

Sounds like a reasonable set of options!
Konform Browser and other bits and bobs.


Sounds like a reasonable set of options!


If you work for a company or own the company you are still making a self- promotional post for a company, and the rule applies.
So if the exact same post is posted by a friend instead it’s suddenly accepted? Why is self-promo meaningfully less desired than third-party-promo if they have similar results?
You seem to be vastly in the minority.
Might be! That one’s framed as just personal preference and not policy suggestion because I don’t think “allow all things I like and ban everything I don’t” makes for good governance ;)
So a more restrictive rule?
More restrictive in one sense (what content and what’s ok to “promote” for) but more allowing in another (you can talk about something even if you are involved or associated).


Thank your for replying, this is encouraging and sounds like moderation of this community is shaping up.
Whichever side the ruling falls I think that feedback channel would be very good. Just having a way for a submitter to ask from mod(s) why the submission was targeted might be the difference between them turning into a great contributor vs either just leaving or starting to play circumvention games (in especially bad cases turning into antagonistic trolls). Speaking from how I’ve seen those dynamics play out in other communities.


deleted by creator


Thank you for thoughtful engagement!
I think that becomes even more problematic. Why is it better that I shill for a company I’m getting kickbacks from (some VPN providers excel at this game) rather than one I’m responsible for? Besides, this just lead to submarining (“viral marketing” is an entire industry!) and people pretending to “have just stumbled across this project, what do you guys think?” or being “just a happy customer”… And to some extent t becomes a game of social status, where well-connected people can just ask their friends to post on their behalf.
Judge the message and topic, not the messenger (as long as they are human acting in good faith and not “written with help by AI”, obv).
Besides of those issues, my personal preference would be to keep the focus on self-hosting. So talk of hardware or shipped software might be on-topic but not service providers. There are plenty of places to discuss cloud-hosting, VPNs, which PaaS is best, or whatnot.
And I would actually be much more interested in seeing a post from a founder talking about things their company is doing relevant to self-hosters, vs yet another post of “which provider is best right now and what do you use?” or “Company X currently has a sale/launched product Y”.
While it might filter out some good stuff, I would be all for a ban of any promotion of commercial or proprietary products and services alltogether but allow for self-hostable and in particular FLOSS stuff (where I guess some carve-out or clever formulation could be made to allow for commercial but self-hostable software - either stance on that one seems fine to me).


I would like some clarity on general apparent self-promotion of open source projects as well. As in, points 1-4 don’t apply and 5 depends on your definition of “advertisement”.
I’m bringing this up because I (once) previously attempted to share a project1 I maintain on here. I did take some effort to include some context and discussion points for selfhosters in order to make it more tailored and stay safe on Rule 3. It was quickly removed by mod. I tried reaching out to one of the mods to try to understand what was wrong. They were friendly and said they weren’t involved and would forward to the relevant people and since then I haven’t heard back. It would be very helpful to be able to get some feedback on why submission was removed so we can learn how future submission attempt could be improved (or abandoned).
1: FLOSS, no commercial or otherwise proprietary parts or relations, no slop or clank in the process


Sounds frustrating and I can see how that can be confusing. Had similar peeves with other imposed limitations that initially drove motivation of developing this project so can relate!
While we have to recognize that there is inherent conflict in expectations of “browser doesn’t disclose my location” and “website knows my timezone” and that Konform Browser will continue defaulting to privacy, you highlight gap in UX and user control that I agree can be improved on. Shouldn’t be too much work to add more make more discoverable selective settings UI for this too in a future release.
There’s some other aspects that often play into this particular scenario and can vary per site:
Try being a part of a team in multiple timezones, some of which follow Daylight Savings Time (from different dates) and some not. Now schedule a recurring weekly meeting for the same time and coordinate that over chat. This is just inherently messy. Communicating this properly in UI is subtle and confusion like the one you described often arise when webapp developers assumptions and user assumptions don’t align. Some even say we should do away with timezones alltogether.
1: Someone even made list of lists of falsehoods programmers believe about time


If you’re talking about Librewolf’s “resist fingerprinting”:
To set the record straight, ResistFingerprinting was originally developed by Tor Browser developers, and is for some time now part Firefox (and therefore all forks) behind the privacy.resistFingerprinting (“RFP”) preference. So credit there goes to those devs, Tor Projectt, ad Mozilla. Konform Browser and Tor Browser have this on by default. There is also the related more recent and complex privacy.fingerprintingProtection (“FPP”) system. LibreWolf has historically been on RFP too - I’m not up to date if that’s still the case or if they’ve migrated over to FPP yet as I understand that is the intention of maintainers. The difference between the two is more than I bear to explain here and a bit of a rabbit hole x)


Hm, could you be more specific exactly what your issue is, and what behavior you are expecting? It sounds like you could be referring to this: https://bugzilla.mozilla.org/show_bug.cgi?id=1364261
There is a workaround mentioned at the bottom of that thread which should have the same result on all three browsers (and sounds like what you want, except having to disable ResistFingerprinting?). Just like for the forced-light-theme, I think it can make sense to provide a more convenient and obvious way to change the timezone without having to impact the other privacy protections. Might take a look at that but most likely after ESR153.0 is out of the way. If I read you right: Do you expect to be able to toggle this per-site, or would you be satisfies with a global toggle similar to the one we already have for allowing dynamic themes under RFP?


Thanks! Would be great to hear your thoughts and experience after trying it out, if you do! BTW, I keep fishing for feedback not just because I like hearing user stories but also since with no telemetry (or a qa team; lol), user reports become that much more valuable in development, catching issues and better understanding the UX ^^


But can it fool creepjs?
What does that mean for you, exactly? I know that there is a lot of different ideas out there on how to interpret these results and what “good” means so would be helpful to know what your expectations are to give meaningful answer to such question.
Anyway, I just tried running the test at creepjs.org and this is result: Test hangs at “57/58: Currently collecting: Private Click Measurement complete”, with no errors in the js console.
Having compared results with some other fingerprinting suites previously, default settings should give plausible fingerprint corresponding to user base of existing browser. Only Cloudflare seems to hate it: Turnstile on sites in strict mode currently often throw a redirect loop when their troubleshooting tool says all is fine. Is that because fingerprinting protection “works to good” or is broken? You tell me!
I would appreciate an outside and less biased review, comparison or benchmark on stuff like this! Want to try and report back?


It’s that time again!
Relevant for AUR users this time, there is a regression with rustc 1.951 affecting both releases. So those building from source will need to either:
firefox and konform-browser2 have upstream patch ported for RR and ESR, respectively.Removing ac_add_options --enable-rust-simd from mozconfig might also be a workaround.
1: Which is what Arch currently ships.
2: Only fork delivering the security fixes from this monthly security release as of writing.


A dedicated Forgejo instance f.example.com.
For a small set of trusted “base” images (e.g. docker.io/alpine and docker.io/debian): A Forgejo Action on separate small runner, scheduled on cron to sync images to f.example.com/dockerio/ using skopeo copy.
Then all other runners have their docker/podman configuration changed to use that internal forgejo container registry instead of docker.io.
Other images are built from source in the Forgejo Actions CI. Not everything needs to be (or even should) be fully automated right off. You can keep some workflows manual while starting out and then increase automation as you tighten up your setup and get more confident in it. Follow the usual best practices around security and keep permissions scoped, giving them out only as needed.
Git repos are mirrored as Forgejo repo mirrors, forked if relevant, then built with Forgejo Actions and published to f.example.com/whatever/. Rarely but sometimes is it worth spending time on reusing existing Github Workflows from upstreams. More often I find it easier to just reuse my own workflows.
This way, runners can be kept fully offline and built by only accessing internal resources:
Same idea for npm or pypi packages etc.
Set up renovate1 and iterate on its configuration to reduce insanity. Look in forgejo and codeberg infra repos for examples of how to automate rebasing of forked repo onto mirrors.
I would previously achieve the same thing by wiring together more targeted services and that’s still viable but Forgejo makes it easy if you want it all in one box. Just add TLS.
1: Or anyone have anything better that’s straightforward to integrate? I’m not a huge fan of all the npm modules it pulls in or its github-centric perspective. Giving the same treatment to renovate itself here was a little bit more effort and digging than I think should really be necessary.


This comment and its support is baffling to me. How is this not obvious to professionals?
haven’t seen any uptick in issues lately that makes me more worried about browser updates than like 5 years ago.
Then you have not been paying attention and I urge you to start doing so!
Blogs:
https://www.malwarebytes.com/blog


Is there something particular going on or that has occurred to make you say this? Wondering what I’m missing.
Not one thing in particular but a general trend driven by several factors. Things recently have, are, and will continue to heat up.
For one, past few months a few significant supply-chain attacks have been hitting popular developer tooling and libraries used for web development. As devs get compromised, this will “trickle down” to users.
For two, as stakes are rising, devs are burning out and the economy is shifting, crap like this is just considered “Monday” now. Already been common with browser addons for a while now.
As for browser themselves, take a closer look at release notes and changelogs (for forks, go to upstream). Note the number and severity of addressed issues and update frequency.
Adoption and evolution of LLMs also tie into this in multiple ways. Others have written in length about this. If there is one thing doomers and hypers agree on, it’s this.
Oh, and be careful with archive links.


deleted by creator


deleted by creator


The Lemmy community is broadly 50:50 on their support for said calls for the violence.
There’s astroturfing. Careful with judging community vibes by obviously votes but also comments.
There is more to “The Lemmy community” than what’s on display on .ml.
Even so, it does not follow that this community should provide that commercialization venue. If you want me involved in solving your business problems or monetization strategy, we should discuss terms and rates first.