Pew pew pew

Everything Wordpress is heavily infested with that. However you don’t have to let it impact you – it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they’re wanting to offer a free version, so there’s a robust ecosystem of actually-FOSS tooling for it. My experience has been that it’s always worked pretty well in practice; you just have to keep your nope-I’m-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)

Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)

I honestly don’t even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) – it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.

Yep.

There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.

I’m not trying to sit in judgement of someone who’s writing free software but to me those are both negligent software design from an end-user privacy perspective.

Of note about this is that image links in comments aren’t rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.

I didn’t look at the image spam in detail, but if I’m remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.

It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let’s-track-who-requests-this-image-file images, to a more limited set of recipients.

Just my paranoid thoughts on the situation.

Yeah, that’s universally my expectation when dealing with these systems. I was already queuing up my complaining-fingers when I pasted the error message to it, expecting it to refer me to some unrelated and useless documentation and make it a little more difficult for me to talk with a human (who might, 50/50, know how to solve the problem). I was not in any capacity expecting it to ask relevant questions and use them to identify the problem, tailor the link it was sending me according to what I needed to download, and then give me the link and tell me how to use it. Astounding.

Not a map, but things I’ve seen on the roads in Boston:

• Left turn only from left lane, straight or left from 2nd lane, straight or left from 3rd lane
• Green light and perpendicular traffic coming to me on the cross street, also going, because they also have a green light
• Two lanes, surprise! Lane markers go away it’s one lane, not defined who yields, you guys can work it out

“You want my honest opinion? I don’t think there’s no solution.”

For some reason the way he said it hit me really hard.

Removed by mod

Surely all the people who wanted Nazis off Substack will also celebrate the ban on the Hamas flag

Oh wait, the Israeli government is very clearly promoting a violent ideology as well… we need to… outlaw the Israeli flag?

Oh wait

Hang on

Mozilla/5.0 (Android 10; Mobile; rv:121.0) Gecko/121.0 Firefox/121.0.

I just did a bunch of testing. The issue is that final version number, “Firefox/121.0”. Google returns very different versions of the page based on what browser you claim to be, and if you’re on mobile Firefox, it gives you different mobile versions depending on your version:

% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/41.0' https://www.google.com/ | wc -c
2024-01-08 15:54:29 URL:https://www.google.com/ [1985] -> "-" [1]
    1985
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/62.0' https://www.google.com/ | wc -c
2024-01-08 15:54:36 URL:https://www.google.com/ [211455] -> "-" [1]
  211455
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/80.0' https://www.google.com/ | wc -c
2024-01-08 15:52:24 URL:https://www.google.com/ [15] -> "-" [1]
      15
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/121.0' https://www.google.com/ | wc -c
2024-01-08 15:52:04 URL:https://www.google.com/ [15] -> "-" [1]
      15

If you’re an early version of Firefox, it gives you a simple page. If you’re a later version of Firefox, it gives you a lot more complete version of the page. If you’re claiming to be a specific version of mobile Firefox, but the version you’re claiming (edit: oopsie doesn’t exist or even really make sense didn’t exist when they set this logic up or something), it gets confused and gives you nothing. You could argue that it should default to some sensible mobile version in this case, and they should definitely fix it, but it seems to me like it’s clearly not malicious.

Edit: Wait, I am wrong. I didn’t realize Firefox’s version numbers went up so high. It looks like the cutoff for where the blank pages start coming is at version 65, which is like 2012 era, so not real old at all. I still maintain that it’s probably accidental but it looks like it affects basically all modern mobile Firefoxes, yes.

What’s the user-agent? I’m curious now.

Is this still true? I just tested and it works for me on LibreWolf, both for google.com and google.com.br.

Honestly, Google doing this as a deliberate anti-Firefox measure seems so wildly stupid and counterproductive on their part that I’d assume it was some failure (serving a slightly different version of the page to Chrome as for other browsers, and the non-Chrome side breaks for some reason) before thinking it was malicious.

If I were a user, and the system told me that it was aware of what I wanted to do, and capable to do it, and it was in both of our financial best interests that the system fulfill my request, but it was deciding not to until I went back and jumped through an additional pointless hoop, before doing what I’d attempted to do in the first place… I definitely would be more irritated than not.

It might be worth having a prominent notification that the system was fulfilling the expired request, so it’s not confusing that the expired tickets work sometimes and not other times. Or, maybe just tell them the JWT they’ve got is expired, and ask them yes or no if they want the new (current) price instead, and update it transparently if they say yes. You can have a higher price if it’s higher, and depending on your relationship with the customers, you could either lower the price if it’s lower or just leave it at the current price and have them get what they get. But I would definitely make things easy and smooth for the customer in this type of situation as opposed to making the system easy to make, at the expense of having them have to click through a little circular runaround when the system is aware of exactly what they’re trying to do.

Eh. Honestly, I think what you’re saying, and the points the article is making, are pretty valid. That’s still gonna be way, way overshadowed by the absolutely ridiculous example they chose to use to make their point. Like “Since you’re writing code that’s ridiculous to such a degree that it wouldn’t even occur to most people that the way you’re doing it would even work, you better turn optimizations on, so the compiler can fix your code back to normalcy behind the scenes for you.”

Depending on the nature of the changes, it might be more advantageous to tell them that it’s easier (i.e. cheaper) to contribute changes upstream, rather than maintaining them separately forever. Also, the good will and reputation boost involved can be significant.

Don’t say it if it isn’t true or anything, but in a lot of cases it’s true.

Previously, they made a rotary mount for parts they were working on so that they could precisely machine rounded corners at specific spots by spinning it in-place.

In this video, they made two little jigs for the rotary mount that can be easily slid around in both X and Y dimensions, to position parts on the mount, and that will automatically keep themselves at right angles so everything on the machined part will stay squared-off.

I think mostly they prefer for people to just fix their delivery to comply with the license, as opposed to causing antagonism towards the community by going straight to a lawsuit. But yes, there are definitely teeth to it if some company for whatever reason doesn’t want to fix their infringement.

Yeah, 100%. At this point the resources invested in MacOS / iOS have probably exceeded even the decades of work they were able to leverage by starting with FreeBSD / NeXT / Mach / whatever else.

(Edit: Actually, not 100% true. Macs are still very BSD-like under the hood; I actually really like development on Macs because I can basically treat them as BSD systems with unusual package management and a fancy GUI. For that reason they’re far preferable for me over Windows or pre-OSX Macs. But yes, your point is well taken that iOS development at this point has far eclipsed anything they started out from in terms of LOC and time spent.)

There’s a list of open source Android distributions. Although not very good, they are viable.

Yeah, I get that. This is why I’m not fully in agreement with Perens that this is an urgent problem.

How are phones free-software-hostile?

Because the whole idea of the GPL was to usher in a future that was like the environment RMS grew up in, where you always had the source code to all your stuff and you could examine or modify or build on it. Linux machines are in actual practice that way, which is super cool. Android phones are basically not, from the viewpoint of almost any mortal human. I think the argument is that the efforts that the manufacturers make to close off modifications to the phones, and then put software on them that’s sometimes hostile to the best interests of the phone owner, means they shouldn’t be able to use all this GPL-licensed software for free in order to build the phones they’re selling.