It’s not about being dumb and expecting stuff for free but a general anger towards subscription based models. Fair models exist and are possible, but are a collateral of the general hate.

Then, free alternatives exist, and believe it or not, some people do not have a tiny monthly fee they could spare or do not want to pay for something that a free alternative exists.

Threema tried exactly that, and failed comically.

So, you mean using a proprietary vendor to operate something binds you to that vendor? Congratulations, you’ve just discovered vendor lock-in.

“Obfuscating the environment” is also an absolutely unhinged claim, what even is that supposed to mean?

And again, Automattic is NOT in the right. What Automattic did was break license terms, attempt to extort, steal code, and light their whole brand, company, ecosystem and community on fire. Matt spit in the faces of his open source community (and open source in general), and every single person dependent on WordPress losing their job because of the shift he’s causing will be blood on his hands personally. Even if WP Engine was questionably morally or ethically, they did play by the laws and the license terms. Matt went on a mental breakdown and additionally to his unethical behavior broke several laws on that journey, which is exactly why he is losing the lawsuit. Matt and Automattic are NOT in the right.

To be fair, Matt is providing meltdowns regularly and totally free of charge. 😂

I’d laugh my ass off if WP Engine would lead a hard fork called WP Core. If any WP Engine folks read this, feel free to use the name, I won’t sue, I promise.

It really depends what you’re doing. If it’s really “only” blogging I’ve seen a lot of blogs using Ghost. Hugo is more of a “simpler” static site generator.

That whole blog post is so full of salt, that it really hurts to read.

Still going on about the “imbalance of the contributions”, well that’s open source for you - you don’t get to control who contributes how much, all you can do is ask nicely, and provide a good experience for contributors. Acting like a lunatic does not do that.

legal attacks started by WP Engine

Of course they did after the witch-hunt and the absolutely illegal, unethical and plain ridiculous behavior of Automattic. The counter they did, the whole ACF takeover and the slandering are a lawsuit handed on a plate.

The way “community” is quoted in that article for those who dared to disagree.

This legal action diverts significant time and energy that could otherwise be directed toward supporting WordPress’s growth and health.

Yeah, as a developer I also hate when lawsuits are stopping me from working. He had no problem letting go of nearly 10% of his staff with their “alignment offer” to get rid of people who again dared to disagree, but the legal action is diverting resources now.

But the whole “Focused on the Future” paragraph is going full mask off:

Before, they said that resources will be reallocated to “for-profit projects within Automattic”, and

We will redirect our energy toward projects that can fortify WordPress for the long term

It’s only a matter of time another hostile takeover will take place, and Matt will attempt to go full for-profit on WordPress itself.

We’re excited to return to active contributions to WordPress core, Gutenberg, Playground, Openverse, and WordPress.org when the legal attacks have stopped.

Full on extortion. Stop the lawsuit or we won’t contribute.

Honestly, if I’d be dependent on WordPress for my work, I’d not sleep well and start going into something else right fucking now. How are people that stupid, childish and entitled getting into such positions.

Matt never ceases to amaze with his smoothbrain decisions.

The amount of effort this moron puts into his weird personal vendetta against WP engine, even after the court told him that he has nothing, which was actually his last chance to end this kinda gracefully, could’ve been used for so much better things.

And he’s not only successfully kicking himself in the balls, he’s willing to throw so many years of community and project time and effort under the bus for it.

Go on Matt, keep telling how much you’re only doing this for WordPress.

The smallest footprint for an actual scripting probably will be posix sh - since you already have it ready.

A slightly bigger footprint would be Python or Lua.

If you can drop your requirement for actual scripting and are willing to add a compile step, Go and it’s ecosystem is pretty dang powerful and it’s really easy to learn for small automation tasks.

Personally, with the requirement of not adding too much space for runtimes, I’d write it in go. You don’t need a runtime, you can compile it to a really small zero dependency lib and you have clean and readable code that you can extend, test and maintain easily.

Kinda expected the SSH key argument. The difference is the average user group.

The average dude with a SSH key that’s used for more than their RPi knows a bit about security, encryption and opsec. They would have a passphrase and/or hardening mechanisms for their system and network in place. They know their risks and potential attack vectors.

The average dude who downloads a desktop app for a messenger that advertises to be secure and E2EE encrypted probably won’t assume that any process might just wire tap their whole “encrypted” communications.

Let’s not forget that the threat model has changed by a lot in the last years, and a lot of effort went into providing additional security measures and best practices. Using a secure credential store, additional encryption and not storing plaintext secrets are a few simple ones of those. And sure, on Linux the SSH key is still a plaintext file. But it’s a deliberate decision of you to keep it as plaintext. You can at least encrypt with a passphrase. You can use the actual working file permission model of Linux and SSH will refuse to use your key with loose permissions. You would do the same on Windows and Mac and use a credential store and an agent to securely store and use your keys.

Just because your SSH key is a plaintext file and the presumption of a secure home dir, you still wouldn’t do a ~/passwords.txt.

How in the fuck are people actually defending signal for this, and with stupid arguments such as windows is compromised out of the box?

You. Don’t. Store. Secrets. In. Plaintext.

There is no circumstance where an app should store its secrets in plaintext, and there is no secret which should be stored in plaintext. Especially since this is not some random dudes random project, but a messenger claiming to be secure.

Edit: “If you got malware then this is a problem anyway and not only for signal” - no, because if secure means to store secrets are used, than they are encrypted or not easily accessible to the malware, and require way more resources to obtain. In this case, someone would only need to start a process on your machine. No further exploits, no malicious signatures, no privilege escalations.

“you need device access to exploit this” - There is no exploiting, just reading a file.

Or you can just use vscodium.

If you use a dockerized environment, that will only work better on Linux. .NET8 is AFAIK natively supported on Linux, so there shouldn’t be too much of an issue apart from the usual clunkyness. Visual Studio will probably be more of a problem. The “easiest” way would probably be to switch to jet brains or vscode. If you are hardstuck on VS for whatever reasons, you probably should be able to do some voodoo with running it in docker and using the container as a remote desktop, but this will be PITA to setup and maintain.

https://github.com/LemmyNet/lemmy/issues/2977

According to the lemmy devs, deleting your account also overwrites and purges your comments and posts. This deletion is being federated - but other servers may choose to ignore it, be buggy, down or whatever, and therefore not fully deleting your content there.

Since lemmy is decentralized, that’s as close to a full deletion as you’ll get, and to quote your rationale, that’ll be the only bridge you’ll be able to burn.

Side note: Why are several of you so aggressive on a simple question? If they want to leave the platform and delete their content, why shouldn’t they, especially since that is absolutely non-trivial on a decentralized platform?

Before you talked about the Fediverse as a whole, now from a single user perspective.

IMO it affects the Fediverse as a whole by abusing it. The whole idea is an open network, where instances can federate with each other to bilaterally share information and create a seemingly single platform. This is not the case with the planned Threads integration, because they explicitly plan to feed on the content, but hiding sharing their own content behind an (for most of their userbase) obscure opt-in.

From a single user perspective it doesn’t affect you directly. But it affects the platform you are part of with malicious intent.

I am not against Threads joining the Fediverse, and I do actually think it would be great for the growth of the Fediverse if actual big players join, and if it brings content that I personally do not like to see, I can use the tools available (e.g. blocking user/communities/instances) to hide it. But only if they plan on joining as a “regular instance” like any other - but Meta does not intent doing so, since they have chosen the opt-in with obvious intent of simply gaining additional content on their walled platform for their own gain.

The problem is not them reading data, but that Threads will take Fediverse content, and display it on Threads. In the opposite direction, Fediverse will only see the select few user content that do actually opt-in, and let’s be honest here, most users won’t know what the Fediverse is, except for again the few people that are on both platforms. This is absolutely not “playing nice” as you’ve put it before, and purely parasitic and, again, purely a greed decision by Meta. I don’t really know why you are shilling so hard trying to excuse absolutely unexcusable behavior.

https://www.threads.net/@mosseri/post/C051TLnud8U

There’s your playing nice. They want to feed on ActivityPub data, while only contributing in a per-user opt-in selection. It’s a joke, and both their motivation and what they are doing is absolutely fucked. It’s another cog in their data ingestion machine that they can keep fucking around with, again.

I really can not comprehend why anyone would give this advance of trust to Meta, when all signs are showing you to bail.

Meta has React, RocksDB and pytorch, and a few other “niche” frameworks and tools. “Half of the internet […] run[ning] on open source code and infrastructure that Meta built and maintains” is a big, big exaggeration. Also maintainance is done by the OSS community for big parts, and I’m really curious what open source infrastructure Meta is running.

I’m not saying Meta has no relevance in OSS, but I can hardly think of an open source org that does open source purely for its own benefit. React helps them shape the web in the way Meta wants it, their ML stuff is important for their own internal needs (ads, BI, and the whole social networking, etc.), their AR/VR/XR contributions are for the Quest, and KI/LLM since they need it themselves instead of relying/partnering with OpenAI. Meta (the company) absolutely does not stand by the principles of open source, no matter how much you want to sugarcoat it.

It’s not a hate train, it’s being cautious. And do you really think that Meta is open sourcing because of their passion for FOSS and standing by those values? They’ve taken an internal framework they’ve build, open source it so that they can advertise how open and great they are on the page you linked, and after it gains traction (which it will, since it’s used by Meta it must be good /s) they can reduce their own internal efforts to a minimum, since the community will contribute. Open source may be a passion for the developers of Meta, but the company Meta does not give a single flying fuck about FOSS or the Fediverse.

Well, guess how the comfy OK Google or hey siri works, hearing you while you say it all across the room. Or that noise cancelation for your calls. Admittably, the way he’s put it sounds really tinfoil hat weird, but he’s got a point there.

Any current mobile phone is so very crammed with sensors of any kind, which do make a lot of features possible/usable/comfortable and the same sensors may be used to track a good lot of your behavior, if used for malicious purposes. And we know that for a fact with targeted ads, where several people I’ve talked to noticed the same, where that even talking about a topic may be enough for ads to be show up. Check https://adssettings.google.com/ for example, it’s actually scary what Google “assumes” about you, and even scarier how on point those assumptions are. A lot of this information is sourced from your devices sensors, and the argument of “there’s just not that much computing power to process this data” is simply not valid anymore.