Giuseppe Mazzapica

https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform

"The agent mapped the attack surface and found the API documentation publicly exposed — over 200 endpoints, fully documented. Most required authentication. Twenty-two didn't.

One of those unprotected endpoints wrote user search […]

@futtta Yes that makes sense. I dis not know you wanted to change attributes, because you mentioned wp_kses_hair that is a read function. You could prevent this behavior via filtering wp_kses_uri_attributes, but then you would prevent filtering all URLs, not sure of that works for you

@futtta I just tested this code on WP 6.7.4 / PHP 8.4 and it worked:

```
$p = new WP_HTML_Tag_Processor($html);
$data = [];
while ($p->next_tag()) {
$tag = $p->get_tag();
$data[$tag] = [];
foreach ($p->get_attribute_names_with_prefix('') as $name) {
$data[$tag][$name] = $p->get_attribute($name) […]

How I infiltrated phishing panels targeting European banks and tracked down their operators Good phishers clearly aren't always good programmers.

Inti did it again ❤️ : https://inti.io/p/how-i-infiltrated-phishing-panels
#phishing #scam #hacking

@futtta this is weird, and never heard of it. This is the behavior of `esc_url()` in WordPress, maybe because it expects an URL in those attributes they pass the value to that function

@futtta I never measured performance, but kses functions are surely not know for being fast, but I would not expect custom regexes to be much faster, honestly. I don't know the requirements, but if the new PHP DOM API is usable, I would use that, or `WP_HTML_Tag_Processor` class could help, and […]

I recently had a PHP problem I was struggling with. Instead of using AI, I asked #mastodon.

I got a great answer and they kept helping as I continued to struggle.

In the end I learned and the community helped.

That’s the way it should be.

@emd Also answered your issue on GH

@emd if you really want to use `when`, then you need a custom callback:

```
when('glob')->alias(function (string $pattern, int $flags = 0): array|false {
return match ($pattern) {
"foo" => [__DIR__ . '/foo'],
"bar" => [__DIR__ . '/foobar'],
default => false
}
});
```

@emd This is complex using `when`, but you can use `expect` and that will work easily as you would use Mockery behind the scenes.

```
expect('glob')->once()->with('foo')->andReturn('bar')
->andAlsoExpectIt()->once()->with('bar')->andReturn('foobar')
```

If you want to support "optional" call […]

@emd First, if it's a class *method*, don't use Brain Monkey, but the Mockery directly.
Brain Monkey brings Mockery features to *functions*, for object methids you don't need it.

Anyway, the mock/stub is reset when you call `Monkey\tearDown()` at the end of every test case (in PHPUnit you do It […]

@dominik that one client has probably plugins using native PHP time/date functions instead of WP functions

@emd I used it for my testing library https://giuseppe-mazzapica.gitbook.io/brain-monkey/functions-testing-tools/functions-setup you could use it as well. It has WordPress-specific tooling that you don't need to load when testing PHP pass. The documentation is for PHPUnit, but i know people are […]

@emd look at Patchwork.

Probably mostly not my audience here, but I'm currently looking for a business-side/CEO cofounder for an encrypted radio startup. There are solid funding options, but while I can build the team to make the product happen, I'm not the person to navigate the money side of things. I'm looking for a […]

In fact, I am willing to offer up to five hours of my time — free — to any public sector team or nonprofit anywhere in the world that needs help figuring out what makes sense and how to respond to top down pressure telling you to implement AI.

And if they’ve already chosen something for you, I […]

Scientists have detected another possible Monday arriving as early as next week. If true, this will be the 9th Monday this year. They warn that there are a little over 3 days left to prepare.

Mondays can be bad. Hug those you love and help them through it. Spend these remaining days wisely.

I wanted the blue checkmark on LinkedIn. The one that says “this person is real.” In a sea of fake recruiters, bot accounts, and AI-generated headshots, it seemed like a smart thing to do.

So I tapped “verify.” I scanned my passport. I took a selfie. Three minutes later — done. Badge acquired […]

Another installment of the AI Hater's Guide to Code with LLMs https://aredridel.dinhe.net/2026/02/15/an-ai-haters-guide-to-code-with-llms-the-how-to/

This time, how to actually use the tools competently. Some theory and how they actually work, and some practical instruction.

Social distance on the internet.

1995: Wow, I'm talking with someone on the other side of the world!

2005: Wow, I'm talking with someone in my home town!

2025: Wow, I'm talking to a human being!

#SocialMedia #NoAI

"AI is built on the collective knowledge of humankind."

No. Nononononono. It is not built on _knowledge_, it it built on _data_. And not everyone's experiences are available as data, many communities are included. Also: "Collective" implies some sort of collaboration and shared activity. But […]

in 2017 a popular twitter game was to type a partial phrase then see what your phone auto-completes it with.

this proved so popular that it is now the only business model in the US.

The Italian tech holding company Bending Spoons, has developed a reputation for buying tech companies past their peak and aggressively cutting costs.
The firm acquired Evernote in 2022, followed by Meetup and WeTransfer in 2024, and AOL and Eventbrite in 2025.
Layoffs followed many of those […]

@kelson Probably had been easier/better/best practice to check for `did_action('wp_head')` instead of setting and then checking a global variable.

The biggest challenge with most of the AI discourse is untangling what people are actually observing from what they want to be the case.

4 frame comic. In the first frame, a portrait of Knut Hamsun. In the second, Hamsun is seen shaking hands with Goebbels. In the third, he looks at something Hitler is showing him. In the third, Machado presents Trump with her Nobel prize. Text reads : The last Nobel prize laureate to gift their medal to someone was The influential Norwegian writer Knut Hamsun*. Source : *the Nobel prize committee, the Nobel prize and the laureate are inseparable, JANUARY 16th 2026 he won the Nobel prize of Literature in 1920, and in 1943, decided to give it to Joseph Goebbels, the nazi head of propaganda. Days later, Hamsun was awarded a rare audience with Hitler, to complain about the German administrator of Norway and to plead for the release of Norwegian prisoners. nothing came out of it. sometimes, it feels like history is making fun of us.

History is making fun of us

"Software is no longer seen as an asset, as something to care for, to maybe even take pride in. It’s a throw-away product. Like a napkin. Just get one quick, wipe your mouth and throw it away. Like a novelty t-shirt."

(Original title: Software as Fast Fashion) […]

@bruces tabasco is possibly the only worthy US contribution to world food. Btw, tried this and other variations, the original is much, much Better