Not at all, I continued writing a lot on Twitter and still love the product. I don’t like the way they’re handling this situation though, more in this vid from a few days ago: https://www.troyhunt.com/weekly-update-289/
Hey, thanks for pointing that out, that's the second time I've heard that recently. I think Ghoetery is getting a little over-excited and hiding the parent element containing Disqus which also contains the body of the post. I'm going to take a look at how to rejig the markup so that this doesn't happen in future.
It's harder to detect the framework when ASP.NET MVC is used. No view state in the source code, no .aspx extensions and the server response headers identifying IIS and ASP.NET can be removed. There's always HTTP server fingerprinting but you're moving on past the low-hanging fruit now.
What it shows is that the server is not configured to return a custom error page when an exception occurs. Beyond the obvious usability issue, this may be used by an attacker to identify sites that leak internal information. It's not a vulnerability per se, but it's a gateway to helping find them.
Because rightly or wrongly, there's evidence that it increases consumer confidence and results in more purchases / subscribers / customer love. It's an empty promise, but people buy it anyway.
If there was something worth protecting on a personal blog site, it might be a different story.
1 is very on-topic - there's no way that data should be sent in the clear.
HSTS is good, but unfortunately only partially supported. Agree on the secure cookie, but of course you need to drop the dependency on accessing it over HTTP before you do that.
Years and years of experience? Often not, and that's speaking from years and years of experience!
Vast sums of money? Yes, at least the outsourcing vendors who churn this sort of thing out.
Unfortunately you're the exception Mark so good on you for that. Well I mean unfortunate for the greater web using population, but very fortunate for you!