mo_ztt

Pew pew pew

Everything Wordpress is heavily infested with that. However you don't have to let it impact you -- it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they're wanting to offer a free version, so there's a robust ecosystem of actually-FOSS tooling for it. My experience has been that it's always worked pretty well in practice; you just have to keep your nope-I'm-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)

Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)

I honestly don't even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) -- it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.

!workmusic@lemmy.world

What the HECK man?

There's an underlying problem IMO with all Fediverse software and instances, in that because it's made available for free, people get entitled, moderators and admins are obligated to sort of do volunteer work on behalf of people who haven't earned it in order for any of the thing to work, which naturally leads to a inexhaustible wellspring of negative energy because the whole thing isn't right.

I saw the posts of Ruud asking for people to basically interview for a part time admin position and do a job which for skills and time investment is worth from $50k/yr-$200k/yr (calibrating for the fact that it's "only" 5-10 hours per week), and all I could think was whoa no no no this isn't the way. Not saying there's anything wrong with people volunteering their time to make available this great thing, but I think undervaluing them when they decide to do that is almost inevitable, which has follow-on effects that manifest in all kinds of ways and lead to things not being the way they should be. Occasional prickly or unfair behavior by mods or admins represent one example of that; comments like this one represent another.

What on earth is hostile about the OP post in any way?

Yep.

There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.

I'm not trying to sit in judgement of someone who's writing free software but to me those are both negligent software design from an end-user privacy perspective.

Of note about this is that image links in comments aren't rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.

I didn't look at the image spam in detail, but if I'm remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.

It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let's-track-who-requests-this-image-file images, to a more limited set of recipients.

Just my paranoid thoughts on the situation.

Yeah. I think it's moderately likely that I'll try to produce a little command-line tool that can do it effectively for deeply nested directories, with some attempt at making it cross platform. To me it's kind of weird that there's no stock solution existing to this problem. I get that it's actually a deceptively difficult problem to solve for a couple of different reasons, but that's no reason to pass the difficulty on to the programmer instead of just presenting a clean and nice interface.

Update: I looked around for something already-existing, and found watchman and fswatch... IDK, maybe I'll try to talk one of them into letting me write an fanotify backend for those tools instead. It seems like it's purely just a Linux issue, and everything is simple on BSD/Mac/Windows, so maybe I'm just lucky.

I think inotify's limit is per system... and even if it wasn't, why would I want to take on the artificial challenge of keeping up with making sure all the watchers are set on the right directories as things change, instead of just recursively monitoring the whole directory? The whole point of asking the question was "hey can something do this for me" as opposed to "hey I'd like the opportunity to code up for myself a solution to this problem." 🙂

Just looking briefly it looks like it uses inotify (which definitely won't work; I don't have a super heavy write load but I have a total of 124,000 subdirectories to monitor) or can fall back to polling (which I could do myself without having to involve a library).

Why this app is constructed to store its stuff in 124,000 subdirectories is a separate issue but one that I can't immediately snap my fingers and make go away, unfortunately.

I have no real idea with Navalnvy, and only dim memories of news reports about Magnitsky which went into a little more detail, but I'll tell you how I assume it operates: It's basically mistreatment to the point that it'll kill you, just slowly. Your cell's cold all the time, in the arctic winter with no blankets. You get bad food and bad sleep and beatings and no medical care of any kind. Once your body starts to malfunction (Magnitsky started having kidney failure), they go on beating you severely enough to cause additional organ damage, but then just continue to put you in your cell day after day with no medicine. Basically, you're going to die, but they're drawing the process out enough that it's indirectly, because of "medical issues" related to what they're doing to you, instead of just from blunt force trauma or something. So it's incredibly painful and long and drawn-out, a slow death of constant suffering from which you can't escape or get any relief.