I don't think that's true.

I think this is useful unless your threat model doesn't contain supply chain attacks by non-Google actors (which would be a pretty absurd position to take, there are plenty of malicious actors out there, Google aren't the only one!)

It clearly helps to mitigate against some threats, and so makes sense as a mitigation in your threat model.

I agree that you may still want a mitigation against Google acting maliciously, but that doesn't make this pointless.

I know very little about blu ray, and definitely don't have the home cinema setup to make the most of them, but I'm interested nonetheless: what can the current consoles not do that a dedicated, fully-featured player can?

This is the first I'd heard about them being limited.

This is my biggest issue, it's such a bare-faced lie!

It's completely insane for the browser to need to trust the client. Instead, you implement zero-trust, and require authentication and authorization for anything sensitive.

The server absolutely shouldn't trust the client isn't malicious, instead it should assume it is malicious until proven otherwise

What are the "display" variants of the new fonts in that article? In the examples, they're the ones with a * appended. They look much narrower to me (which I like).

I'm not at my PC right now, so it may just be that there's an "Aptos Display" font or something 😅