This Week in WordPress #367

[00:00:03] Nathan Wrigley: It is time for This Week in WordPress, episode number 367 entitled, when a podcast encourages a wrestling match. It was recorded on Monday the 23rd of February, 2026. My name's Nathan Wrigley, and today I am joined by three fabulous guests. We're joined by Tim Nash, we're also joined by Marc Benzakein, and Onar Alili.

We are here to talk about WordPress, but boy, do we go off the rails on this episode. Stay tuned. We seem somehow to encourage two very lovely people in the WordPress community, to actually have a fight. I don't know exactly what happened. It was very strange, but highly entertaining at the same time.

We also talk a lot about AI as you would expect.

We talk a lot about WordPress 7.0, which is now ready for beta testing.

We talk about whether or not we should have a WordPress Slack, which draws in all of the WordCamp channels as well.

There is so much about AI, all about robots, all about wrestling, all about fighting, all about cybersecurity and threats, and it's all coming up next on this week in WordPress.

This episode of the WP Builds podcast is brought to you by GoDaddy Pro, the home of manage WordPress hosting that includes free domain, SSL, and 24 7 support. Bundle that with the hub by GoDaddy Pro to unlock more free benefits to manage multiple sites in one place, invoice clients and get 30% of new purchases. Find out more at go.me/wpuilds.

Hello. Good morning, good afternoon, good evening, wherever you are in the world, and I can see some of you from different parts of the world. It's very nice, lots of comments dropping in largely about the weather, which is always interesting. so let's just say what we're doing this week. It is this week in WordPress number 367.

I feel that's the wrong number, but let's go with that. That's what I wrote. Now, 367. It is Monday the 23rd of February. We'll be repackaging this as an episode. It'll come out into your podcast player of choice tomorrow morning at the highly unusual 7:00 AM. In the uk. I dunno why I picked that, but I picked it and thought I'm sticking to it.

I'm being consistent. So it's gone out at seven o'clock in the morning in the UK for about eight years or so, no reason. But, at least it's there when you wake up, depending on where you are. The idea is to talk about WordPress. but increasingly we end up talking about all sorts of different things and I think there'll be quite a lot of security stuff.

possibly ai, well, I say possibly AI stuff. It's mostly AI stuff these days. there's no oxygen left in the room. but in order to make that happen, I'm always joined by a panel of, experts, let's put it that way. And, today I'm joined by these three fine people. They're there and there. And that first one over here is, sir Tim Nash.

Hello, Tim. How are you doing? Hello. I just can't remember when I got knighted. You'd think it would be an important thing in my, yeah. Honestly, this whole Royal Family Palace thing is me down guy with sword coming at me. But no budget cuts. Budget cuts. yeah, yeah. The Royal family are having a tough time.

Yeah. What if they'll start charging? Anyway, let's not get into that. That's definitely off topic. but how are you doing? You all right, Tim? Ah, yeah, I'm here. That's about as much enthusiasm as you can reach the most. that's the level of enthusiasm we're gonna get. I ask the con contributors to give us a little potted bio.

And so Tim's has always excited me in the past. I never read it just in case. It's something that requires a bit of inspiration at the start. So here it comes. I genuinely haven't read it right. Here it is. Tim scares people. Oh, no, Tim scares people are no more so than Nathan Wrigley for He fears the intros.

He'll be, will he be singing, darn singing an intro or just saying hello? I don't know. today though, he should not fear, he should fear not as the no intro is Oh. As this intro is really time. Thank the Lord Tim is a professional doom speaker and security consultant specializing in WordPress. You can find about, you can find out more about [email protected] or listen to his semi-regular chat.

With Nathan on the WP Bill Show, feeling insecure. We should do that again. we should, we haven't for a recorded all for a long time. We haven't for a long time. And, yeah, let's get back on the wagon with that. But I'm so pleased that there's not, there was nothing that I had to sing or do as a sea shanty or any of that this week, this time.

Don't worry, I'm back in a few weeks time. You're, yeah. Okay. Alright, I'll hold my breath. but thank you for joining us. I'm also joined by Mark Zaca. Hello, mark. Hello. How you doing? It's always like a pleasure to drag you out your bed at three in the morning or whatever. it's, it's, the pleasure is all mine.

[00:05:26] Marc Benzakein: And I mean that 100% sincerely. What time is it? right now it's actually, it's at six o'clock. But by the time I roll out of bed and, take my shower and do all the things and make sure that my. Setup is right. Especially this weekend. My, my computer crapped out and I had to totally wipe and reload everything.

And I'm like, oh, yeah, so I'm like scrambling around all weekend trying to make sure that everything will work for the show today and 'cause I'm not gonna have. An hour ahead of time to make sure things work. no. That would mean getting up at two in the morning. Well, that's what that would mean exactly.

Yeah. If you're watching the show, you two will notice that Mark spends his entire life inside of a box. I do. It's black box that follows him around wherever he goes. But I think outside of it, I think outside of the box. Oh, but my physical self is inside the box. You picked up what I was putting down.

[00:06:23] Nathan Wrigley: Well done, mark. That was great. Yes. Mark's bio goes like this. mark is the partnerships and community lead at Main WP, and though a totally contrived, sorry. And through a totally contrived coincidence, the timing lines up with Maine WPS 12th anniversary. Oh, nice. Nice birthday celebrations. 12 years in the WordPress space is quite a marker and it felt right to acknowledge it whilst he's here with us.

Mark has been part of the ecosystem for ages. Working closely with agencies, developers, and product teams who manage sites day in, day out. His work at Man WP Centers on Partnerships community and helping shape tools that support people building and maintaining WordPress notes at scale. Thank you, mark.

Really appreciate it. Thank you for having me. Yeah, you're very welcome. And joining us for the first time is on ly. Hello. How you doing? Have I said your name? Hi, thanks for having me. Yeah, thanks for having me. Very happy to be here. Yeah, you're very welcome. as nar it's his first appearance. There's this empty bio box and no doubt on the second appearance, it'll be full up with junk, because that's what we do, we just mess it.

But on this first time around, it's very obvious that it's going to be sensible. So here is, NARS very sensible bio. He is the founder of OOP Spam. I'm not entirely sure how you pronounce that. He can correct that for us in a moment. Formerly cybersecurity researcher focused on online abuse and spam, and he's based in Minneapolis, Minnesota.

How do we say it? Nar. Will you say? We say, oops, mam. Okay. I did actually think that would be what it was, but I didn't wanna, yeah. Okay. I started a long time ago and now I'm thinking back. Probably wasn't the best name, but, yeah. Yeah. Well, as you're about to find out, I called this thing WP Builds and we basically talk about cats.

We have spent ages on an episode the other day talking about alligators. oh, that's why cats. Hold on. we'll see how that goes. If you are joining us and you wanna make the show a little bit more interesting and lively, then please make some comments. That would be absolutely lovely. The best way to do that is to go here.

mark is sporting the little banner there. Go share this stream, wp builds.com/live. If you go there, you've got a, you've got two options, really. the most common option, I think is to hit the box on the side. If you're on a desktop, it's Google, so it's YouTube comments. So if you're logged into a Google account somewhere, you can comment like that.

However, if you don't want to use a Google account or you don't have a Google account or you mistrust Google or any other reason for that matter, then there's a box inside the video player itself. Top right, it says start chat or live chat or something like that. Click on that and you don't need to be logged into anything.

You can, be entirely anonymous and so please share it with your friends relations animals. Pets, poltergeists, whatever the heck you've got going on over there. And it looks like some people have jumped in. So here we go. We often get the weather forecast, oh dear. and in Boston, James Low is joining us and it's 30 Oh, that's bruel.

It's minus one degree Centigrade Birds. An birds, animals tree branches, people fly at a 90 degrees angle. Visibility nil. Officials blizzards warning re remain in place until 7:00 AM ESC. good morning. Oh, that sounds bad. Well, it's minus 15 here. oh, that's not real. That's like the temperature on Mars or something.

[00:10:03] Marc Benzakein: But at least the internet works, so Yeah. Yeah. Electrons love it. They love all this cold. It's perfectly, Courtney Robertson's joining us, but she's saying hello to James. she's giving a comment about the weather there. Just two inches here. I guess that's snow. She's talking about. Oh, David Worsley, my partner in crime, David Worsley.

[00:10:25] Nathan Wrigley: He says hello, first time catching the beginning of this show. What a birthday tree. I'm presuming it's your birthday, David. And if it is your birthday, happy 92nd birthday. It must be that, at least by now. something along those lines. I dunno how old David is. I think he's older than me then. But happy birthday David.

If it is your birthday, the webinar is also joining us. Hello beautiful people. How are you doing? And oh gosh, there's quite a few, isn't there? Lots of people saying hello to each other. Oh, come on. Da Rob in, won't you da? David's in goer where it's 27, 27 degrees centigrade. All I can say is the electrons hate it.

I imagine the humidity is horrible though. yeah. go on. Tell me the He's horrible. Yeah, it's his birthday. He's getting old and the humidity's horrible. That's it. That's how we're gonna, how we're gonna reconcile it. Ross Winkle. Hello. He says he's got the day off so I can be live here today.

Oh, you are friends, not work. That's so nice. Thank you for joining us, Ross. Appreciate it. 12 Degrees Centigrade here in the UK and very British. Yeah, I've got the same 12 degrees centigrade and just grayness, it's what we get every single day of the year. Any other comments joining in who we got here?

Marcus Burnett. Sorry. He says I had to cancel you, Nathan. Oh yeah. Luckily Nars here, that's all I have to say about that. Marcus wasn't able to come because he had other things, and nar very graciously jumped in on Friday and that's amazing. testing WPB two one, we'll get to that in a moment as jab.

Ja, I, he's on skating on thin ice. Is he James? Do I jabber? I think I jabber. Okay. It's cold there. It's very thick eye, especially. Yeah, that's right. I think, I think, is there any other comments that anybody can see that I ought to put on the screen? 'cause I'm lost in them now. There's too many to come up.

Anybody quickly? Well, well, Courtney. Courtney asked, but I said I responded already, but, Courtney asked if the reset of my computer means that the lights will not go out. I cannot guarantee anything. mark's in a black box already, but at some point the lights. So it'll be entirely black.

Yeah. It's really funny when it happens, if you sit really still, mark for five minutes and say nothing, we could all enjoy your lights going out. okay. So anyway, there we go. That's the long introduction. Really appreciate you all being here. Keep dropping in some comments. so the idea is to talk about WordPress.

This is us by the way. Bit of short promotional stuff at the beginning. If you like what we're doing over here, put your name into that box. This is wp builds.com. No, don't put your name, put your email address into that box. We don't need your name. Just want your email address. And then we'll send you a couple of emails each week.

One when we put this out as a podcast. That'll happen tomorrow when I've edited this. and then we'll put a, an episode out every Thursday as well and I'll send you an email about that. And this week, I was lucky enough to have the fabulous Andy Bell. Andy Bell. I think in years gone by. Andy Bell was a more of a word presser than he is now.

I think it's been many years, I think since he's used WordPress, in anger, if But I had a chat with, Andy because I saw him at a conference last year, which Tim was there as well. It was in London last year. And, Andy was on stage and he wasn't really talking about WordPress, he was talking about sort of agency life and things like that.

But the, one of the things that. Caught my attention was ha his position on ai. Now Andy is very principled about ai and he's very forthright. He doesn't want anything to do with it. He doesn't want anything, he doesn't want his agency touching it. So the content that they produce, the code that they write, the websites that they launch is all human made.

As soon as those words came out of my mouth, I realized the error, it was all made by his agency, not human made, forgive me. but, but, anyway, but he also won't, work with AI company. So if an AI company comes to his agency and says, will you build us a website? The answer's gonna be no. So we explore his fairly principled position here, and I've gotta say.

The more he talks, the more I was nodding my head, the dominoes started to fall for me and he was able to encapsulate it really well. So I don't suppose any of you three have got anything to add about that. This is my promo bit at the beginning, but I've dropped the subject of AI and his principle on it.

[00:15:03] Tim Nash: I feel, I principle I should say, did the word Luddite turn up in the conversation? It should have done, shouldn't it? Yeah, probably. But I know what you mean. I think, hi. Hi. His is not really captured around the technology. He's obviously got a notion that he can do whatever the heck an a, an AI can do when it comes to design.

[00:15:23] Nathan Wrigley: He's got the skills, he doesn't need the shortcuts. And so whilst it might save him a bit of time and probably some money, go, just go and have a listen to. I get, I know what you mean though, but, I found myself nodding is all I can say. anybody else? Mark on anything to add about that before we move on?

[00:15:43] Marc Benzakein: I respect anybody who has principles and sticks to them. Yeah, that's, And so I, I have a great amount of respect for what he's saying and if he can, and I think it's always important to be able to do what the AI is doing. You have to be able to understand what it's doing so that you can either fix it or not.

So if you choose not to do it, it means you know what you're doing. Well, and the other interesting bit was that as the sort of the conversation, developed, not only was I getting more and more into it, but I could see where he was coming from. And the bit that kind of made the principles stick for me was the fact that it really hurt his business in the year 2025 in incredibly successful.

[00:16:29] Nathan Wrigley: And it had hurt, that having this principle had hurt his business. Without a doubt. He was very open about that. But what he had not done publicly is he hadn't said out loud the bit about the ai, he'd just not taken work that required him to use ai. He hadn't taken work from AI companies and he hadn't used ai.

So anyway, the knock on effect was as soon as he'd started saying the quiet thing out loud, I refused to work with ai. Suddenly his roster got filled up. So it turned out that for a small subset of people, and he presumably is an early mover, that rounded off his 2025 really well. Now we'll have to see how long that continues, but it turned out that principle resonated with a lot of people who needed a website.

but we'll have to wait and see how that works over time. Okay. Anyway, there we go. Anybody else before I move on? Please keep your eye on the comments, you three, because, if there's anything that crops up, there's too many at the minute for me to keep my, my, my eyeballs on. by the way, he has a, like a course platform called, Pika Lilly.

It's P-I-C-C-A-L-I-L, DOI Pika Lilly with the LI after the dot. And a lot of the courses are about this kind of thing, so mindful design is one of them. I just thought I'd mention that in case anybody was keen to pick up on what it's that he's doing. Go and check it out. Right. Okay. So moving on to user submitted content, or in this case, guest submitted content.

Here we go. Main, wp, you brought this to our attention. It looks like the year in review. How did main WP go Mark 2025? well, first of all, Dennis asked me to write the year in review this year, which is. actually a pretty intimidating task, I gotta say. and I was like, when you go back and look at everything that happened, it blows your mind at, blew my mind as to how much, the team just did last year.

[00:18:35] Marc Benzakein: And I think about it once again in the frame of this 12 year anniversary thing, and I just am blown away constantly that they are so motivated every single day to just keep pushing and pushing after 12 years. that just is astounding. So that's the big takeaway for me from this. The rest of it goes into details as to how many things we pushed out and where we're going and all of that.

and I won't get into all of that. I would appreciate if people would read it. I appreciate you letting me share this, with the audience, and that's all right. I know people read it and, and, I don't wanna take up too much more time other than that, but, I just. I just can't talk about the group of people that Dennis has put together at Main wp.

It's just an amazing group. nice. Okay. Well, probably a quick Google. Everything that we mention in this show will be in the show notes tomorrow. So when the podcast audio drops, there'll be a link to a blog post, which is basically a bunch of links. Some of them are in the show, there's ones that didn't make it into the show, but all of the ones that we're gonna mention will be in there.

[00:19:47] Nathan Wrigley: So this will make it, into that list. It'll probably under the community section if you go there, or possibly the plugin section depending where I drop it. But go and have a look. or you could simply Google, this moment, couldn't you? Year of momentum. A year of momentum, 2025 year in review.

Nice. That you love your team as much as that. That's brilliant. I, feel so lucky, honestly. Yeah. I went from being a, a. An owner of a company and a founder of a company to being in a company where I feel like I'm a founder, even though I'm not. yeah. it's really, I feel very fortunate to have landed where I did.

Yeah. Oh, that's lovely. I'm just gonna pause the entire show very quickly. 'cause I just wanna say, over a period of about three months now, this person has dropped into the show, g and every single episode, I have no idea what his name is, and every episode he says what his name is and I say, I'll remember it for next time.

And I never remember it. So I've actually written it down on a piece of paper. Open the drop in today. I think you should name the show after him. Yes. Just so that you have an episode that's yeah. Well, he is joining us from Amsterdam and of course, thank you Brian for oh. See what I did there. it's Gerard, thank you Gerard for joining us.

I really appreciate it and I appreciate me. sorry I don't appreciate me. I appreciate the fact that you are coping with the fact that I relentlessly, been unable to remember who you are. Really appreciate and, nice mention for you, Tim. I think it was Ross I saw in the comment who said, it's lovely to see you.

what did he say? He said, oh no, it was Reese win. Nice to see Tim again. Oh, thank you. Yeah. Yeah, it's alright. The bearded club, they, you stay together, you guys Okay. Have we got any nice comments in there that are Oh, that's very nice Ross. He's saying Go and listen to the interview. I presume about Andy.

and staying on that topic he says, Andy also said, so this is the previous thing with Andy Bell, that he'd got some business from a client that had been burned. Oh, that's interesting. Yeah. By an agency that had used ai. and were looking for somebody that explicitly did not, which was interesting.

and then David Ley joins in primary. Andy Problem solves and writes HTML and CSS better than LLM seems to be able to manage. I don't think you could deny that somebody of his capacity. That's very likely to be true, isn't it? Okay. All right, let's move on a little bit and we'll go here. So that was the bit that Mark dropped.

Now we've got a couple coming from Tim's side of things. I didn't get a chance to read this one, Tim. Sorry about that. so tell us why this one's in. It's from automatic. he is slightly links into the Andy. so this is a, blog post by somebody from Automatic. They're on the performance team at Automatic, not, it's not specifically WordPress related directly, but it's basically a blog post arguing.

[00:22:57] Tim Nash: We use too much JavaScript. Ooh. We use to React is a, react is not a library, it's a framework. We use these giant frameworks. They're ridiculously complicated. They are. Really bad for performance. They very rarely do the things that we actually want them to do well, and we keep due trying to use JavaScript when actually we have this perfectly good servers behind the scenes that are full of processing power that could be doing the job for us.

There are, a lot of the time we struggle with performance on websites is because, not necessarily the server slowing down, but your clients has got to make a hundred and thousand different requests backwards and forwards to the server via the JavaScript Ajax requests and JavaScript is pulling and doing a lot of issues when it comes to performance.

And it's basically a little bit of a, Maybe we should perhaps. Not use as much JavaScript or only use JavaScript when we need to and use it for what it's really good at. which I found quite interesting. So it's not a get rid of Ajax, get rid of react, get rid of all of this. It was just a, maybe we should rethink that.

Your, if you are jumping into some a project and your first reaction is to jump and get react, maybe consider if that's the right course. And I found that fascinating partly because it very much mirrors my own viewpoint. So of course it's, I'm biased towards this as I like this makes total sense. I think there's a lot of people in the comments who will find this approach.

oh yeah, that's what I do. That should be what we should do, but also who it came from. Yeah. And it's on the automatic blog. Right. I'd like to think that this was a little bit of a, flag has gone up, but maybe we have gone too far the wrong way. but we'll see. But it's a, it was, it's a really good read.

It's a really well thought out read that, for me, reflects a lot of my own viewpoints. So I was I was, I, very much was reading this and nodding my way along to it. I, so I think I can more or less guarantee that David Worsley in the comments will be warming his hands. On this. He, I, he shares the exact same opinion as you I use something when it's not necessary, but you are right. That was the bit that I took. I read the, title and I read that it had come from automatic and then I got to the bit where it was obviously taken its first like little targeted aim toward re react in particular. And I did think, this is curious, it's he, does take quite a strong aim at React.

Yeah. But it then does emphasize that it's not specifically React, it's more that React is act. And I think that his argument basically is you never load just one JavaScript library. It's part of the, philosophy of JavaScript development seems to be, well, I can just reach for this and I can reach for that.

And so you do end up with behemoths very quickly and without even realizing it, you are, suddenly, you've got huge amount of dependencies there that you weren't expecting. And yeah, it's, as I say, it's a really good read. even if you take away from it, that is that's a bit extreme. i, if it just gives you pause before the, maybe I don't necessarily need to bring in that full framework to do this one line thing.

Or maybe it could be just that you take the opinion, oh, actually I don't need to use, I can rethink how I'm using my JavaScript and make sure that I'm, first of all, the server can do this on its own. You are almost certainly getting, gonna have a better experience in terms of accessibility. Probably a better experience in terms of, things like SEO and almost certainly a better experience from a security perspective as well, because if you're simplifying things generally that makes it more secure.

Not always, but generally. The bit that's interesting to me is I would imagine that the automatic blog has some level of editorial control. I imagine that, whoever wrote this article and the name has now got Sergio Gomez, is the automation who wrote this. I presume there's some level of inspection.

[00:27:22] Nathan Wrigley: So it is interesting to me that this has been, this has been given the green light and I wonder, I just wonder if this is a first. In a cascade of similar things in the year 2026. I think maybe that's what you're, I dunno. Maybe if you are wondering that as well, Tim? Yes.

I'm not sure. Well, no. Hoping maybe I know. Okay. I feel like this could either be a one shot and it's oh, that's nice. Or we could see this happening more and more. Yeah. And there is a little bit of a case of, as we are getting more and more AI, slop and a lot of, if you ask a AI to build something, it will pull in all of these libraries and things.

[00:28:07] Tim Nash: I can see the, the Andes of this world and people going, actually I can. Win this battle by doing less and yeah, producing good quality simple solutions rather than pulling in the 50 million libraries. So I can see it being used that way as well. So thank you. Okay. That's really interesting. I didn't say the title of the piece, and I have to, I'll read it in because if anybody's, listening to this primarily, this is on the automatic.com, so with two t's blog, and it's called a Modest Server Centric Development Proposal, so you can go and look for that.

[00:28:44] Nathan Wrigley: It was written on the 17th of Feb. This year. So go and check that out. Right. And there was another one coming from you. Sorry, I apologize. I didn't let Mark and owner have their go on this if they wish. Otherwise we'll move on. It's above my pay grade. Okay. Me too. I think you why? Mark's below your pay grade.

[00:29:05] Marc Benzakein: Oh, is that what you, okay. Okay. okay. Right. Here we go. next one, then again from Tim. Tim's thing is obviously security. I use Bit Warden. I dunno if they have products outside of the sort of password manager, but that's the length and the depths that I have from them. And obviously it being a password manager, I have this assumption that it's going to be secure.

[00:29:28] Nathan Wrigley: So what's this one? What are we looking at here? So this is a blog post from Bit Water themselves. It's called Security through Transparency, ETH Zurich Audits Bit Water and Cryptography against malicious Server scenarios. ETH Zurich actually audited three or four different paths. Password managers and claimed that there were some serious faults.

[00:29:49] Tim Nash: And I got pinged a lot, like about every friend I know who I've said, go use this. Go use a password manager. Pretty much together. It's like they got sent the same email, sent me message going, oh my God, it's all really how bad, and it's insecure. I was like, no. the group managed to find, if you compromise the bit warden servers and the clients in this scenario and this happens, then something bad might happen.

[00:30:22] Nathan Wrigley: Oh, okay. That's quite a lot of ifs, isn't it? I, there were variations on the theme for each one of the password managers. the reason I chose this as a good, post is 'cause I thought it was a really well handled response from Bit Warden because they didn't say this is a non-issue. I thought that was really good of them because they could have just come out the gate going uhhuh.

[00:30:43] Tim Nash: No, but they didn't, they actually said, we've taken things from this, we've learned things from this paper. We agree, it's hypothetical. but honestly, let's go, we, there isn't actually a problem, but we've learned stuff. But it also gets, gives me the opportunity to highlight that you should be using a password manager.

that, and the, one of the reasons that I wanted to highlight Bit Warden is that Bit warden's, behind the scenes of both the client is open sourced and the, the server infrastructure's open sourced. And you can run something like, vault Warden on your own infrastructure as well. So there, if you were, if you haven't yet chosen your password manager.

And I'm disappointed in you, but there are options out there. obviously if you have a password manager of your own choice, go with that one, please. Yeah, don't change because of somebody saying that bit warden's more interesting 'cause it's transparent 'cause of open source. But that's why I wanted to highlight this.

[00:31:47] Nathan Wrigley: Yeah, thank you. I put a lot of people to bed so they can stop DMing me about Yeah. stop DMing Tim. but I'm glad because this is the one that I settled on a few, I don't know, two or three years ago when LastPass just seemed to misstep horribly, especially from a PR point of view. I moved over and pushed everything over to bit one.

So I'm happy, that you have the, that you've got the skinny on this. by the way, Tim paused about, about a minute ago for about three seconds, and he scowled. There was a moment where Tim sc, he was a very effective scowl. He was trying to encourage everybody to use a password manager.

So unless you wanna be on the receiving end of Tim's scowling. Then, get yourself a pass. I feel there should be scowling on your website, Tim. yeah. I'm a nice person. I don't, I want to have clients. Okay. I don't think scowling at them before they become my clients, as I would go get a password manager.

It's not worth it. Everybody. the other thing was Mark's lights went out. I dunno if any of you noticed that, but he scuttled away very quietly and I got his lights coming back on. But there we go. A few comments in coming in. babababa b Baba, where was it again? going back to the, the bit that we were talking about a minute ago.

So Andy Bell and what have you, let me just put it like that. David Walsey says, so in regard to, no, it wasn't, it was about the automatic piece and react and what have you. David Wimsey says, I just wish WordPress was more active in the W three C rather than looking to the corporate web all the time.

there we go. And, apparently Tim, you're a soccer for a clickbait title. Yeah, I'm not quite sure which one. Any. I think sc Tim Sc Just give him the, yeah. David knows his place now. he's, no more comments from you, David? I feel like the soup, what was it? The soup thing in, Seinfeld. No soup for you.

No comments for you. David. Wamsley, you're right, you're in the doghouse, right? Moving on. the, so there's three that are coming up from nar and the first one, I dunno if the, this GitHub repo is something that you are involved with personally, but we're looking at kitten, TTS, which is a subdirectory of kitten ml.

What is this? What is this? So this is a text to speech model, which people can host, self host. It's on 25 megabytes, smallest one. This is, I'm am fan of open source models. and in turn, that's great for privacy against privacy folks, people and in general, this model. What gives you is, sometimes we go articles and there is, listen to this article and you can do this with this.

[00:34:33] Onar Alili: Model and without paying anyone, you can just host in your WordPress website, in your hosting. Hopefully you are not using share hosting. so and this will be enough resources to run this, but it's still, perhaps it's impossible to share, run it on share hosting and 25 megabytes quite small, and it does a really good job, converting your articles into tech and a speech and comes with, I believe, eight, voices.

Yeah. Oh, nice. I just want, I think this team done a really great job getting this out and supporting open source models and, yeah. So it says on the GitHub repo kitten, TTS is an open source, realistic text to speech model with just 15 million parameters. That sounds like a lot to me, but presumably it's not, designed for lightweight deployment and high quality voice synthesis.

[00:35:31] Nathan Wrigley: I confess I haven't used anything like this largely because every single thing that I do is actually me speaking. But I do see this more and more on websites wherever I tend to roam. There's quite a lot of, here's the text and then here's the accompanying. Usually AI generated, I don't know, audio file, which is almost like a, oh, just almost like somebody reading it out.

I, I find that quite hard to listen to most of the time because they don't sound real, but maybe. There's, there is some examples done there. If you could scroll, you can see there is a, they put some examples where they read the text. Oh, I see. Okay. Yeah, there's all different kind of voices you can choose and experiment.

[00:36:10] Onar Alili: I think what's great about it, like you don't have to rely on third parties and also I am, in terms of accessibility cases, like you, people can just listen to the article and, yeah. Okay. I will link to it in the show notes. If you have a need to put, speech on your blog posts and things like that inside your WordPress blog, this will do that for you by the looks of things.

[00:36:36] Nathan Wrigley: I'll just, yeah, the URL's not that difficult to read, so I will just read it out. I don't normally from GitHub, 'cause it's hard usually. So it's github.com/kitten. Ml slash kitten. TTS. So that was the first one. I was so disappointed. It wasn't what I thought it was. I never clicked to link on quicker expecting it to be realistic meows.

Oh, I see. Okay. I was all in for this. There was gonna be this realistic set of meows coming out of it, and I could program my me some cat purring. No, there's a whole, there's a whole subculture of people who not. I want a large language model that has been trained on meows and purrs translated into cat.

Yeah. Okay. That's okay. So there's the first one, second one from, NAR is, well, I presume this is your own because it's the Yep. Spam. You've got an annual report as well, you've got some key findings here, but just run us through the, highlight items of Yeah, I, yeah. I'm not going to take spend too long on you on this.

[00:37:44] Onar Alili: I just, this is usually we do every year where we take some sample of data and look at the data. And this is all very actually related to what CloudFlare, posted recently about their, denial of service attack. in recently we've seen a lot of, attacks are coming from residential ips, meaning like people they don't know their devices are compromised, like they have smart boxes at home, or they have like their computers or their smart.

device, they're all like spreading, starting spam campaigns or doing card testing attack. People in, WooCommerce are very aware of this issue card testing attack where people steal other people's cards, credit cards, and they test on your WooCommerce website. And yeah, this is about report about that.

And yeah, in general, awareness about residential proxies and yeah, we've seen, again, this year we saw more attacks in WooCommerce and. Also, well, WordPress is more popular, so it has seen more spam campaigns targeting WordPress. yeah. that's all I, yeah, I encourage people to read about it.

And there is some, also free ways, free tools, how they can, protect some service from the attacks and against, well, thank, yeah, I will, link to that again in the, in the show notes. Let me just see the ur, the URL's easy enough to say, so I'll read that in. I think quite a lot of people who consume this podcast, they do not, they don't read the, the associated posts.

[00:39:30] Nathan Wrigley: So it's quite good. If I can read the URL, so it's, oops. Spam. So OOP. Dot com slash 2025 dash spam report. So you can go and check that out. And there are some key findings there. we'll get onto a piece a bit later if there's time from CloudFlare. And one of the things that they particularly mentioned was the, the use of, smart tv, hardware as one of the things which is ramped up.

I think over the last quarter. We have a, like a little thing which we plug in the back of the tv. It's called, I think it's Google tv, something like that. Yeah. Also fire. Yeah. Okay. Right. In which case, I think you've got a third one as well. This one. so this one again from nar. This one's called, well, it's on the mi I don't know if it's MIT Sloan or mitts.

I, I don't really know. I think it's part of the MIT infrastructure. It's the Sloan School, which has something to do with, I guess management or something like that. the title is open, sorry. AI open models have benefits. So why aren't they used more widely? Is the answer to that. 'cause they're not as good.

Is that basically what it is at the moment with that sort of summary? Yeah. Article also mentions about that, there is usually 90%, quality difference. Wow. So usually even even open source models, they close that gap very like in, within 13 weeks. And, these models, in the beginning they were only like, open AI and also closed sources.

[00:41:07] Onar Alili: Models. So people more got used to ze models and people started integrating into their system. But then later there's more smarter. There's more smarter and equally, yeah, high quality models also came out. Open source. They are, yeah. I think now it's really expensive for companies to switch. I think that's one reason.

people don't want to deal with it. But there is, and some people are concerned about open source models because of privacy, but then there is open source models. You can host it in your own infrastructure if you're a company. And that's, will be told privacy and you own all your data. Yeah, and I think another concern they raise there is, top open source, models now currently all made in China.

Huh. And so they all come from, yeah. And that's another privacy concern, but again, you can host this, this, all these open models locally and without any internet connection. so that will solve the privacy issue. Yeah. in general, the article goes through why people should switch and they should consider, and of course there's a huge cost.

And yeah, I, I have this feeling that the year 2026, I'm just taking this data from people out in the wider ecosystem, tech journalism more broadly, so I'm not really WordPress related. And many of them seem to be talking about the real financial. Upside down pyramid. Basically this sort of really difficult to maintain financial structure that a lot of these AI companies are built upon.

[00:42:51] Nathan Wrigley: venture capital money, which at some point the venture capitals will wish to have back and how the a theis that many people have become dependent upon will become significantly more expensive for the exact. Same thing. I do wonder as well, gi given the kind of stuff that I would ever use AI for, which might be literally just summarizing a URL, poke a URL at it and say, summarize that in a hundred words.

I, I'd be, I'm sure that some of the open source ones would be completely capable for me at that kind of thing. Obviously if you're trying to do the cutting edge, coding and things like that, then I'm sure that you do need to reach into your pockets. But I don't know, maybe open source will win this in the end, but let's wait to see if Yeah.

[00:43:33] Onar Alili: They're careful of using Yeah. Accessing internet resources and Yeah. Using different tools. Yeah. Yeah. They're much, yeah, they're very capable nowadays. It just, they, there's not as much commercial interest in open source models, so there is not as much PR team behind them. So they're not, it's interesting how a lot of the people in the open source arena, who advocate massively for open source.

[00:43:59] Nathan Wrigley: Quite happy to use these proprietary technologies to, to build this, that, and the other thing on top of WordPress. It's interesting how that whole Yeah, you don't even have to like, you don't even have to host them yourself. You can, for example, the open router, I don't know you heard about this.

[00:44:15] Onar Alili: Open router is a infrastructure as a host, all the different open source, products, open source models, and you can use them through these companies too. And you get privacy benefits and it's much more cheaper to use them too. For actually small, simpler tasks. So Ross, who, who was in the comments?

[00:44:38] Nathan Wrigley: Sorry. Tim, I'll just read Ross's comment quickly. it surprises me, says Ross, the amount of the amount that the WordPress projects is talking about AI so much, but not talking about open models. Sorry, Tim, I think you were trying to say, I was just gonna put in a couple of points. One is that there are two different costs.

[00:44:56] Tim Nash: Open, open source models. You have the cost to train the models and the size that, and infrastructure you need to train the models. And that is a hardware problem that we just, there aren't companies going, hello, I'd like to give, I have a data center over here that I wish to train the models on. I will then hand that, that open model back into the real world to give it away for free.

With the exception of, unless that is literally a company strategy or a nation state strategy, which is the Chinese model approach, which is, we're gonna throw this out as a disruptor. And that's, oh, okay. Really useful for us. people who are using the open source model, they're not doing it because it's a note for open source in the nice wor way we think of they're doing it to disrupt against the, their larger competitors.

and to stop necessarily proprietary models taking hot single hold. If you do not have someone who has the enough backing to give you the data center to train these models, it's really difficult. Then we have using the models themselves, they still require. On the whole significant hardware you were saying.

Oh, can I summarize something? Absolutely. Yeah. the, I have a Quinn model on my laptop. Absolutely perfectly fine for summarizing takes about if I pointed at, say, an article, it takes about 45 to 50 seconds to come back to me with a summarization. Right, right. Which is I, if I pass that to Chachi pt, it come back in five seconds.

[00:46:32] Nathan Wrigley: Yeah. Okay. That's the difference, right? That's the trade you make. The quality would be there. That's fine for one article scaled once on my machine. The problem comes when you want to do heavy lots of workloads. So let's say I'm doing, I want to audit some code, with, open source models as we have now.

[00:46:54] Tim Nash: Let's, even if it's a relatively small code base with my current hardware, which I don't have, I'm not a massive company with lots of hardware, but we just hardware that I have currently, I can do it. It just takes a really, long time. Yeah. Whereas if I threw that same code base at Claude Code, it would be done in a fraction of the time.

At that extreme cost. I can throw my code base via something like open router, but actually. Open router's quite expensive. 'cause I have to make the, if I'm making a per API request I'm, still ha paying for their hardware. I much more inflated rate because they have to make money. Open router's not a charity.

they make money on those requests through. So we haven't yet reached a point where we have models that are small enough to run locally at performance that's required to make the open source a viable model. And what we don't have yet is model a way of training models that small enough that they, or we can distribute well enough.

we will, I'm sure, see in the next sort of six months to 12 months, SETI style setups, if you remember the old Oh, yeah. At home, like hive mind kind of thing. Yeah. I'm sure that we will. That's the route that open source will ultimately go down to solve the distribution problem at making that.

But to do that introduces this amount of complexity. Security implications and pollution of training data. Also, just the whole, how do we train these models on what do we train these models? 'cause one of the things about the open source models coming from China is that there's at least allegations that they're trained on other ais, which.

Quite often the training methods for these larger open source models isn't as transparent as we like. We get the end result as an open source model, but how it got there is like fuzzy on the way through. that is the title of today's podcast, but there's no way that I can sound like that.

[00:49:07] Nathan Wrigley: I wanna say the word F Live. Interrupt it. Make it in a really small font. Tiny font. Yeah. Tiny, yeah. Tiny font. Yeah. Okay, so that's really interesting. Ross has got just to, we put that comment up, but I'll just put it up one more time. that was the context for Tim's reply. That is so interesting.

If you've got this intuition that some sort of federated version of ai, like the Seti thing that you mentioned, where people are I don't know, letting their CPUs in idle time do some grunt work in the background and contributing to a, it's probably better than turning it into a crypto minor, which is what no kidding use are currently being used, whether they wanted kidding to or not.

Yeah, I couldn't agree more. I however, don't have access to a data center, but just, 'cause it's good news. I do have access. To load of grapes and, I'm gonna eat these grapes. My ambition during the course of this podcast is to finish all the grapes and, and then really need a week just to tie it back into security for a second, that the, one thing we are seeing more of is that, bad actors when they're compromising servers are doing so to get this CPU usage for ai stuff, for writing out spam emails and blah, blah.

[00:50:32] Tim Nash: not the same. It's only in small pockets at the moment, but I'm sure we're gonna start seeing. So if you want to look for where we're seeing, distributed, AI at the moment, it is actually being used more as on the aggression side. It is being used by bad actors, not necessarily, for the benefit of mankind in general.

[00:50:54] Nathan Wrigley: Who couldn't have seen that coming. I know you shocked. Yeah. What a shame. I'm just gonna move, I'm gonna flick to something that was gonna do at the end because you were talking about, the web being scraped and the way that, the open source models might scrape it. Just as an aside, I was gonna leave this till the end.

This is over on the tech Dirt blog. It's called Preserving the Web is not the problem. Losing It is, and this is just a curious byproduct of that scraping that, institution. The institution which we've all come to know and love the way back machine. So the internet archives way back machine is really caught at the minute as to how best to deal with.

AI agents scraping it because, it's being used largely by AI agents scraping it. And a lot of the content, for example, from institutions like it mentions a few, the Guardian, the New York Times and Reddit, are now blocking the access to the internet archive to scrape future content, maybe past content as well.

I don't really know how that would work, but future content, because there, it, it's a way for the AI agents to get round their content restrictions and what have you. And so that would be a shame. That would be a real shame. I I didn't foresee that one. like I said, a minute ago you could foresee the ai, the miscreants misusing AI to write spam emails, but for some reason I didn't see that one coming.

And that just seems like a. A real shame if something like that was to happen. Mike Masnick, I think wrote this. No, it wasn't actually, it was Mark Graham. It's not very long. It's pretty quick to read, so go and check it out, but it is a bit of a shame. In the internet archive has for, has its own set of controversies based on scraping.

[00:52:43] Tim Nash: Yeah. when it may or may not be allowed to. So there is something ironic about this. yeah. That's right. It's, shouting fire in the theater or something like that. yeah. Okay. okay, let's move on. Let's do some sort of word pressy stuff. So this is the first one. So WordPress 7.0.

[00:52:59] Nathan Wrigley: Beta one is just around the corner. I can't actually remember the day it drops. Maybe it's dropped already. Can't remember. but anyway, it's coming. and so it's time we go through this sort of cycle of beta releases. And then finally the actual release will come fairly soon. Time to start playing.

Don't put it on a production site, but there is some pretty good stuff in this release. If you wanna follow somebody who's been following the collaborative editing side of things, go follow Steve Burge from Publish Press 'cause he more or less daily, on X tweets about his latest discovery.

To do with this, but I'm taking my guidance from him. But it seems like the whole collaborative editing, which many people thought was gonna be a real roadblock, a really difficult thing to pull off. It feels like it's coming. and it's gonna drop. We'll see what kind of hardware you need to make that work.

and then there's another whole, there's a whole bunch of stuff around design improvement. So the video, embed block and the grid block and the icons and the breadcrumbs and the headings blocks have all had adaptations, as have the navi, as has the navigation block. And then there's a bunch of developer stuff as well.

You can read it all in this piece. it's called WordPress 7.0 B to one, and it's on the wordpress.org news blog. So go check that out and go and have a play a bit like Steve does, you three. Anything about that before I move on? Don't run it on production. Don't run it on production. Look, it literally says it on the first line.

[00:54:34] Tim Nash: I, I, unless you're me, in which case you've updated your site to use it, but for the rest of you don't run it on production. Yeah, that's right. Just don't. so there we go. Oh, and look, there's Steve. Ha. There he is. hi Steve. I was just saying that everybody should follow you if they wanna learn about the collaborative editing.

[00:54:53] Nathan Wrigley: 'cause you, every few days it seems you drop a little nugget of something that you've played about within WordPress seven. And yeah, I'm very grateful for you doing that. Appreciate it. So anyway, go and check that out. Just a quick mention, friend of this podcast. He's been on it lots and lots of times.

No doubt we'll be in the future as well. Remus Dre, he's launching a new service. he's had a service for a little while, truer the North, but, I won't try to pause this. It's a fairly lengthy written article, but he is, pivoting what he does in the WordPress space. and picking up the mantle that Guten, sorry, Denberg put down the project run by Jonathan Wal and Tammy Lister, which they.

Put on ice, I think just before Christmas, something like that. I don't think Rimkus is literally directly picking it up, but as it's gone out of existence, he can see that there's a sort of, a hole in the market there. So he's gonna be trying, doing what they're doing. In other words, communicate with people, trying to figure out where they fit with their products and services in the WordPress ecosystem.

So he's gonna be like a consultancy for that. He does, however, have a direct rival because I spoke to Matt Cromwell, during the course of this week. and he co-founder of Give WP worked for Stellar WP for a long time. So equally credible in terms of their length and breadth of history in the WordPress space.

he's launched something called Roots and Fruits, which looks like it's gonna be exactly similar, very analogous to what Remus is doing. So if you need a bit of guidance in your WordPress company's journey. Check out Remus blog. But also if you check out, the Tavern podcast that I did with Matt Cromwell, or Go to Roots and fruit.com, you'll be able to see what they're both up to.

Anything about that in the pre-show, we were suggesting that they should, we should just set them up in a ring and fight. But I've subsequently thought that given that, how unfair that would be to Matt Yeah. That a rap battle might be in order instead. oh, I'm down battle. Yeah. could we not do both?

Would it be possible to have them both doing that simultaneously at a sort of cage fight meets rap battle, all at the same, all at the same time? I apologize, Matt. This wasn't my idea or REMCOs. It was Tim's idea. I'm just saying. but Nathan, you did fully support it before the show, so no.

I don't remember any of that. I can't remember that at all. no. Yes, it would be fun. and then Tachos here, so I know Tacho knows Rimkus very well. Maybe you could persuade him to get in a kid No Cage fight with this is not the way Think show anyone supposed to, don't think anyone wants to get in a cage fight with Mku.

[00:57:45] Marc Benzakein: I don't know. I no. there's probably like a handful of people on earth who'd be who best Mku, I think. 'cause not many. And they probably all live in like Norway or something like that. Yeah. I'm gonna go back to the rap battle. Yeah. Okay. Alright. MKU and Matt, if you could, just crack on with that.

[00:58:06] Nathan Wrigley: Organize the rap battle and then we can report back on it. I feel like a major word camp. That would work nicely in stage. Yes. Oh yeah. Yeah. See who's like the best at advising clients. Look, I tried to do some sort of rap gesture then I just sort did this. Dunno, dunno that I, I feel like that would be the cringes thing ever.

Oh yeah. That's why it should be done, mark. Yeah, that's exactly what, absolutely. It should be done. Absolutely be, it would be the most watched WordPress TV thing ever. Probably. Yeah. Jamie Marlin could compare it. It could be Oh yeah. Oh yeah. I think we've cracked it. So yeah. Tachos saying Paul, Matt, oh.

Not Paul Mka, though. I know she's but Amber likes it. She's got a giggle icon and frankly, if Amber likes it with a giggle icon, it has to happen. That's all there is to it. Keep it coming. this is brilliant. We've lost nar, or I don't know if we've lost NAR or O's camera has just died the death, but we've, lost, well, no, we haven't lost him.

He must still be there in some capacity, because I can see that he's still on the screen. So Nar, if you can hear me. Sorry, I'm here. I just Oh, no, that's great. Has a problem. That's fine. If the camera's bated, no problem. Just stick with us for the audio. I'm listening. I'm here. Yeah, that's great. Thank you, Okeydokey.

Let's move on a little bit. And have a look at this. Last week we reported on the fact that, the WPCC, now annoyingly, there are two acronyms that fit WPCC. There's the wp, what is it, community credits or something like that. And then there's the WP Community Collective. I can't remember this. I thought you were talking about Wimbledon.

[00:59:47] Tim Nash: Cri Wimble Wimbledon's Public Cricket Club. That, well, there's three now apparently. but that one doesn't often feature on this show, sadly. but it should. Sorry. It was wi, it's Wimbledon and Putney Commons was the, it's along with the Wil parent care accounts. Honestly, it's been too long since we talked about that on this podcast, but here we are.

[01:00:11] Nathan Wrigley: WPCC in this case means the WP Community Collective. last week we reported that, one of the founder members and board members, had stood down. that was Katie Adams Farrell, as you can see, if you can see the screen. quick off the news, the position has been filled, if you like.

There's, a couple of people that have stepped up. But Chris Reynolds is probably the most notable one to mention. He has stepped in as the interim, president. The other one is, John o Alderson. And, yeah, so they're both gonna be acting as part of the WPCC, endeavor. I know Courtney's joining us in the comments.

She probably has a lot more, sense to say about this because she is one of the founders as well. and yeah, the endeavor of this project is to, is grow the community in a fair. Equitable, transparent way. And, I feel I've had a few chats with, Chris Reynolds.

I don't know that I've ever spoken to John o Alderson, but my, the only experience that I've had with John O was watching him speak, a WordPress event. And boy, he is a force of nature, isn't he? He's really quite something like he was able to speak on the subject of SEO and it was really, it's powerful watching him.

So we'll have to see. We'll have to wait and see. Tim's having a bit of a giggle there. I just like the idea that he, yes, Johno is a force of nature. We should leave it. Yeah. Okay. Okay. No, just because out outta context, that sounds amazing. I think Johno. Appreciate that as a statement as well.

Yeah. So Chris has got a sort of fairly muted, like fairly political way of EE of e explaining what he wants to do as part of his presidency. But, John o is a little bit more forthright. He says WordPress. So this gives you some idea of maybe where Jo Jono wants to take it. WordPress runs on contribution, but too often the people in organizations doing the work are expected to absorb the cost.

Alderson said, quoting him again, the WPCC is creating real structure around sustainability, accountability, and contribute to wellbeing. I'm proud to be joining the board and helping to push WordPress towards a healthier, more equitable future. This is on the repository, email blog, so you can go and check it out over there.

anything from you three, excuse me, about that. Not about that, but can we just take a moment to, you can't see this on the podcast, but the amazing picture that the repository found of Chris, which is not, you can't even see his face. He's just, which one is it? Is this him here? Yeah, maybe he, maybe he hoos the camera.

He looks elsewhere. It's not possible to find pictures of him because whenever the camera comes out, he disappears into a corner. It looks like, like one of those pictures that would be taken, you'd see on the front page of a newspaper, I feel like. Yes, that's right. It captured it really well with a black and white.

[01:03:17] Tim Nash: it made me smile. It's yep. that's the person. let's see what Reese says. John Johno is a little bit more forthright is the understatement of the century. Okay. I meant in that article in particular, 'cause Chris said something and then Johno said something and Johno little, oh, no.

[01:03:35] Nathan Wrigley: In life. Jono. Oh yeah. tacho says it's like Jono Fest. Jono is absolutely bloody brilliant. Says Tacho. Okay, that's it. Ideal. da. And then I've got some commentary here about subscribing to my newsletter. dah. I don't know. I'll it send me an email and I'll figure it out. It's [email protected].

He was talking about the Tavern, not you. Oh, is he Tavern? Yeah. I have no control over that, but send me an email anyway at that email address and I'll get it looked at by the team that run the, the tavern website. Okay. Thank you very much. Anyway, there we go. Courtney saying Welcome to both Chris and Jono joining the WPCC.

oh. Maybe it's one of Zach's. Zach. Zach, if you've ever met Zach's like a total pro photographer. He takes photographs of bands, mainly metal bands for, I think it's a side gig. It's not like exactly what he does. He obviously works in the tech space. but side gig. So maybe that, is that one of yours?

Zach, did you actually take that picture? That's interesting. Right? Okay. There we go. That's that piece, right? Let's move on. I'm not, unfortunately, I never gave this enough time to really pause what was going on here. I read it ever so briefly, thought I'd understood it, and now that it's in front of me, I'm not sure that I did.

So I'll just. Say what I think is going on here, and then I'll let either the hive mind of the comments, or you three panelists tell me that I've got it wrong. Matt Mullenweg took to the make wordpress.org slack this week. Is that right? Yeah, it's 18th of February. and said, I've heard that w so WordCamp Asia, Europe, and, US have separate Slack groups.

but it would be better to have everybody in the main org group. And then he says, let's move everything over. He says, I think this was done because there was too much friction in making new channels. Totally fine to create public channels for big events and private ones for planning, et cetera. Let's deputize a dozen people to be able to spin up channels or admin them.

And so I don't know if this is a thing which is now done or happening or what the need was, but there was a few comments that came in saying it's quite handy to have those things separated in it. For example, at Word Camp Europe, they like to keep it secret where the, where the next word Camp Europe is.

That's part of the whole thing. you show up and then the final day you get to find out with the expensively made video where it's going next time. And obviously if everything was in a public channel, that might not be the case. So I'm not entirely sure what the, What the reasoning behind this is or whether it'll happen.

But the other thing which is interesting here, certainly from my point of view, it says here, I'm very open to water cooler or more socials, channels on Slack as well. We should have some fun there as we work together. So it's not just, his endeavor here is not just to have WordPress, code and events, but have other silly things like a dog's channel.

I mean it literally, this is what's on the page. A dog channel, a cat channel, a games channel, a self-promotional channel and a Today I learned channel. Now obviously if you listen to this podcast, I just like messing about so that, that's music to my ears. Let's have as many, let's have a hamster channel.

Let's begin there, shall we? So anyway, I dunno if this is big news to you. If it's of no interest whatsoever, I'll just leave it. If you want to talk about it, we will. If not, I'll just move on past the eating grapes. That's a big fat No, nobody wants to talk about that. Okay. Did any comments come in? I, the only thing I have to say is yeah, I agree.

[01:07:29] Marc Benzakein: We need to slack better. I'm not gonna say anything beyond that. So the headline is correct because there's a lot of clutter in Slack and all the social, chat, platforms. So I would like for there to be something somewhat centralized, but I'm not sure how it should be done. yeah.

[01:07:53] Nathan Wrigley: but just interesting. I didn't, I suppose it, it req, I just dunno what the thought process is behind it in terms of whether it's needed or not. but it's been mooted you can go and join in the comments that there are quite, I mean there's not lots and lots of comments, but there's quite a few comments.

[01:08:11] Onar Alili: I'll be curious to know what they talk about in cats and dogs. Yeah. Yeah. It's just cat videos. Cat videos, dog videos. Just dogs videos. Yeah, that's a cat's cat. Channels exclusively. Gotta be more than that for the dog channels. Exclusively cat for cats, by the way. somebody's ears were getting hot. somebody was, could hear us over the internet.

[01:08:35] Nathan Wrigley: Remus has joined in. yeah, I agree. Re because I think that Matt would hands down, beat you in the re Yeah, I was gonna say, what's the underlying, what's, what are you trying to say there, Remus? What you think you're implying something, aren't You Okay. What if, what if? I'm not even gonna say it.

It's So what if Matt was allowed a small rounders bat or something like that to offset the, you go into the violence battle. That was the suggestion. Done violence. It's so funny though. I'm absolutely loving, I'm loving the room because it's even bothered to comment though. That's absolutely brilliant.

so anyway, we'll see, if that happens. But I appreciate it. I'm surprised he didn't put the word fine in quotes while he was at it. Yeah, that's right. Okay. Let's see if Matt Cromwell drops in and, and offers it. Offers it off. Okay. Right. Let's get into some sort of security stuff. There's a few bits and pieces here.

it's totally outta my pay grade this, but I did think this was interesting. So this is talking about AI and security all in one go. So somebody that I followed on social media for a little while, this is on Mastodon, Kevin Beaumont. He says, today in InfoSec job security news, I was looking into an obvious vulnerability, introduced into a major web framework today, and it was committed by username Claude on GitHub, vibe coded basically.

So I started looking through Claude Commits on GitHub. There's over 2 million of them, and it's about 5% of all open source code this month. As I looked through the code, I saw the same class of vulnerabilities. Being introduced over and over again, several a minute. Honestly, I don't think we need to talk about that, but I just thought that was an interesting thing to raise.

just what is the future we're painting for ourselves? if stuff like that is true. Breaking news. AI was trained on bad data, bad input, and bad data. Oh, increases vulnerabilities. I'm shocked. No kidding. No kidding. Should we go to the other interesting one that I found? Where was that?

Was it this one? No. let me try. Oh no, we'll come to that at the end. Where's it gone? Where's it gone? Where's it gone? I think that one you were just on the open. A the AP AI has a, a. Open source has an AI slot problem. That was not the one I was thinking of, but that is interesting. No, I've forgotten what the context of it was.

Maybe it was that one. No, I can't remember. But there was one which sort of jived perfectly with this one. Yeah. Anyway, we'll come back to those in a minute, but I just thought that was interesting. we're painting ourselves into a future where the robots are now. Oh no. It was the one about the robot.

[01:11:29] Marc Benzakein: Are you talking about the Sean? The Sean Hooper one? Yeah, that's right. Which one was that? Where, let me see if I can find it. It's when Rob, when the robots fight back. Yeah. Let me find it. You're right, you've got the, you've got the measure of it. That's the one. I'm just, while you are looking for that.

[01:11:44] Tim Nash: Well, of the things that's interesting about that is that these commits are being actually submitted and are being submitted and signed by Claude. So this is hello, I, we are not even, we are not even pretending that there's someone looking over this and have manually been putting this in. This is, and this is just, this is, the AI has submitted this, is signed and through, and there's part of me that's really pleased.

That's ha that's happening because right now it's really difficult if you get a piece of code in front of you and you are like, who or what coded this? so it would be nice to actually see more ai. Code being, properly, offered by having, showing who's actually doing the authorship. Okay. And what the position of the human was inside that.

So actually I think we absolutely know we are, there's not five, 5%. It's gonna be masses more. It's clearly five 5% of vote isn't. That's a, not the real figure. It's gonna be significantly more. We in the space of just 12 months. The development space has completely changed. If I'm not, I reckon there's significantly more than 5% has been of just the WordPress co core code has been committed.

There's gonna be way more than that generated by AI in the last commit set of commits for WordPress seven. If you've the real time collaborate, if we took one of those features, the real time collaboration part, and just looked at how much of that was AI coded, I suspect that is going to be quite high.

It's not gonna be five, it's not gonna be 10. It's not even, might be even in 2030s, 40%, but you don't know that. No, because we have no easy way at the moment of verifying other than looking at it and going, God, that's AI slop. I'm not saying the real time stuff is AI slop, by the way. That was probably a bit of, but that there is a, but it gives you an example.

We, at the moment, we don't know, so it would be good to have some sort of ownership and some custody chain, right? So we can actually see what's generated that. Okay, so you are saying that having some heuristics as to that portion was definitely humans and that portion wasn't having some reliable data on that and people not lie.

[01:14:09] Nathan Wrigley: That's interesting. By the way, I never get to say the word breaking on this podcast, but I'm gonna say. Breaking because look, here it is, it's official. Pat Cromwell, as in I, I would also the remic his reply of, his last reply explaining that, the dude has been doing TaeKwonDo for eight years and kickboxing for free.

[01:14:37] Tim Nash: And I'm gonna emphasize again, in a rap. Okay. Okay. Where's the comment about TaeKwonDo? Oh, yeah. Okay. So just, I'm not trying to, I'm really not, but it just, it's funny, right? It's quite funny. so Matt Cromwell says, my bet's on the little guy. In that match. And then Mkas comes back with mine are absolutely on the big dude who's been doing EK for eight years and kickboxing for three.

[01:15:07] Nathan Wrigley: Okay. I think at this point, I think the other thing that we have to keep in mind here is Matt really is a lover, not a fighter. Okay. Yeah. Yeah. So there's, that's it. There's that too. So that's, if I, if I use that as the title of this episode, it's gonna be misconstrued. if I use Matt's really a lover not to fight.

I don't think anybody's gonna pick up that it was, but it's true. But Matt, Matt would just go and give Mku a big hug and that would be the end of it. Okay. Tao can I just say thank you. Tao's now divorced us from all responsibilities. He's decided to take on organizing it. That's great.

We wash our hands of the whole thing. It was a terrible idea. But you, yeah. You rub. Can I still submit a session? Yes, of course you can. You do it. Let's, let's get them in a, let's get them in a ring. This is hysterical. I love this. and then Matt, finally rap battle. Okay. Rap battle. It is to go with the music majors and native English speakers.

Okay. I dare you to use that title. Just some episodes are easier than others, let's put it that way. I have to keep up with the comments as well as trying to make sense of everything that's coming in. Okay. Elliot Richman's joining us. Hi Elliot. Loving your blog by the way's, very calming, recommits via ai.

This is a very good reason for AI governance. ASAP. How would that be done? Who would govern ai? You'd have to have some sort of UN for ai, wouldn't you? Because it's cross border. you has a bunch of laws around. AI safety and governance. But I don't know how that going. yeah, the EU has a bunch of proposals for laws around it, right?

[01:16:54] Tim Nash: Not, but I'm not sure they actually implemented it or not, but they jumped on that train very quickly. We all know that governments are excellent to, at, understanding technology usage. Oh, yeah. I've been kept talking. what Tim say about, you using AI code comments. I know that people in some companies, I, some I have some friends in, Shopify, I think they're also publicly disclose that they use a lot of AI comments.

[01:17:25] Onar Alili: But there's always human in the loop that, reviews all this, pull requests by, AI models. And so you wanna make sure that, all the codes are aligned with your. The standards, your internal standards, and also there is no vulnerabilities and stuff. Yeah. I, yeah, I think if you just let AI to do pull requests and submit the code, then there will be a lot of problems.

[01:17:56] Nathan Wrigley: sorry. I, yeah, go ahead. Yeah, go ahead. I didn't mean to interrupt. Sorry. but you said something which led to the article, which I was trying to find, which, you got quite right, mark. It was the one, and I've actually now, oh, for goodness sake, I've now lost it. There we go. It was the Sean Hooper one.

This came up this week. So Sean Hooper, posted a piece called When the Robots Fight Back. And I'll just read it 'cause it's so short, but it's so interesting. It says, today I saw something I'd never seen before. A bot taking revenge on a human Matt's plot. Lib is a popular open source python code library used to make visualizations.

Yesterday a contributor named Crabby Rathburn submitted a bug fix. The pull request was closed by Scott Shambo stating the project's rules that ban AI submissions. Usually this would be the end of things, but no, this bot, which runs the Open Claw AI instead decided, you can't make this up, decided to create a blog post calling Scott out.

Which it later retracted in my favorite part of this interaction. The bot tells Scott, judge the code, not the coder. Your prejudice is hurting Matt. Plot lib. what I mean, what's happened to us? here we are talking about Matt Cromwell and Remus having a fight. it's completely hijacked our minds.

it's all AI for, seriously though, getting back to that piece. That isn't that just nuts? Doesn't that isn't every bit of your sin you going where, how have we got to this point where a robot can in effect get the hump and then go off? And obviously it's doing what humans do, right?

This is the sort of churlish petty behavior that humans exhibit and the AI has gone, oh, what would a human do? Oh yeah, let's do the Shirley Petty, petty thing. And so that's what it's done. So anyway, I just thought that was really interesting and thanks Mark for re rediscovering it. J just as an aside, I've just put a link in the, guest chat, which probably you've already linked to in past episodes.

[01:20:06] Tim Nash: but if we're gonna have, if we're gonna have AI fight reus, so at least we've now got the option. Okay, let me try it. Sh is this, can I put this on the screen? Is it safe? Yeah, it's safe, right? Hold on. Okay, we're roll. We're all having a giggle. Are we okay? Here it comes. Oh, no I haven't fe this is insane.

[01:20:27] Nathan Wrigley: I haven't featured this. I actually saw this the other day. Should we give the viewers a few seconds of this? 'cause it is cool. China's dancing robots. How worried should we be? okay, imagine and, check it out. I'll just zoom in a bit. what the heck? Doesn't that make you, obviously they're doing some sort of pre-programmed repertoire, but Yeah.

what are you advocating putting these in the ring with Remus? Is that why this is on screen? No, I'm just suggesting that if you are gonna, if we, you seem to be very keyed on this idea that Paul Remus is gonna be put into a cage ring. Yeah. Yeah. and that then you mentioned that ai, I was like, well, if we're gonna put AI against him, yeah.

They're coming for us sometimes to be fair, I think he could whip one finger go like that and it would fall over and just be sitting there. That's right. Yeah. To, so it would be hilarious to watch. Don't you think though, that in a couple of years time, it's entirely possible that we'll be looking back and the la the fun will not be like that anymore.

It'll be okay now they really can observe the finger coming towards us. You know them. They'll just snap that finger right off, because I think it's the, it's when you put the guns on them that you need to start. We'll, we'll skip over that and go with the jury. Yeah, I was gonna say, we don't need more violence in this particular episode.

We can all agree. no guns for the robots. Thank you very much. Right. I had a couple of pieces, which I'm not gonna have time to get to. so let's see where we get to now. Oh, this is another piece that came from Matt. if you're in the Polyglots, ecosystem, in the WordPress space, this might be worth looking at.

It is AI related, again, as everything seems to be. And it's about using, AI to achieve the things which, traditionally the Polyglots team has used. there's an awful. Lot of, well, not a lot, but there's a few very incisive comments which come up. But, Matt is basically asking the question, what can we do with AI to make the whole polyglots thing the translation?

much more straightforward. And so if you're into that, go check it out. Right? Let's have a little look. I've got one product that I thought I'd mentioned this week called Review Bird, not come across this before. it's for those of you that are, using WooCommerce stores and, I don't have a WooCommerce store and I don't take product review, so I don't know how essential this kind of plugin would be, but if you are and you want to corral your product reviews, go and check out review bird.com.

It allows you to manage all of that in one place. And given whenever I go online and shop for things, I do look at reviews. It's probably is quite an important part of such a website right now that we're, freaked ourselves out. Let's go to this one to calm us all down, shall we? This is CloudFlare, their annual.

That's not true. I think it's quarterly report. Yeah. There you go. 2025 Q4 DDS threat report. it's a, the title is guaranteed to, offer you sleep, but however it says a record setting 31.4 terabits per second attack caps a year of impressive D-D-S-D-D-O-S assaults. What didn't you know already from that?

But check it out. Some of these numbers are absolutely ridiculous. If you work for CloudFlare, God bless you. I dunno how you guys managed what you are doing. But here we go. the fourth quarter of 2025 was characterized by an unprecedented bombardment launched by the, whatever the heck that is. Arru Kim Wolf botnet do They're famous, botnet networks.

Oh, thank you. They have they have like over 200 las check, 250 million. Compromised devices they're handling. Yeah. This was the thing that I was saying earlier about the Google tv, the TV dongles and things like that. Yep, Apparently a lot of them are this whole thing. Yeah. the campaign targeted CloudFlare customers as well as clouds, as well as Cloudflare's dashboard.

Now, I dunno if it's you, but I did notice CloudFlare at the end of last year going down a few times, like in, in a way that I'd never, ever seen CloudFlare go down before. Maybe this explains it. the hyper volumetric H-T-T-P-D-D-O-S attacks exceeded, just listen to this number and try to imagine it for a minute.

Rates of 200 million requests per. Second, what, just weeks. That was just weeks after a record breaking 31.4 terabits per second attack. and then, there's a bunch of charts, which show fairly conclusively that 2023 was lower than 2024. 2024 in turn was significantly lower than 2025.

This graph looks logarithmic, by the way, which means that by the year like 2029, it's gonna be infinite. There'll be nothing else on the internet apart from DDS attacks. It's just gonna go, oh, Tim's yeah. Is that plausible? yeah. oh no, oh no, I probably can answer this much more clearly than I can, but yeah, I, we are already at the age where we've pretty much now.

[01:25:54] Tim Nash: Human traffic on the internet that needs to be specified separate to the web is such that we are now the minority. and it will not be that much longer before the web. We are the minority at which point Yeah, you are talking about automated systems. Talking to automated systems.

I think these numbers are really interesting for perhaps a completely different reason. And that's just how dominant CloudFlare has become. It's starting to worry me actually how dominant CloudFlare is. Dunno, as it happened, I think the times that they were down, the big ones that got in the news each time was due to confi com.

Literally, conflict errors. Yeah. Yeah. Rather than actual, I don't think they've gone down from a compromise, but, yeah. They are just how dominant they've become and how important they are to infrastructure and, whether that's a good thing, whether that's a bad thing. they are reaching that point where you've got to think about them and you are now in this position where.

You might as well. You, they've reached that tipping point where up until recently there was like, well, there's a little part where you, but you don't necessarily need to want to use CloudFlare because you can use your own. But now if CloudFlare is down, so much of the Internet's down that so many of the resources that you rely on for your own website, it's probably down that your website's probably down anyway.

[01:27:20] Nathan Wrigley: Right? Right. So you might as well use them. The curious thing about that was not Mystic. Yeah. But the curious thing about the CloudFlare thing is a lot of the other platforms, when they started to gain dominance, I'll use Facebook as an example, wrapped around that was a growing sense of wow, Facebook's there's a lot of wrong going on there.

There's a, but I don't have that with CloudFlare. I don't get a sense of there's a lot of wrong going on there. It's just. They're getting bigger and bigger, and so their failure is just bad. I personally haven't read an offer. I've got no intuitions about them being a, and I'm doing air quotes, a bad company doing unethical things.

Perhaps they are, but I don't have that intuition. They're a corporation at that scale. There's always gonna be some bad, you can't be a corporation that size and not. Upset some person. I have a solution. Tim, what we need to do is put the, is put CloudFlare in a ring with Remus. It would lose now that I think Remus can subscribe to, he's on Team CloudFlare I think may, maybe they just shake hands and that would be the end of it.

okay. Anyway, that is really sanguine stuff, the numbers and the sort of the future that we're painting ourselves into the corner of, interesting. Right. So more security stuff. very quickly CSS got hacked. How is this possible? Go and read the article. It's on medium. It's interesting.

It's complicated and interesting, and it's the way that the Chrome browser, pauses. It's not c you don't have to actually worry about writing CSS apart from in some really curious cases. But, I've never seen a vulnerability involving CSS before. It's just as well, we have lots of different browsers and we're not all based on chromium based systems, isn't it?

well, I know you are still, so you still using Firefox over there? yes. Except for when doing broadcast to you and my Yeah, that's right. Because these, platforms won't allow it. Yeah. There's you and your seven other mates still using I'd love, I love, I really want Mozilla to succeed.

I listened to a podcast episode with the now new CEO of Mozilla, and he was trying to paint a positive spin on their new AI initiatives. And I've gotta say it didn't wash too well with me. I got the bad feels from it. It was like, like greenwashing, what is a necessary but horrible. Awkward evil that they're having to deal with are, yeah.

You in agreement, Tim? A little bit. Oh yeah, absolutely. Great. Yeah. I think they release new feature to disable all the AI features. Yes. Well, at least that's a thing, right? You can go in there and switch 'em all off, but ne necessarily, they've, they're gonna be enabling them by default. But also I just want a browser clear of all that really.

I want the browsers to just browse the internet based upon where I click and nothing more. Obviously there are, the nice thing is that there are just like, there are different chromium browsers, there are different Firefox variants out there. people are working on Why Good one? Libra Wolf. That's very good one.

[01:30:36] Onar Alili: If anyone who's interested in privacy, Libra Wolf, what did you, what was that one called? It's called Libra Wolf. Oh, okay. As in Libra office? Libra, free Libra, yeah. Yeah. Perhaps from there. Yeah. Libra Wall. Okay. It's a fire variation. Yep. I downloaded one not that long ago, which I didn't actually use.

[01:30:57] Nathan Wrigley: 'cause it, there was significant things in the ui, which I didn't really like, but it was curious because it was a Firefox clone, but it was also trying to enable Chrome and the Firefox apps, extension ecosystem. Was that Water Fox? it, what? I don't think it was. they're certainly, they no AI pushing heavily one.

Okay. But it was just the idea that there were a few Chrome extensions that I'm really familiar with and I would love to be able to use. And there's no equivalent Firefox one really. but this browser I thought might be able to do both, but it didn't manage it. There was, Firefox will install nearly all Chrome extensions.

Okay. Yeah, they're completely aside if you, 'cause they do share a commonality for their APIs. Okay. Okay. so some comments coming in about that. the entire Firefox community, oh, that's left. He's there. Look, there, there is the Firefox, there's the UK Firefox community. I do not worry. I am indeed enough in arms.

Yeah, he is up in arms about that. I used to be on their sumo team. There's no connection between the CEO and those marketing, the product. Oh, okay. right. Okay. I think. very quickly, we'll just go through these. I know time is short and I don't wanna hold the, guests, to stay for any length of time longer than we said we would.

if you are using Managed wp, owned by GoDaddy, they have now forged a relationship with Patch Stack. I'll just mention that. You can go and read about that yourself. The, I dunno if this is the final round, but if you're going to go to WordCamp Asia or have intuitions that you might like to go to, WordCamp Asia, the fifth round of speakers has been announced.

And then, we had the dancing robots already, da dah. I'm just gonna drop this one and say, make of this what you will this, just look at that for a minute and pause it. Just take in what you're seeing and then. Tell me that if you needed proof of the existence of God or something like that, this might be it.

this is a fossil like nature made that, and it was found by somebody on a beach in, and believe it or not, they found it on the island called Holy, holy Island, in Linda's farm. And that's so obviously somebody's mouth, the human did that. There's no doubt about it. All the aliens left it there.

That's probably what happened. 'cause look, it's got like the gums, pink gum, bits, and then the teeth and then the, anyway, apparently not, apparently it's a fossil. It's on the BBC website. Smiling Fossil discovered on Holy Island. Drawn by teenager two weeks before with crayon. It doesn't actually say that. I like the idea.

Okay. There we go. That's it. We've run outta time. We've actually overshot the amount of time that we should be doing this show. Thank you, to you for joining in the comments. we await the obvious wrestling match between Matt and Mku. That'll be interesting to see. Maybe we'll bring that to you. Rap battle.

The rap battle. That's right. Yeah. no. No violence. No violence. the no violence rap mod wrestling match. That's what I heard. How about a break dance competition instead? A what? Oh, a break dance. A break dance competition. Yeah. Okay. Yeah. to be honest with you, what sat what would satisfy me right at this moment?

'cause I've been watching so much of it, is if they both just had a go at curling. Oh, there you go. Do the bit of curling and see who's the, who's, the, I like the idea of the, I feel this, that still very much, leans more towards remic than it does Matt. Yeah. Yeah. Okay. We keep present.

Yeah. Okay. Well, how about the, my surname is Cromwell. Matt can hire that Australian, one person who competed in the last Olympics. Yeah. You remember her? He could hire her. Yeah. I've watched that to do the curling, because that would be,

could do all the moves and then finally release. I accidentally caught sight of that Australian lady doing the whatever that event is. Is it like street dance or something like that? It's broken dancing is what it was. Broken. Yeah. But anyway, not break dancing. Broken, it was on, there was obviously a news article.

It was on in a shop that I was in the other day and I watched it and it really, even though I know nothing about that event, I have no chops about what's credible and what's not. I was watching it like, oh, it's so weird. It's so, bad. Anyway, there we go. Thanks to our team, Patricia says, appreciate it.

We'll be back this time next week. I hope. should be back this time next week, but, thank you. I'm just gonna go round the houses and say thank you to Tim Nash. Hello. There he is. Thank you to Mark Zaca. It's still like crazy o'clock in the morning over there. Appreciate that. Yeah. And also to on, thank you so much for joining.

Leon. You'll come back and join us on a less weird episode. They're always weird. They're always weird. They're not this weird. Don't call for it. Every single episode is weird. Okay. Alright. Okay. I probably should write. I love it though. This is what makes this fun, right? It's weird, so it's, oh, absolutely.

Yeah. I agree. And, we'll be back this time next week, so if the three of you wanna stick around, and have a little bit of a natural after this, I would welcome that. But, we will see you next week. Thanks for joining us in the comments. Appreciate it. Bye-bye. Bye-bye.