Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)
I honestly don’t even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) – it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.
Yep.
There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.
I’m not trying to sit in judgement of someone who’s writing free software but to me those are both negligent software design from an end-user privacy perspective.
Of note about this is that image links in comments aren’t rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.
I didn’t look at the image spam in detail, but if I’m remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.
It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let’s-track-who-requests-this-image-file images, to a more limited set of recipients.
Just my paranoid thoughts on the situation.
Not a map, but things I’ve seen on the roads in Boston:
Mozilla/5.0 (Android 10; Mobile; rv:121.0) Gecko/121.0 Firefox/121.0.
I just did a bunch of testing. The issue is that final version number, “Firefox/121.0”. Google returns very different versions of the page based on what browser you claim to be, and if you’re on mobile Firefox, it gives you different mobile versions depending on your version:
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/41.0' https://www.google.com/ | wc -c
2024-01-08 15:54:29 URL:https://www.google.com/ [1985] -> "-" [1]
1985
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/62.0' https://www.google.com/ | wc -c
2024-01-08 15:54:36 URL:https://www.google.com/ [211455] -> "-" [1]
211455
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/80.0' https://www.google.com/ | wc -c
2024-01-08 15:52:24 URL:https://www.google.com/ [15] -> "-" [1]
15
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/121.0' https://www.google.com/ | wc -c
2024-01-08 15:52:04 URL:https://www.google.com/ [15] -> "-" [1]
15
If you’re an early version of Firefox, it gives you a simple page. If you’re a later version of Firefox, it gives you a lot more complete version of the page. If you’re claiming to be a specific version of mobile Firefox, but the version you’re claiming (edit: oopsie doesn’t exist or even really make sense didn’t exist when they set this logic up or something), it gets confused and gives you nothing. You could argue that it should default to some sensible mobile version in this case, and they should definitely fix it, but it seems to me like it’s clearly not malicious.
Edit: Wait, I am wrong. I didn’t realize Firefox’s version numbers went up so high. It looks like the cutoff for where the blank pages start coming is at version 65, which is like 2012 era, so not real old at all. I still maintain that it’s probably accidental but it looks like it affects basically all modern mobile Firefoxes, yes.
What’s the user-agent? I’m curious now.
Is this still true? I just tested and it works for me on LibreWolf, both for google.com and google.com.br.
Honestly, Google doing this as a deliberate anti-Firefox measure seems so wildly stupid and counterproductive on their part that I’d assume it was some failure (serving a slightly different version of the page to Chrome as for other browsers, and the non-Chrome side breaks for some reason) before thinking it was malicious.
That’s just the UI that shows you other communities where the same link has been posted.
If you want to create a cross-post like that for an existing post that has a URL, just make a new one with the same URL. If you want to create one for a text-only post, I think that’s not possible though.
Depending on the nature of the changes, it might be more advantageous to tell them that it’s easier (i.e. cheaper) to contribute changes upstream, rather than maintaining them separately forever. Also, the good will and reputation boost involved can be significant.
Don’t say it if it isn’t true or anything, but in a lot of cases it’s true.
I think mostly they prefer for people to just fix their delivery to comply with the license, as opposed to causing antagonism towards the community by going straight to a lawsuit. But yes, there are definitely teeth to it if some company for whatever reason doesn’t want to fix their infringement.
Yeah, 100%. At this point the resources invested in MacOS / iOS have probably exceeded even the decades of work they were able to leverage by starting with FreeBSD / NeXT / Mach / whatever else.
(Edit: Actually, not 100% true. Macs are still very BSD-like under the hood; I actually really like development on Macs because I can basically treat them as BSD systems with unusual package management and a fancy GUI. For that reason they’re far preferable for me over Windows or pre-OSX Macs. But yes, your point is well taken that iOS development at this point has far eclipsed anything they started out from in terms of LOC and time spent.)
There’s a list of open source Android distributions. Although not very good, they are viable.
Yeah, I get that. This is why I’m not fully in agreement with Perens that this is an urgent problem.
How are phones free-software-hostile?
Because the whole idea of the GPL was to usher in a future that was like the environment RMS grew up in, where you always had the source code to all your stuff and you could examine or modify or build on it. Linux machines are in actual practice that way, which is super cool. Android phones are basically not, from the viewpoint of almost any mortal human. I think the argument is that the efforts that the manufacturers make to close off modifications to the phones, and then put software on them that’s sometimes hostile to the best interests of the phone owner, means they shouldn’t be able to use all this GPL-licensed software for free in order to build the phones they’re selling.
This to me is a good question. The lack of something concrete that sounds like “yes, that would definitely work” is something that makes me have reservations about this whole thesis… but that said I think it has some merit.
Mysql and Qt already have a pretty solid model, where there’s a GPL-enabled alternative that the community can use, or you can pay a fee to use the commercial version. You could scale that up to something where if you want to pay a certain fee, you can use lots of currently-GPL software (maybe any that’s been assigned to the FSF or something with the FSF shepherding the whole thing). Then, we can stop the sort of benign neglect of companies that are sloppy with their licensing of uboot or Busybox, and just tell them to start paying the fee if they don’t feel like dotting all their "i"s as far as licensing, and then use the fees to fund development of open source software that’s needed but doesn’t have a lot of motivated developers working on it.
I’m not as convinced that it’s necessary as Perens is. Like I think he overblows by quite a lot the impact of RHEL skirting their licensing, because in his mind RHEL is such a big part of the computing world when in reality it’s not. But it sounds like he’s describing real problems and the solutions make some version of good sense to me.
Violating the (spirit of) the license (without violating the letter, because of loopholes in the license) is exactly what Perens is talking about.
He’s not “complaining he isn’t getting paid.” I think it’s pretty rare that the people working on open source software are actually hurting for money or anything. He’s complaining that the actual practice of how the software is being used, RHEL and Android on phones and etc, isn’t doing well at reflecting the vision of the computing world the GPL was supposed to create. Then, as one possible solution, he’s proposing to kill two birds with one stone with a new license where the companies that are skirting the license right now can have to fund the development of particular types of open source software that need to get done anyway but is lacking right now (because of lack of profit motive).
You might or might not agree with his thesis; as much as I think it’s interesting and insightful I have some reservations about it. I just thought you were misunderstanding his whole argument as being in terms of money, that’s all.
Hm, interesting stuff. Yeah, maybe it’s more common than I was aware of – that’s still a little weird to me, because there are entities like FSF that are so happy to go to bat for people legally if they do want to make it a legal issue.
Maybe it’s made a little more complex because a lot of authors don’t want to “punish” the company involved so much as they just want people to comply with the terms of the license, and a lot of companies aren’t violating the license out of maliciousness but just from lack of knowledge or it just being more difficult than it sounds to keep your ducks in a row with source availability.
FWIW, I know Android phones generally have something buried in the settings where it explains what the licensing is for the code on the phone and with a theoretical offer for the source if you want it. That seems like what the Youtube talk is about; just creating the technical tools so that people can be in compliance without it being a pain in the butt that costs your engineers time and costs you money to do which companies are going to be tempted to avoid. But yeah, maybe people are getting sloppy about it in a way I wasn’t aware of; that’s sad to me if so.
The entire linked article is talking about “open source” in terms of the GPL specifically.
Busybox
On what is your doubt based? Like what devices do you have that you think are violators? Like I say I imagine that careless violations aren’t, like, un-heard of, but correcting them once things are explained is almost always the response. I mean, correcting the violation is usually free and easy. I’m not real familiar with the SFC, but I know they’re actively suing Visio right now, and I know the FSF is happy to bring cases to trial if it comes to that (they kind of like doing it it seems like).
They were selling TVs with GPL-licensed software inside without complying with the terms of the GPL. When challenged, their defense was some version of “But it’s completely free for anyone to use!”
They didn’t have to give up every one of their TVs of any model, just the infringing models (the ones that used Busybox without complying with the GPL).
Everything Wordpress is heavily infested with that. However you don’t have to let it impact you – it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they’re wanting to offer a free version, so there’s a robust ecosystem of actually-FOSS tooling for it. My experience has been that it’s always worked pretty well in practice; you just have to keep your nope-I’m-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)