Ryan McCue
@rmccue.io
Director of Product at @humanmade.com, building @altis.cloud. Created http://api.wordpress.org, co-chair @fair.pm.
Compatibility with existing systems can be a concern - eg the OBR might still have had this problem due to the Download Manager plugin. Really wants to happen in core. (Compatibility not so much an issue for us.)
November 27, 2025 at 4:15 PM
Compatibility with existing systems can be a concern - eg the OBR might still have had this problem due to the Download Manager plugin. Really wants to happen in core. (Compatibility not so much an issue for us.)
Yeah, although then you lose the ability to easily browse your files. A suffix on the filename would work too - I think we should definitely consider it in core, given there’s been multiple big leaks this year from it.
November 27, 2025 at 4:11 PM
Yeah, although then you lose the ability to easily browse your files. A suffix on the filename would work too - I think we should definitely consider it in core, given there’s been multiple big leaks this year from it.
This is also an issue that happens with other CMSes too, but usually they’re slightly better protected. And of course, it’s possible to fix it for WordPress - we do on @altis.cloud :)
November 27, 2025 at 4:07 PM
This is also an issue that happens with other CMSes too, but usually they’re slightly better protected. And of course, it’s possible to fix it for WordPress - we do on @altis.cloud :)
We could potentially build random IDs into uploaded files, which would be better than nothing.
November 27, 2025 at 4:02 PM
We could potentially build random IDs into uploaded files, which would be better than nothing.
Reposted by Ryan McCue
I found out more over the last year as we worked on FAIR, but I also found out more specifically this week, when I was building a Glossary plugin for WordPress we needed for the FAIR website.
progressplanner.com/catch-up-to-...
progressplanner.com/catch-up-to-...
WordPress needs to catch up to the web
WordPress needs to modernize. FAIR and new standards based tools show how the platform can evolve with today’s web.
progressplanner.com
November 14, 2025 at 8:37 AM
I found out more over the last year as we worked on FAIR, but I also found out more specifically this week, when I was building a Glossary plugin for WordPress we needed for the FAIR website.
progressplanner.com/catch-up-to-...
progressplanner.com/catch-up-to-...
p.s. you can find my slides at speakerdeck.com/rmccue/whats...
What’s Fair is FAIR: A Decentralised Future for WordPress Distribution
Reinventing WordPress package management for plugins and themes – with transparent governance and open to all.
speakerdeck.com
November 5, 2025 at 1:45 PM
p.s. you can find my slides at speakerdeck.com/rmccue/whats...
She was working as a waitress in a cocktail bar
YouTube video by Memez4U
youtu.be
October 3, 2025 at 8:46 PM
Specifically, it's is_utf8_charset() which reads the blog_charset option.
Something that's also fascinating is that the charset option in the Reading settings will only show up if it's not already set to UTF-8 - I guess it's legacy support?
Something that's also fascinating is that the charset option in the Reading settings will only show up if it's not already set to UTF-8 - I guess it's legacy support?
September 8, 2025 at 2:04 PM
Specifically, it's is_utf8_charset() which reads the blog_charset option.
Something that's also fascinating is that the charset option in the Reading settings will only show up if it's not already set to UTF-8 - I guess it's legacy support?
Something that's also fascinating is that the charset option in the Reading settings will only show up if it's not already set to UTF-8 - I guess it's legacy support?
Re multiple directories, I think getting the directory to a "neutral" (multi-stakeholder?) host solves that problem, in the same way we don't need third-party backups for the DNS roots.
August 26, 2025 at 1:11 PM
Re multiple directories, I think getting the directory to a "neutral" (multi-stakeholder?) host solves that problem, in the same way we don't need third-party backups for the DNS roots.
The main thing there is performance, pulling the audit log data could require pagination and DID lookups are already relatively expensive in our flow (see also github.com/did-method-p...).
One option we talked about a little is that we could do validation in a labeler, making it opt-in.
One option we talked about a little is that we could do validation in a labeler, making it opt-in.
Provide ability for bulk lookup · Issue #113 · did-method-plc/did-method-plc
We've got a situation where we want to revalidate ~100k DID documents on a regular basis. Right now, the PLC directory only supports single lookups of DIDs (or pulling down the whole history to red...
github.com
August 26, 2025 at 1:10 PM
The main thing there is performance, pulling the audit log data could require pagination and DID lookups are already relatively expensive in our flow (see also github.com/did-method-p...).
One option we talked about a little is that we could do validation in a labeler, making it opt-in.
One option we talked about a little is that we could do validation in a labeler, making it opt-in.
(Also, the Bluesky client(s) you're using here use only the direct method fyi: github.com/bluesky-soci...)
github.com
August 24, 2025 at 9:48 PM
(Also, the Bluesky client(s) you're using here use only the direct method fyi: github.com/bluesky-soci...)
Indeed, although what's the threat model? If the threat is the PLC directory server, then loading the audit log from the server is no safer than the single endpoint - only mirroring it elsewhere and checking for inconsistency allows that.
August 24, 2025 at 9:48 PM
Indeed, although what's the threat model? If the threat is the PLC directory server, then loading the audit log from the server is no safer than the single endpoint - only mirroring it elsewhere and checking for inconsistency allows that.
Might be a better question for @bnewbold.net & the Bluesky team on that, but I know there's tools to mirror the PLC directory, such as github.com/str4d/plc
(Note that we're using the single endpoint per spec, same as the official atproto identity package does.)
(Note that we're using the single endpoint per spec, same as the official atproto identity package does.)
GitHub - str4d/plc: Key management for DID PLC identities
Key management for DID PLC identities. Contribute to str4d/plc development by creating an account on GitHub.
github.com
August 24, 2025 at 9:12 PM
Might be a better question for @bnewbold.net & the Bluesky team on that, but I know there's tools to mirror the PLC directory, such as github.com/str4d/plc
(Note that we're using the single endpoint per spec, same as the official atproto identity package does.)
(Note that we're using the single endpoint per spec, same as the official atproto identity package does.)
Your Bluesky account eg is plc.directory/did:plc:fd7x... :)
plc.directory
August 24, 2025 at 8:49 PM
Your Bluesky account eg is plc.directory/did:plc:fd7x... :)
Each DID method defines its usage; the spec for PLC DIDs is to use the public endpoint. The audit log allows verifying it, but that's more of an offline process (and allows mirroring it).
We're also planning on supporting web DIDs, and potentially other methods beyond that - same as Bluesky.
We're also planning on supporting web DIDs, and potentially other methods beyond that - same as Bluesky.
August 24, 2025 at 8:48 PM
Each DID method defines its usage; the spec for PLC DIDs is to use the public endpoint. The audit log allows verifying it, but that's more of an offline process (and allows mirroring it).
We're also planning on supporting web DIDs, and potentially other methods beyond that - same as Bluesky.
We're also planning on supporting web DIDs, and potentially other methods beyond that - same as Bluesky.