|
Jabor posted:i think it's over-hyping the "this setting is off by default, but google then asks you to turn it on!!!!!" stuff, that seems like a real weaksauce complaint to me and i'm pretty confused as to why it's taking the lead as the first thing being presented. i fully disagree. a choice where 90% of people would in a vacuum opt out, but presented in such a way that 90% opt in, is worse than no choice at all. compare apples success with the facebook tracking opt-in.
|
#
?
Jun 12, 2021 19:16
|
|
|
|
| # ? Jun 9, 2024 08:21 |
|
|
Jabor posted:i think it's over-hyping the "this setting is off by default, but google then asks you to turn it on!!!!!" stuff, that seems like a real weaksauce complaint to me and i'm pretty confused as to why it's taking the lead as the first thing being presented. the burning hot point in that PDF to me is that if you turn off tracking stuff in google apps they will still track you. ie the options that you toggle off and on correspond to “on” and “only 10%* on” instead of on/off * some wicked legalese in the eula which makes this “technically off”
|
|
#
?
Jun 12, 2021 19:23
|
|
|
Oh cool finally the source code for FIFA 2000 is released.
|
|
#
?
Jun 12, 2021 19:28
|
|
|
Classic pre-yospos quality.
|
|
#
?
Jun 12, 2021 19:34
|
|
|
I know in my heart I should hate automatic location tracking, but the techbro in me really likes the application possibilities that come with it - like highway traffic maps would be a lot less useful if a majority of people turned off location tracking
|
|
#
?
Jun 12, 2021 19:42
|
|
|
i wish there way a company we could trust to track poo poo like highway traffic and not use that data for other purposes, but I know that isn’t very realistic
|
|
#
?
Jun 12, 2021 20:04
|
|
|
if only there was some technology that would allow a specific road point, like maybe a junction before a straight segment of it, to understand that some number of cars have entered it at some point
|
|
#
?
Jun 12, 2021 20:26
|
|
|
tired: just sit at home wired: drive outside relying on infrastructure quality inspired: drive outside relying on flagrant circumvention of human rights
|
|
#
?
Jun 12, 2021 20:27
|
|
|
Plorkyeran posted:i wish there way a company we could trust to track poo poo like highway traffic and not use that data for other purposes, but I know that isn’t very realistic On top of roadside measurements that were already mentioned, companies such as TomTom basically do this.
|
|
#
?
Jun 12, 2021 21:33
|
|
|
the entire east coast has the state government’s figuring out rough traffic volumes and traffic delays using the ezpass things. if you ever see a digital sign thats says X minutes until exit Y. its the ezpass monitoring. its almost like you dont even need a private 3rd party to figure this out.
|
|
#
?
Jun 12, 2021 22:27
|
|
|
yummycheese posted:the entire east coast has the state government’s figuring out rough traffic volumes and traffic delays using the ezpass things. State governments aren't benevolent organizations that won't abuse the information either.
|
|
#
?
Jun 12, 2021 22:40
|
|
|
Methanar posted:State governments aren't benevolent organizations that won't abuse the information either. at least there we can vote with a vote instead of voting with our wallets, which are terrible ballots and don't take the pen marks well at all
|
|
#
?
Jun 12, 2021 23:06
|
|
|
Methanar posted:State governments aren't benevolent organizations that won't abuse the information either. surely you’ll call your elected representative at google to complain about location tracking then
|
|
#
?
Jun 12, 2021 23:07
|
|
|
Shame Boy posted:at least there we can vote with a vote instead of voting with our wallets, which are terrible ballots and don't take the pen marks well at all
|
|
#
?
Jun 12, 2021 23:56
|
|
|
for temporary studies, some cities just set up RFID scanners on the road, and they can count cars that way because most tire manufacturers put RFID chips in them to track inventory. also the new idea is "abandon cars, just take a bus, they can track them already"
|
|
#
?
Jun 13, 2021 00:37
|
|
|
so, My Wife is making a website for her art with wordpress. are any of these vulnerability scanners not terrible, and is there a guide for not getting hacked that isn’t written by some shifty internet security company as marketing copy?
|
|
#
?
Jun 13, 2021 00:46
|
|
|
rjmccall posted:so, My Wife is making a website for her art with wordpress. are any of these vulnerability scanners not terrible, and is there a guide for not getting hacked that isn’t written by some shifty internet security company as marketing copy? i think the main thing is avoiding as many plugins as possible, wp core isn’t terrible anymore
|
|
#
?
Jun 13, 2021 00:50
|
|
|
rjmccall posted:so, My Wife is making a website for her art with wordpress. are any of these vulnerability scanners not terrible, and is there a guide for not getting hacked that isn’t written by some shifty internet security company as marketing copy? PCjr sidecar posted:i think the main thing is avoiding as many plugins as possible, wp core isn’t terrible anymore Yep, go plugginless if you can. Be prepared to update wordpress asap whenever a patch comes out.
|
|
#
?
Jun 13, 2021 00:52
|
|
|
let wordpress update automatically and don't do anything with your theme you have to tweak manually. or be prepared to tweak the theme every time you get an update notification
|
|
#
?
Jun 13, 2021 00:54
|
|
|
rjmccall posted:so, My Wife is making a website for her art with wordpress. are any of these vulnerability scanners not terrible, and is there a guide for not getting hacked that isn’t written by some shifty internet security company as marketing copy? I sort of have mixed feelings about the current popularity of static site generators because nowadays even a cheap digital ocean droplet probably offers enough cpu/memory to handle more hits than a normal person could possibly get, so in a way it feels silly to throw that away and just use static hosting, but it does mean that security is basically a nonissue. mystes fucked around with this message at 01:01 on Jun 13, 2021 |
|
#
?
Jun 13, 2021 00:56
|
|
|
mystes posted:If she likes wordpress but can get away with just a static site, I think there are supposed to be decent static site generator plugins for it these days. huh, i didn't really ever consider it a thing someone would do for performance reasons in the first place, i always just thought of it as a "don't make anything exposed to the internet active unless you absolutely positively have to"
|
|
#
?
Jun 13, 2021 01:04
|
|
|
cinci zoo sniper posted:surely you’ll call your elected representative at google to complain about location tracking then yeah it's weird how my elected representative's last job was Corporate Vice President of Mobile Services, Microsoft Inc
|
|
#
?
Jun 13, 2021 01:45
|
|
|
thanks. i think fully static site generation doesn’t work because she does want to run a shop there eventually (without actually touching money herself, of course). but being more static might be possible what about vulnerability scanners? i remember people here posting reports that are like “your cyphers suck lmao, also you haven’t updated wordpress in ten years”. i don’t think her host makes her responsible for like configuring apache or anything, but it would be good to feel like that stuff is okay, especially before she thinks about adding payments
|
|
#
?
Jun 13, 2021 01:58
|
|
|
dont allow anything but tls1.2 and gently caress anyone who wants otherwise
|
|
#
?
Jun 13, 2021 02:04
|
|
|
rjmccall posted:thanks. i think fully static site generation doesn’t work because she does want to run a shop there eventually (without actually touching money herself, of course). but being more static might be possible if you are going to keep the software up to date anyways, then a vulnerability scanner is just an extra step that doesnt change anything
|
|
#
?
Jun 13, 2021 02:09
|
|
|
rjmccall posted:thanks. i think fully static site generation doesn’t work because she does want to run a shop there eventually (without actually touching money herself, of course). but being more static might be possible if you stick to core and follow wordpress security feed and CVEs you will be fine as for the host security, if you are running on a shared host that’s not really your thing to manage. if you are in control just open a minimum of ports, don’t set any files or directories with an execute but, and use one of the free/inexpensive CDNs with inbuilt WAFs (i used to use cloudflare for this purpose, but fastly and cloud front would be fine too) but but BUT what is your concern with security? what would happen if her poo poo got owned?
|
|
#
?
Jun 13, 2021 02:12
|
|
|
mystes posted:
that’s true but for 99% of sites 99% of their traffic is just reading static html that might change at most a few times of day so there’s really no compelling reason to make those pages dynamically generated on every view
|
|
#
?
Jun 13, 2021 02:14
|
|
|
Gentle Autist posted:if you stick to core and follow wordpress security feed and CVEs you will be fine just general responsibility, like not wanting her site to turn into a bitcoin miner or spam host or whatever
|
|
#
?
Jun 13, 2021 02:29
|
|
|
what kinda host is it running on?
|
|
#
?
Jun 13, 2021 02:31
|
|
|
Gentle Autist posted:that’s true but for 99% of sites 99% of their traffic is just reading static html that might change at most a few times of day so there’s really no compelling reason to make those pages dynamically generated on every view isn't that the point of like memcached?
|
|
#
?
Jun 13, 2021 03:13
|
|
|
memcached is just a k:v store, usually used to cache database queries you may be thinking of varnish which is a caching reverse proxy which works very well for this use case with that said, chucking some flat files on a web server is still gonna be a lot less complex and a lot more performant. you can chuck a cdn or varnish in front and that’s all you need. varnish/memcached and a dynamic site you have to have a full stack of one kind or another
|
|
#
?
Jun 13, 2021 03:49
|
|
|
Gentle Autist posted:memcached is just a k:v store, usually used to cache database queries despite working with it every day, I forgot varnishes name and haven't touched memcached since like 2014 lol but yeah, my understanding of the reverse proxy was it was pretty much to make it act more like flat files from a performance pov, tho obviously effectiveness is going to vary on just HOW dynamic your site is. I had one guy pissed that it gave him no benefits while having a dynamic clock on every page forcing it to update every second
|
|
#
?
Jun 13, 2021 04:11
|
|
|
RFC2324 posted:. I had one guy pissed that it gave him no benefits while having a dynamic clock on every page forcing it to update every second yeah this sort of poo poo is what makes it get complicated really quickly . there’s ways to use varnish and other reverse proxies to cache different page elements rather than whole pages but it’s really a ball ache and most people who think they need it either don’t or could make some minor application/content level tweaks instead
|
|
#
?
Jun 13, 2021 05:00
|
|
|
Gentle Autist posted:yeah this sort of poo poo is what makes it get complicated really quickly . there’s ways to use varnish and other reverse proxies to cache different page elements rather than whole pages but it’s really a ball ache and most people who think they need it either don’t or could make some minor application/content level tweaks instead unfortunately I work in hosting, and everyone wants it but no one wants to manage it, so people get all or nothing or, very rarely, pay someone enough to actually tune it, but those system also end up not being managed by operations support
|
|
#
?
Jun 13, 2021 05:23
|
|
|
CRIP EATIN BREAD posted:dont allow anything but tls1.2 and gently caress anyone who wants otherwise what’s wrong with tls1.3?
|
|
#
?
Jun 13, 2021 05:56
|
|
|
rjmccall posted:thanks. i think fully static site generation doesn’t work because she does want to run a shop there eventually (without actually touching money herself, of course). but being more static might be possible I think it should be possible to integrate a static site with a payment handler. might get difficult if she wants to have shopping carts but I would research gumroad maybe?
|
|
#
?
Jun 13, 2021 08:24
|
|
|
rjmccall posted:thanks. i think fully static site generation doesn’t work because she does want to run a shop there eventually (without actually touching money herself, of course). but being more static might be possible for a shop you might want to outsource that to something like Shopify or whatever and then you just need to link to products in the store from your site, so a static site could still work there. then it’s their responsibility to interact with whatever payment processor you choose so you just wait for the ka-ching sound on your phone and then go ship out an order. my wife runs a clothing store off Shopify and she doesn’t even have a separate site which links to the store, the entire thing including her non-store related pages are all hosted by Shopify.
|
|
#
?
Jun 13, 2021 08:59
|
|
|
I personally wouldn’t let Wordpress near any kind of payment processing beuges posted:for a shop you might want to outsource that to something like Shopify […] +1 for shopify. my dad runs a small business online selling physical goods and has been using shopify for at least 5 years. way, way way less loving around than self hosting Wordpress or whatever and I get to sleep at night knowing that even if some malicious JavaScript gets injected it’s not my problem to fix. decent enough CMS features and a way nicer purchasing experience than 15 rickety plugins all with their own lovely subscriptions.
|
|
#
?
Jun 13, 2021 09:11
|
|
|
rjmccall posted:thanks. i think fully static site generation doesn’t work because she does want to run a shop there eventually (without actually touching money herself, of course). but being more static might be possible so wpscan is open source and p standard, but it's more of a pen testing tool than a persistent scanner. it needs configuration to find certain vulns, some stuff it should find it will straight miss, the report it spits out is annoying to read through. you could set it up to run on intervals and send you to a report out of curiosity, but I would 100% echo the calls to Just Use Shopify if there's something involving payments
|
|
#
?
Jun 13, 2021 12:36
|
|
|
|
| # ? Jun 9, 2024 08:21 |
|
|
I'm sure you can set up wordpress to work with shopify in a safe way where wordpress doesn't have any control over anything, if nothing else by just embedding the shopify buy button, but then you're doing a lot more work than just using shopify alone.
|
|
#
?
Jun 13, 2021 13:02
|
|