Disclosure: I'm one of the hosts.

This was one of EmDash's first podcast interviews since launch. A few things that came up that I haven't seen addressed elsewhere:

- Kane confirmed Matthew Prince (Cloudflare CEO) directly asked "can we build the next WordPress?" — this was top-down, not a skunkworks project

- Their Q2 roadmap was literally a question mark. They didn't know if anyone would care. The community response changed that, and they're actively allocating resources

- Plugin sandboxing outside Cloudflare is being worked on by community contributors; Kane expects a Node implementation "next week"

- They want federated/distributed plugin marketplaces (looking at the FAIR proposal), not a centralized store

- Joost de Valk (Yoast creator) already has a merged PR improving SEO handling in core

- No marketplace monetization yet, but they explicitly want devs to build commercial businesses on it

First 37 minutes is the interview, rest is discussion of implications from a WordPress product perspective.

> this was top-down, not a skunkworks project

This is telling, though it already seems like it. It's just another vendor's lock-in.

That's been the most common criticism, but it already doesn't require CF, and they're explicitly working on extending plugin sandboxing to work on other platforms. Plus, of course, GPL.

I don't see this as any more vendor-locking than a .com account. It's still early days, so can't really judge it as a finished product, but the opening shot across the bow is a big one.

NextJS doesn't require Vercel, but it certainly does not work as well without them. Are wordpress users going to migrate? Who are they targeting with this?

Top-down project directives are a signal the CEO is out of touch and becoming Elon-esc.

As a user, I want a container registry and managed kubernetes. These block my adoption of Cloudflare as a primary provider. This story around emdash tells me to stop considering CF effective immediately. I was already of this mind seeing how little they help developers on Discord and in their own forums.

They're actively trying to avoid any kind of lock in, by the sounds of it. I'm still skeptical myself but it's at least a "wait and see"

Unfortunately (and unbelievably!), Massachusetts still burns trash.

> There are more than 100 municipal waste combustion facilities in operation across the United States. Five of these are located in Massachusetts.

https://www.mass.gov/guides/municipal-waste-combustors

What's wrong with burning trash? It means there's much less material to send to landfills, plus it's one of the most economical ways to recycle metal from household waste streams.

'Old school' trash burning can produce quite nasty emissions. Not much of an issue with modern plants that burn at higher temperature and have some amount of flue gas filtering etc. Certainly beats landfilling and producing that same power by burning fossil fuels.

Great write-up! I was sorry to see there wasn’t a reward for you reporting this to them.

At least you didn’t find that the bathroom rating tablets had audio as well!

> wasn’t a reward

I'm pretty sure someone was willing to pay for this, but at least the researches acted responsibly.

Unlikely. If a company does not have a formal BBP, they won't pay 99.99% of the time. Brokers are also not interested in vulnerabilities in companies. They usually only buy vulnerabilities for standard software (components).

foofoo12 is hinting that they could sell the exploit on the black market for money, were they so inclined

Again, there really isn't a big market for such vulnerabilities. No 0day broker will buy the vulnerabilities listed in the article. They might be able to sell to an initial access broker, but even there rhe kinds of vulnerabilites are not really interesting to them.

If that’s the case, then why do companies run bug bounties?

I’m asking earnestly; it seems like if nobody actually cares about these gaps then there shouldn’t be an economic driver to find them, and yet (in many companies, but not Burger King) there is.

Is it all just cargo culting or are there cases where company vulnerabilities would be worth something?

Oh no. They do get exploited. Just not bought. Buying vulnerabilities is by itself time intensive, complex work. grey market escrow, finding trusted sellers and buyers, etc. So buying and selling bulnerabilities only really happens for really impactful und generally useful ones.

Very cool to see this! It turns out my wife and I bought Andy Barto’s (and his wife’s) house.

During the process, there was a bidding war. They said “make your prime offer” so, knowing he was a mathematician, we made an offer that was a prime number :-)

So neat to see him be recognized for his work.

Ha haa, that is fantastic. You should have joked and said - "I'd like to keep things even between us, how about $2?"

> we made an offer that was a prime number

$12345678910987654321?

Strange: the New York Times wrote about this on July 26, 2023.

https://www.nytimes.com/2023/07/26/health/cancer-self-destru...

That describes a related but previous Nature paper from the same group, whereas this is referring to a more recent Science paper.

> The metal concentrations varied by where the tampons were purchased (US vs. EU/UK), organic vs. non-organic, and store- vs. name-brand. However, they found that metals were present in all types of tampons; no category had consistently lower concentrations of all or most metals. Lead concentrations were higher in non-organic tampons but arsenic was higher in organic tampons. > > Metals could make their way into tampons a number of ways: The cotton material could have absorbed the metals from water, air, soil, through a nearby contaminant (for example, if a cotton field was near a lead smelter), or some might be added intentionally during manufacturing as part of a pigment, whitener, antibacterial agent, or some other process in the factory producing the products.

What's missing here is a comparative reference.

(I read the source article relatively fast, not thoroughly but closer than 'skimmed')

Much is made of "measurable" and MDL (method detection limit) using a "using a PerkinElmer NexION 350S Inductively Coupled Plasma Mass Spectrometry with dynamic reaction cell (ICP-DRC-MS)".

Such equipment can almost count atoms.

Even before man idustrialised there were trace metals, toxic metals, to be found at measurable (with modern equipment) levels in the purest clear mountain streams (as water leached lead and other solubles from rocks, etc).

I'm not diminishing the problem here, there is a real danger from industrial by product landing on cotton fields and making its way to human skin .. but what's the baseline?

Do we have a study on raw cotton from various fields?

Australian cotton from Kimberley fields would likely have the least industrial addition of metals, how do such samples compare to cotton from fields adjacent to smelters, etc.

They did compare levels to those found in raw dyed fabric (from another study).

Playing this game on my 27” iMac was the first time I experienced nausea from motion sickness. I felt ill for two days.

Player beware!

Sir, we have reached alpha centurion, please use the puke bag.

Agreed. This article makes it sound like this is a perpetual motion machine.

The laws of thermodynamics apply in closed systems, and our planet is not a closed system.

Solar power, geothermal power, hydro power, are effectively perpetual motion, for our purposes. Heat pumps kind of violate the "you can't get something for nothing" principle too, since you can get >100% return on the electricity you put into them. The more we look into renewables, the more we can find ways to "cheat" by using "preprocessed" goods where the sun or the earth already did the hard part for us.

There's no thermodynamic reason you couldn't have a small device on your desk that uses ambient heat, moisture, light, etc to store energy that you can use to do work, just engineering and chemical reasons it's hard to do this on a scale that's relevant. https://en.wikipedia.org/wiki/Crookes_radiometer is over 100 years old and, if kept in sunlight, can provide "perpetual motion" for "free".

> The laws of thermodynamics apply in closed systems, and our planet is not a closed system.

> Solar power, geothermal power, hydro power, are effectively perpetual motion, for our purposes.

I get solar power and hydro [also solar] power, but isn't geothermal power a closed part of the system? Where does solar input feature in that?

> The more we look into renewables, the more we can find ways to "cheat" by using "preprocessed" goods where the sun or the earth already did the hard part for us.

This is also a closed part of the system. If the argument you're making is "the planet is not a closed system", then you need to be using energy that comes from outside, not energy that is already contained in the system.

The sun is arguably ultimately responsible for geothermal. Even if geothermal is part of the closed system, it's still functionally perpetual motion for our purposes. The main argument I'm making is that perpetual motion* is, for all practical purposes, possible, as long as you're willing to be specific, and you're unconcerned with the heat death of the universe (none of us should be concerned with the heat death of the universe).

Wow, this is intense!

Think twice before sampling it if you have any sensitivity to flashing lights. Might seem obvious, but apparently needs saying!

I think your point just re-enforces the concept that light has a powerful effect on peoples brains.

I had nocturnal childhood epilepsy and, thankfully, I grew out of it.

I would have an “aura” before going to bed that I would be having a seizure that night.

Thankfully, I never had a daytime seizure.