Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)
I honestly don’t even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) – it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.
Yep.
There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.
I’m not trying to sit in judgement of someone who’s writing free software but to me those are both negligent software design from an end-user privacy perspective.
Of note about this is that image links in comments aren’t rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.
I didn’t look at the image spam in detail, but if I’m remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.
It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let’s-track-who-requests-this-image-file images, to a more limited set of recipients.
Just my paranoid thoughts on the situation.
Not sure if this is exactly what you’re looking for but I found this series to be incredibly helpful at understanding principles of design to make something attractive and functional.
Also, I can highly recommend using one of those “we spy on all your users and replay their visits for you so you can see how they actually interact with the site” tools. Luckyorange seems like it’s gotten bad recently but maybe Mouseflow or similar. You’ll learn more about how to improve the site based on observing 5 actual people interacting with it than from hundreds of hours theorizing and working on this perfect vision in your head.
Ah yah makes sense 👍🏻
Hm, you might have to take specific steps to get subscribed to stuff you want to see. Personally I find browsing ‘ALL’ to be a pretty unproductive experience… what I might do instead is just navigate to a couple of the likely-seeming instances (roughly in order of “big -> good”: lemmy.world, lemmy.ml, sh.itjust.works, kbin.social, sopuli.xyz, lemmy.blahaj.zone, mander.xyz) (also beehaw), pop up their big community lists, and do some copy-pasting into your own instance’s search bar so you can subscribe to a bunch of the stuff from everywhere that you want to see. I’ve done that one time from a smaller instance and it seemed like worked out pretty well for me (in terms of the time investment being worth it for setting up a feed that I wanted to see.)
This is just me, but I just sort by “new” and make a particular effort to unsubscribe from stuff that’s cluttering the feed, and that seems to give me a pretty good mix of content.
You gotta have the concepts the machines are named after change as the nature of the machine changes (and bonus points if the nature of the concept is analogous to the nature of the machine). E.g. if my main machines were planets, then when I added servers they would be named after space hardware (hubble, webb, iss, etc). Raspberry Pis can be ceres, eros, vesta, juno, etc. It actually genuinely helps by distributing around within your brain the placement of which machine corresponds to which concept or which name, and also it frees up more names when you start having tons of machines in different categories.
I’ve had tons of naming schemes over the years (chemical elements and classic video games were two that I used for different banks of machines) and I’ve done that system with good results.
Quickly this doesn’t scale as disk space is consumed storing useless information that served a function during testing but now nobody cares about. “Let’s use log levels”. Alright now we’re off to the confusing Olympics.
I laughed out loud and returned to upvote before reading more.
So I agree 100% with this concern (and I think that in the long term a lot of this has the potential to be a bigger issue than is really being realized). At the time when reddit was imploding and people there were talking about getting together to build something better, I put together a pretty detailed proposal for software that I think can help to mitigate this issue. Basically, shift a lot of the load on an individual instance to be carried by simple proxies that can be run by the users of that instance. A bunch of people told me they were interested in this idea, and I was just now putting up an update after doing a bit of work on some actual code. If you’re interested in helping or taking a look, here are:
Yah, actually images is the very first thing I’m trying to move out to my little prototype network. I’m not sure what the actual load is that serving images places on the instance, but moving them off is (1) potentially useful I think, since images are often large (2) easy to work on as a starting point, since they tend to be large and static and in Lemmy they’re already separated out to a separate app.
I’ll drop you a line once I have something 👍
I’m working on a project to host bits of Lemmy on peer cache devices run by the community – if you’re interested to take a look or help test/code, I should have code for some of the caching bits within a few days.
Sure thing, I’ll put together some notes (or more likely some proposed revisions to the “how to build from source” that’s on join-lemmy.org) in the next few days I think
I just set it up from a git checkout, and it was pretty involved – the build instructions are actually quite a bit better than usual for development software at this stage, but it’s still a complicated process with some changes vs. what’s in the instructions. If you’re open to that route, I can try to document what I did in more detail + send it along and give some help if you get stuck.
Part 2:
(Continued from the post)
What’s the Next Step?
I started touching on some imagined future steps, but this chunk is already a plenty big and ambitious thing. So, here’s an initial plan for how I want to attack taking first steps and bring myself into contact with the engineering reality (as opposed to the rosy broad picture). Hopefully at the end of this chunk of work, the vision will have adapted somewhat to the reality of what’s useful, what’s possible, what the community’s feedback is, what the issues and problems involved are, etc.
(And, obviously, I want to communicate with the Lemmy devs to make sure these ideas are in line with their vision. I’m laying this all out so extensively partly so that the community has a full explanation of what I’m proposing to do and why.)
So, first steps: I’m making a Lemmy instance that I can use for implementing this. I’m waiting for my hosting to go up so I can make it live, but once it’s up, I’ll start working on it + posting from the testbed about what’s going on. My initial coding task list is:
Set up the peer software with the content-addressable store
Start to have my instance do peer discovery, make the app that runs in people’s browsers from my instance become more AJAX-y and begin to request data from the peers instead of the instance.
Once that part’s working on my instance, I’d aim to be able to move pieces of the actual app onto the peers – construct the bootstrap code, continue the AJAX-ification of the code on my Lemmy instance, and have the bootstrapping app construct the end-user application directly from data from the peers.
Start to tackle the browser app making updates to the data store via requests to the peers, which will involve a lot of work and lot of sorting out replication issues, security and trust issues, and performance issues.
That’s already a fairly large amount to take on. I have further ideas about how the system could move forward from there, but even just that represents (1) an ambitious thing to tackle (2) significant proposed changes to the instance software (3) if it works, a fantastically useful tool that instance operators could use to reduce their instance load if they want to. So, I’m limiting the plan to that much for now until I get some contact with the technical reality and with the community.
What You Can Do
So if you’ve read to the end, maybe you think this is a good idea. Want to help? This is a bunch of work already and I’d love it if people wanted to help get it done. Leave a comment, let me know what you think whether positive or negative, and if you want to help, 100% reach out and let’s get it done. I’m skilled with software engineering in general, but I’m actually not too familiar in particular with web backends and AJAX, so someone more skilled than I am could probably help this along in a huge way. Specific things that might be useful:
If you want to run a peer or instance and help test the system
If you can help with coding
If you have feedback on these ideas in general, either positive or else things I’ve overlooked or need to adjust
Hope to hear from you and thank you for reading my wall of text. Let me know what you think + cheers to you.
What’s the right term for what I’m calling an “instance operator”? I realize that anyone could be one, I just need some language to use to distinguish the people who are from the people who aren’t.
Everything Wordpress is heavily infested with that. However you don’t have to let it impact you – it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they’re wanting to offer a free version, so there’s a robust ecosystem of actually-FOSS tooling for it. My experience has been that it’s always worked pretty well in practice; you just have to keep your nope-I’m-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)