Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)
I honestly don’t even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) – it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.
Headline’s a little misleading; the thrust of the story is that every search engine is getting worse under the absolutely crushing weight of SEO gaming the system, and they note:
Google’s targeting of SEO and affiliate spam appears to be the most effective, the team found.
Mozilla/5.0 (Android 10; Mobile; rv:121.0) Gecko/121.0 Firefox/121.0.
I just did a bunch of testing. The issue is that final version number, “Firefox/121.0”. Google returns very different versions of the page based on what browser you claim to be, and if you’re on mobile Firefox, it gives you different mobile versions depending on your version:
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/41.0' https://www.google.com/ | wc -c
2024-01-08 15:54:29 URL:https://www.google.com/ [1985] -> "-" [1]
1985
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/62.0' https://www.google.com/ | wc -c
2024-01-08 15:54:36 URL:https://www.google.com/ [211455] -> "-" [1]
211455
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/80.0' https://www.google.com/ | wc -c
2024-01-08 15:52:24 URL:https://www.google.com/ [15] -> "-" [1]
15
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/121.0' https://www.google.com/ | wc -c
2024-01-08 15:52:04 URL:https://www.google.com/ [15] -> "-" [1]
15
If you’re an early version of Firefox, it gives you a simple page. If you’re a later version of Firefox, it gives you a lot more complete version of the page. If you’re claiming to be a specific version of mobile Firefox, but the version you’re claiming (edit: oopsie doesn’t exist or even really make sense didn’t exist when they set this logic up or something), it gets confused and gives you nothing. You could argue that it should default to some sensible mobile version in this case, and they should definitely fix it, but it seems to me like it’s clearly not malicious.
Edit: Wait, I am wrong. I didn’t realize Firefox’s version numbers went up so high. It looks like the cutoff for where the blank pages start coming is at version 65, which is like 2012 era, so not real old at all. I still maintain that it’s probably accidental but it looks like it affects basically all modern mobile Firefoxes, yes.
What’s the user-agent? I’m curious now.
Is this still true? I just tested and it works for me on LibreWolf, both for google.com and google.com.br.
Honestly, Google doing this as a deliberate anti-Firefox measure seems so wildly stupid and counterproductive on their part that I’d assume it was some failure (serving a slightly different version of the page to Chrome as for other browsers, and the non-Chrome side breaks for some reason) before thinking it was malicious.
That’s just the UI that shows you other communities where the same link has been posted.
If you want to create a cross-post like that for an existing post that has a URL, just make a new one with the same URL. If you want to create one for a text-only post, I think that’s not possible though.
Aaah, got it. Right, depending on the version of Windows, keeping it off the internet permanently might make it less prone to doing random stuff. To me it’s highly unlikely that keeping it off the internet will increase security; there will be machines that are way more attractive targets for evildoers (because of the people on them doing stuff) and evil deeds that are way more dangerous than changing the signage. But if you just want to keep its configuration simple so the signs don’t mess up then that kind of makes sense to me.
I think I misunderstood your setup a little; I thought the signs were their own hardware with their own IP addresses. If they’re just screens of the windows machines it’s a little simpler. You actually can set it up so that machine can see the LAN but never the internet, just by setting it with a static IP configuration with no gateway set. Then you have to go VPN to some other machine on its network, and then hop from there to the local-LAN-only machine that’s hooked to the signs.
I actually forgot until just right now, but one time when I had this problem, I set up a Chromebox which was set to display a web page in full-screen mode, and used an extension which auto refreshed the page every few minutes, and then set up the web page to look exactly how I wanted it to (I used a Google Docs static export of a spreadsheet page, so I could automatically gather the right data from formulas and then futz around with the spacing and sizing and etc until it looked the way I wanted it to). You could do a similar thing, with a page that was served from some other place on your LAN. Then, the signage machine itself would never need to be accessed remotely or have any access to the internet; you could just unset the gateway, and periodically or automatically update the page that was getting served from the other machine without needing to touch the signage machine.
Anyway good luck, hope all this gives you some ideas. Probably your IT department will have specific ideas how they want to set it up anyway, but going into it with things a little thought through might help yes.
Why do you want to keep it off the internet, though? That’s going to make things more complex both in the setup and in the day-to-day operation. The example you listed of being difficult to upload files is one example. The only reason I can think of to do it that way would be for security but I’m not sure how much actual security benefit it would carry.
How about this? You could do the two-interface solution like I described, but have the internet-facing interface disabled most of the time – could be disabled in Windows settings, so someone has to have physical access to the machine in order to reenable it when you want to update the sign. Or, it could be disabled at the switch / router level: Just disable the port for that machine, and reenable it temporarily any time you need remote access to the machine to do something, but in the steady state leave it on its own little disconnected network with only the machine and the signs, and no internet access anywhere.
What I would do in this scenario is give the Windows machine two network interfaces, and have the second interface connected to a little static network with just the signs and the Windows machine on it (i.e. no internet access). Then, you can access the Windows machine through TeamViewer or whatever. It’ll have access to the internet but the signs won’t be directly visible from the internet. And if someone from the internet is accessing your internal network to tamper with the signs via the Windows machine then you have bigger problems than them tampering with the signs.
Hm, yeah, I would just start up a Mastodon page in parallel with the Meta page. Pick the right “home” server to join; that’s critically important for Mastodon in a way that it’s not for Meta. Put in charge of the page someone who’s genuinely excited about participating in Mastodon, and would be engaged with the gaming community there whether or not they were in charge of the page. I don’t think I would recommend spending anything on ad promotion of the Mastodon page, but like I say I’m not convinced of the utility of spending money on Meta promotion either. YMMV
Anyway like I say my level of knowledge about it is pretty minimal but I’m happy to talk more in depth on details of my experience also if you like.
I have some small amount of experience with this, but based on the little I know, here’s what I can say. First question is what is your goal? To get customers, or to create a community? Below is general advice but it’s hard to say just talking about it in the abstract.
If you want a community, I would probably advise to just treat it as one more channel, have separate pages in Meta / X / Fediverse / Pinterest or whatever as separate communities, since in a lot of cases there won’t be overlap between them. I wouldn’t recommend abandoning your existing Meta or X pages to set up a Fediverse page instead, although making a contingency plan for the slow motion demise of Meta as a platform for the long term seems like a good idea.
If you want to drive sales, then for me Google Ads always worked better than buying advertising on Meta or X or etc anyway. Have you measured conversion numbers from Meta? They make it easy to spend money definitely, but I always found the ROI in terms of pure paid sales to be pretty bad from them.
Individual privacy and security is national security.
The “nation” in anything resembling a democracy is made up of individual private people with their own motivations, and their own sometimes considerable power, whose security is protected even when it doesn’t line up with the interests of whoever happens to be in charge of the government. Those nations can become extremely powerful, much more so than “secure” states, because they have within them powerful people who give good faith to the systems of government that can organize and wield state power. It has to be that way. Any government that betrays that relationship will collapse into something akin to modern-day Russia. Certain policies might be bad for “individual privacy” in the short run, and good for “national security” in the short run, but there’s a reason why the nations of Nazi Germany or the USSR who prioritized state security so high above that of individuals, weren’t at all secure in practice. On an individual or a national level.
In the absolute middle of World War 2, when Britain was fighting literally for its life against the literal Nazis, and losing, the government had to deal with paying rent to the sometimes disagreeable landlords for their military intelligence offices, and they had to face angry questions from civilians in government about firebombing in German cities and how it was inhumane. They weren’t allowed to just get on with whatever they decided they wanted to do. There was no question about “well this is a government matter so I don’t care what you think, as a private person, and I don’t have to.” That’s not how a democracy works. Some people might disagree, but in my opinion that’s why the side that Britain was part of ultimately won the war: Because the British people knew their rights as individuals would be respected, and so they in turn felt comfortable giving wholehearted support back to the government when the government needed it.
Anyone who describes “national security” as a thing that has to be balanced against the rights of the people who in actual reality make up the nation, is probably talking about something more akin to “state security” in the USSR or Nazi sense. Not the security of the actual nation, but the safety and convenience of policymakers and their friends, sometimes specifically their safety from the nation (i.e. the people).
The point I’m trying to make is, you don’t even have to do that.
There are already laws against revenge porn and realistic child porn. You don’t have to “prevent” this stuff from happening. That is, as he accurately points out, more or less impossible. But, if it happens you can absolutely do an investigation, and if you can find out who did it, you can put them in jail. That to me sounds like a pretty good solution and I’m still waiting to hear what his issue is with it.
What the hell is this guy?
“Here’s a case where people made and shared fake nudes of real underage girls, doing harm to the girls”
“But what the hell, that’s kind of hard to stop. Oh also here’s this guy who went to prison for it because it’s already illegal.”
“Really the obvious solution everyone’s missing is: If you’re a girl in the world, just keep images of yourself off the internet”
“Problem solved. Right?”
I’m only slightly exaggerating.
Yeah, email is unsafe, agreed. I addressed that below, saying I thought they just wanted to separate their real-world identity from their un-private emails. If you're trying to use Proton to keep your un-private emails private, you're gonna have a bad time and you should use some good end-to-end solution that isn't email instead.
Ah makes sense, I read only the title, my bad
Librewolf?
I've been using that for a while since I ditched Chrome, and anecdotally it seems like it hits a pretty good sweet spot of "privacy-protecting to such an extent that I notice little annoyances as I browse the web, but they're all trivial and easily bearable, which probably means it's doing quite a lot to try to protect me."
If someone is looking for end to end encrypted communication, I agree, they are probably better suited by another protocol. SMTP is really good at what it’s designed to do.
I agree with this. I'll pretty much leave it at that.
I'm not trying to argue or anything, but I think you should read this for a quite good overview of the issues involved with trying to secure SMTP email. You can also read any number of expert opinions saying the same thing, if you don't believe me or that article.
If you’re communicating with someone you know who’s also running their own email server, there is no problem with using email.
So, basically, never. I've run several SMTP servers in my time. I'm having trouble thinking of an example of when I might have been communicating from one of them to someone else who also ran their own secure SMTP server. If you're trying to set up a secure end-to-end communication channel with one specific person which involves work on both your ends, it'd be way easier and more secure to use some other transport protocol at that point.
Email is a good protocol
It is. 100%. Sorry if I gave the impression I didn't think it was. For all its age and some amount of minor stone-age baggage it brought with it, SMTP is genuinely quite well-designed and still serves its purpose 43+ years later, which is incredibly impressive. That purpose is, insecure but reliable and interoperable communication.
it runs over TLS.
Yeah, so does your HTTP connection with Proton. That doesn't mean the end-result system keeps your messages secure, any more than using HTTPS means Proton is secure.
You can read the article I linked to above, but basically the short version is that email is by the design of the protocol subject to being stored or transmitted unencrypted at various intermediate places as it's being sent around, in ways that are by the design of the protocol impossible to prevent.
You're not required to agree with me; you can think what you want, but that's how I see it.
Everything Wordpress is heavily infested with that. However you don’t have to let it impact you – it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they’re wanting to offer a free version, so there’s a robust ecosystem of actually-FOSS tooling for it. My experience has been that it’s always worked pretty well in practice; you just have to keep your nope-I’m-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)