I wish that I had caught this in time to reply with Woman 2 Woman by Urge Overkill
mo_ztt
Everything Wordpress is heavily infested with that. However you don't have to let it impact you -- it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they're wanting to offer a free version, so there's a robust ecosystem of actually-FOSS tooling for it. My experience has been that it's always worked pretty well in practice; you just have to keep your nope-I'm-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)
Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)
I honestly don't even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) -- it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.
What the HECK man?
There's an underlying problem IMO with all Fediverse software and instances, in that because it's made available for free, people get entitled, moderators and admins are obligated to sort of do volunteer work on behalf of people who haven't earned it in order for any of the thing to work, which naturally leads to a inexhaustible wellspring of negative energy because the whole thing isn't right.
I saw the posts of Ruud asking for people to basically interview for a part time admin position and do a job which for skills and time investment is worth from $50k/yr-$200k/yr (calibrating for the fact that it's "only" 5-10 hours per week), and all I could think was whoa no no no this isn't the way. Not saying there's anything wrong with people volunteering their time to make available this great thing, but I think undervaluing them when they decide to do that is almost inevitable, which has follow-on effects that manifest in all kinds of ways and lead to things not being the way they should be. Occasional prickly or unfair behavior by mods or admins represent one example of that; comments like this one represent another.
What on earth is hostile about the OP post in any way?
Yep.
There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.
I'm not trying to sit in judgement of someone who's writing free software but to me those are both negligent software design from an end-user privacy perspective.
If she disagrees with the plan, she better get the fuck off the Trump Train.
If you're on a boat where there's a mutiny, you can't really be halfway in the mutiny but also hedging your bets saying you don't agree with everything the mutineers are doing. The outcome is going to be one or the other.
Of note about this is that image links in comments aren't rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.
I didn't look at the image spam in detail, but if I'm remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.
It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let's-track-who-requests-this-image-file images, to a more limited set of recipients.
Just my paranoid thoughts on the situation.
Yeah. I think it's moderately likely that I'll try to produce a little command-line tool that can do it effectively for deeply nested directories, with some attempt at making it cross platform. To me it's kind of weird that there's no stock solution existing to this problem. I get that it's actually a deceptively difficult problem to solve for a couple of different reasons, but that's no reason to pass the difficulty on to the programmer instead of just presenting a clean and nice interface.
Update: I looked around for something already-existing, and found watchman and fswatch... IDK, maybe I'll try to talk one of them into letting me write an fanotify backend for those tools instead. It seems like it's purely just a Linux issue, and everything is simple on BSD/Mac/Windows, so maybe I'm just lucky.
I think inotify's limit is per system... and even if it wasn't, why would I want to take on the artificial challenge of keeping up with making sure all the watchers are set on the right directories as things change, instead of just recursively monitoring the whole directory? The whole point of asking the question was "hey can something do this for me" as opposed to "hey I'd like the opportunity to code up for myself a solution to this problem." 🙂
Just looking briefly it looks like it uses inotify (which definitely won't work; I don't have a super heavy write load but I have a total of 124,000 subdirectories to monitor) or can fall back to polling (which I could do myself without having to involve a library).
Why this app is constructed to store its stuff in 124,000 subdirectories is a separate issue but one that I can't immediately snap my fingers and make go away, unfortunately.
Pew pew pew