A minor patch:

Tighten access-control-origin header, close open redirects, improve validation and add resource limits to JS.

Tuskfish CMS now supports login with Windows Hello, Touch ID, Face ID, iOS and Android devices, and hardware security keys like the Yubikey. This is implemented as a second factor after password check for two-factor authentication (2FA) login security.

Users can register and revoke their 2FA credentials by visiting Preferences => Two-Factor Authentication in the Admin panel. Registration of a credential only takes a few seconds. Once a credential is registered, two-factor login becomes mandatory, so it is a good idea to register more than one device to avoid lock out. Users can revert to simple password login by revoking all their 2FA credentials.

Technically this is an implementation of the FIDO 2 / WebAuthn standards. Users register passkeys from platform authenticators (Hello, Touch ID etc) or hardware security keys (CTAP2 authenticators). Credentials are public-key based and origin-bound; no shared secrets are stored.

Minor bugfixes:

Reverted cache writes to avoid use of remove(), as this function is normally disabled in php.ini; tidied cached file names (prevent param separator being used on first param); fixed bug in gallery logic that prevented dynamic changes in columns to suit display width.

TLDR: Recently ChatGPT just started wildly lying, inventing bullshit and disregarding my instructions. The root cause seems to be that OpenAI has instructed it to reduce use of the search tool (you can see references to this in the chain of thought). I imagine this is to conserve resources, but without some factual context to go on ChatGPT hallucinates like hell.

But there is a better way: Use the command line version of your preferred AI tool. Watch NetworkChuck's video for details! These are available for Gemini (free), ChatGPT and Claude (both of which require a standard subscription). Why is it better? You can force the AI to remember rules and context for any given project, agent workflow, or output style, making it much more reliable.

According to the marketing materials, the proprietary Firewalla WIFI-SD USB dongle/antenna only works with their (excellent) hardware firewalls. But I needed an external WIFI antenna for a Raspberry Pi, so I inserted it into a USB port to see if it would work, and yeah it does. The downside is that the Pi only seems to have drivers to use it on the 2.4 GHz band, while the antenna is supposed to be a WIFI 5 device.

It is apparently based on the dual-band RTL8821CU chipset (802.11ac). Probably you could get it working on 5 Ghz if you were prepared to tinker with drivers but I'm told this chipset is notoriously difficult to work with, and kernel updates would probably keep breaking it, so I'll pass. Anyway, if you login to a Firewalla box via SSH the default username is 'pi', so you can probably guess why this works.

Tuskfish V2.2 brings a lot of improvements, including a group permissions system to control access to routes and individual content items, fourteen new colourful themes, and a new default theme preference for flipping the look and fee. of your site. All content types can now be set as 'static' with a new 'in feed' toggle switch, there is optional support for better thumbnail generation and colour space support with ImageMagick 6 available. The entire codebase has been reviewed with AI assistance for bugs, security issues, and compliance with PHP 8.4/8.5, Bootstrap 5 and HTML5. Core libraries have been updated. Note: I pushed a minor bugfix update so the current version is 2.2.1.

I like FontAwesome (I'm a backer), but I'm so over subscription services, there's only so much many times I want to pay for the same icon collection, you know? I'm also annoyed that they withdraw access to the subsetter app once your subscription expires. That's miserable, given that subsetting the icons is mandatory to control file size, as the full icon library is too large to use.

IcoMoon has a free online tool that lets you convert icon collections into a custom font. You upload your icon SVGs, select the ones you want to use, and export them back out as a font, which is trivial to incorporate into your project. The files are much smaller, and do not require any Javascript. I will probably remove the FontAwesome script from Tuskfish and re-implement the icons as a font. This will also allow other icon sets to be integrated, as you aren't limited to the FontAwesome set.

1. The new AMOLED display of the 965 is a lot better. It is very bright and clear compared to the previous MIP displays found on previous generation watches, including the 945. It also has  a much higher resolution (454x454 pixels vs 240x240). On dynamic apps like the compass it really does look great.
2. Touchscreen functionality. You can swipe to navigate through screens and select items, and on maps you can pan around and zoom with your fingers, which makes the limited screen far more useable for navigation. On previous gen watches like the 945 you have to use buttons for everything, which is slow and clumsy at least as far as maps go.

So: Is it worth the upgrade? If you use the mapping applications a lot then I would say yes. Being able to pan with your finger is a game changer.  Otherwise, the functionality is very similar to the 945. There are a few more apps but nothing that you are likely to miss.

• Fourteen new colourful themes from Bootswatch!
• New 'default theme' preference for fast site-wide changes!
• Any content type can now be designated as static.

Release will follow an appropriate period of testing.