Minimum Viable Blog

Carl Ă–st Wilkens:

My requirements

  • Should use a domain I already own
  • Should follow modern web standards and have decent SEO
  • It should be very easy to add new content
  • All pages should be statically built

I would add that it should have RSS.

Mozilla’s CEO weighs in on U.S. v. Google

Mozilla CEO, Laura Chambers:

Some of the remedies proposed in the case risk the future of our Firefox browser and Gecko browser engine—the last remaining non-Big Tech browser engine.

In the coming weeks, we hope to see a shift to focus on remedies that can improve search competition without harming the pro-competitive role that Firefox and other independent browsers play in the ecosystem.

I’ve been saying for a while that I can’t imagine how Mozilla continues without this funding from Google. I’m not particularly opposed to the government breaking up monopolies, but this entire case doesn’t make sense. What does it look like to break out Chrome as a separate company? How could such a company make money without a search deal that has how been deemed to be illegal?

I’m happy to see WordPress is adopting bcrypt for password hashes. I have been following the trac ticket for over 10 years 🤯 Quite a few people got props on this one.

If you’re not familiar, until now WordPress used a library called phpass for hashing passwords. WordPress has a history of maintaining backwards compatibility with pretty old versions of PHP, which is great for users who don’t know how to upgrade things like PHP, but one of the trade offs is delaying support for things like bcrypt.

We can’t pretend that switching to bcrypt for user-generated passwords is a recent proposal. Ideally the switch would have been made back when the increase to the minimum supported version of PHP facilitated this change. However, this change has now been made and it helps future-proof further improvements to password hashing, including increases to the bcrypt cost in newer versions of PHP.

Many thanks go to the Roots team for maintaining their bcrypt password hashing package for WordPress as well as the many contributors on the Trac tickets and GitHub pull requests.

Also thanks to John and everyone involved for getting this into WordPress 6.8.

CSS Verified Badge

I’ve always liked the idea of visually differentiating my comments to make it clear when I’m replying. Some sites use a “verified” badge for this, and for a while, I did the same with an icon font. I removed the icon font along with the recent optimization work and found a way to achieve a similar verified badge effect with just a few lines of CSS—no icon font needed.