HTTPS ensures the data isn't tampered during transport, but it doesn't ensure the integrity of the data itself. That's why there's things like Subresource Integrity (which doesn't apply to top-level resources like HTML).
However, there's no way to ensure the files we download are created by who they say they are. A domain for example can change hands and existing links say on HN can be loaded with unexpected, potentially malicious, content. Same for hacked servers.
IMO we need some form standard page signing to enforce actual integrity of information, not just transport. I made a proof-of-concept Web Extension to show how that might be possible using PGP [1]. Of course PGP has its own issues but it's just an experiment.
It's just a vectorised image of Yukimura from Samurai Warriors[1]. This image to be specific[2]. Don't think there was a designer, just a developer making a logo using a character they like (or maybe it was random image search). Pretty common in open source.
You can do this with GitHub Projects (the Trello-like interface). For my personal projects, I use GitHub Issues as a dumping ground for ideas, which automatically go into a "Triage" (inbox) column, which I go through and assign labels and priorities every week or month depending on the project.
The downside with GitHub projects is that you can't automate based on labels so the issues need to be organised into columns manually if you have more than the simple one board with To-Do/In-Progress/Done columns setup. Though search and filters slightly helps with that.
This is what happens all across the web, regardless of software. Raiding. IRC raids, forum raids, etc. Sometimes it's for fun, sometimes it's more malicious. Most software has ways to mitigate it. Temporarily closing new registrations, invite only registrations, throttling, IP bans, etc. Just like DDoS attacks, there is no true solution to this since that's how the public web and internet works.
I have a single major problem with all of their new layouts. They place content at extreme ends of the screen, completely stretched out like a rubber band with No Man's Land in the middle. In this case, the top half is stretched and the bottom half is centred. Completely inconsistent and tiring for your eyes darting around corners of the screen.
I don't know why they think it's good design, it would be nice to know. All of their previews for it squash the window so it looks perfect, like their mockups I assume. Similarly, I have to have a dedicated, half-width window just for GitHub to workaround this.
Since people are showing interest in GitHub Sponsors, I just wanted to mention: The types of services listed in the article likely falls under VAT in specific regions which can be a pain to calculate. That's one of the reasons I'm sticking with Patreon; they handle tax and chargebacks so the fee isn't a big deal. GitHub Sponsors explicitly says the tax is all on you. They don't mention chargebacks in their docs so it's hard to say, if they're processing the payment on their end, I'd guess they handle it.
The strange thing for me is, when I switched to custom first-party analytics, I stopped getting referrer spam altogether. I assume then that spammers explicitly optimise for GA tracking and ignore everything else. Which makes sense since a lot of them are targeting audiences that care about SEO and GA has a uniform tracking URL that they can flood without the cost of rendering webpages. The reason GA can't filter them out is because they're constantly working around each other.
My blog does this. Not because I want to hide it. Since RSS is a standard, I expect anyone wanting to add my blog to their RSS would just use the current URL and the reader will grab the alt meta tag. I have multiple feeds, one for each tag, so if a reader uses a blog post URL they'll be given a choice on what tag to subscribe to (or everything). Having separate RSS links on the page for this would add clutter.
Before, Firefox used to show the RSS icon but they killed it. It really should be a browser-level thing, it's no different from favicons, rather than requiring users to hunt down a link somewhere on the page.
You can. Projects in VSCode are called "Workspaces".
Every time I install an extension, I first "Disable" it, which is global. Then I switch to the workspace that needs it and choose "Enable (Workspace)". That way you only have the extensions you need per project.
You can still use the desktop site by using the 'Request Desktop Site' on your phone's browser (at least on most browsers). If you're logged in to GitHub, you can enable 'Opt out of mobile pages' in your account settings, though it sounds like you want to use both.
Their blog is hosted on Wordpress.com which seems to be using Let's Encrypt to generate one certificate for multiple different, unrelated custom domain names.
Maybe you encountered a bug where it served the wrong cert for a different batch of custom domains.
To assume certain conditions that are not explicitly laid out without even talking to the person providing you the service is literally entitlement. It seems like you've made assumptions that turned out wrong. I've fallen for it too in the past. Not everyone thinks the same thing so people's assumptions are always different. The key thing is, when your assumptions don't turn out true, to learn from it.
In the case of open source, it's worth asking the maintainer what the terms are if you're unsure. The LICENSE always says that authors and contributors are not liable for any outcome, either as an ALL CAPS paragraph or a clearly defined section.
Everything is provided as-is so you can't expect anything. It's on you to pick up after them if you still need the project.
That's pretty much the case for any remote content. Proxy and rewrite the response. But that added step is usually enough, especially for something as complicated as a Browser MMO.
Also, web servers should have rate limits set which would make proxying less viable, even for IP ranges.
You are still supporting Discord by using it and Discord still needs non-paying members. Without those members, Discord won't be as popular and the paying members wouldn't stick around.
By all means, you are still providing value to the service and they need you as much as their paying customers. However, a lot of companies lose sight of this logic once they go big.
However, there's no way to ensure the files we download are created by who they say they are. A domain for example can change hands and existing links say on HN can be loaded with unexpected, potentially malicious, content. Same for hacked servers.
IMO we need some form standard page signing to enforce actual integrity of information, not just transport. I made a proof-of-concept Web Extension to show how that might be possible using PGP [1]. Of course PGP has its own issues but it's just an experiment.
[1] https://webverify.jahed.dev/