bfarber

You may be able to install a CKEditor plugin to allow embedding of remote videos. Additionally, some services support embedding of videos (think youtube, vimeo, etc.).
For randomly linked videos, we wouldn't just automatically embed it.

Ok, well allowing videos where we currently allow images is secondary to supporting webp. We're talking about two different things at that point - not that it's a bad suggestion or anything, but I was focusing first on where you wanted to see webp support implemented so we can break this down into workable chunks. 🙂 

We already output videos inline if the browser/device supports the format. Thus if you upload an MP4 and your browser can play that MP4 (dependent on codecs, etc.) it should embed.
Transcoding video formats and doing things like converting animated gifs to MP4s is a bit of a different ballgame from adding webp support.

It is recommended to output webp files in a <picture> tag instead of an <img> tag, which supports specifying multiple versions. That's something we'd have to take into account.
Also, ios14 added support apparently: https://css-tricks.com/webp-image-support-coming-to-ios-14/
I found that we have an open internal suggestion discussing this already so I've updated it. Thanks!

What things are you looking for support for specifically? Are you just meaning to display webp images as images, instead of attachments?
Obviously this is something we can look into too, but if you have a list of areas/problems specifically it might be a good starting point.
(For the record, recent releases of GD do support webp, as does ImageMagick, so server-side technology is not a hindrance)

I've take a look at the backend code and have submitted a bug report to get this looked at for an upcoming release. Thanks!

I've logged an internal bug report to have these things checked on

We disable all customizations going from 4.4 -> 4.5 because they are generally not immediately compatible.
We do not automatically disable customizations normally during upgrades (i.e. they won't be disabled during point releases in 4.5).

No, but you may be able to set a session or global variable first if needed, or store data temporarily elsewhere.
{$_SESSION['tempvar']} {block="blockkey"}  

Yes, the toolbox is being phased out, somewhat. You may wish to consider using phpmyadmin or a similar dedicated tool for managing your database.

Yes, the toolbox is being phased out, somewhat. You may wish to consider using phpmyadmin or a similar dedicated tool for managing your database.

Yes, the toolbox is being phased out, somewhat. You may wish to consider using phpmyadmin or a similar dedicated tool for managing your database.

A hybrid approach works for many people. You use ads, but then you allow subscriptions which remove those ads.
(I'm not sure if you're doing that already or not)

We do not publicly disclose how spammers are identified because it would only give those who wish to circumvent the protections more information as to how to go about it.
We use information from many sources (Stop Forum Spam, SBL, etc.) as well as Invision Community installations that report back to the spam service to devise a score that represents the probability the user is a spammer. As with any system, there can be false positives. You can either work with the user to register their account (i.e. manually from the AdminCP to "pre-register" the account for them), or you can submit a ticket and we can take a look on our end and make a determination as to whether or not to remove the block against the user. Unfortunately, however, we can't really get into "how it works" outside of that.

Another feedback topic recently mentioned supporting SSL for the MySQL database server.
What if we did something like
/* Connect */ parent::real_connect( $sqlCredentials['host'], $sqlCredentials['username'], $sqlCredentials['password'], $sqlCredentials['database'], $sqlCredentials['port'], $sqlCredentials['socket'], $this->_getFlags() );  
and then the _getFlags() method returned nothing by default, but a plugin could add a hook to set other flags?

I do just want to note - you can use any service that supports SMTP delivery using the built in SMTP option. You don't necessarily need a specific API to send emails. 
(This post is not discounting the rest of the conversation, I just want to be sure anyone who comes across this realizes you can still use Sparkpost or whatever else via SMTP if you want)

I think that's a suitable solution yes.

Thanks for the feedback. I'll raise this internally for consideration. 🙂 

If you disable the share by email feature, then spammers will not be able to use that feature. I am unaware at this time of any other areas where an end user could send an arbitrary email through your site.

Another feedback topic recently mentioned supporting SSL for the MySQL database server.
What if we did something like
/* Connect */ parent::real_connect( $sqlCredentials['host'], $sqlCredentials['username'], $sqlCredentials['password'], $sqlCredentials['database'], $sqlCredentials['port'], $sqlCredentials['socket'], $this->_getFlags() );  
and then the _getFlags() method returned nothing by default, but a plugin could add a hook to set other flags?

Another feedback topic recently mentioned supporting SSL for the MySQL database server.
What if we did something like
/* Connect */ parent::real_connect( $sqlCredentials['host'], $sqlCredentials['username'], $sqlCredentials['password'], $sqlCredentials['database'], $sqlCredentials['port'], $sqlCredentials['socket'], $this->_getFlags() );  
and then the _getFlags() method returned nothing by default, but a plugin could add a hook to set other flags?

"their" in English is taken to mean "belonging to them". As we do not know the gender of the user, we can't say "his" (as in belonging to him) or "her" (belonging to her), so "their" is an acceptable gender-neutral solution.
But, as you use a translation that adjusts the verbiage anyways, I'm not sure why this matters.
 

Fair enough, I've raised it internally.

A hybrid approach works for many people. You use ads, but then you allow subscriptions which remove those ads.
(I'm not sure if you're doing that already or not)