Everything Wordpress is heavily infested with that. However you don’t have to let it impact you – it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they’re wanting to offer a free version, so there’s a robust ecosystem of actually-FOSS tooling for it. My experience has been that it’s always worked pretty well in practice; you just have to keep your nope-I’m-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)

Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)

I honestly don’t even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) – it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.

What the HECK man?

There’s an underlying problem IMO with all Fediverse software and instances, in that because it’s made available for free, people get entitled, moderators and admins are obligated to sort of do volunteer work on behalf of people who haven’t earned it in order for any of the thing to work, which naturally leads to a inexhaustible wellspring of negative energy because the whole thing isn’t right.

I saw the posts of Ruud asking for people to basically interview for a part time admin position and do a job which for skills and time investment is worth from $50k/yr-$200k/yr (calibrating for the fact that it’s “only” 5-10 hours per week), and all I could think was whoa no no no this isn’t the way. Not saying there’s anything wrong with people volunteering their time to make available this great thing, but I think undervaluing them when they decide to do that is almost inevitable, which has follow-on effects that manifest in all kinds of ways and lead to things not being the way they should be. Occasional prickly or unfair behavior by mods or admins represent one example of that; comments like this one represent another.

What on earth is hostile about the OP post in any way?

Yep.

There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.

I’m not trying to sit in judgement of someone who’s writing free software but to me those are both negligent software design from an end-user privacy perspective.

Of note about this is that image links in comments aren’t rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.

I didn’t look at the image spam in detail, but if I’m remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.

It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let’s-track-who-requests-this-image-file images, to a more limited set of recipients.

Just my paranoid thoughts on the situation.

I have no real idea with Navalnvy, and only dim memories of news reports about Magnitsky which went into a little more detail, but I’ll tell you how I assume it operates: It’s basically mistreatment to the point that it’ll kill you, just slowly. Your cell’s cold all the time, in the arctic winter with no blankets. You get bad food and bad sleep and beatings and no medical care of any kind. Once your body starts to malfunction (Magnitsky started having kidney failure), they go on beating you severely enough to cause additional organ damage, but then just continue to put you in your cell day after day with no medicine. Basically, you’re going to die, but they’re drawing the process out enough that it’s indirectly, because of “medical issues” related to what they’re doing to you, instead of just from blunt force trauma or something. So it’s incredibly painful and long and drawn-out, a slow death of constant suffering from which you can’t escape or get any relief.

Not a map, but things I’ve seen on the roads in Boston:

• Left turn only from left lane, straight or left from 2nd lane, straight or left from 3rd lane
• Green light and perpendicular traffic coming to me on the cross street, also going, because they also have a green light
• Two lanes, surprise! Lane markers go away it’s one lane, not defined who yields, you guys can work it out

I don’t even know about that, because instead of the article I got my App Store opened up demanding that I install Phantom Surfer Browser to protect me from viruses.

Not since late last year they’re not. They spent early 2023 winning back the north of the country, then had a summer counteroffensive which captured essentially 0 of the East, then over winter they got nothing in terms of the ammunition and weapons aid they’d need to have to fight against an opponent which can outproduce them 20:1. They’re now desperately trying to hold the front line even though after 3 months of nothing they’re basically out of ammunition.

The big aid packages out of the US and EU are stalled apparently indefinitely. There’s that little package from the UK which hopefully will help a little, but unless the GOP stops being compromised by Russia sometime soon, it seems like they might be in real trouble.

Removed by mod

Surely all the people who wanted Nazis off Substack will also celebrate the ban on the Hamas flag

Oh wait, the Israeli government is very clearly promoting a violent ideology as well… we need to… outlaw the Israeli flag?

Oh wait

Hang on

Mozilla/5.0 (Android 10; Mobile; rv:121.0) Gecko/121.0 Firefox/121.0.

I just did a bunch of testing. The issue is that final version number, “Firefox/121.0”. Google returns very different versions of the page based on what browser you claim to be, and if you’re on mobile Firefox, it gives you different mobile versions depending on your version:

% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/41.0' https://www.google.com/ | wc -c
2024-01-08 15:54:29 URL:https://www.google.com/ [1985] -> "-" [1]
    1985
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/62.0' https://www.google.com/ | wc -c
2024-01-08 15:54:36 URL:https://www.google.com/ [211455] -> "-" [1]
  211455
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/80.0' https://www.google.com/ | wc -c
2024-01-08 15:52:24 URL:https://www.google.com/ [15] -> "-" [1]
      15
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/121.0' https://www.google.com/ | wc -c
2024-01-08 15:52:04 URL:https://www.google.com/ [15] -> "-" [1]
      15

If you’re an early version of Firefox, it gives you a simple page. If you’re a later version of Firefox, it gives you a lot more complete version of the page. If you’re claiming to be a specific version of mobile Firefox, but the version you’re claiming (edit: oopsie doesn’t exist or even really make sense didn’t exist when they set this logic up or something), it gets confused and gives you nothing. You could argue that it should default to some sensible mobile version in this case, and they should definitely fix it, but it seems to me like it’s clearly not malicious.

Edit: Wait, I am wrong. I didn’t realize Firefox’s version numbers went up so high. It looks like the cutoff for where the blank pages start coming is at version 65, which is like 2012 era, so not real old at all. I still maintain that it’s probably accidental but it looks like it affects basically all modern mobile Firefoxes, yes.

What’s the user-agent? I’m curious now.

Is this still true? I just tested and it works for me on LibreWolf, both for google.com and google.com.br.

Honestly, Google doing this as a deliberate anti-Firefox measure seems so wildly stupid and counterproductive on their part that I’d assume it was some failure (serving a slightly different version of the page to Chrome as for other browsers, and the non-Chrome side breaks for some reason) before thinking it was malicious.

If I were a user, and the system told me that it was aware of what I wanted to do, and capable to do it, and it was in both of our financial best interests that the system fulfill my request, but it was deciding not to until I went back and jumped through an additional pointless hoop, before doing what I’d attempted to do in the first place… I definitely would be more irritated than not.

It might be worth having a prominent notification that the system was fulfilling the expired request, so it’s not confusing that the expired tickets work sometimes and not other times. Or, maybe just tell them the JWT they’ve got is expired, and ask them yes or no if they want the new (current) price instead, and update it transparently if they say yes. You can have a higher price if it’s higher, and depending on your relationship with the customers, you could either lower the price if it’s lower or just leave it at the current price and have them get what they get. But I would definitely make things easy and smooth for the customer in this type of situation as opposed to making the system easy to make, at the expense of having them have to click through a little circular runaround when the system is aware of exactly what they’re trying to do.

If someone learns something bad about you, and your first reaction is not “this is why it’s not true” but “how did you find that out, we must punish the person who told you,” you might be a violent POS.

That’s just the UI that shows you other communities where the same link has been posted.

If you want to create a cross-post like that for an existing post that has a URL, just make a new one with the same URL. If you want to create one for a text-only post, I think that’s not possible though.

Eh. Honestly, I think what you’re saying, and the points the article is making, are pretty valid. That’s still gonna be way, way overshadowed by the absolutely ridiculous example they chose to use to make their point. Like “Since you’re writing code that’s ridiculous to such a degree that it wouldn’t even occur to most people that the way you’re doing it would even work, you better turn optimizations on, so the compiler can fix your code back to normalcy behind the scenes for you.”

Depending on the nature of the changes, it might be more advantageous to tell them that it’s easier (i.e. cheaper) to contribute changes upstream, rather than maintaining them separately forever. Also, the good will and reputation boost involved can be significant.

Don’t say it if it isn’t true or anything, but in a lot of cases it’s true.

I think mostly they prefer for people to just fix their delivery to comply with the license, as opposed to causing antagonism towards the community by going straight to a lawsuit. But yes, there are definitely teeth to it if some company for whatever reason doesn’t want to fix their infringement.