Latest posts

A minor patch to fix a bug in collection pagination.

A minor maintenance release to harden the WebAuthn service class.

After a terrifying and deadly monster escapes from the SCP Foundation, Inspector Arlia interviews Doctor Daniels, the man responsible for containing the creature. At first Daniels uses the interview to critique and insult the powerful and mysterious 0-5 Council. However, as Arlia shares the horrifying details of the breach, Daniels becomes more and more fearful of the question everyone wants answered: how, exactly, did this happen? By MrKlay.

A containment breach during class leaves SCP cadets unsupervised with some unusual equipment. What could possibly go wrong? Produced by Dark Math Films.

A minor patch:

Tighten access-control-origin header, close open redirects, improve validation and add resource limits to JS.

Tuskfish CMS now supports login with Windows Hello, Touch ID, Face ID, iOS and Android devices, and hardware security keys like the Yubikey. This is implemented as a second factor after password check for two-factor authentication (2FA) login security.

Users can register and revoke their 2FA credentials by visiting Preferences => Two-Factor Authentication in the Admin panel. Registration of a credential only takes a few seconds. Once a credential is registered, two-factor login becomes mandatory, so it is a good idea to register more than one device to avoid lock out. Users can revert to simple password login by revoking all their 2FA credentials.

Technically this is an implementation of the FIDO 2 / WebAuthn standards. Users register passkeys from platform authenticators (Hello, Touch ID etc) or hardware security keys (CTAP2 authenticators). Credentials are public-key based and origin-bound; no shared secrets are stored.

Minor bugfixes:

Reverted cache writes to avoid use of remove(), as this function is normally disabled in php.ini; tidied cached file names (prevent param separator being used on first param); fixed bug in gallery logic that prevented dynamic changes in columns to suit display width.

I received a notification that the Evernote Personal plan (B1,450) is being "discontinued" and that I will be automatically bumped to the new "Advanced" plan (B2,799), unless I intervene to cancel it. Yep, Evernote decided to help themselves to an extra B1,349 on my card. That's a 93% price increase, and they're just going to take it unless I actually take steps to stop them.

Now the "Advanced" plan is a higher tier. I don't have that many notes, but it seems that I have been shunted towards "Advanced" because I have more than 20 notebooks, which is a new lower and completely artificial limit.

This entire scenario is a fabrication of their marketing department. They have just given the old plans new names and reduced the entitlements (notes, notebooks). The reduced notebook allowance - a completely artificial restriction - will push any long term user onto the higher tier where they are charged almost double. Without asking permission - unless you stop them, they will just take it.

TLDR: Recently ChatGPT just started wildly lying, inventing bullshit and disregarding my instructions. The root cause seems to be that OpenAI has instructed it to reduce use of the search tool (you can see references to this in the chain of thought). I imagine this is to conserve resources, but without some factual context to go on ChatGPT hallucinates like hell.

But there is a better way: Use the command line version of your preferred AI tool. Watch NetworkChuck's video for details! These are available for Gemini (free), ChatGPT and Claude (both of which require a standard subscription). Why is it better? You can force the AI to remember rules and context for any given project, agent workflow, or output style, making it much more reliable.