, let's head back to the conversation between Kelly and Lucy and Sue from Holkham. Kelly Molson: Are there any advice that you could share with our listeners in terms of how they start or begin to look at sustainability? Lucy Downing: Interesting. I was chatting with Lord Leicester yesterday about the subject and were sort of agreeing that I think you definitely need to know where you are, particularly as a business. You know where you are, because then you can set your goals in a realistic fashion. And I think the one thing to remember is that it has to be realistic, because you need to set goals that you can financially deliver, because if they're not financially viable, then you're not going to be here as a business to deliver them. And what we're also finding and talking to other businesses that actually quite a lot of the sustainability gains that you can make are actually in financial ones too, because you probably cut down on some of your resources that you're using, you'll think better, you'll work smarter. Lucy Downing: So it's just, I think that's something to definitely remember, that it has to be sustainable in all ways, socially, financially and environmentally. That's definitely some key advice. And I think be authentic. There's a lot of talk around greenwashing. Don't be guilty of thinking, wow, this is something we really should do and we're going to do it and just talk about it. It has to be authentic. So really think about where you can make the biggest changes environmentally for sustainability and focus on those and just make sure. Yeah, it's like us really. We're saying we're launching our sustainability strategy, but actually for the past ten years, we've now we've got 100 acre solar farm, we've got anaerobic digester, we heat the hall and all of our businesses with woodchip, so we've got our biomass boilers. Lucy Downing: So we've been doing it for quite a long time without telling anyone. But what we're now doing is saying, actually, that's not even enough, we need to up it further. So, yeah, that's the thing. I think it just has to be authentic and realistic. Sue Penlington: Yeah. And from my point of view, I'm a bit of a doer do and not a talker, so don't get bogged down. It could be absolutely overwhelming. And I think when I was first approached by my boss here, I was just like, wow. Because it isn't just rubbish, it's every single business. Sue Penlington: It's huge. But from my point of view, small differences can make a really big impact and keep chipping away at it because solutions are out there. There's loads of people doing really cool things. And, you know, every night I'm on Google looking up something else or going down another rabbit hole because I've seen something on Twitter. So for me, every day is a school day. But, yeah, get stuck in and collaborate with other like minded people. You know, nowadays you're not considered swampy because you're talking about sustainability. Sue Penlington: Well, you know, it's totally on brand, isn't it? And let's not reinvent the wheel. If we can learn from other people, then let's do that. I mean, go for it. Literally, every single individual can make a difference. Kelly Molson: Oh, Sue, that's. Yeah, you've just got me right there, sue. And I think what you said about collaborating and learning from people, that has been something that's so key this year. People are so willing to share their plans, they're so willing to share what they're doing and how they're doing things. Especially within this sector, there's always somebody that's doing or, you know, a couple of steps ahead of you that you can learn from. And people are so willing to kind of give up that advice and their time at the moment as well. So definitely that's a key one for me. Ask people. Ask people for help. Ask people how to do things. Paul Marden: I'd like to thank everyone that contributed to this episode, including Kelly, Lucy and Sue at Holkham, Polly at TFG and James at aer. Thanks to everyone that's helped me with this journey in the last year, the lovely clients we've talked to, the survey respondents, and my team at Rubber Cheese, Steve, Ben, Tom, Sinead, Wenalyn, and Oz, who've all worked really hard to benchmark the sector and to make continuous improvements to our client's sustainability. As you know, we're really experimenting with the podcast format at the moment, and if you like this or any of the other changes, I'd love to hear. And if you don't, then tough, go make your own podcast. Only joking. I'd love to hear. If you think we can make improvements, you can find me on X, @paulmarden and also on LinkedIn. Paul Marden: If you're at VAC this week, the Visitor Attraction Conference, then I'll be there with Oz and Andy. So come and say hi to us and I'll see you again in a couple of weeks time. Paul Marden: Thanks for listening to Skip the Queue. If you've enjoyed this podcast, please leave us a five star review. It really helps others find us. And remember to follow us on Twitter for your chance to win the books that have been mentioned. Skip The Queue is brought to you by Rubber Cheese, a digital agency that builds remarkable systems and websites for attractions that helps them increase their visitor numbers. You can find show notes and transcriptions from this episode and more over on our website, SkiptheQueue.fm. The 2024 Visitor Attraction Website Survey is now LIVE! Help the entire sector:Dive into groundbreaking benchmarks for the industryGain a better understanding of how to achieve the highest conversion ratesExplore the "why" behind visitor attraction site performanceLearn the impact of website optimisation and visitor engagement on conversion ratesUncover key steps to enhance user experience for greater conversionsFill in your data now (opens in new tab)

Feeling the impact of Google's latest algorithm updates? You're not alone. In this episode, I break down the steps you can take to recover your site's traffic after being hit by the dreaded updates—especially the "Helpful Content" update. What You'll Learn: How to identify if your site was affected by Google's most recent algorithm update and the tools you can use to check Key steps to take, like removing outdated content and improving technical SEO The importance of image optimization and how to switch to WebP format for faster load times Top resources to stay ahead of future Google updates Resources Mentioned: Ahrefs Site Explorer - https://ahrefs.com/site-explorer WP Rocket - https://wp-rocket.me/ ShortPixel Plugin - https://shortpixel.com/ PageSpeed Insights - https://pagespeed.web.dev/ SEO sites to stay updated: Search Engine Roundtable (https://www.seroundtable.com/), Search Engine Land (https://searchengineland.com/), and Search Engine Journal (https://www.searchenginejournal.com/) =-=-=-= BONUS RESOURCES + FREE DOWNLOADS If you're a fan of the podcast, here are some FREE online marketing resources from my blog, 99signals, to help you level up your marketing skills: ⁠⁠⁠⁠⁠⁠⁠⁠⁠The Ultimate Blogging Toolkit⁠⁠⁠⁠⁠⁠⁠⁠⁠ (⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ebooks.99signals.com/blogging-toolkit⁠⁠⁠⁠⁠⁠⁠⁠⁠) - This eBook features 75+ marketing tools to help you blog better and boost your traffic! ⁠⁠⁠⁠⁠⁠⁠⁠⁠The Essential Guide to Link Building with Infographics⁠⁠⁠⁠⁠⁠⁠⁠⁠ (https://resources.99signals.com/infographic-backlinks-pdf) -  This PDF guide will show you how you can easily design an infographic and quickly build high-quality backlinks to supercharge your SEO. ⁠⁠⁠⁠⁠⁠⁠⁠⁠Top-rated articles at 99signals⁠⁠⁠⁠⁠⁠⁠⁠⁠ (⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.99signals.com/best/⁠⁠⁠⁠⁠⁠⁠⁠⁠) -  This page contains a list of all the top-rated articles on my blog. It's a great place to get started if you're visiting 99signals for the first time. -=-=-=-=- Visit ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.99signals.com⁠⁠⁠⁠⁠⁠⁠⁠⁠ for more insights on SEO, blogging, and marketing.

 00:00 Introduction and Welcome01:33 AI Crawlers and Content Scraping04:17 TechCrunch and the State of Tech Journalism06:12 Retro Tech: Classic Mac OS and Image Formats08:25 Web Browsing Privacy Enhancements10:08 Sleep Tracking and Orthosomnia11:05 Sign OffLike what you're reading?It's a tough time for content creators right now. If you enjoy what you read, then consider a contribution. Here are the ways you can help me out.Or please share or review the newsletter!Thanks :)AI crawlers need to be more respectfulabout.readthedocs.comThere's a growing backlash against AI crawlers consuming websites, videos, and other content with little respect for robots.txt, copyright issues, or the spikes of traffic that hosts have to pay for. Now, more people are talking about the impact.Apple Nvidia Anthropic Used Thousands of Swiped YouTube Videos to Train AIwired.comSee above…Tech Crunched: How the go-to site for startup news lost its waykeepgoingpod.comThis honestly feels like a summation of the trials and tribulations of tech journalism over the past 20 years, seen through the focus of one of the best-known sites. To some anyway.Orthosomniaen.wikipedia.orgI am a terrible sleeper, but one of the best pieces of advice I read is to stop worrying about it. In fact, I found out this week that worrying about sleep now has a medical term.Managing Classic Mac OS resources in ResEditeclecticlight.coSometimes, I miss the hackability of classic Mac OS. Then I remember how unstable it was

Today we are talking about Drupal Architecture, Common Site Building questions, and How we solve things with Drupal with guest Alexander Varwijk. We'll also cover Drupal 10.3 as our module of the week. For show notes visit: www.talkingDrupal.com/457 Topics Where do you start when thinking about a new site or feature. Where is the line for extending vs forking Do you have solutions that you default to when building a feature Do you find people come to Drupal with specific third party requirements What do you think about Headless When do you choose to contribute a new module to Drupal Will recipes change your architecture How do you learn about new ways of doing things Where did you get your username, are you the king of the Netherlands Resources Drupal Core Issues to split "Site builder" functionality into more granular chunks "Administer Users" permission should be separate from "Administer Account Settings" Enabling "List User" without "Administer Users" Fibers for concurrency in core (and the Revolt Event Loop) Change records for Drupal 10.3 Bigpipe to Revolt ChatGPT / CKEditor Issue Config update issue Issue for update hook divergence Tinode A free, unlimited, and flexible open source messaging platform that's been built mobile-first View transitions api Change in supported versions for the Open Social distribution Guests Alexander Varwijk - alexandervarwijk.com Kingdutch Hosts Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Baddý Sonja Breidert - 1xINTERNET baddysonja MOTW Correspondent Martin Anderson-Clutz - mandclu.com mandclu Brief description: Have you been wanting to use Workspaces, Single Directory Components, Recipes, or the new admin menu in your Drupal site? The new Drupal 10.3 release is better for using all of these and more. Module name/project name: Drupal 10.3 Brief history How old: It was tagged on Jun 20 by catch of Tag1 and Third & Grove Features and usage In this new minor version, Workspaces is now declared stable, and Single Directory Components are now fully integrated into core, instead of being in an experimental module. Drupal 10.3 also includes the new Access Policy API that was funded as part of the Pitchburgh process kicked off at DrupalCon Pittsburgh The “super user” access policy that automatically grants user 1 every permission can now be turned off in services.yml Also, Recipes and the new Navigation menu are available as experimental features The Actions UI, Book, and Statistics modules are deprecated, and contrib projects are available Install profiles can now be uninstalled, and new sites can be installed without any profile at all 10.3 also includes a revision UI for taxonomy terms, and they can also be used with content moderation All core-provided image styles now include WebP conversion The state service now uses a cache collector for performance, which requires opt in within settings.php for existing sites There are other performance improvements, including: POST requests are now render cacheable, duplicate queries during logins are avoided, and big pipe requests now avoid reading session from the database multiple times With 10.3 developer can also make use of a new AJAX command to open a URL in a dialog, and a new DraggableListBuilderTrait, among a host of other changes Of course, there are some additional deprecations, so the Project Update Bot has already been busy creating new MRs

Today we discuss advancements in web image standards and new CSS features. Topics include object fit, aspect ratio, border images, filters, clip path, mask-image, and backdrop filters, which offer alternatives to traditional image editing tools like Photoshop. The episode also covers HTML and CSS considerations, such as img and picture elements, alt tags, and loading attributes. New image formats like WebP and AVIF are examined, along with the use of SVGs for accessibility and performance benefits. Go listen...

Got a Minute? Checkout today's episode of The Guy R Cook Report podcast - the Google Doc for this episode is @ Can you use WEBP format images to help SEO ----more---- Support this podcast Subscribe where you listen to podcasts I help goal oriented business owners that run established companies to leverage the power of the internet Contact Guy R Cook @ https://guyrcook.com The Website Design Questionnaire https://guycook.wordpress.com/start-with-a-plan/ In the meantime, go ahead follow me on Twitter: @guyrcookreport Click to Tweet Be a patron of The Guy R Cook Report. Your help is appreciated.   Contact Guy R Cook https://theguyrcookreport.com/#theguyrcookreport Follow The Guy R Cook Report on Podbean iPhone and Android App | Podbean   https://bit.ly/3m6TJDV Thanks for listening, viewing or reading the show notes for this episode. This episode of The Guy R Cook Report is on YouTube too @ This episode of The Guy R Cook Report Have a great new year, and hopefully your efforts to Entertain, Educate, Convince or Inspire are in play vDomainHosting, Inc 3110 S Neel Place Kennewick, WA 509-200-1429

We released this episode ahead of schedule to provide you with an exclusive opportunity to take advantage of the deal Peter offered. Act fast, as the offer concludes during NADA 2024. Don't miss out! In this compelling episode, Herb and Peter Dufy from Dealer Image Pro engage in a candid conversation, delving into some of the industry's pivotal issues. They explore intriguing questions, such as the curious absence of WebP images in website providers, the reluctance of companies like vAuto to update their technology code stack, and a pressing concern shared by many in the industry: the scarcity of APIs that could revolutionize technology for car dealers in significant ways.

This is a recap of the top 10 posts on Hacker News on December 15th, 2023.This podcast was generated by wondercraft.ai(00:37): Suspects can refuse to provide phone passcodes to police, court rulesOriginal post: https://news.ycombinator.com/item?id=38657577&utm_source=wondercraft_ai(02:06): I bricked my Christmas lightsOriginal post: https://news.ycombinator.com/item?id=38657126&utm_source=wondercraft_ai(03:37): How Lego builds a new Lego setOriginal post: https://news.ycombinator.com/item?id=38653456&utm_source=wondercraft_ai(05:17): Oxlint – JavaScript linter written in RustOriginal post: https://news.ycombinator.com/item?id=38652887&utm_source=wondercraft_ai(07:05): WebP is so great except it's not (2021)Original post: https://news.ycombinator.com/item?id=38653110&utm_source=wondercraft_ai(08:50): Prompt engineeringOriginal post: https://news.ycombinator.com/item?id=38657029&utm_source=wondercraft_ai(10:38): Delta Dental says data breach exposed info of 7M peopleOriginal post: https://news.ycombinator.com/item?id=38654805&utm_source=wondercraft_ai(12:20): Fly Postgres, Managed by SupabaseOriginal post: https://news.ycombinator.com/item?id=38653212&utm_source=wondercraft_ai(14:11): Leave work slightly unfinished for easier flow the next dayOriginal post: https://news.ycombinator.com/item?id=38658262&utm_source=wondercraft_ai(15:45): Data exfiltration from Writer.com with indirect prompt injectionOriginal post: https://news.ycombinator.com/item?id=38654533&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems that must change and adapt to the times? Join us for a fun discussion on what the future looks like with AI and the youth of today. Segment Resources: https://docs.google.com/document/d/103FLvNRSwBhq-WgCbuykMvweT6lKf2lAASuP8OuuKIw/edit#heading=h.3inodmot2b77 Our good friend Matt Carpenter joins us to share his thoughts on what's going on in the world of AI and LLMs. Matt is also a hacker specializing in hardware and the crew has some amazing hardware hacking topics to discuss (as usual). Segment Resources: https://garymarcus.substack.com/p/has-sam-altman-gone-full-gary-marcus We navigate through dangerous cyber terrain, examining real-world examples like the WebP library and the Curl vulnerability. Critical issues in Zyxel firewalls will also be unmasked as we shed light on the urgency of improving vulnerability reporting and cataloging and addressing the often-overlooked problem of overclassifying harmless software bugs. We then shifted gears to tackle the tricky subject of software vulnerability identification, focusing on a specific CVE that sparked intriguing debates. Learn why pinpointing the source of the vulnerability is vital to effective SBOMs. The journey doesn't end there - we'll uncover a newly discovered Bluetooth vulnerability, aptly named 'BLUFFS', and discuss its potential for exploitation, along with the ingenious solutions proposed by the researchers who unearthed it. Brace yourself for a riveting finale as we delve into Akamai's recent research on DVR and router attacks, explore the risks of GPS spoofing, and discuss the importance of detection mechanisms. We'll also scrutinize the stereotype of hackers in pop culture, address the importance of handling vulnerabilities in software, and highlight the pressing issue of ransomware targeting healthcare. So buckle up and join us for this critical exploration into the world of software vulnerabilities as we decode the complexities and debunk some security myths. Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-808

We navigate through dangerous cyber terrain, examining real-world examples like the WebP library and the Curl vulnerability. Critical issues in Zyxel firewalls will also be unmasked as we shed light on the urgency of improving vulnerability reporting and cataloging and addressing the often-overlooked problem of overclassifying harmless software bugs. We then shifted gears to tackle the tricky subject of software vulnerability identification, focusing on a specific CVE that sparked intriguing debates. Learn why pinpointing the source of the vulnerability is vital to effective SBOMs. The journey doesn't end there - we'll uncover a newly discovered Bluetooth vulnerability, aptly named 'BLUFFS', and discuss its potential for exploitation, along with the ingenious solutions proposed by the researchers who unearthed it. Brace yourself for a riveting finale as we delve into Akamai's recent research on DVR and router attacks, explore the risks of GPS spoofing, and discuss the importance of detection mechanisms. We'll also scrutinize the stereotype of hackers in pop culture, address the importance of handling vulnerabilities in software, and highlight the pressing issue of ransomware targeting healthcare. So buckle up and join us for this critical exploration into the world of software vulnerabilities as we decode the complexities and debunk some security myths. Show Notes: https://securityweekly.com/psw-808

What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems that must change and adapt to the times? Join us for a fun discussion on what the future looks like with AI and the youth of today. Segment Resources: https://docs.google.com/document/d/103FLvNRSwBhq-WgCbuykMvweT6lKf2lAASuP8OuuKIw/edit#heading=h.3inodmot2b77 Our good friend Matt Carpenter joins us to share his thoughts on what's going on in the world of AI and LLMs. Matt is also a hacker specializing in hardware and the crew has some amazing hardware hacking topics to discuss (as usual). Segment Resources: https://garymarcus.substack.com/p/has-sam-altman-gone-full-gary-marcus We navigate through dangerous cyber terrain, examining real-world examples like the WebP library and the Curl vulnerability. Critical issues in Zyxel firewalls will also be unmasked as we shed light on the urgency of improving vulnerability reporting and cataloging and addressing the often-overlooked problem of overclassifying harmless software bugs. We then shifted gears to tackle the tricky subject of software vulnerability identification, focusing on a specific CVE that sparked intriguing debates. Learn why pinpointing the source of the vulnerability is vital to effective SBOMs. The journey doesn't end there - we'll uncover a newly discovered Bluetooth vulnerability, aptly named 'BLUFFS', and discuss its potential for exploitation, along with the ingenious solutions proposed by the researchers who unearthed it. Brace yourself for a riveting finale as we delve into Akamai's recent research on DVR and router attacks, explore the risks of GPS spoofing, and discuss the importance of detection mechanisms. We'll also scrutinize the stereotype of hackers in pop culture, address the importance of handling vulnerabilities in software, and highlight the pressing issue of ransomware targeting healthcare. So buckle up and join us for this critical exploration into the world of software vulnerabilities as we decode the complexities and debunk some security myths. Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-808

We navigate through dangerous cyber terrain, examining real-world examples like the WebP library and the Curl vulnerability. Critical issues in Zyxel firewalls will also be unmasked as we shed light on the urgency of improving vulnerability reporting and cataloging and addressing the often-overlooked problem of overclassifying harmless software bugs. We then shifted gears to tackle the tricky subject of software vulnerability identification, focusing on a specific CVE that sparked intriguing debates. Learn why pinpointing the source of the vulnerability is vital to effective SBOMs. The journey doesn't end there - we'll uncover a newly discovered Bluetooth vulnerability, aptly named 'BLUFFS', and discuss its potential for exploitation, along with the ingenious solutions proposed by the researchers who unearthed it. Brace yourself for a riveting finale as we delve into Akamai's recent research on DVR and router attacks, explore the risks of GPS spoofing, and discuss the importance of detection mechanisms. We'll also scrutinize the stereotype of hackers in pop culture, address the importance of handling vulnerabilities in software, and highlight the pressing issue of ransomware targeting healthcare. So buckle up and join us for this critical exploration into the world of software vulnerabilities as we decode the complexities and debunk some security myths. Show Notes: https://securityweekly.com/psw-808

Adobe didn't wait for the annual Max conference to roll out some of the new features for Photoshop and other apps. Generative Fill and Generative Expand are still resolution limited, but they are already surprisingly useful. In Short Circuits: Printers have long been the bane of IT support, and Microsoft has plans to make printers a bit less vexing. Manufacturers will need to work with a universal printer subsystem instead of writing drivers for their devices. • If your browser and any other applications that can display WebP graphics are up to date, you're safe from a nasty flaw. If not, now would be a good time to update them. Twenty Years Ago (only on the website): It's not unheard of for Windows computers to run for months between restarts these days, but it wasn't common in 2003 and I was somewhat jealous of a Linux system that had been up for more than seven months.

Some complex and confusing vulnerabilities as we talk about the recent WebP 0day and the complexities of huffman coding. A data-only exploit to escape a kCTF container, the glibc LPE LOONY_TUNABLES, and a Chrome TurboFan RCE. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/218.html [00:00:00] Introduction [00:00:40] Expanding our exploit reward program to Chrome and Cloud [00:06:10] The WebP 0day - We do somewhat downplay this issue due to the difficulty of exploiting it. But to be clear, it was exploited in the wild on Apple devices, so it exploitable. We're more downplaying the panic that came up around it. It is still a serious issue that should be patched. [00:34:00] Escaping the Google kCTF Container with a Data-Only Exploit [00:44:49] Local Privilege Escalation in the glibc's ld.so [CVE-2023-4911] [01:01:27] Getting RCE in Chrome with incorrect side effect in the JIT compiler [01:08:03] Behind the Shield: Unmasking Scudo's Defenses The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Malicious ads in a chatbot. Google provides clarification on a recent vulnerability. Cl0p switches from Tor to torrents. Influence operations as an adjunct to weapons of mass destruction. Our guest Jeffrey Wells, former Maryland cyber czar and partner at Sigma7 shares his thoughts on what the looming US government shutdown will mean for the nation's cybersecurity. Tim Eades from Cyber Mentor Fund discussing the 3 who's a cybersecurity entrepreneur needs to consider. And NSA has a new AI Security Center. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/187 Selected reading. Malicious ad served inside Bing's AI chatbot (Malwarebytes) Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) (Huntress)  Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity (SC Media)  A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day (Ars Technica)  Google "confirms" that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) (Help Net Security)  Google quietly corrects previously submitted disclosure for critical webp 0-day (Ars Technica) CL0P Seeds ^_- Gotta Catch Em All! (Unit 42)  A ransomware gang innovates, putting pressure on victims but also exposing itself (Washington Post)  2023 Department of Defense Strategy for Countering Weapons of Mass Destruction (US Department of Defense) NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry (Breaking Defense) NSA starts AI security center with eye on China and Russia (Fortune)  NSA is creating a hub for AI security, Nakasone says (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices

Cette semaine : Unity se suicide en direct, FL Studio 21.2 Beta, hack tout frais sur le Webp, Róisín Murphy - Hit Parade, KIM SEJEONG – Top or Cliff, XG Documentary Xtra Xtra, présentation Apple “Wunderlust” + Neutralité carbone pour 2030, iPhone 15 et 15 Plus, iPhone 15 Pro, Apple Watch Series 9, Apple Watch Ultra 2, AirPods Pro, Thunderbolt 5 en 2024, et ARM en bourse, c'est fait ! Lisez plutôt Torréfaction #266 : Unity se saborde, FL Studio 21.2 Beta, Apple iPhone 15, 15 Pro, Apple Watch Series 9 / Ultra 2 et Thunderbolt 5 avec sa vraie mise en page sur Geekzone. Pensez à vos rétines.

Today we are talking about Front End Performance, Common Front End Issues, and Ways to test and fix said issues with guest Andy Blum. We'll also cover Webp Fallback Image as our module of the week. For show notes visit: www.talkingDrupal.com/415 Topics How do we break down front end performance How do we measure front end performance What are web vitals Standard, objective measurements First/Largest contentful paint Cumulative layout shift Time to Interactive/First Input Delay/Time To Next Paint/Total Blocking Time What are some common client side performance problems “Flickering” “Slow loading” Image size/resolution issues Render-blocking resources Screen jitters Memory leaks Memory Bloat How do tracking scripts affect performance Tools to help identify and resolve Drupal front end performance Resources Talking Drupal #373 - Performance, Privacy, and the Open Web Web Vitals Orders of magnitude 100 - 1000 ms Orders of 10 source Instant Near instant Subsequent Talking Drupal #368 - Image Optimization MDN - How Browsers work Prefetch Web Page Test Front End Performance in Drupal architecture.lullabot.com article Hosts Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Andy Blum - andy-blum.com - andy_blum MOTW Correspondent Martin Anderson-Clutz - @mandclu WebP fallback image Brief description: Do you want your Drupal site to generate WebP images in the most optimal way? There are a number of modules for that, today we're going to talk about… Brief history How old: created in Jun 2022 by pedrop Versions available: 1.0.0 and 1.1.0 versions available, both of which support Drupal 8, 9, and 10 Maintainership Actively maintained Number of open issues 3, 2 of which are bugs Has test coverage Usage stats: Almost 252 sites Maintainer(s): Most recent release is by dj1999 Module features and usage Anyone using testing tools like Lighthouse will have seen suggestions to use modern image formats like WebP, and with good reason. They allow for much smaller image files at the same quality, which means a better user experience and less bandwidth used by both the server and the visitor. WebP is a natural choice because it enjoys over 95% browser support, but many sites still care about that other 5% Drupal core added its own support for webp in 9.2, but without a fallback image, so browsers that don't have WebP support have been out of luck Contrib modules have allowed for generating a webp image and a jpeg fallback, to allow for universal support. Typically they have worked by creating the WebP variant from the output of a core image style, so after an image has been saved as something like a jpeg. That means the resulting WebP can't compress as well, and can show compression artifacts WebP Fallback Image is different because it allows Drupal core to generate the WebP image from the source file, and then creates the jpeg fallback. Also worth noting that this module only creates the jpeg fallback when it's requested, so it doesn't add to the storage of your website unless it's needed

This is a recap of the top 10 posts on Hacker News on June 17th, 2023.This podcast was generated by Wondercraft: https://www.wondercraft.ai/?utm_source=hackernews_recap Please ping at team AT wondercraft.ai with feedback.(00:36): Update: U+237C ⍼ &Angzarr;Original post: https://news.ycombinator.com/item?id=36369553&utm_source=wondercraft_ai(01:57): Bullshit Jobs (2018)Original post: https://news.ycombinator.com/item?id=36373190&utm_source=wondercraft_ai(03:18): I don't need your query languageOriginal post: https://news.ycombinator.com/item?id=36369018&utm_source=wondercraft_ai(04:54): GB Studio: Drag and drop retro game creator for GameBoyOriginal post: https://news.ycombinator.com/item?id=36372284&utm_source=wondercraft_ai(06:21): The Secret Sauce behind 100K context window in LLMs: all tricks in one placeOriginal post: https://news.ycombinator.com/item?id=36374936&utm_source=wondercraft_ai(07:55): Review of Hetzner ARM64 servers and experience of WebP cloud services on themOriginal post: https://news.ycombinator.com/item?id=36368586&utm_source=wondercraft_ai(09:28): What character was removed from the alphabet? (2020)Original post: https://news.ycombinator.com/item?id=36370108&utm_source=wondercraft_ai(10:42): Gitless: A simple VCS built on top of GitOriginal post: https://news.ycombinator.com/item?id=36370225&utm_source=wondercraft_ai(12:09): GPT4 Can't Ace MITOriginal post: https://news.ycombinator.com/item?id=36370685&utm_source=wondercraft_ai(13:26): Open source Diablo 1 engine – DevilutionX 1.5.0 releasedOriginal post: https://news.ycombinator.com/item?id=36373364&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Got a Minute? Checkout today's episode of The Guy R Cook Report podcast - the Google Doc for this episode is @ 20230523 More about WEBP image format free tools online ----more---- Support this podcast Subscribe where you listen to podcasts I help goal oriented business owners that run established companies to leverage the power of the internet Contact Guy R Cook @ https://guyrcook.com The Website Design Questionnaire https://guycook.wordpress.com/start-with-a-plan/ In the meantime, go ahead follow me on Twitter: @guyrcookreport Click to Tweet Be a patron of The Guy R Cook Report. Your help is appreciated.   https://guyrcook.com https://theguyrcookreport.com/#theguyrcookreport Follow The Guy R Cook Report on Podbean iPhone and Android App | Podbean   https://bit.ly/3m6TJDV Thanks for listening, viewing or reading the show notes for this episode. Vlog files for 2022 are at 2022 video episodes of The Guy R Cook Report Have a great new year, and hopefully your efforts to Entertain, Educate, Convince or Inspire are in play vDomainHosting, Inc 3110 S Neel Place Kennewick, WA 509-200-1429

Got a Minute? Checkout today's episode of The Guy R Cook Report podcast - the Google Doc for this episode is @ 20230505 Are you familiar with webp image format ----more---- Support this podcast Subscribe where you listen to podcasts I help goal oriented business owners that run established companies to leverage the power of the internet Contact Guy R Cook @ https://guyrcook.com The Website Design Questionnaire https://guycook.wordpress.com/start-with-a-plan/ In the meantime, go ahead follow me on Twitter: @guyrcookreport Click to Tweet Be a patron of The Guy R Cook Report. Your help is appreciated.   https://guyrcook.com https://theguyrcookreport.com/#theguyrcookreport Follow The Guy R Cook Report on Podbean iPhone and Android App | Podbean   https://bit.ly/3m6TJDV Thanks for listening, viewing or reading the show notes for this episode. Vlog files for 2022 are at 2022 video episodes of The Guy R Cook Report Have a great new year, and hopefully your efforts to Entertain, Educate, Convince or Inspire are in play vDomainHosting, Inc 3110 S Neel Place Kennewick, WA 509-200-1429

4/12/23 - Episode 105.In this podcast episode, Scott Austin provides an update on using images in Shopify stores in 2023. He emphasizes the importance of images for effective communication and design, and discusses different image file types such as raster (JPG, PNG, and WEBP) and vector images (SVG). He advises against using GIFs due to large file sizes and suggests using HTML5 video format for animations.Scott recommends using SVG for graphics like logos and icons, JPG for photos, PNG for graphics when SVG is unavailable, and WEBP for better compression. He also explains where images are stored in the Shopify Admin and provides best practices for image management.Image editing software discussed in the episode includes Adobe Photoshop, Illustrator, and Premiere Pro, as well as open-source tools like GIMP, BIMP, Inkscape, and Canva. Scott wraps up by highlighting Shopify's improvements, such as support for more file types and image optimization services, allowing users to focus on growing their businesses.SHOW TRANSCRIPT - https://jadepuma.com/blogs/the-shopify-solutions-podcast/episode-105-all-about-images-in-your-shopify-storeSHOW LINKSVideo in Your Shopify Store - https://jadepuma.com/blogs/the-shopify-solutions-podcast/episode-39-video-in-your-shopify-storeFlex Theme (affiliate link) - use coupon code 'AUSTIN10'SOFTWARE LINKSAdobe Creative Cloud - https://www.adobe.com/creativecloud/plans.htmlGIMP - https://www.gimp.org/downloads/BIMP - https://alessandrofrancesconi.it/projects/bimp/ Inkscape - https://inkscape.org/release/ Canva - https://www.canva.com/HELP THE PODCASTLeave a review - https://ratethispodcast.com/solutions  Apply for Shopify Store Consult Podcast Episode - https://jadepuma.com/pages/podcast-consult-application

Tina and Hillary former New York senator, Pedro Espada, Jr. and the Terri Schiavo Case. Tina's Story Pedro Espada served in the NY Senate beginning in 1993. But when his high rolling lifestyle doesn't match up to a civil servant's pay, an investigation is launched. Hillary's Story Terri Schiavo's suffered a massive heart attack at just 27 years old. BUT the politics of the case led to a nationwide debate that ends up before SCOTUS. Sources Tina's Story Bronx Times After over 30 years, Soundview Health Center is gone (https://www.bxtimes.com/after-over-30-years-soundview-health-center-is-gone/)--by David Cruz Buffalo News For Espada, new problems surface as federal investigation begins (https://buffalonews.com/news/for-espada-new-problems-surface-as-federal-investigation-begins/article_915f10ea-bb84-5934-b28f-8582e88c82c0.html)--by Tom Precious New York Daily News Crooked ex-state Sen. Pedro Espada Jr. sentenced to 5 years in prison for embezzlement (https://www.nydailynews.com/new-york/bronx/pedro-espada-jr-sentenced-5-years-fines-community-service-article-1.1372875)--By John Marzulli New York State Attorney General Attorney General Cuomo Charges Pedro Espada Jr. And 19 Executives With Looting His Bronx Not-for-profit (https://ag.ny.gov/press-release/2010/attorney-general-cuomo-charges-pedro-espada-jr-and-19-executives-looting-his) The New York Times Espada and Son Plead Not Guilty to Embezzling From Health Network (https://www.nytimes.com/2010/12/16/nyregion/16espada.html)--by Nicolas Confessore and Colin Moynihan Espada Sentenced to 5 Years for Stealing From Nonprofit (https://www.nytimes.com/2013/06/15/nyregion/espada-sentenced-to-5-years-for-stealing-from-nonprofit.html)--by Mosi Secret Seven House Primaries Among Most Visible Races in New York Region (https://www.nytimes.com/1988/09/06/nyregion/seven-house-primaries-among-most-visible-races-in-new-york-region.html) Times Union Espada is back in NY after stepping over line in Penn (https://www.timesunion.com/news/article/Espada-is-back-in-NY-after-stepping-over-line-in-6277294.php).--by Rick Karlin United States Attorney's Office Eastern District of New York Former New York State Senate Majority Leader Pedro Espada, Jr. Sentenced To Five Years' Imprisonment (https://www.justice.gov/usao-edny/pr/former-new-york-state-senate-majority-leader-pedro-espada-jr-sentenced-five-years) The Wall Street Journal Landlords Stand by Espada (https://www.wsj.com/articles/SB10001424052748704362404575480190749373882)--by Eliot Brown Wikipedia Pedro Espada Jr. (https://en.wikipedia.org/wiki/Pedro_Espada_Jr.#cite_note-NYT1988-6) Photos Pedro Espada, Jr. (https://upload.wikimedia.org/wikipedia/commons/f/f2/Pedro_Espada_2009_cropped.jpg)--by Matt Ryan CC BY-SA 3.0 Espada on Senate Floor (https://www.youtube.com/watch?v=O7YVSGf9hhI)--screenshot of NYSenate via YouTube Soundview Healthcare Network (https://assets3.cbsnewsstatic.com/hub/i/r/2011/08/09/004e435e-af0a-42e4-ad92-6c90a2853c1a/thumbnail/1200x630/ccf0b422f13a6f156b43dc5001e47b49/soundview.jpg)--via CBS News Hillary's Story ABC News Terri Schiavo Timeline (https://abcnews.go.com/Health/Schiavo/story?id=531632&page=1) CNN Terri Schiavo has died (https://www.cnn.com/2005/LAW/03/31/schiavo/) Mayo Clinic Proceedings The Terri Schiavo Saga: The Making of a Tragedy and Lessons Learned (https://www.mayoclinicproceedings.org/article/S0025-6196(11)61439-0/fulltext) NBC News Ten Years After Terri Schiavo, Death Debates Still Divide Us: Bioethicist (https://www.nbcnews.com/health/health-news/bioethicist-tk-n333536)--by Arthur Caplan The New York Times From Private Ordeal to National Fight: The Case of Terri Schiavo (https://www.nytimes.com/2014/04/21/us/from-private-ordeal-to-national-fight-the-case-of-terri-schiavo.html)--by Clyde Haberman Politico Jeb ‘Put Me Through Hell' (https://www.politico.com/magazine/story/2015/01/jeb-bush-terri-schiavo-114730/)--by Michael Kruse Tampa Bay Times How Terri Schiavo's final days divided her family, Florida and the world (https://www.tampabay.com/narratives/2019/09/15/how-terri-schiavos-final-days-divided-her-family-florida-and-the-world/)--by Tom Zucco, Jamie Thompson, William R. Levesque, Kelley Benham, Leonora LaPeter Anton, Thomas French Time Magazine How Terri Schiavo Shaped the Right-to-Die Movement (https://time.com/3763521/terri-schiavo-right-to-die-brittany-maynard/) Wikipedia Terri Schiavo Case (https://en.wikipedia.org/wiki/Terri_Schiavo_case) Photos Terri Schivao (https://www.newyorker.com/news/amy-davidson/learning-jeb-bush-terri-schiavo)--from the Schindler family via The New Yorker Terri Schiavo, in a PVS, with her mother (https://api.time.com/wp-content/uploads/2015/03/schiavo.jpeg?quality=85&w=1200)--by Matt May via Time Magazine Terri Schiavo Brain Scan: On the Left is CT scan of normal brain; Right: Schiavo's 2002 CT scan showing loss of brain tissue (https://upload.wikimedia.org/wikipedia/en/9/98/Schiavo_catscan.jpg)--via Fair Use Right to Life Supporter (https://www.tampabay.com/resizer//Ko47r9bEh1RKR9RLaMliYIaVTEw=/900x506/smart/filters:format(webP)/arc-anglerfish-arc2-prod-tbt.s3.amazonaws.com/public/S72IA2GHL4I6TBKNIBWI6S7HAY.jpg)--by AP via Tampa Bay Times

About a year ago, Vikas Singhal launched InstaWP, a serverless platform for spinning up WordPress sites instantly for demos and sandboxes, development and testing, or training and education. Along with WordPress, any combination of plugins and themes can be included. There's GitHub integration, and InstaWP has the ability to push sites to a large number of hosts or pull them to a local development environment. (InstaWP generates Blueprints — .zip packages for WP Engine's Local app.)InstaWP is being embraced by WordPress product developers and agencies. It has significant product testing and marketing applications since customers can spin up any number of demo sites based on a custom template, and this activity is logged. Vikas has picked up seed funding from Automattic and looks forward to announcing many new partnerships with WordPress businesses that have found InstaWP and valuable and complementary tool.Vikas sees InstaWP's future as a marketplace for agencies, developers, and freelancers. Because of its powerful site templating and cloning capabilities, it could ultimately become a way to generate bespoke WordPress-based SaaS platforms at scale.

On the podcast today we have Eric Karkovack. He's been in the WordPress space for ages and contributes in a whole variety of ways. I've been wanting to get him on the show for ages, but our calendars kept colliding, until today! We talk about two, not related, subjects. The first is WebP images, and the second is canonical plugins. You might not have heard of WebP images, but they're all the rage! They are / were a project which came out of Google, and their intention was to create a new image format which would create images of high quality, but of a smaller file size. They've not yet made it into WordPress Core. Why is that? We also talk about 'Canonical Plugins' which is a proposal (see the links below in the show notes on the website) to increase the footprint of what WordPress can do, without increasing the footprint of what WordPress can do. That makes sense, right?!?! These canonical plugins would offer some pretty essential features, they would be tested thoroughly with WordPress Core versions, would receive frequent updates and therefore would have kudos; they're more or less guaranteed to work out of the box. Eric and I get into this all as well...

On the podcast today we have Eric Karkovack. He's been in the WordPress space for ages and contributes in a whole variety of ways. I've been wanting to get him on the show for ages, but our calendars kept colliding, until today! We talk about two, not related, subjects. The first is WebP images, and the second is canonical plugins. You might not have heard of WebP images, but they're all the rage! They are / were a project which came out of Google, and their intention was to create a new image format which would create images of high quality, but of a smaller file size. They've not yet made it into WordPress Core. Why is that? We also talk about 'Canonical Plugins' which is a proposal (see the links below in the show notes on the website) to increase the footprint of what WordPress can do, without increasing the footprint of what WordPress can do. That makes sense, right?!?! These canonical plugins would offer some pretty essential features, they would be tested thoroughly with WordPress Core versions, would receive frequent updates and therefore would have kudos; they're more or less guaranteed to work out of the box. Eric and I get into this all as well...

On the podcast today we have Eric Karkovack. He's been in the WordPress space for ages and contributes in a whole variety of ways. I've been wanting to get him on the show for ages, but our calendars kept colliding, until today! We talk about two, not related, subjects. The first is WebP images, and the second is canonical plugins. You might not have heard of WebP images, but they're all the rage! They are / were a project which came out of Google, and their intention was to create a new image format which would create images of high quality, but of a smaller file size. They've not yet made it into WordPress Core. Why is that? We also talk about 'Canonical Plugins' which is a proposal (see the links below in the show notes on the website) to increase the footprint of what WordPress can do, without increasing the footprint of what WordPress can do. That makes sense, right?!?! These canonical plugins would offer some pretty essential features, they would be tested thoroughly with WordPress Core versions, would receive frequent updates and therefore would have kudos; they're more or less guaranteed to work out of the box. Eric and I get into this all as well...

2022-11-01 Weekly News - Episode 170Watch the video version on YouTube at https://youtu.be/kvjYGC9Obf0Hosts:  Gavin Pickin - Senior Developer at Ortus Solutions Daniel Garcia- Senior Developer at Ortus Solutions Thanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. A few ways  to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube.  Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week BOXLife store: https://www.ortussolutions.com/about-us/shop Buy Ortus's Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)  Patreon Support ( amazing )Goal 1 - We have 42 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. Goal 2 - We are 32% of the way to fully fund the hosting of ForgeBox.io News and AnnouncementsICYMI - Hacktoberfest 2022HERE'S WHAT YOU NEED TO KNOW TO PARTICIPATE AND COMPLETE HACKTOBERFEST:Register anytime between September 26 and October 31Pull requests can be made in any GITHUB or GITLAB hosted project that's participating in Hacktoberfest (look for the “hacktoberfest” topic)Project maintainers must accept your pull/merge requests for them to count toward your totalHave 4 pull/merge requests accepted between October 1 and October 31 to complete HacktoberfestThe first 40,000 participants (maintainers and contributors) who complete Hacktoberfest can elect to receive one of two prizes: a tree planted in their name, or the Hacktoberfest 2022 t-shirt.https://hacktoberfest.com/ Ortus Blog about Hacktoberfest - https://www.ortussolutions.com/blog/october-is-here-and-that-means-hacktoberfest Gavin and Daniel both ordered their T-Shirts!!!New Releases and UpdatesCBWIRE v2.1 ReleasedCBWIRE, our ColdBox module that makes building reactive, modern CFML apps delightfully easy, just dropped its 2.1 release. This release contains mostly bug fixes and also the ability to create your UI templates directly within your CBWIRE component using the onRender() method.We've added an example of using onRender() to our ever growing CBWIRE-Examples Repo that you can run on your machine locally. https://github.com/grantcopley/cbwire-exampleshttps://www.ortussolutions.com/blog/cbwire-2-1-released ICYMI - MasaCMS v7.3.9 released Update filebrowser.cfc by @jimblesphere in #128 fix empty admin minified JS files replace We Are Orange with We Are North https://github.com/MasaCMS/MasaCMS/releases/tag/7.3.9 Other Masa Linkshttps://github.com/MasaCMS/MasaCMS/discussions/135  https://github.com/MasaCMS/MasaCMS/discussions/136 https://github.com/MasaCMS/MasaCMS/discussions/137  ICYMI - Image Extension 2.0.0.16 BETAImage Extension 2.0.0.16-BETA is available for testing fixes some locking issues on windows major refactoring optional support for commercial Jdeli and/or Apose Imaging jars when available in the classpath (i.e /lib dir) Latest Twelve Monkeys 2 3.9.3 (including lossless WEBP support) previous was 3.8.2 JDeli for example supports HEIC imagesVersion 2 will bundled with Lucee 6.0, but it also works with Lucee 5.3We will be backporting the image locking fixes to the 1.0 branch, which is a blocker for the 5.3.10 releasehttps://dev.lucee.org/t/image-extension-2-0-0-16-beta/11293 Webinar / Meetups and WorkshopsOrtus Event Calendar for Google https://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20 Embeddable Link: https://calendar.google.com/calendar/embed?src=c_562a1ef61c4b1e2e6d88ed7845728d56897dd4bb68c140f773768952b29421ed%40group.calendar.google.com&ctz=America%2FLos_Angeles  Ortus Office HoursWe are starting this a new initiative where some Ortusians will be on a Zoom call and answer whatever questions people have. We are going to start less structured and see how things develop. For this first one we have Grant, Gavin, and Daniel.November 4th at 11am CDT - 1st Friday of the MonthDaniel Garcia will host a variety of Ortus people Office Hours questions & requests form availableRegister in advance for this meeting:https://us06web.zoom.us/meeting/register/tZwvduyvpz8sHNyBiE0ez7Y-49_U-0ivMSUd Ortus Software Craftsmanship Book Club - Patreon OnlyFriday, November 11th at 2pm CDT - 2nd Friday of the MonthClean Code: A Handbook of Agile Software Craftsmanship by Robert Martin (Uncle Bob)We will meet monthly on Zoom, and we'll use the Ortus Community Forum for Patreon to discuss the book.https://community.ortussolutions.com/t/ortus-software-craftsmanship-book-club-clean-code/9432 We will also be rewriting the code from Java to CFML as we proceed through the book.The final result will be here https://github.com/gpickin/clean-code-book-cfml-examples You can get a copy of the book at one of the below links, or your favorite bookstorehttps://amzn.to/3TIrmKm or https://www.audible.com/pd/Clean-Code-Audiobook/B08X7KL3TF?action_code=ASSGB149080119000H&share_location=pdp&shareTest=TestShare Ortus Webinar - Daniel Garcia - API Testing with PostManFriday, November 18th  at 11am CDT - 3rd Friday of the Monthhttps://us06web.zoom.us/meeting/register/tZYqc-uuqzMqGtAO7tQ6qCsN8bR0LyBf8DNP ICYMI - Online ColdFusion Meetup - 300th Episode: A look back and a new direction", with Charlie ArehartThursday, October 27, 2022 at 9:00 AM - 10AMWe did it, reaching episode 300! Join us as we celebrate this momentous anniversary. The Online CFMeetup was formed in 2005 and has been hosted since 2007 by Charlie Arehart, with sessions from over 150 speakers on a wide range of topics related to CF. In this session, we'll celebrate the past and look to the future for the group, where I will propose a new direction/format. All still about CF, of course. Here's to 300 more!https://www.meetup.com/coldfusionmeetup/events/289332692/ Recording: https://www.youtube.com/watch?v=76xHooM9Kj4 ICYMI - Ortus Webinar - Step up your Testing with Gavin PickinFriday October 28th at 11am CDTWe all test manually, let's step up our game with some easy, powerful and valuable automated tests with TestBox - even on your legacy codebases.Fewer bugs and errors are the primary benefit of the Testing. When the code has fewer bugs, you'll spend less time fixing them than other programming methodologies. Test Driven Developer produces a higher overall test coverage and, therefore to a better quality of the final product.Register now: https://bit.ly/3EY6SZK Recording on CFCasts: https://cfcasts.com/series/ortus-webinars-2022/videos/gavin-pickin-on-step-up-your-testingCFHawaii - ColdFusion Builder for VS CodeFriday, October 28, 2022 at 3:00 PM to Friday, October 28, 2022 at 4:00 PM PDTMark Takata, the Adobe CF Technical Evangelist for ColdFusion will give a presentation on the new ColdFusion Builder extension for VS Code. During his talk he will discuss:Access built-in support for IntelliSense code completion, better semantic code understanding, and code refactoring.Identify security vulnerabilities and maintain the integrity of your code.Manage your work with extensions, remote project support, integrated server management, a log viewer, and more!Customize every feature to your liking by creating shortcuts, easily formatting and reusing code, and using powerful extensions to better your best.https://www.meetup.com/hawaii-coldfusion-meetup-group/events/288977258/ https://hawaiicoldfusionusergroup.adobeconnect.com/pfhheu0lksfz/?fbclid=IwAR2HVkOv52P2seMj-_mGBx57ylDw5yG3duCvM4iapel2o8egnoUQDnwKc3IICYMI - CFUG Tech Talk - Document Services APIs and You by Raymond CamdenThursday, October 20th, 2022 8:00pm-9:00pm IST (9:30 AM CDT)Most organizations have to deal with documents, from PDFs to various Office formats, managing and processing documents can be overwhelming. In this talk, Raymond will discuss the various Adobe Document Services APIs and how they can help developers manage their document stores.Register: https://www.eventbrite.com/e/document-services-apis-and-you-tickets-428587234957 Presentation URL: https://meet67421977.adobeconnect.com/document-services-apis/ Recording: https://youtu.be/DpCVfVpitwM CF Summit Online Adobe announced today that the “ColdFusion Summit Online” will begin soon, where they will be having presenters offer their sessions again from the CF Summit last month, to be live-streamed and recorded since that couldn't be done in Vegas.https://coldfusion.adobe.com/2022/11/coldfusion-summit-online/ All the webinars, all the speakers from Adobe ColdFusion Summit 2022 – brought right to your screen. All sessions will soon be streamed online, for your convenience. Stay tuned for more! Charlie up first, November 16th, we heard November 23rd is scheduled as well.Adobe Workshops & WebinarsJoin the Adobe ColdFusion Workshop to learn how you and your agency can leverage ColdFusion to create amazing web content. This one-day training will cover all facets of Adobe ColdFusion that developers need to build applications that can run across multiple cloud providers or on-premise.https://coldfusion.adobe.com/2022/10/upcoming-adobe-webinar-on-preview-of-cf2023-date-and-title-change/  WEBINAR - WEDNESDAY, NOVEMBER 23, 2022 - New Date - New Name10:00 AM PSTThe Road to FortunaMark Takatahttps://winter-special-preview-of-cf2023.meetus.adobeevents.com/ WEBINAR - THURSDAY, DECEMBER 22, 202210:00 AM PSTBuilding Native Mobile Applications with Adobe ColdFusion & Monaco.ioMark Takatahttps://building-native-mobile-apps-with-cf-monaco-io.meetus.adobeevents.com/ FREE :)Full list - https://meetus.adobeevents.com/coldfusion/ CFCasts Content Updateshttps://www.cfcasts.comJust Released Ortus Webinar - Gavin Pickin on Step up your Testing https://cfcasts.com/series/ortus-webinars-2022/videos/gavin-pickin-on-step-up-your-testing  Every video from ITB - For ITB Ticket Holders Only - Will be released for Subscribed in December 2022 ForgeBox Module of the Week Series - 1 new Video https://cfcasts.com/series/2022-forgebox-modules-of-the-week 2022 VS Code Hint tip and Trick of the Week Series - 1 new Video https://cfcasts.com/series/2022-vs-code-hint-tip-and-trick-of-the-week  Coming Soon  More ForgeBox and VS Code Podcast snippet videos Box-ifying a 3rd Party Library from Gavin ColdBox Elixir from Eric Getting Started with ContentBox from Daniel ITB Videos will be released Dec for those who are not ITB Ticket Holders Conferences and TrainingDeploy from Digital OceanNovember 15-16, 2022The virtual conference for global buildersSubtract Complexity,Add Developer HappinessJoin us on the mission to simplify the developer experience.https://deploy.digitalocean.com/ Into the Box Latam 2022Dec 7th, 2022 - 8am - 5pm2 tracks - 1 set of sessions, 1 set of deep dive workshop sessionsPricing $9-$29 USDLocation: Hyatt Centric Las Cascadas Shopping Center,Merliot, La Libertad 99999 El Salvadorhttps://latam.intothebox.org/ VUEJS AMSTERDAM 20239-10 February 2023, Theater AmsterdamWorld's Most Special and Largest Vue ConferenceCALL FOR PAPERS AND BLIND TICKETS AVAILABLE NOW!Call for Papers: https://forms.gle/GopxfjYHfpE8fKa57 Blind Tickets: https://eventix.shop/abzrx3b5 https://vuejs.amsterdam/ Dev NexusApril 4-6th in AltantaEARLY BIRD CONFERENCE PASS - APRIL 5-6 (AVAILABLE UNTIL NOVEMBER 20) (Approx 40% off)If you are planning to speak, please submit often and early. The CALL FOR PAPERS is open until November 15WORKSHOPS WILL BE ON JAVA, JAVA SECURITY, SOFTWARE DESIGN, AGILE, DEVOPS, KUBERNETES, MICROSERVICES, SPRING ETC. SIGN UP NOW, AND YOU WILL BE ABLE TO CHOOSE A WORKSHOP, LATER ON,https://devnexus.com/ VueJS Live MAY 5 & 8, 2023ONLINE + LONDON, UKCODE / CREATE / COMMUNICATE35 SPEAKERS, 10 WORKSHOPS10000+ JOINING ONLINE GLOBALLY300 LUCKIES MEETING IN LONDONGet Early Bird Tickets: https://ti.to/gitnation/vuejs-london-2022  Watch 2021 Recordings: https://portal.gitnation.org/events/vuejs-london-2021 https://vuejslive.com/ Into the Box 2023 - 10th EditionMay 17, 18, and 19th, 2022.Middle of May - start planning.Final dates will be released as soon as the hotel confirms availability.Call for Speakers - this weekCFCampNo CFCAMP 2022, we're trying again for summer 2023TLDR is that it's just too hard and there's too much uncertainty right now.More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/Blogs, Tweets, and Videos of the Week11/1/22 - Blog - Charlie Arehart - ColdFusion Portal - Join Adobe for “ColdFusion Summit Online”, re-presenting sessions over the next several weeksAdobe announced today that the “ColdFusion Summit Online” will begin soon, where they will be having presenters offer their sessions again from the CF Summit last month, to be live-streamed and recorded since that couldn't be done in Vegas.https://coldfusion.adobe.com/2022/11/coldfusion-summit-online/ 11/1/22 - Blog - Ben Nadel - Preventing Unbounded Full-Table Scans In My ColdFusion Database Access Layer As I've continued to evolve my approach to building ColdFusion applications, one pattern that I've begun to embrace consistently in my data access layer / Data Access Object (DAO) is to block the developer from running a SQL query that performs a full-table scan. This is really only necessary in DAO methods that provide dynamic, parameterized SQL queries; but, it offers me a great deal of comfort. The pattern works by requiring each query to include at least one indexed column in the dynamically generated SQL statement.https://www.bennadel.com/blog/4348-preventing-unbounded-full-table-scans-in-my-coldfusion-database-access-layer.htm 11/1/22 - Blog - Ben Nadel - CFCookie "Expires" Can Use CreateTimeSpan() In ColdFusionAs I've been trying to build-up my knowledge of how Cookies interact with ColdFusion applications, I noticed that the CFCookie tag accepts a "number of days" in its expires attribute. And, the moment I see "days", I think "time-spans". As such, I wanted to see if I could use the createTimeSpan() function to define the cookie expires attribute in ColdFusion - turns out, you can!https://www.bennadel.com/blog/4347-cfcookie-expires-can-use-createtimespan-in-coldfusion.htm 10/31/22 - Blog - Charlie Arehart - ColdFusion Portal - Solving “Failed Signature Verification” when downloading CF updates while using Java 11.0.17 or laterJust a quick note to clarify that if you may apply the new Java updates from Oct 18 2022 (such as Java 11.0.17) and change CF to use that, you will find (for now) that if you then try to download any CF updates using the CF Admin, the update will download but then you'll get an error:“error occurred while installing the update: Failed Signature Verification”Here's good news: there is a solution for that problem, actually a few alternatives you can consider, at least until Adobe resolves the problem for us. For more, see a blog post I did with much more detail - linked in this post.https://coldfusion.adobe.com/2022/10/solving-failed-signature-verification-when-downloading-cf-updates-in-2022/ 10/31/22 - Blog - Ben Nadel - Looking At How Cookies And Domains Interact In ColdFusionIn my previous post on leading dots (.) in Cookie domains, I mentioned that my mental model for how Cookies work leaves something to be desired. Along the same lines, I don't have a solid understanding for when Cookies with explicit / non-explicit Domain attributes are sent to the server. As such, I wanted to run some experiments using different combinations of setting and getting of cookie values in ColdFusion.In order to start exploring Cookie domain behaviors, I went into my /etc/hosts file locally and defined a series of subdomains that all point back to my localhost:https://www.bennadel.com/blog/4346-looking-at-how-cookies-and-domains-interact-in-coldfusion.htm 10/31/22 - Blog - Charlie Arehart - Special offer to upgrade to CF2021 from CF2016 or earlier, saving thousands of dollarsIf you're running CF2016 or earlier, now's your chance (though the end of the year) to save potentially thousands of dollars in upgrading to the latest current version, CF2021. Intergral, the folks who make the FusionReactor monitoring tool and service, are again offering a special deal (that even Adobe is not offering).Read on for more details.https://www.carehart.org/blog/2022/10/31/special_offer_upgrade_to_cf2021_from_cf2016_or%20earlier 10/30/22 - Blog - James Moberg - Undocumented Change to ColdFusion 2021 CFHTMLHead & CFContentAccording to my unit tests, after ColdFusion 2018.0.0-15, Adobe changed the way that CFHTMLHead works with CFContent. Prior to CF2021, any strings that were added to the header buffer via CFHTMLHead was outputted to the HTML HEAD section (or top of the page if you neglected to include a HEAD section) on onRequestEnd even if a CFContent (with or without reset) was performed.https://dev.to/gamesover/change-to-coldfusion-2021-cfhtmlhead-cfcontent-1fj8 10/29/22 - Blog - Ben Nadel - Leading Dots On HTTP Cookie Domains IgnoredI've been using Cookies in my ColdFusion web applications forever. But, I honestly don't have the best mental model for how the low-level intricacies of cookies work. For most of my career, I only ever defined cookies using a "name", "value", and an "expires" attributes — I didn't even know you could define a "domain" until we had to start locking down enterprise-cookies (by subdomain) at InVision. And even now, I'm still fuzzy on how the domain setting operates; which is why something caught my eye when I was reading through the Set-Cookie HTTP header docs on MDN: https://www.bennadel.com/blog/4345-leading-dots-on-http-cookie-domains-ignored.htm 10/28/22 - Blog - Grant Copley - Ortus Solutions - CBWIRE 2.1 ReleasedCBWIRE, our ColdBox module that makes building reactive, modern CFML apps delightfully easy, just dropped its 2.1 release. This release contains mostly bug fixes and also the ability to create your UI templates directly within your CBWIRE component using the onRender() method.We've added an example of using onRender() to our ever growing CBWIRE-Examples Repo that you can run on your machine locally. https://github.com/grantcopley/cbwire-exampleshttps://www.ortussolutions.com/blog/cbwire-2-1-released 10/27/22 - Blog - Ben Nadel - A Database Column For "Date Updated" Has No Semantic Meaning, Nor Should ItWhen I create a new relational database table in my ColdFusion applications, my default operation is to add three columns: the primary key, a date/time for when the row is created, and a date/time for when the row is updated. Not all entities fit into this model (such as rows that can never be updated); but, for the most part, this core set of columns makes sense. The "updated" column has no semantic meaning within the application - it is simply a mechanical recording of when any part of a row is updated. The biggest mistake that I've made with this column is allowing the customers to attach meaning to this column. This never works out well. https://www.bennadel.com/blog/4344-a-database-column-for-date-updated-has-no-semantic-meaning-nor-should-it.htm 10/25/22 - Blog - Charlie Arehart - Upcoming Adobe webinar on preview of CF2023, date and title changeAdobe had announced some weeks ago two upcoming webinars, one as a preview of CF2023 (originally set for Dec 22), and the other on mobile apps with CF and Monaco (originally set for Nov 23).If like me you may have signed up for them, note that sometime recently the dates have been swapped. (Also the name of the preview session has been changed, from “Winter Holiday Special: A preview of ColdFusion 2023” to instead refer to the product code-name instead.)https://coldfusion.adobe.com/2022/10/upcoming-adobe-webinar-on-preview-of-cf2023-date-and-title-change/ CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 143 ColdFusion positions from 79 companies across 66 locations in 5 Countries.1 new jobs listed this weekFull-Time - Sr. Software Engineer - Coldfusion at Delhi, Delhi - India Oct 28https://www.getcfmljobs.com/jobs/index.cfm/india/Sr-Software-Engineer-Coldfusion-at-Delhi-Delhi/11530 Other Online Jobshttps://lighting-new-york.breezy.hr/p/8ddb3ce952b8 Other Job Links Ortus Solutions https://www.ortussolutions.com/about-us/careers  There is a jobs channel in the CFML slack team, and in the box team slack now too ForgeBox Module of the WeekDialpadcfc By Matthew ClementeA CFML wrapper for the Dialpad API. Use it to interact with the Dialpad call and contact center platform to make calls, send SMS, manage your account, and more.What is Dialpad? Experience the future of Ai in the workplaceWith built-in speech recognition and natural language processing, Dialpad Ai is completely changing the way the world works together.This is an early stage API wrapper and does not yet cover the full Dialpad API. Feel free to use the issue tracker to report bugs or suggest improvements!https://forgebox.io/view/dialpadcfc VS Code Hint Tips and Tricks of the WeekGithub CopilotGitHub Copilot is an AI pair programmer that helps you write code faster and with less work. It draws context from comments and code to suggest individual lines and whole functions instantly. GitHub Copilot is powered by Codex, a generative pretrained language model created by OpenAI. It is available as an extension for Visual Studio Code, Visual Studio, Neovim, and the JetBrains suite of integrated development environments (IDEs).GitHub Copilot is not intended for non-coding tasks like data generation and natural language generation, like question & answering. Your use of GitHub Copilot is subject to the GitHub Terms for Additional Product and Features.https://github.com/features/copilot/ https://marketplace.visualstudio.com/items?itemName=GitHub.copilot Thank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutionsDon't forget, we have Annual Memberships, pay for the year and save 10% - great for businesses. Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription. All Patreon supporters have a Profile badge on the Community Website All Patreon supporters have their own Private Forum access on the Community Website All Patreon supporters have their own Private Channel access BoxTeam Slack Live Stream Access to streams like “Koding with the Kiwi + Friends” and Ortus Software Craftsmanship Book Club https://community.ortussolutions.com/ Patreons John Wilson - Synaptrix Jordan Clark Gary Knight Mario Rodrigues Giancarlo Gomez David Belanger  Dan Card Jonathan Perret Jeffry McGee - Sunstar Media Dean Maunder Nolan Erck  Abdul Raheen Wil De Bruin Joseph Lamoree   Don Bellamy Jan Jannek   Laksma Tirtohadi   Brian Ghidinelli - Hagerty MotorsportReg Carl Von Stetten Jeremy Adams Didier Lesnicki Matthew Clemente Daniel Garcia Scott Steinbeck - Agri Tracking Systems Ben Nadel  Richard Herbet Brett DeLine Kai Koenig Charlie Arehart Jason Daiger Shawn Oden Matthew Darby Ross Phillips Edgardo Cabezas Patrick Flynn Stephany Monge   Kevin Wright John Whish Peter Amiri Cavan Vannice John Nessim You can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors Thanks everyone!!! ★ Support this podcast on Patreon ★

2022-10-25 Weekly News - Episode 169Watch the video version on YouTube at https://youtu.be/-CdMcz8OGJs  Hosts:  Gavin Pickin - Senior Developer at Ortus Solutions Scott Steinbeck - CoOwner of Agritracking Systems - Patreon and CFML Community Member and has presented at Into the Box, Adobe CF Summit & CFObjective Thanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. A few ways  to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube.  Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week BOXLife store: https://www.ortussolutions.com/about-us/shop Buy Ortus's Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)  Patreon Support ( magnificent )Goal 1 - We have 42 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. Goal 2 - We are 32% of the way to fully fund the hosting of ForgeBox.io News and AnnouncementsAI is taking over the world - What the Diff AIIf you review pull requests, it will blow your mind.It automatically writes a summary of your code changes as a GitHub comment, in seconds.https://whatthediff.ai/ Hacktoberfest 2023 - Last week!!!HERE'S WHAT YOU NEED TO KNOW TO PARTICIPATE AND COMPLETE HACKTOBERFEST:Register anytime between September 26 and October 31Pull requests can be made in any GITHUB or GITLAB hosted project that's participating in Hacktoberfest (look for the “hacktoberfest” topic)Project maintainers must accept your pull/merge requests for them to count toward your totalHave 4 pull/merge requests accepted between October 1 and October 31 to complete HacktoberfestThe first 40,000 participants (maintainers and contributors) who complete Hacktoberfest can elect to receive one of two prizes: a tree planted in their name, or the Hacktoberfest 2022 t-shirt.https://hacktoberfest.com/ Ortus Blog about Hacktoberfest - https://www.ortussolutions.com/blog/october-is-here-and-that-means-hacktoberfest Ordered my T-Shirt!!!New Releases and UpdatesMasaCMS v7.3.9 releasedUpdate filebrowser.cfc by @jimblesphere in #128fix empty admin minified JS filesreplace We Are Orange with We Are Northhttps://github.com/MasaCMS/MasaCMS/releases/tag/7.3.9 Other Masa Linkshttps://github.com/MasaCMS/MasaCMS/discussions/135  https://github.com/MasaCMS/MasaCMS/discussions/136  https://github.com/MasaCMS/MasaCMS/discussions/137 Image Extension 2.0.0.16 BETAImage Extension 2.0.0.16-BETA is available for testing fixes some locking issues on windows major refactoring optional support for commercial Jdeli and/or Apose Imaging jars when available in the classpath (i.e /lib dir) Latest Twelve Monkeys 2 3.9.3 (including lossless WEBP support) previous was 3.8.2 JDeli for example supports HEIC imagesVersion 2 will bundled with Lucee 6.0, but it also works with Lucee 5.3We will be backporting the image locking fixes to the 1.0 branch, which is a blocker for the 5.3.10 releasehttps://dev.lucee.org/t/image-extension-2-0-0-16-beta/11293 ICYMI - ColdFusion 2021 "refreshed" installers available (with update 5)...but only in one place for nowHere's some surprising news: Adobe has released a "refreshed" installer for CF2021, which includes update 5 (which came out last week) built-in.TLDR: these new "refreshed" CF2021 installers are (for now) available only here: here.https://www.carehart.org/blog/2022/10/17/cf2021_refreshed_installers_available_but_only_one_place_for_now Updated: https://www.carehart.org/blog/2022/10/18/java_updates_Oct_2022 Webinar / Meetups and WorkshopsOnline ColdFusion Meetup - 300th Episode: A look back and a new direction", with Charlie ArehartThursday, October 27, 2022 at 9:00 AM - 10AMWe did it, reaching episode 300! Join us as we celebrate this momentous anniversary. The Online CFMeetup was formed in 2005 and has been hosted since 2007 by Charlie Arehart, with sessions from over 150 speakers on a wide range of topics related to CF. In this session, we'll celebrate the past and look to the future for the group, where I will propose a new direction/format. All still about CF, of course. Here's to 300 more!https://www.meetup.com/coldfusionmeetup/events/289332692/ Ortus Webinar - Step up your Testing with Gavin PickinFriday October 28th at 11am CDTWe all test manually, let's step up our game with some easy, powerful and valuable automated tests with TestBox - even on your legacy codebases.Fewer bugs and errors are the primary benefit of the Testing. When the code has fewer bugs, you'll spend less time fixing them than other programming methodologies. Test Driven Developer produces a higher overall test coverage and, therefore to a better quality of the final product.Register now: https://bit.ly/3EY6SZK CFHawaii - ColdFusion Builder for VS CodeFriday, October 28, 2022 at 3:00 PM to Friday, October 28, 2022 at 4:00 PM PDTMark Takata, the Adobe CF Technical Evangelist for ColdFusion will give a presentation on the new ColdFusion Builder extension for VS Code. During his talk he will discuss:Access built-in support for IntelliSense code completion, better semantic code understanding, and code refactoring.Identify security vulnerabilities and maintain the integrity of your code.Manage your work with extensions, remote project support, integrated server management, a log viewer, and more!Customize every feature to your liking by creating shortcuts, easily formatting and reusing code, and using powerful extensions to better your best.https://www.meetup.com/hawaii-coldfusion-meetup-group/events/288977258/ Ortus Office HoursNovember 4th at 11am CDT - 1st Friday of the MonthDaniel Garcia will host a variety of Ortus people Office Hours questions & requests form availableSignup link is coming soon.Ortus Book Club - Patreon OnlyFriday, November 11th at 11am CDT - 2nd Friday of the MonthClean Code by Robert Martin (Uncle Bob)https://amzn.to/3TIrmKm or https://www.audible.com/pd/Clean-Code-Audiobook/B08X7KL3TF?action_code=ASSGB149080119000H&share_location=pdp&shareTest=TestShare Ortus WebinarFriday, November 18th  at 11am CDT - 3rd Friday of the MonthKoding with the Kiwi - Patreon OnlyFriday, November 25th  at 11am CDT - 4th Friday of the MonthICYMI - CFUG Tech Talk - Document Services APIs and You by Raymond CamdenThursday, October 20th, 2022 8:00pm-9:00pm IST (9:30 AM CDT)Most organizations have to deal with documents, from PDFs to various Office formats, managing and processing documents can be overwhelming. In this talk, Raymond will discuss the various Adobe Document Services APIs and how they can help developers manage their document stores.Register: https://www.eventbrite.com/e/document-services-apis-and-you-tickets-428587234957 Presentation URL: https://meet67421977.adobeconnect.com/document-services-apis/ Adobe Workshops & WebinarsJoin the Adobe ColdFusion Workshop to learn how you and your agency can leverage ColdFusion to create amazing web content. This one-day training will cover all facets of Adobe ColdFusion that developers need to build applications that can run across multiple cloud providers or on-premise.WEBINAR - WEDNESDAY, NOVEMBER 23, 202210:00 AM PSTWinter Holiday Special: A preview of ColdFusion 2023Mark Takatahttps://winter-special-preview-of-cf2023.meetus.adobeevents.com/ WEBINAR - THURSDAY, DECEMBER 22, 202210:00 AM PSTBuilding Native Mobile Applications with Adobe ColdFusion & Monaco.ioMark Takatahttps://building-native-mobile-apps-with-cf-monaco-io.meetus.adobeevents.com/ FREE :)Full list - https://meetus.adobeevents.com/coldfusion/ CFCasts Content Updateshttps://www.cfcasts.comJust Released Every video from ITB - For ITB Ticket Holders Only - Will be released for Subscribed in December 2022 ForgeBox Module of the Week Series - 1 new Video https://cfcasts.com/series/2022-forgebox-modules-of-the-week 2022 VS Code Hint tip and Trick of the Week Series - 1 new Video https://cfcasts.com/series/2022-vs-code-hint-tip-and-trick-of-the-week  Coming Soon - Now that ITB is over we can get back to our Video Series More ForgeBox and VS Code Podcast snippet videos Box-ifying a 3rd Party Library from Gavin ColdBox Elixir from Eric Getting Started with ContentBox from Daniel ITB Videos will be released Dec for those who are not ITB Ticket Holders Conferences and TrainingICYMI - AWSome Day Online ConferenceTHURSDAY, OCTOBER 20, 20229AM – 12PM PT | 12PM – 3PM ETWe're bringing the cloud down to EarthJoin us for a free virtual 3-hour AWS Cloud training event delivered by our skilled in-house instructors.https://aws.amazon.com/events/awsome-day/americas/ Deploy from Digital OceanNovember 15-16, 2022The virtual conference for global buildersSubtract Complexity,Add Developer HappinessJoin us on the mission to simplify the developer experience.https://deploy.digitalocean.com/ Into the Box Latam 2022Dec 7thMore information is coming very soon.VUEJS AMSTERDAM 20239-10 February 2023, Theater AmsterdamWorld's Most Special and Largest Vue ConferenceCALL FOR PAPERS AND BLIND TICKETS AVAILABLE NOW!Call for Papers: https://forms.gle/GopxfjYHfpE8fKa57 Blind Tickets: https://eventix.shop/abzrx3b5 https://vuejs.amsterdam/ Dev NexusApril 4-6th in AltantaEARLY BIRD CONFERENCE PASS - APRIL 5-6 (AVAILABLE UNTIL NOVEMBER 20) (Approx 40% off)If you are planning to speak, please submit often and early. The CALL FOR PAPERS is open until November 15WORKSHOPS WILL BE ON JAVA, JAVA SECURITY, SOFTWARE DESIGN, AGILE, DEVOPS, KUBERNETES, MICROSERVICES, SPRING ETC. SIGN UP NOW, AND YOU WILL BE ABLE TO CHOOSE A WORKSHOP, LATER ON,https://devnexus.com/ VueJS Live MAY 5 & 8, 2023ONLINE + LONDON, UKCODE / CREATE / COMMUNICATE35 SPEAKERS, 10 WORKSHOPS10000+ JOINING ONLINE GLOBALLY300 LUCKIES MEETING IN LONDONGet Early Bird Tickets: https://ti.to/gitnation/vuejs-london-2022  Watch 2021 Recordings: https://portal.gitnation.org/events/vuejs-london-2021 https://vuejslive.com/ Into the Box 2023 - 10th EditionMay 17, 18, and 19th, 2022.Middle of May - start planning.Final dates will be released as soon as the hotel confirms availability.Call for Speakers - coming soonCFCampNo CFCAMP 2022, we're trying again for summer 2023TLDR is that it's just too hard and there's too much uncertainty right now.More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/Blogs, Tweets, and Videos of the Week10/22/22 - Blog - Ben Nadel - Considering The "Bounded Context" Of Error Messages In A ColdFusion ApplicationError handling in a web application is a deceptively hard concept. I've been building ColdFusion applications for two-decades, and I'm only just now starting to feel like I'm finding helpful patterns that balance complexity and utility. And, I still have so much to figure out. As I've been refactoring / modernizing the code for my ColdFusion blog, I keep running in to unanswered question. My blog has both a public facing system and an admin facing system; and, I'm starting to wonder if these are two distinct bounded contexts for errors and error messages.https://www.bennadel.com/blog/4342-considering-the-bounded-context-of-error-messages-in-a-coldfusion-application.htm 10/21/22 - Blog - Ben Nadel - Using MailHog SMTP Server With ColdFusion And DockerAt work, we've been using an email testing tool called MailHog. I first learned about MailHog from my co-worker, Shawn Grigson, who added it to our Lucee CFML docker-compose.yaml file some years ago. MailHog provides both an SMTP server for receiving emails and a rather elegant user interface (UI) for reading and deleting said emails. Yesterday, I went to add MailHog into my personal blog's ColdFusion Docker setup; and, I was blown away at just how easy it was to get going.https://www.bennadel.com/blog/4340-using-mailhog-smtp-server-with-coldfusion-and-docker.htm 10/21/22 - Blog - Ortus Solutions - CF Summit, Ortus presentations available!FSummit was a successful event. Our Ortusians rocked their presentations and we had the chance to meet a lot of amazing people with incredible ideas to continue contributing to the CFML world!Did you miss our sessions? Don't worry, we attached the links to their presentations below for you to download and review anytime you want!https://www.ortussolutions.com/blog/cf-summit-ortus-presentations-available-to-download 10/20/22 - Tweet - Cheatography - ColdFusion Cheatsheet by VelozRemember this? ColdFusion CFScript Cheat Sheet by Veloz https://cheatography.com/veloz/cheat-sheets/coldfusion-cfscript/?utm_source=twitter  #cheatsheet #development #cfmlhttps://twitter.com/Cheatography/status/1583088154474471424https://twitter.com/Cheatography10/19/22 - Blog - Apoorva Srinivas - Adobe - The Summit That Was – Captured for your convenienceOn the brightly-lit lanes of Las Vegas, inside the bowels of The Mirage, Adobe ColdFusion hosted its tenth Annual ColdFusion Summit on 3-4 October.Shameer Ayyapan hosted the ColdFusion Keynote on Day 1 highlighting the state of Adobe ColdFusion as well as its release plan Joel Cohen, acclaimed writer of The Simpsons was the other highlight speaker amidst a veritable roster of eminent speakers and experts. For over two days, they imparted knowledge and insights to CF fans from across the globe with lively discussions about the potential of ColdFusion in a rapidly-evolving world of tech.The slides from the sessions are uploaded and online, for easy access at your own pace and availability.https://coldfusion.adobe.com/2022/10/the-summit-that-was-captured-for-your-convenience/ Old Blog - Related to a Slack Conversation4/1/21 - Experimenting With Lazy Queries And Streaming CSV (Comma Separated Value) Data In Lucee CFML 5.3.7.47In my last post, I celebrated the power and simplicity of CSV (Comma Separated Value) data. It's an old data format; and yet, it continues to act as an easy medium for the interoperability of systems. ColdFusion makes generating CSV data effortless. And as I was demonstrating that much over the weekend, it occurred to me that CSV reporting may be a fun context in which to finally try out the lazy queries feature of Lucee CFML.https://www.bennadel.com/blog/4034-experimenting-with-lazy-queries-and-streaming-csv-comma-separated-value-data-in-lucee-cfml-5-3-7-47.htm CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 142 ColdFusion positions from 78 companies across 65 locations in 5 Countries.0 new jobs listed this weekOther Online Jobshttps://lighting-new-york.breezy.hr/p/8ddb3ce952b8 Other Job LinksOrtus Solutionshttps://www.ortussolutions.com/about-us/careers There is a jobs channel in the CFML slack team, and in the box team slack now tooForgeBox Module of the WeektestboxUtils By Gavin Pickin and Scott SteinbeckA group of TestBox utils to help you write more tests, efficiently. Including helpers, matchers and more API Status Code Matchers Collection Length Matchers Case Sensitive Struct Key Matchers Lots more planned and on the way https://github.com/gpickin/testboxUtilshttps://forgebox.io/view/testboxUtils VS Code Hint Tips and Tricks of the WeekVSCode Quasar DocsLove the Quasar Docs? They are available right here in VSCode!New to Quasar? Check out free Quasar tutorials on Code Coaching or QuasarCast.comhttps://marketplace.visualstudio.com/items?itemName=CodeCoaching.quasar-docs Thank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutionsDon't forget, we have Annual Memberships, pay for the year and save 10% - great for businesses. Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription. All Patreon supporters have a Profile badge on the Community Website All Patreon supporters have their own Private Forum access on the Community Website All Patreon supporters have their own Private Channel access BoxTeam Slack Live Stream Access to streams like “Koding with the Kiwi + Friends” and Ortus Book Club - Software Craftsmanship  https://community.ortussolutions.com/ Patreons John Wilson - Synaptrix Jordan Clark Gary Knight Mario Rodrigues Giancarlo Gomez David Belanger   Dan Card Jonathan Perret Jeffry McGee - Sunstar Media Dean Maunder Nolan Erck  Abdul Raheen Wil De Bruin Joseph Lamoree  Don Bellamy Jan Jannek   Laksma Tirtohadi   Brian Ghidinelli - Hagerty MotorsportReg Carl Von Stetten Jeremy Adams Didier Lesnicki Matthew Clemente Daniel Garcia Scott Steinbeck - Agri Tracking Systems Ben Nadel  Richard Herbet Brett DeLine Kai Koenig Charlie Arehart Jason Daiger Shawn Oden Matthew Darby Ross Phillips Edgardo Cabezas Patrick Flynn Stephany Monge  Kevin Wright John Whish Peter Amiri Cavan Vannice John Nessim You can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors Thanks everyone!!! ★ Support this podcast on Patreon ★

On the podcast today we have Adam Silverstein. Adam is a WordPress core comitter where he works to fix bugs and improve modern web capabilities. As a Developer Relations Engineer in the content ecosystem team at Google, he works to invigorate the open web by empowering and educating developers. At the recent WordCamp US, he gave a presentation entitled ‘Images on the Web - past present and future'. In it, he outlined his thoughts on where the web is going in terms of support for different image formats. This then forms the basis of the podcast. How do browsers actually display images to your website visitors, and what formats are most appropriate where? We also talk about the new image formats, which are seeing more widespread adoption; WebP, AVIF and JPEG XL. We learn about the roll out of browser support, how they have smaller file sizes and when we can safely to use them.

Feedback & Shout Outs (1:17) GoSynth is GoING away. I recommend you check out Podcastle.ai Return of PodcastPD - 10/2/22 EdTech Thought (4:55) Deleting & Adding Technology. I've deleted Clubhouse. While I previously published an episode about the benefits of Clubhouse for Educators I just don't feel the same way. EdTech Recommendation (8:24) Convert images with Ezgif Ezgif is a fast and simple way of converting images between formats. It can handle GIF, JPG, PNG, and WebP, and you can either upload the files from your computer or point Ezgif towards them on the web. There are also options for cropping and rotating images. FREE - https://ezgif.com/ Edit PDFs with Smallpdf Viewing PDFs is pretty straightforward no matter what platform you're on, but editing them is something else. Smallpdf takes the hassle out of the process, with a variety of features that include letting you drop in images and text and add your digital signature. Smallpdf is free to use, but you can get more features and unlimited edits for $12 a month. Set an alarm with Kuku Klok Whatever you need to set an alarm for, Kuku Klok can help. Just pick the time for the alarm to go off, then choose a sound (cockerels and trumpets are two of the options), and you're all set. Kuku Klok is free to use. Get artistic with MS Paint Microsoft Paint is one of the most well-known computer utilities of all time. MS Paint is the faithful remake of the program and runs entirely in your browser. You can get at it from any Windows or macOS computer, and access all the familiar tools—including the spray can and the paint bucket. MS Paint is free to use. Take notes with Online Notepad Online Notepad lets you quickly jot down anything you don't want to forget inside your browser: It could be a to-do list, an idea for your next novel, or an address. You can keep your pad open on a new tab, but you can also save it to your disk if you need to. Online Notepad is free to use. Featured Content (13:18) Over the last century and in recent years, technology has promised to revolutionize how we teach, dramatically alter the relationship between teachers and students, and fundamentally change how students learn and work together. In many ways, technology has profoundly changed education. Technology is a powerful tool that can support and transform education in many ways, from making it easier for teachers to create instructional materials to enabling new ways for people to learn and work together. House of #EdTech VIP (24:16) Israa Lulu - https://twitter.com/edu_metaverse - https://www.edu-metaverse.net/ She's a passionate educator, dedicated Leader, and certified Tech coach and trainer. Israa believes learning never stops and has always been an avid learner who craves knowledge of the world at large and works tirelessly to develop as an educator and leader. Israa's passion is to support teachers in building their capacity with impactful technology use and innovative teaching practices and ideas to transform education.

Tips this week include: • Progress on the new GA4 course and why I'll start with reports tutorials • Updates to themes happening on BlogAid member sites • WordCamp US was this past weekend • Does WP need a project manager? • Who finally stopped WebP as default from going into WP core • Is WP-Optimize just fooling the testers and not really making sites fast? • What is a target audience and how to find yours – and the ones you don't even think you have • How WP dropping support for older versions impacts your site security • Why we'll hear screams with the PHP 8 update in November • The best way to get your site ahead and you out of panic mode

Tips this week include: • Issues with the Cloudflare interface and plugin being out of sync • A tutorial on how to do the Yoast SEO database optimization and when to check it • I'm delighted to report that we are wrapping up our PHP 8 tests • Results of the GA4 mini course survey • What's up with the new Video SEO report in GSC, and why not to act on it • Cloudways hosting is being acquired by DigitalOcean • Will foodie sites get hit with Google's Helpful Content Update? • What's up with the serious problem of internal search spam and IndexNow • How a lack of proper site security is contributing to poor SEO • Why the breaks were put on WebP by default for images in WP 6.1

This week on WPwatercooler we're going to be discussing the WebP file format and native support for it in WordPress. With support for WebP being added in 2021, it is now merged into core with the intention of being the default image format for WordPress moving forward. We'll be discussing this with Jon Brown of 9seeds, a longtime friend of the show who is overdue for a return visit. He was last on “EP316 – Discussing a hard week in WordPress” back in April of 2019. Panel Jason Tucker – jasontucker.blog Steve Zehngut – Zeek.com Sé Reed – sereedmedia.com Jason Cosper – jasoncosper.com Jon Brown – 9seeds.com

Tina and Hillary cover former mayor Dale Massad and Virginia Lamp "Ginni" Thomas Tina's Story Jimmy Dimora served for decades as a County Commissioner and Chairman of the Democratic Party in Ohio. BUT when his pay for play schemes are revealed he is sentenced to federal prison in one of the largest corruption cases in Ohio history. Hillary's Story SCOTUS judge Clarence Thomas's wife, Virginia,aka, Ginni spent many years in Washington building her own political career. BUT her alleged role in the January 6th insurrection places the reputation of SCOTUS in jeopardy. Tina's Sources The Chicago Crusader Mayor in Florida arrested after shots fired at SWAT attempting to serve warrant at his home (https://chicagocrusader.com/mayor-in-florida-arrested-after-shots-fired-at-swat-attempting-to-serve-warrant-at-his-home/)--by The Washington Post FDLE Press Release FDLE agents arrest Port Richey Mayor Dale Glen Massad (https://www.fdle.state.fl.us/News/2019/February/FDLE-agents-arrest-Port-Richey-Mayor-Dale-Glen-Mas) Heavy Dale G. Massad: 5 Fast Facts You Need to Know (https://heavy.com/news/2019/02/dale-g-massad-florida-mayor-shots-swat/) NBC News Florida mayor arrested after deputies shot at during raid on his home (https://www.nbcnews.com/news/us-news/florida-mayor-arrested-after-deputies-shot-during-raid-his-home-n974286)--by Elisha Fieldstadt Florida mayor who shot at deputies is suspended from office by governor (https://www.nbcnews.com/news/us-news/florida-mayor-who-shot-deputies-removed-office-governor-n974856)--by Phil Helsel Newsweek Shots Fired at Police As They Attempt to Serve Warrant at Florida Mayor's House in Port Richey (https://www.newsweek.com/florida-man-mayor-shots-fired-police-attempt-serve-warrant-home-port-richey-1339094)--by Jenni Fink Tampa Bay 10 Former Port Richey mayor Dale Massad used crack cocaine and meth daily, records show (https://www.wtsp.com/article/news/local/pascocounty/new-court-records-shed-light-on-former-mayors-alledged-drug-use/67-29446740-a6ce-448b-ac5c-ce578d66816f)--by Chelsea Tatham and Grady Trimble Tampa Bay Reporter FORMER AND ACTING PORT RICHEY MAYORS ACCUSED IN PLOT TO OBSTRUCT JUSTICE (https://www.tbreporter.com/crime/acting-port-richey-mayors-accused-in-plot-obstruct-justice/) PORT RICHEY MAYOR ARRESTED AFTER FIRING SHOTS AT SWAT DEPUTIES (https://www.tbreporter.com/crime/port-richey-mayor-arrested-firing-shots-swat-deputies/) Tampa Bay Times Terrence Rowe, ex-acting mayor of Port Richey, admits to conspiracy, gets probation (https://www.tampabay.com/news/pasco/2020/01/02/terrence-rowe-ex-acting-mayor-of-port-richey-admits-to-conspiracy-gets-probation/)--by C.T. Bowen Vice The Strange Rise and Sudden Fall of the Florida Mayor Who Took on a SWAT Team (https://www.vice.com/en/article/3k3jnv/the-strange-rise-and-sudden-fall-of-the-florida-mayor-who-took-on-a-swat-team)--by Francisco Alvarado WFLA News Channel 8 Former Port Richey Mayor Dale Massad accepts plea deal, 3-year prison sentence (https://www.wfla.com/news/pasco-county/former-port-richey-mayor-dale-massad-accepts-plea-deal-3-year-prison-sentence/)--by Megan Gannon Photos Dale Glen Massad Mug Shot--from Pasco County Sheriff's Office (https://media-cldnry.s-nbcnews.com/image/upload/t_fit-1520w,f_auto,q_auto:best/newscms/2019_08/2762661/190222-dale-massad-mug-ac-728p.jpg) via NBC News Terrence Row Mug Shot (https://www.tampabay.com/resizer//il36J283juNjb6-O_ncnaoyAz3A=/900x506/smart/filters:format(webP)/arc-anglerfish-arc2-prod-tbt.s3.amazonaws.com/public/4FPJ6OGIKII6TGNIIBWI6S7HAY.jpg)--from Pasco County Sheriff's Office via Tampa Bay Times) Sheriff Chris Nocco at Press Conference (https://www.baynews9.com/fl/tampa/news/2019/02/21/gunshots-fired-before-port-richey-mayor-taken-into-custody#)--screenshot via Bay News 9 Hillary's Story CNBC Ginni Thomas-tied Facebook group ‘FrontLiners for Liberty' could be a new focus in Jan. 6 investigation (https://www.cnbc.com/2022/06/17/ginni-thomas-tied-facebook-group-frontliners-for-liberty-could-be-a-new-focus-in-jan-6-investigation.html)--by Brian Schwartz CNN Latest Ginni Thomas controversy means the Supreme Court can't escape the 2020 election (https://www.cnn.com/2022/06/17/politics/ginni-thomas-supreme-court/index.html)--By Joan Biskupic NBC News The untold story of Ginni Thomas' anti-cult activism — after she was 'deprogrammed' (https://www.nbcnews.com/politics/politics-news/untold-story-ginni-thomass-anti-cult-activism-was-deprogrammed-rcna22131)--By Allan Smith and Alex Seitz-Wald NPR Ginni Thomas reportedly pressed Trump's chief of staff on overturning the election (https://www.npr.org/2022/03/25/1088720571/ginni-thomas-tex-messages-mark-meadows-2020-election) Jan. 6 committee asks Ginni Thomas, wife of Justice Clarence Thomas, to testify (https://www.npr.org/2022/06/16/1105543882/jan-6-committee-ginni-thomas) Politifact A fact-checker's guide to Ginni Thomas' texts to Trump's chief of staff (https://www.politifact.com/article/2022/mar/25/fact-checkers-guide-ginni-thomas-texts-trumps-chie/)--by Bill McCarthy and Amy Sherman Vanity Fair “PUT THINGS RIGHT”: GINNI THOMAS' EFFORTS TO OVERTURN TRUMP'S LOSS IN ARIZONA MORE EXTENSIVE THAN KNOWN (https://www.vanityfair.com/news/2022/06/ginni-thomas-efforts-to-overturn-trump-loss-arizona)--by Terry Mosley Washington Post The Nominee's Soul Mate (https://www.washingtonpost.com/wp-srv/national/longterm/cult/lifespring/main.htm)--by Laura Blumenfeld Wikipedia Ginni Thomas (https://en.wikipedia.org/wiki/Ginni_Thomas) Photos Ginni Thomas (https://media.npr.org/assets/img/2022/03/28/gettyimages-646233370_custom-26d1c037d08acdf5d33a640eae0d167076b894af-s1200-c85.webp)--by Chip Somodevilla/Getty via NPR Ginni and Clarence Thomas Wedding Photo (https://wehco.media.clients.ellingtoncms.com/img/photos/2020/02/20/resized_150246-thomas030221rgb_11-28782_t800.jpg?90232451fbcadccc64a17de7521d859a8f88077d)--via Arkansas Online Ginni Thomas Text to Mark Meadows (https://www.cnn.com/videos/politics/2022/03/26/should-justice-thomas-recuse-self-over-wifes-jan-6-texts.cnn)--screenshot via CNN Politics

Tips this week include: • New tutorial on how to do the Yoast database optimization after plugin update • The next phase of our PHP 8 testing will start this week • New Cloudflare tutorials are underway for my webmaster designers • Do you know how many bad bots are hitting your site? It's way more than you think! And it is costing you more than you think too. • We lost the battle and WebP by default is coming to WP 6.1 • 5 tips to improve your content strategy • Google delays 3rd party cookie drop for another year • Difference in core web vitals and Google PageSpeed Insights • Where to get a real speed report for your site • WordPress encourages locally hosted Google Fonts • What I'll be doing with fonts for my next theme

With Gareth Myles and Ted SalmonJoin us on Mewe RSS Link: https://techaddicts.libsyn.com/rss iTunes | Google Podcasts | Stitcher | Tunein | Spotify  Amazon | Pocket Casts | Castbox | PodHubUK Feedback and Contributions Gareth Williams on the Grand Return of the Tech Addicts Pod …not a moment too soon. There has been much wailing and gnashing of teeth here in South Wales! Glad you are back and hope the break was enjoyable. ------------------- Amazon Prime day? Reayos Solar LightsNetgear Orbi Whole HomeBlurams 2K Wi-Fi Camera Motion Sensor Cupboard Light,39 LEDs USB Rechargeable Wardrobe Lights Hardline on the hardware: Ready or not, the Glassholes are coming back The Canon EOS R3 Can Now Shoot an Incredible 195 FPS Honor Pad 8 Unveiled - 12 Inch Snapdragon 680 Tablet 8-Inch Nokia T10 Announced (at last) This crazy Yamaha concept turns your smartphone into a turntable - and more! OnePlus 10T ditches the brand's famous Alert Slider, and its Hasselblad partnership Motorola Razr 2022 will be unveiled on 2nd August It looks like a 5-way fight for the lead in India's smartphone market Huawei MatePad Pro 11 Unveiled BLUETTI AC500 arrives on shelves Xiaomi Smart Home Screen 6 launches as cheaper hub with 5.45-in touchscreen and voice commands DVD and Blu-ray sales continue to nosedive Video: Watch this crazy contraption recover photos from a broken micro SD card Flap your trap about an App: Windows 11 build 25163 brings back taskbar overflow Windows 12 may be coming in 2024 Amazon Prime Video gets a much-appreciated redesign, and it looks like Netflix You'll have to sacrifice content for the cheaper Netflix plan with ads TikTok could be moving into music streaming next Amazon Drive Shutting Down in 2023 - move it or lose it! YouTube now lets creators turn their existing videos into Shorts How to save WEBP images as JPEG ChromeOS News Your Chromebook may soon become your favourite mobile hotspot Google Chrome could soon let you take notes directly on the websites you visit How to Stop Chrome From Hogging Your RAM Using a Hidden Flag ChromeOS adding video editing on Chromebooks in Google Photos Hark Back:  BT Roamer 500 Technics at 50: how the SL-1200 series accidentally changed music forever Bargain Basement: Best UK deals and tech on sale we have spotted Logitech MX Anywhere 2S Wireless Mouse, Multi-Device, Bluetooth and 2.4 GHz with USB Unifying Receiver, laptop/ PC/ Mac/ iPad OS - Graphite Black. Was: £79.99 Down to: £29.99 Black Shark 4 Mobile Phone 5G SIM Free Unlocked 8 + 128 GB Smartphone with 144Hz 6.67 Inch Screen, 120W Fast Charging Was £399, now £389.99 - £20 voucher = £369.99 Black Shark 5 Android Phones, 8GB+128GB, 144Hz AMOLED, 120W Hyper Charge, Snapdragon 870 Processor Dual SIM Unlocked Smartphone- Black Was £499, now £439 - £22 Voucher = £417 Samsung U28R550UQR - UR55 Series - LED monitor - 28" (28" viewable) - 3840 x 2160 4K @ 60 Hz - IPS - 300 cd/m² - 1000:1 - HDR10-4 ms - 2xHDMI, DisplayPort - dark grey/blue down by 35% from £249.99 to £163.49 WD My Passport Portable SSD 1TB with NVMe Technology, USB-C, Read Speeds of up to 1050MB/s & Write Speeds of up to 1000MB/s. Works with PC, Xbox, PlayStation - Gold £105 down from £222 OnePlus 9 Pro 5G 8GB RAM 128GB - Down by 37% from £829.00 to £523.66 + £70 Voucher = £453.66 Main Show URL: http://www.techaddicts.uk | PodHubUK Contact:: gareth@techaddicts.uk | @techaddictsuk Gareth - @garethmyles | garethmyles.com | Gareth's Ko-Fi Ted - tedsalmon.com | Ted's PayPal | Ted's Amazon | tedsalmon@post.com YouTube: Tech Addicts

The WordPress news from the last week which commenced Monday 18th July 2022.

The WordPress news from the last week which commenced Monday 18th July 2022.

4:43 - Webflow has some updates...4:48 - WebP image support is here in Webflow (I made a video to guide you)5:22 - Sunsetting support for IE7:09 - Made in Webflow is here9:30 - Bubble released their new responsive editor10:23 - And they rolled out deferred drawing to everyone10:56 - Outseta released support for Bubble too!

Tips this week include: • Why the Video SEO Booster course is closing for now and how I'm revamping it • Super Summer Sales Event is coming soon, and where to get first dibs on limited discounts • Page Content SEO workshop is this week in the DIY SEO course • Tutorials on the new Cloudflare interface are coming in the Webmaster Training course • PHP 8 tests have begun and not everything is passing muster • How the excessive pings from free downtime monitors are hurting your site resources • The critical info that downtime monitors don't tell you • New Pattern plugin for foodie bloggers • WebP as default is still being pushed by the WP Performance team despite criticism • Why we may or may not see a new WP plugin checker • How to turn blog readers into paying customers

Tips this week include: • Why the Tips Tuesday Livestream is going dark • How you can still get into the Gutenberg Ninja course before it closes • How to discover what your audience wants workshop in the BB Hub • Upcoming bonus sessions in the DIY SEO workshops • Multiple follow-ups on the WebP as default proposal • Why there is no way to carry MozJPEG optimization through thumbnails • More image formats coming that are just around the corner • The difference in Reusable blocks, block Patterns, Templates and Template Parts • Possible full-page patterns coming in WP 6.0 • YouTube's keyword research tool is now available to all • An easy way to get dynamic YouTube thumbnails • A roundup of more GA4 tutorials

Tips this week include: • New Limit Last Modified Date plugin tutorial • New Enable Media Replace plugin tutorial • Digital Downloads workshops start today in the BB Hub • Ranking Factors Part 2 workshop on Thursday for the DIY SEO course • WebP images by default in WP was killed in committee • Cloudflare will deprecate Legacy CAPTCHA soon and what to use instead • Why we won't be using the new Cloudflare Images • A primer on GA4 and why I'm holding off installing it • The GA4 alternatives to just say no to • A primer on how to get started with making videos • How to turn your “Link in Bio” into revenue

Tips this week include: • Tell WordPress not to make WebP the default image format • My case study proving why the Performance Lab plugin misses the mark • Ranking Factors Part 1 workshop is this week • The Digital Downloads workshops start April 12 • WordPress 5.9.3 releases today and what's in it • Why I'm so happy Stripe is getting back into crypto payments • YouTube will soon host podcasts and how to make the most of this • Should you start with a newsletter instead of a blog? • How to create a sidebar in an FSE theme workshop

This week's WordPress news for the week commencing Monday 28th March 2022

This week's WordPress news for the week commencing Monday 28th March 2022