Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)
I honestly don’t even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) – it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.
Yep.
There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.
I’m not trying to sit in judgement of someone who’s writing free software but to me those are both negligent software design from an end-user privacy perspective.
Of note about this is that image links in comments aren’t rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.
I didn’t look at the image spam in detail, but if I’m remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.
It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let’s-track-who-requests-this-image-file images, to a more limited set of recipients.
Just my paranoid thoughts on the situation.
Not a map, but things I’ve seen on the roads in Boston:
Removed by mod
Surely all the people who wanted Nazis off Substack will also celebrate the ban on the Hamas flag
Oh wait, the Israeli government is very clearly promoting a violent ideology as well… we need to… outlaw the Israeli flag?
Oh wait
Hang on
Mozilla/5.0 (Android 10; Mobile; rv:121.0) Gecko/121.0 Firefox/121.0.
I just did a bunch of testing. The issue is that final version number, “Firefox/121.0”. Google returns very different versions of the page based on what browser you claim to be, and if you’re on mobile Firefox, it gives you different mobile versions depending on your version:
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/41.0' https://www.google.com/ | wc -c
2024-01-08 15:54:29 URL:https://www.google.com/ [1985] -> "-" [1]
1985
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/62.0' https://www.google.com/ | wc -c
2024-01-08 15:54:36 URL:https://www.google.com/ [211455] -> "-" [1]
211455
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/80.0' https://www.google.com/ | wc -c
2024-01-08 15:52:24 URL:https://www.google.com/ [15] -> "-" [1]
15
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/121.0' https://www.google.com/ | wc -c
2024-01-08 15:52:04 URL:https://www.google.com/ [15] -> "-" [1]
15
If you’re an early version of Firefox, it gives you a simple page. If you’re a later version of Firefox, it gives you a lot more complete version of the page. If you’re claiming to be a specific version of mobile Firefox, but the version you’re claiming (edit: oopsie doesn’t exist or even really make sense didn’t exist when they set this logic up or something), it gets confused and gives you nothing. You could argue that it should default to some sensible mobile version in this case, and they should definitely fix it, but it seems to me like it’s clearly not malicious.
Edit: Wait, I am wrong. I didn’t realize Firefox’s version numbers went up so high. It looks like the cutoff for where the blank pages start coming is at version 65, which is like 2012 era, so not real old at all. I still maintain that it’s probably accidental but it looks like it affects basically all modern mobile Firefoxes, yes.
What’s the user-agent? I’m curious now.
Is this still true? I just tested and it works for me on LibreWolf, both for google.com and google.com.br.
Honestly, Google doing this as a deliberate anti-Firefox measure seems so wildly stupid and counterproductive on their part that I’d assume it was some failure (serving a slightly different version of the page to Chrome as for other browsers, and the non-Chrome side breaks for some reason) before thinking it was malicious.
Yeah. To me it seems transparently obvious that at least some of the applications of AI will continue to change the world - maybe in a big way - after the bust that will inevitably happen to the AI-adjacent business side after the current boom. I agree with Doctorow on everything he’s saying about the business side, but that’s not the only side and it’s a little weird that he’s focusing exclusively on that aspect. But what the hell, he’s smart and I hadn’t seen this particular business-side perspective before.
I for-real forgot that new reddit existed. I’ve stopped posting there but still read “all” periodically, and “old.reddit.com” is so ingrained that I was a little confused when they started talking about a new look, since I haven’t noticed anything…
Hm, yeah, I would just start up a Mastodon page in parallel with the Meta page. Pick the right “home” server to join; that’s critically important for Mastodon in a way that it’s not for Meta. Put in charge of the page someone who’s genuinely excited about participating in Mastodon, and would be engaged with the gaming community there whether or not they were in charge of the page. I don’t think I would recommend spending anything on ad promotion of the Mastodon page, but like I say I’m not convinced of the utility of spending money on Meta promotion either. YMMV
Anyway like I say my level of knowledge about it is pretty minimal but I’m happy to talk more in depth on details of my experience also if you like.
I have some small amount of experience with this, but based on the little I know, here’s what I can say. First question is what is your goal? To get customers, or to create a community? Below is general advice but it’s hard to say just talking about it in the abstract.
If you want a community, I would probably advise to just treat it as one more channel, have separate pages in Meta / X / Fediverse / Pinterest or whatever as separate communities, since in a lot of cases there won’t be overlap between them. I wouldn’t recommend abandoning your existing Meta or X pages to set up a Fediverse page instead, although making a contingency plan for the slow motion demise of Meta as a platform for the long term seems like a good idea.
If you want to drive sales, then for me Google Ads always worked better than buying advertising on Meta or X or etc anyway. Have you measured conversion numbers from Meta? They make it easy to spend money definitely, but I always found the ROI in terms of pure paid sales to be pretty bad from them.
Individual privacy and security is national security.
The “nation” in anything resembling a democracy is made up of individual private people with their own motivations, and their own sometimes considerable power, whose security is protected even when it doesn’t line up with the interests of whoever happens to be in charge of the government. Those nations can become extremely powerful, much more so than “secure” states, because they have within them powerful people who give good faith to the systems of government that can organize and wield state power. It has to be that way. Any government that betrays that relationship will collapse into something akin to modern-day Russia. Certain policies might be bad for “individual privacy” in the short run, and good for “national security” in the short run, but there’s a reason why the nations of Nazi Germany or the USSR who prioritized state security so high above that of individuals, weren’t at all secure in practice. On an individual or a national level.
In the absolute middle of World War 2, when Britain was fighting literally for its life against the literal Nazis, and losing, the government had to deal with paying rent to the sometimes disagreeable landlords for their military intelligence offices, and they had to face angry questions from civilians in government about firebombing in German cities and how it was inhumane. They weren’t allowed to just get on with whatever they decided they wanted to do. There was no question about “well this is a government matter so I don’t care what you think, as a private person, and I don’t have to.” That’s not how a democracy works. Some people might disagree, but in my opinion that’s why the side that Britain was part of ultimately won the war: Because the British people knew their rights as individuals would be respected, and so they in turn felt comfortable giving wholehearted support back to the government when the government needed it.
Anyone who describes “national security” as a thing that has to be balanced against the rights of the people who in actual reality make up the nation, is probably talking about something more akin to “state security” in the USSR or Nazi sense. Not the security of the actual nation, but the safety and convenience of policymakers and their friends, sometimes specifically their safety from the nation (i.e. the people).
The point I’m trying to make is, you don’t even have to do that.
There are already laws against revenge porn and realistic child porn. You don’t have to “prevent” this stuff from happening. That is, as he accurately points out, more or less impossible. But, if it happens you can absolutely do an investigation, and if you can find out who did it, you can put them in jail. That to me sounds like a pretty good solution and I’m still waiting to hear what his issue is with it.
What the hell is this guy?
“Here’s a case where people made and shared fake nudes of real underage girls, doing harm to the girls”
“But what the hell, that’s kind of hard to stop. Oh also here’s this guy who went to prison for it because it’s already illegal.”
“Really the obvious solution everyone’s missing is: If you’re a girl in the world, just keep images of yourself off the internet”
“Problem solved. Right?”
I’m only slightly exaggerating.
Ah makes sense, I read only the title, my bad
Librewolf?
I’ve been using that for a while since I ditched Chrome, and anecdotally it seems like it hits a pretty good sweet spot of “privacy-protecting to such an extent that I notice little annoyances as I browse the web, but they’re all trivial and easily bearable, which probably means it’s doing quite a lot to try to protect me.”
If someone is looking for end to end encrypted communication, I agree, they are probably better suited by another protocol. SMTP is really good at what it’s designed to do.
I agree with this. I’ll pretty much leave it at that.
Everything Wordpress is heavily infested with that. However you don’t have to let it impact you – it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they’re wanting to offer a free version, so there’s a robust ecosystem of actually-FOSS tooling for it. My experience has been that it’s always worked pretty well in practice; you just have to keep your nope-I’m-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)