Would you use an autistics only Social media platform?

[Suzanne]

I’m self diagnosed so it wouldn’t feel right joining an autistics only forum. Good idea, though. Your profile says you’re self diagnosed too. Are you thinking about making up a platform for someone else?

I am not official either, but that is only because it is not possible right now. But I do not feel a fraud at all, since I made it my goal to communicate with officially diagnosed female aspies and that sort of "proved" my "status", as it were.

 

[pjcnet]

I’m self diagnosed so it wouldn’t feel right joining an autistics only forum. Good idea, though. Your profile says you’re self diagnosed too. Are you thinking about making up a platform for someone else?

I agree with @Suzanne, you shouldn't let self diagnosis hold you back from accessing anything autism related, if you feel that you're on the autistic spectrum then that should be good enough and in my opinion a personal diagnosis can be more accurate than an NT "expert" diagnosis, you know yourself better than anyone.

 

[Voxsh]

Yes, I would

 

[Starfire]

I would too.

 

[Tom]

I would, but on the surface at least would still prefer a mixed forum. I have always enjoyed making connections with NTs, however brief. I have always felt I have 1 foot in each world and would not automatically like limiting myself to one.

 

[Kirsty]

I agree with @Suzanne, you shouldn't let self diagnosis hold you back from accessing anything autism related, if you feel that you're on the autistic spectrum then that should be good enough and in my opinion a personal diagnosis can be more accurate than an NT "expert" diagnosis, you know yourself better than anyone.

Exactly. Well said. I love it here in AC. It’s always been a place where I feel I fit in and share the same struggles in life and understand each other. Diagnosis or not, we are who we are. We just need that support from each other or to be heard and not expect much back.

I got assessed by a psychiatrist and she says I’m not NT. The process is taking a while. They have ruled out avoidance personality disorder, but whatever, I’m me. I know I need to make up my own boundaries, work on expectations, belonging, identity and coping mechanisms to make life a bit better.

 

[pjcnet]

I have reseller hosting so that's free and well protected with mod security, I'd use Cloudflare on top of that.

Wordpress as a platform with a membership plugin and probably Buddypress, locked down to private access.

Spam handling plugins, and my normal security stack.


I've built social platforms before using Lotus Domino and wondered why I was so interested in it, good at building it, but hated using it!

I'm not sure whether it's changed yet, but a year ago Wordpress was still using MD5 hashes which is insecure against dictionary / brute force attacks unless the members use extremely strong passwords, if you use Wordpress and it's still the same I highly recommend installing the bcrypt (uses Blowish) plugin which is the currently accepted level of security for hashing (you still need quite strong passwords no matter what is used however, it just takes on average a lot longer to dictionary attack / brute force bcrypt hashes making more secure passwords take an unreasonable amount of time to crack compared to many equivalent MD5 hashes). I'd also install a good enough CAPTCHA system that is hard for bots to bypass.

I agree that you need decent DDoS protection for any public website or online service these days, without it you could find your entire site / service brought down at any time and it's common to be null routed by your host until the attack is over (if it stops and I've known an attacker repeatedly DDoS attack every time the null routing is removed causing it to be reinstated again forever more leaving you at the mercy of the attacker). An OVH server or even better a value OVH reseller like So you Start is a good option on a budget. No DDoS protection is perfect, but from experience OVH DDoS protection is pretty powerful and it's included with all their plans. Cloudflare protection isn't then normally required as their decent DDoS protection isn't cheap at $200 a month which is suitable for most websites / servers that are hit by heavy attacks. You could still use the much cheaper $20 a month Pro plan just to hide your true IP address and provide some DDoS protection or even the free plan, but if you are hit by a large DDoS attack your service will be suspended with the recommendation to pay $200 a month to continue *** (if you are hit by very severe attacks repeatedly they can even start demanding a lot more for their Enterprise plan), I've heard of this often happening on their much cheaper Pro and free plan even though they state, "Unmetered Mitigation of DDoS" because only the expensive business plan goes further and also states, "Backed by a full SLA, Cloudflare DDoS experts will keep you online 24/7/365 no matter the size, type, or duration of attack", so in my opinion the way Cloudfare advertise their much cheaper Pro and free plan is misleading and are they're often used as a gateway to hopefully force customers to upgrade (especially the free plan, no profit making business truly wants to provide a service for nothing).

If you setup your own dedicated server or VPS there's also various security plugins you can install with your web server to help prevent DDoS attacks that attack the website directly, plugins include mod_evasive for Apache, and/or if people are feeling really brave there's the much more powerful ModSecurity as you've used yourself (I've set this up myself in the past to stop an actual attack), both as you most likely are aware are free and open source. I'd enforce strong passwords with upper and lower case and you want to regularly keep Wordpress + any plugins up to date as it reduces the risk of a hacker compromising the system in the first place and dumping your database (ModSecurity can optionally help too, but it's a balancing act as if you make it too aggressive it will start blocking normal users and there's no guarantee it will stop everything).

I've learnt from experience and from seeing so many other sites compromised that it pays to take security very seriously these days.

*** Edit: I've just read that Cloudflare's policy has changed recently so they are now supposed to protect even members on their free plan against DDoS attacks of any size without charging extra, however I am sceptical they will stick to this forever if they stick to this at all as otherwise no-one would ever need to pay a lot more, see Unlimited DDoS protection the new norm after Cloudflare announcement for the article. Cloudflare still doesn't properly forward all types of traffic however, it's fine for a standard website, but some other online services may not work (I've found this out from experience), so an OVH server is still my preferred option and you also don't have to trust a 3rd party that could change it's policy again at any time.

 

[kay]

Guess I'd being willing to try it. I like this forum but a place with only autistics would be nice, too. After all the rest of the world is designed for average and "normal" so it's time us oddballs (and I truly mean that in a positive way, not self depreciating) have a little space. And since I don't use FB, Instagram, Twitter, or whatever those things are I have a wee bit of time to try something new.

 

[Judge]

Is this a poll regarding website themes with exclusionary policies in general, or just a nebulous inquiry about whether or not people of this community would be apt to join another of a similar nature?

I do know of at least three such sites, though two of them no longer exist. Not sure about the third although it always had what appeared to be a rather low number of members. My impression so far is that independent "spin-off sites" don't seem to succeed for a variety of reasons.

 

[Beguiling Orbit]

Sure, I would join. The real question is would I use it? And I think NTs who are autism advocates are awesome and should be able to join it, @LucyPurrs.

 

[LucyPurrs]

Sure, I would join. The real question is would I use it? And I think NTs who are autism advocates are awesome and should be able to join it, @LucyPurrs.

Thanks so much! But I would respect any feelings that there needs to be a website just for aspies and other autistics if they felt this would be helpful or valuable. This site has been so great to me and it is enough.

 

[ksheehan88]

If you decide to go ahead, let me know, I'd be in

 

[Full Steam]

Is this a poll regarding website themes with exclusionary policies in general, or just a nebulous inquiry about whether or not people of this community would be apt to join another of a similar nature?

I do know of at least three such sites, though two of them no longer exist. Not sure about the third although it always had what appeared to be a rather low number of members. My impression so far is that independent "spin-off sites" don't seem to succeed for a variety of reasons.

No, autismforums.com is a forum platform. The site I'm talking about would be a social network.

The basic architecture is built around a central feed which people see updates out of based on interests and connections.

That's how Facebook works, and also twitter, and tumblr.

A social network is about personal connections more so than a forum.

The best way to think of this is as an interest specific Facebook, but with cleaner design.

Forums can be baked in to social networks, but are not the same.

As far as I know, nothing exists right now that is the same, otherwise I wouldn't be considering it..

 

[Full Steam]

I'm not sure whether it's changed yet, but a year ago Wordpress was still using MD5 hashes which is insecure against dictionary / brute force attacks unless the members use extremely strong passwords, if you use Wordpress and it's still the same I highly recommend installing the bcrypt (uses Blowish) plugin which is the currently accepted level of security for hashing (you still need quite strong passwords no matter what is used however, it just takes on average a lot longer to dictionary attack / brute force bcrypt hashes making more secure passwords take an unreasonable amount of time to crack compared to many equivalent MD5 hashes). I'd also install a good enough CAPTCHA system that is hard for bots to bypass.

I agree that you need decent DDoS protection for any public website or online service these days, without it you could find your entire site / service brought down at any time and it's common to be null routed by your host until the attack is over (if it stops and I've known an attacker repeatedly DDoS attack every time the null routing is removed causing it to be reinstated again forever more leaving you at the mercy of the attacker). An OVH server or even better a value OVH reseller like So you Start is a good option on a budget. No DDoS protection is perfect, but from experience OVH DDoS protection is pretty powerful and it's included with all their plans. Cloudflare protection isn't then normally required as their decent DDoS protection isn't cheap at $200 a month which is suitable for most websites / servers that are hit by heavy attacks. You could still use the much cheaper $20 a month Pro plan just to hide your true IP address and provide some DDoS protection or even the free plan, but if you are hit by a large DDoS attack your service will be suspended with the recommendation to pay $200 a month to continue *** (if you are hit by very severe attacks repeatedly they can even start demanding a lot more for their Enterprise plan), I've heard of this often happening on their much cheaper Pro and free plan even though they state, "Unmetered Mitigation of DDoS" because only the expensive business plan goes further and also states, "Backed by a full SLA, Cloudflare DDoS experts will keep you online 24/7/365 no matter the size, type, or duration of attack", so in my opinion the way Cloudfare advertise their much cheaper Pro and free plan is misleading and are they're often used as a gateway to hopefully force customers to upgrade (especially the free plan, no profit making business truly wants to provide a service for nothing).

If you setup your own dedicated server or VPS there's also various security plugins you can install with your web server to help prevent DDoS attacks that attack the website directly, plugins include mod_evasive for Apache, and/or if people are feeling really brave there's the much more powerful ModSecurity as you've used yourself (I've set this up myself in the past to stop an actual attack), both as you most likely are aware are free and open source. I'd enforce strong passwords with upper and lower case and you want to regularly keep Wordpress + any plugins up to date as it reduces the risk of a hacker compromising the system in the first place and dumping your database (ModSecurity can optionally help too, but it's a balancing act as if you make it too aggressive it will start blocking normal users and there's no guarantee it will stop everything).

I've learnt from experience and from seeing so many other sites compromised that it pays to take security very seriously these days.

*** Edit: I've just read that Cloudflare's policy has changed recently so they are now supposed to protect even members on their free plan against DDoS attacks of any size without charging extra, however I am sceptical they will stick to this forever if they stick to this at all as otherwise no-one would ever need to pay a lot more, see Unlimited DDoS protection the new norm after Cloudflare announcement for the article. Cloudflare still doesn't properly forward all types of traffic however, it's fine for a standard website, but some other online services may not work (I've found this out from experience), so an OVH server is still my preferred option and you also don't have to trust a 3rd party that could change it's policy again at any time.

Surely any encryption is insecure against brute force?

I use complex randomised user names and passwords for all admin accounts, and I use security plugins that lock ips after a certain number of failed attempts, and block fake crawlers and floods of connections.

Captcha is essential these days, but I've also used form honeypots with good results. Bots usually try to fill out all form fields, so if you create a hidden field and then delete any account which filled out the field you get rid of most spam accounts. Captcha can be defeated by human spam services.

I'll check into OVH, thanks. My strategy with Cloudflare was always that by the time DDoS becomes a major problem, you'll already be making revenue to cover their charges. No one attacks small sites with DDoS, unless politically motivated.

Regarding vps and dedicated, again I would start with reseller and scale once I needed to. I've jumped in to a vps too early before and regretted it. While the tech advantages are significant, the business advantages are barely existent in the short term.

My back ground is severs as well, although windows Intel, and a production vps was too much for me, even though I run opensuse on the desktop now. Sounds like you are Linux. Are you mostly into web servers?

 

[pjcnet]

Surely any encryption is insecure against brute force?

I use complex randomised user names and passwords for all admin accounts, and I use security plugins that lock ips after a certain number of failed attempts, and block fake crawlers and floods of connections.

Captcha is essential these days, but I've also used form honeypots with good results. Bots usually try to fill out all form fields, so if you create a hidden field and then delete any account which filled out the field you get rid of most spam accounts. Captcha can be defeated by human spam services.

I'll check into OVH, thanks. My strategy with Cloudflare was always that by the time DDoS becomes a major problem, you'll already be making revenue to cover their charges. No one attacks small sites with DDoS, unless politically motivated.

Regarding vps and dedicated, again I would start with reseller and scale once I needed to. I've jumped in to a vps too early before and regretted it. While the tech advantages are significant, the business advantages are barely existent in the short term.

My back ground is severs as well, although windows Intel, and a production vps was too much for me, even though I run opensuse on the desktop now. Sounds like you are Linux. Are you mostly into web servers?

I was a sysop for a while on a busy server running Debian 7, Apache with website including forum, SQL, an IRC and lets say a filesharing service, but it shut down due to legal issues (I wasn't the actual owner however, although due to my presence some people thought I was). I am thinking of renting a private server myself soon and I have a few things in mind, but due to the changes in the legal climate in more recent years it won't involve filesharing or anything else that could possibly bring me legal issues, especially since this would be in my name.

 

[Full Steam]

I was a sysop for a while on a busy server running Debian 7, Apache with website including forum, SQL, an IRC and lets say a filesharing service, but it shut down due to legal issues (I wasn't the actual owner however, although due to my presence some people thought I was). I am thinking of renting a private server myself soon and I have a few things in mind, but due to the changes in the legal climate in more recent years it won't involve filesharing or anything else that could possibly bring me legal issues, especially since this would be in my name.

Not Mr dot.com?



Do you have any recommendations for social network platforms?

I have a license for social engine, but not used it in years. Drupal was supposed to be the best last I heard, but I have no skill in that, and no time to learn.

 

[Beguiling Orbit]

@Full Steam, have you selected a domain name yet? If not, would you be willing to entertain ideas from the community?

 

[Full Steam]

@Full Steam, have you selected a domain name yet? If not, would you be willing to entertain ideas from the community?

I have a working name which is quite good, but I've not registered it yet as it's not that cheap.

We could do better maybe.

The reason I didn't throw it open before is the possibility of cyber squatters taking the domain name - that happen a lot.

If anyone has any ideas, feel free to post them - I'll keep mine secret for now.

If you have an idea you can check the domain name here; Domain Names - Cheap Domain Names | Namecheap.Com

A great name is nothing without a great domain name for internet properties.

 

[Beguiling Orbit]

I thought of socialeyes.com. It's a nod to our challenges with maintaining eye contact. It's registered, but a WHOIS search reveals that it will expire soon.

 

[pjcnet]

Not Mr dot.com?



Do you have any recommendations for social network platforms?

I have a license for social engine, but not used it in years. Drupal was supposed to be the best last I heard, but I have no skill in that, and no time to learn.

Nope it wasn't Mr dot.com.

I've briefly looked at Joomla once, it's appears to be more versatile and powerful than Wordpress with masses of plugins available for social media and just about anything else, although it maybe a little more difficult as Wordpress is particularly easy. It's still MUCH easier than trying to start from scratch however with nothing, that would be a mammoth task, and in a lot of ways unnecessary as even if you needed something totally custom you can still add / change code yourself.

PS: There is commercial plugins as well however like JOMSOCIAL for instance which isn't exactly cheap with the cheapest licence at $99, but it is highly rated if you are serious about it. A free one is EasySocial, but there is more.