Stories
Slash Boxes
Comments

SoylentNews is people

posted by NCommander on Friday March 14 2014, @06:44AM   Printer-friendly
from the timebombs-are-exciting dept.
We had an hour or so or downtime today. After debugging, the root cause came from the SSL certificates we use to establish a database connection from the webserver to the actual DB. As a prelude GoLive, we migrated from unencrypted connections to encrypted connections as we have to cross the Linode internal LAN. In an attempt to improve data security, we generated a set of SSL certificates and used those to encrypt the MySQL connections. In the flurry of golive, no one thought to check the expiry date on said certificates. Out of the box, OpenSSL generates certificates with a one month expiry unless manually changed.

As you might expect, one month later, the certificates expired, and the database stopped accepting remote connections. New certificates were generated with a ten year expiration, and we continue to work towards better documenting our internal processes on the wiki to prevent this sort of thing from happening again. Apache, and slashd are running again, and we appear to be back to status-quo in terms of site operation.

A full incident report will be written up and posted to the wiki in the next few days.
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by carguy on Friday March 14 2014, @06:58AM

    by carguy (568) Subscriber Badge on Friday March 14 2014, @06:58AM (#16186)

    Better set up your calendar for 2024 and mark this day as certificate renewal!
    Here's hoping that SN (or successors) are still going strong in 10 years.

    • (Score: 2) by NCommander on Friday March 14 2014, @07:32AM

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 14 2014, @07:32AM (#16198) Homepage Journal

      Hopefully we'll be around long enough so this will be a problem again :-)

      --
      Still always moving
    • (Score: 3, Funny) by davester666 on Friday March 14 2014, @07:43AM

      by davester666 (155) on Friday March 14 2014, @07:43AM (#16204)

      or do something crazy like replace them after only 9 years. I originally was going to say 8, but I know how expensive these things are.

      • (Score: 3, Insightful) by juggs on Friday March 14 2014, @07:55AM

        by juggs (63) on Friday March 14 2014, @07:55AM (#16209) Journal

        Well not really if all you are doing is generating your own OpenSSL certs / keys etc. for internal LAN work (which is all application to DB requires). It's only when you start to involve external CA's that things get expensive.

        With all the revelations about NSA et al. capabilities for MITM / Man to the side etc. infiltration, I'm starting to think I trust self-signed certs more than CA verified ones regardless of whether that gives me a lovely warm green "enhanced verified" in the browser or throws up scary warnings. Have you bothered to check the root certs that your browser accepts as kosher? It's generally a very long list.

        • (Score: 5, Informative) by NCommander on Friday March 14 2014, @08:25AM

          by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 14 2014, @08:25AM (#16225) Homepage Journal

          We're using self-signed certificates at the moment with strict checking to prevent MITM since we're traversing a non-secure network for database lookups. At the moment, since this is a VPS, nothing prevents the NSA from warrenting Linode and getting direct access to the nodes. For the moment, we're staying with Linode for the foreseeable future, *but* I'd like to get us self-owned hardware which gives us control and/or knowledge of such things.

          One thing at a time though ...

          --
          Still always moving
          • (Score: 4, Insightful) by juggs on Friday March 14 2014, @09:36AM

            by juggs (63) on Friday March 14 2014, @09:36AM (#16247) Journal

            Self owned hardware in a hired rack in a DC is no better than VPS in reality.

            Little black box is little black box, they get inserted all over the place in DCs and co-mingling areas - expect no privacy posting to any kind of "online" internet resource.

            Maybe we should approach this as "spoon boy" ala The Matrix - it is not privacy that breaks, there is no privacy. there never was, it is only our belief that there once was privacy that makes it existant to the extent we try to protect it. Realise privacy does not and never has existed. Only when we realise no such thing existed can we move forward to create it. We have the intellectual wherewithal to create it but first we must accept we failed to create it last time around.

        • (Score: 2) by FatPhil on Friday March 14 2014, @10:21AM

          by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Friday March 14 2014, @10:21AM (#16262) Homepage
          I do trust self-signed certificates more than I do ones signed by third parties.

          With self-signed certs, you only need to trust one party. With CA's you need to trust 2. Or sometimes more.

          The only CA authority I trust is Honest Achmed. How can you not trust someone whose uncle makes such a great shish kebab!
          --
          Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
          • (Score: 2) by NCommander on Friday March 14 2014, @12:14PM

            by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 14 2014, @12:14PM (#16296) Homepage Journal

            Curious on your thoughts of CACert then ...

            --
            Still always moving
            • (Score: 3, Insightful) by FatPhil on Friday March 14 2014, @01:17PM

              by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Friday March 14 2014, @01:17PM (#16339) Homepage
              I don't trust them! I don't trust anyone, basically. No reason to.
              Certs issued by them? I don't trust them, basically. No reason to.

              Well, there are reasons to - namely the web of trust that they maintain. The fact that they use web-of-trust rather than tree-of-trust makes me instantly more in favour of them than the current mainstream CA fiasco. But I probably don't trust anyone in that web of trust.
              --
              Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
        • (Score: 0) by Anonymous Coward on Friday March 14 2014, @05:52PM

          by Anonymous Coward on Friday March 14 2014, @05:52PM (#16533)

          I trust my self signed certs more than external CAs

  • (Score: 2, Interesting) by crutchy on Friday March 14 2014, @07:07AM

    by crutchy (179) on Friday March 14 2014, @07:07AM (#16187) Homepage Journal

    For those of us who aren't professional IT wizards, what's the reason for having the Soylent database set up on a different server?

    • (Score: 5, Informative) by Fluffeh on Friday March 14 2014, @07:14AM

      by Fluffeh (954) Subscriber Badge on Friday March 14 2014, @07:14AM (#16191) Journal

      Much of the time on a small setup, they are one and the same - but when you start going to a system with multiple webservers, the database is kept on a separate box to have data consistency much easier to manage. The front end does a lot of the heavy lifting in terms of page generation etc, while the database simply feeds either system as needed.

      A lot of the time, outside of web pages, a database simply sits on a separate server simply so that there can be a few different database instances all running off the same server and applications connect to it as needed.

      • (Score: 1, Interesting) by crutchy on Friday March 14 2014, @07:16AM

        by crutchy (179) on Friday March 14 2014, @07:16AM (#16192) Homepage Journal

        Thanks Fluffeh.

        In that case, how many webservers is Soylent hosted on?

        • (Score: 3, Informative) by NCommander on Friday March 14 2014, @07:31AM

          by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 14 2014, @07:31AM (#16197) Homepage Journal

          One at the moment. We've been meaning to address this now that we've got the linode situation resolved, though in this case, it won't have actually fixed crap since this was the wwwDB interchange that went snap. This setup was done mostly so we could relatively easy spin up new instances.

          --
          Still always moving
          • (Score: 0) by crutchy on Friday March 14 2014, @07:33AM

            by crutchy (179) on Friday March 14 2014, @07:33AM (#16199) Homepage Journal

            ah ok. cool. thanks NC :-)

          • (Score: 2) by Fluffeh on Friday March 14 2014, @10:57AM

            by Fluffeh (954) Subscriber Badge on Friday March 14 2014, @10:57AM (#16269) Journal

            Hey, been curious, I see your ID as 2, I would have thought that Barabas would have been 1, but he was 22. Is 1 a special ID for the code/site or is there a sneaky little monkey that got in before you and nabbed the number 1 ID in the database before you managed to complete registration?

            • (Score: 1) by NickFortune on Friday March 14 2014, @11:24AM

              by NickFortune (3267) on Friday March 14 2014, @11:24AM (#16281)

              Never mind one; who got zero? ;)

            • (Score: 1) by cmn32480 on Friday March 14 2014, @12:07PM

              by cmn32480 (443) <reversethis-{moc.liamg} {ta} {08423nmc}> on Friday March 14 2014, @12:07PM (#16292) Journal

              I believe that bastard Anonymous Coward cheated us all out of UID 1.

              --
              "It's a dog eat dog world, and I'm wearing Milkbone underwear" - Norm Peterson
            • (Score: 5, Informative) by NCommander on Friday March 14 2014, @12:09PM

              by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 14 2014, @12:09PM (#16293) Homepage Journal

              It's actually due to a bitrot in Slash. When slash was coded, you could assign negative UIDs to autoincrement fields, so the AC was -1, and the first user (Taco) was 1. I'm not sure if zero was used in early slash. Around MySQL 3.x, that behavior became invalid, so the AC migrated to 666 on the other site, and auto_increment would start at 0. Somewhere in the 4.x days, auto_increment changed again, and starts at 1. The database layer used by Slash is "special" for all the wrong reasons, including efforts by VA Linux to port us to Oracle, some attempts to post slash to postgresql (which I wish worked, I much prefer that to MySQL).

              As of right now, the AC has UID #1, and I have the lowest registered UID (as it was created automagicly by install-slashsite). While it wasn't by design, I think its kinda fitting. The most important people on the site are the users, and thus the AC being UID #1 represents that view. In theory, you can have a UID of 0, but MySQL doesn't *really* like that (and causes issues if you don't dump/reimport the database with exactly the right options with mysqldump).

              I did try and modify slash to grab UID 1 for myself (2 is not my favourite number), but eventually decided it was for the best. Of the 9 single digit UIDs, one of them is a test account, and perhaps when we have our tenth anniversary, we'll auction off UID #6. Accounts 1-100 represent people who had access from before golive (I think there are a few past 100 that are included on this), but we had to get the moderation system tested, so we basically grabbed a ton of people from ##altslashdot to test.

              --
              Still always moving
              • (Score: 2, Funny) by Random2 on Friday March 14 2014, @03:00PM

                by Random2 (669) on Friday March 14 2014, @03:00PM (#16413)

                Wait, you're telling me I'd have to compete with AC for the preferred ID number? Well there goes that opportunity...

                --
                If only I registered 3 users earlier....
            • (Score: 3, Informative) by mechanicjay on Friday March 14 2014, @12:18PM

              by mechanicjay (7) <mechanicjayNO@SPAMsoylentnews.org> on Friday March 14 2014, @12:18PM (#16299) Homepage Journal
              Anonymous Coward is UID 1 and is setup as part of the initial Slash install. Though that changed at some point in Slash's history, as AC was referenced as UID 0 in some spots. This caused a bunch of issues when first trying to spin up SN as some modules expected AC to be UID 0, others expected UID 1. I honestly think the dev team could write a really interesting post about all the stuff that went boom and went fixed in the 10 or so days it took us to get the site running. Really, that was just one of the challenges that was met in trying to rehab an abandoned code base on a tight schedule.

              Disclaimer: Memory is fuzzy from those first days, someone should correct me if the above is wrong.
              --
              My VMS box beat up your Windows box.
              • (Score: 1, Insightful) by Anonymous Coward on Friday March 14 2014, @01:39PM

                by Anonymous Coward on Friday March 14 2014, @01:39PM (#16356)

                I honestly think the dev team could write a really interesting post about all the stuff that went boom and went fixed in the 10 or so days it took us to get the site running.

                The dev team SHOULD have documented everything as a matter of process. If that hasn't been done yet, then it must be done soon before memories fade. That information is not just of historical interest, but would also help future troubleshooting.

      • (Score: 1) by CoolHand on Friday March 14 2014, @12:18PM

        by CoolHand (438) on Friday March 14 2014, @12:18PM (#16302) Journal

        There are also many other reasons to keep separate services on separate servers, including but not limited to ease of management, security, resource contention, etc..

        --
        Anyone who is capable of getting themselves made President should on no account be allowed to do the job-Douglas Adams
  • (Score: 3, Insightful) by GungnirSniper on Friday March 14 2014, @07:07AM

    by GungnirSniper (1671) on Friday March 14 2014, @07:07AM (#16188) Journal

    If NCommander hadn't been on IRC, what would have been the appropriate staff response?

    • (Score: 3, Funny) by crutchy on Friday March 14 2014, @07:11AM

      by crutchy (179) on Friday March 14 2014, @07:11AM (#16189) Homepage Journal

      If NCommander hadn't been on IRC, what would have been the appropriate staff response?

      bacon++

    • (Score: 5, Informative) by NCommander on Friday March 14 2014, @07:29AM

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 14 2014, @07:29AM (#16196) Homepage Journal

      *cough*

      This was a problem identified during the last crisis (aka yesterday) that we don't have much in terms of "OH SHIT" plans, and we were discussing it on the staff mailing list when THIS happened. The honest truth was we got lucky. I literally woke up five minutes before the site soyled itself. Theoretically, all staff who are on dev and sys should be able to access to the boxes via SSH. The master linode account can only be accessed by myself and robind. In practice, this is only true for the web and services box, the database node is more locked down.

      Compounding the issue was slash gives a useless error message when DBIx::Password fails to connect (ASN: time is in the past!), which means unless you knew in advance we were using self-signed certificates, *and* you knew OpenSSL's expiry behavior, there was no obvious sign that this was the issue. Parts of the infrastructure are simply not documented properly, and we've got a staff effort to get everything slash related on the wiki, but we hadn't finished that by time this clusterfuck happened.

      We've been in crunch mode for the last week, and I've technically been on vacation (and in Asia on an itinerary that was mostly set in place before I was ever involved with SoylentNews). Things fell through the gaps, and we got bit in the ass. The only saving grace here is this happened during non-peak hours on the site, but it shouldn't have happened, and my failure to document the full slash setup during private beta compounded it. I return to the United States on Sunday, and then everything I know about Slash is going on the wiki so if I am unavailable, this *won't* be a problem.

      Once we have the emergency plan fully hammered, it will be on the wiki, and a post will go up here on the site so the jury can review it and poke the obvious holes in it.

      --
      Still always moving
      • (Score: 3, Funny) by frojack on Friday March 14 2014, @08:06AM

        by frojack (1554) on Friday March 14 2014, @08:06AM (#16216) Journal

        First time I genned my own cert (for a similar purpose) I made the same mistake.
        Luckily, I had three different sites to set up, discovered it while doing the third one.
        With less than a week left, I revisited the other sites, and bluffed my way back in for "security upgrades".

        --
        No, you are mistaken. I've always had this sig.
      • (Score: 1) by yarp on Friday March 14 2014, @08:24AM

        by yarp (2665) on Friday March 14 2014, @08:24AM (#16224)

        If it makes you feel any better, Steam was down for what seemed like frickin' ages yesterday.

      • (Score: 2) by juggs on Friday March 14 2014, @08:31AM

        by juggs (63) on Friday March 14 2014, @08:31AM (#16229) Journal

        In short - teething pains.

        I'm sure you guys will outgrow them, it's been a very fast journey down a very rough road you've done well to get to where you have so soon, applaud yourself for your successes so far rather than dwell on the negatives, just put in place methods to prevent them happening again and move on.

        Obligatory car analogy:-
        You're put into the driving seat of a WRC (World Rally Championship) car at the starting line of a 30Km gravel stage having never driven on a loose surface, or anything so feisty as a WRC car. The countdown is already at 1 second, your co is shouting something incoherent into your earpiece along the lines of "Go! Go! Go! And in 60 5 left then over crest 4 right then 20 2 right through gate then 100 4 left opening to 6 left 400 CAUTION jump into 1 right 20 and into 1 right over crest to 4 left"

        Well if you survived that without hitting a tree you did well as that was just 20 seconds into the stage. Reality is you already hit a tree, lots of them.

        I think the lack of trees hit so far is laudable.

        • (Score: 2) by NCommander on Friday March 14 2014, @08:33AM

          by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 14 2014, @08:33AM (#16230) Homepage Journal

          To be honest, it was nice to have a crisis right now that was completely technical than the recent drama. Really says the state of recent events that I can say that with a straight face.

          --
          Still always moving
          • (Score: 2) by Reziac on Saturday March 15 2014, @05:04AM

            by Reziac (2489) on Saturday March 15 2014, @05:04AM (#16751) Homepage

            Is this why yesterday I got the "503 guru meditation varnish cache" gibberish?

            Very glad too that it was just a technical glitch and not anything Dreadful.

            --
            And there is no Alkibiades to come back and save us from ourselves.
            • (Score: 2) by NCommander on Saturday March 15 2014, @12:01PM

              by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Saturday March 15 2014, @12:01PM (#16810) Homepage Journal

              Yeah. Apache (due to mod_perl) shat itself when the database went away, so Varnish started complaining about guru meditation due to ENOBACKEND

              --
              Still always moving
      • (Score: 1, Funny) by Anonymous Coward on Friday March 14 2014, @09:54AM

        by Anonymous Coward on Friday March 14 2014, @09:54AM (#16252)

        before the site soyled itself.

        Ah, now I understand the name "SoylentNews" ... ;-)

      • (Score: 1) by Magic Oddball on Friday March 14 2014, @11:08AM

        by Magic Oddball (3847) on Friday March 14 2014, @11:08AM (#16271) Journal

        Yikes -- thank you for working on this through vacation, let alone while in a totally different part of the world from most (all?) of us.

        The thing to keep in mind during the "oh SHIT" moments is that most (if not all) of the visitors here have the basic knowledge needed to have realistic expectations. :-)

        Adding after a preview: any odd characters alongside spaces in my posts are because of some odd bug in Slashcode that evidently only my system sets off.

        • (Score: 4, Informative) by NCommander on Friday March 14 2014, @12:12PM

          by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 14 2014, @12:12PM (#16294) Homepage Journal

          The distortion is due to Slash's blasted UTF-8 bitrot. We enabled it during testing, but it was buggy. There's no "off" switch for UTF-8, so my guess is whatever magic the other site never got committed to the public branch, as there's no filter that I can find in the public codebase. Fixing UTF-8 to work properly remains on the TODO, but at least it semi-works if you're careful.

          And yeah, my travel schedule was epically ill timed. The management handover happened while I was at a conference in Macau, so I've been running around like a chicken without a head.

          --
          Still always moving
          • (Score: 2) by Pslytely Psycho on Friday March 14 2014, @06:16PM

            by Pslytely Psycho (1218) on Friday March 14 2014, @06:16PM (#16547)

            "so I've been running around like a chicken without a head."

            Should we start calling you Mike then?

            so I've been running around like a chicken without a head.

            --
            Alex Jones lawyer inspires new TV series: CSI Moron Division.
          • (Score: 2) by zigbigadoorlue on Friday March 14 2014, @07:59PM

            by zigbigadoorlue (1092) on Friday March 14 2014, @07:59PM (#16605)

            Good gracious you all are doing a lot of good work for free (and on your vacation!). Do you have a full time job in addition to running this marvelous and confounded site? You all are doing an excellent job particularly as you are currently not getting payed for any of it. Thanks for all that you've given this community.

            • (Score: 2) by NCommander on Saturday March 15 2014, @02:04AM

              by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Saturday March 15 2014, @02:04AM (#16722) Homepage Journal

              I can't speak for anyone else, but I work full time in FOSS technologies. This vacation was setup before I was involved with SoylentNews, which has caused me a lot of grief in hindsight (but then again, hindsight is always 20/20). I've been trying to manage to site, my sanity, and a crazy travel schedule all at once, but I've cleared out my schedule until September to try and get the business side of things assembled.

              --
              Still always moving
    • (Score: 0) by Anonymous Coward on Friday March 14 2014, @01:24PM

      by Anonymous Coward on Friday March 14 2014, @01:24PM (#16343)

      Do the unwashed masses aka the 'audience' also get to use the Red Phone? I guess it could cause crying wolf problems but sometime it might come handy too.

  • (Score: 5, Insightful) by Anonymous Coward on Friday March 14 2014, @07:46AM

    by Anonymous Coward on Friday March 14 2014, @07:46AM (#16207)

    Seriously?

    Every True Nerd knows that the only way to write a date is yyyy-mm-dd.

    • (Score: -1, Flamebait) by Anonymous Coward on Friday March 14 2014, @07:56AM

      by Anonymous Coward on Friday March 14 2014, @07:56AM (#16210)

      Is it because I am a lowly 4 digiter that I never get any mod points?

      • (Score: 5, Informative) by NCommander on Friday March 14 2014, @08:20AM

        by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 14 2014, @08:20AM (#16222) Homepage Journal

        I believe at the moment, its limited to the 80% oldest UIDs in the database. The Mod QA keeps falling lower and lower on my TODO list ...

        --
        Still always moving
        • (Score: 1, Interesting) by Anonymous Coward on Friday March 14 2014, @01:01PM

          by Anonymous Coward on Friday March 14 2014, @01:01PM (#16321)

          Three questions:

          1. I was forced to log out or switch browser in order to post anonymously. Could you add back a checkbox 'post anonymously'? It would be a very handy feature.

          2. My very first post to this site was modded down once (flamebait), so my karma is at -1 now. My other posts received no moderation. Is it really a good idea to punish me for that one downmod I received? All my posts now start at score 0, which means that the odds of them getting noticed and modded up are a lot smaller. So it would be difficult to improve my karma again. Could you lower the setting for the punishing to something less than -1 please? Now anyone who has an unlucky bad start like me is going to have a difficult time crawling out of that 'bad karma' hole again. (I had excellent karma on that other site, btw.) And the other way around also requires karma to be a lot higher than just 1 to have new posts start at score 2.

          3. Now that we are talking about feature requests... It would be nice to force all posts to be visible to someone who has modpoints. I remember seeing the text "browse at -1 to watch for abuse" from the other site. So I would like the visibility/collapsing thresholds to be applicable only to someone who does not have modpoints at the time of viewing the page. Or you could provide a separate configurable threshold setting for use in modpoints mode. It's not very logical for someone with modpoints to browse at +3 or something. Unless he doesn't intend to use the modpoints at all, of course.

          Thanks!

          • (Score: 4, Interesting) by Open4D on Friday March 14 2014, @02:14PM

            by Open4D (371) on Friday March 14 2014, @02:14PM (#16384) Journal

            ... log out or switch browser in order to post anonymously.

            Or in Firefox, do Ctrl-Shift-P

             

            Could you add back a checkbox 'post anonymously'?

            As I type this, I can see the "Post Anonymously" box just below, just to the right of the "No Karma Bonus" box. I tested that it works here [soylentnews.org].

             

            It would be nice to force all posts to be visible to someone who has modpoints.

            Interesting idea. Not just having mod points, but using them on a given set of comments. I suppose there could be a special "moderation view" of a story, in which the reply buttons are removed, the threshold is set to -1, and you could envisage other optimizations as well. (e.g. Rename all commenters, "Commenter0001", "Commenter0002", etc. so that the moderators aren't tempted to go by reputation?)

            • (Score: 2) by Reziac on Saturday March 15 2014, @05:08AM

              by Reziac (2489) on Saturday March 15 2014, @05:08AM (#16753) Homepage

              I tend to use known uIDs as a clue that a thread is worth diving into for modding, and once I get there, I read other replies too, just in case. I can see having an anonymizing 'mod view' as optional, but I think I'd find it quite annoying myself (and I take moderating seriously).

              --
              And there is no Alkibiades to come back and save us from ourselves.
      • (Score: 1, Informative) by Anonymous Coward on Friday March 14 2014, @10:06AM

        by Anonymous Coward on Friday March 14 2014, @10:06AM (#16253)

        I'm a 4-digiter and I got modpoints quite frequently (posting anonymously now because not at my own computer).

        • (Score: 1, Interesting) by Anonymous Coward on Friday March 14 2014, @02:00PM

          by Anonymous Coward on Friday March 14 2014, @02:00PM (#16376)

          I moderated some of the comments in this story and then posted an anonymous comment (above) so I wouldn't undo the moderation. I was still logged in so I had just checked the Post Anonymous check box, but it undid my moderation anyway.

          Do I have to logout completely to keep from undoing moderation?

    • (Score: 3, Funny) by Anonymous Coward on Friday March 14 2014, @08:37AM

      by Anonymous Coward on Friday March 14 2014, @08:37AM (#16233)

      oblig xkcd [xkcd.com]

    • (Score: 1) by isostatic on Friday March 14 2014, @09:48AM

      by isostatic (365) on Friday March 14 2014, @09:48AM (#16251) Journal

      It is, but at least little endian is better than "totally random" of mm-yyyy-dd

      • (Score: 2) by Open4D on Friday March 14 2014, @02:54PM

        by Open4D (371) on Friday March 14 2014, @02:54PM (#16411) Journal

        It is, but at least little endian is better than "totally random" of mm-yyyy-dd

        Or the common American format mm/dd/yyyy

         
        N.B. I like Kuhn's write up of ISO 8601 [cam.ac.uk].

        Here on SoylentNews, I was able to specify YY-MM-DD for the display of story/comment dates, so I'm fairly happy. I can't actually find that setting at the moment though.

  • (Score: 3, Funny) by marcello_dl on Friday March 14 2014, @08:25AM

    by marcello_dl (2685) on Friday March 14 2014, @08:25AM (#16226)

    One month should be enough for everybody.

    • (Score: 0) by Anonymous Coward on Friday March 14 2014, @10:12AM

      by Anonymous Coward on Friday March 14 2014, @10:12AM (#16258)

      Indeed, 640 hours are less than an month. Therefore a full month is already luxury. ;-)

  • (Score: -1, Offtopic) by Anonymous Coward on Friday March 14 2014, @12:17PM

    by Anonymous Coward on Friday March 14 2014, @12:17PM (#16298)

    This is circulating around "the other site" about commenters being blocked:

    http://slashdot.org/firehose.pl?op=view&type=submi ssion&id=3407785 [slashdot.org]

    Is that true? Are dissenters being blocked? Are we doomed to go down the /. road? Oh, wait, as far as I recall, they didn't block people over there (just downmodded).

    • (Score: 0) by Anonymous Coward on Friday March 14 2014, @12:59PM

      by Anonymous Coward on Friday March 14 2014, @12:59PM (#16320)

      Gotta admit I'm a little curious. Khyber was popular in #soylent. If he was booted for some reason I wouldn't mind knowing that reason. Must have been pretty bad considering some of the other crap that's been going on here.

      • (Score: 3, Informative) by sglane on Friday March 14 2014, @01:17PM

        by sglane (3133) on Friday March 14 2014, @01:17PM (#16340)

        He's the guy who ran a DDoS against SN from the IRC logs. Let's not jump to conclusions.

        • (Score: 0) by Anonymous Coward on Friday March 14 2014, @01:32PM

          by Anonymous Coward on Friday March 14 2014, @01:32PM (#16349)

          The only conclusion i came to was that he may have been blocked and if he was it must have been for something bad. If it was due to evidence of ddos on his part then fair enough. I'm also not concluding that he's guilty of ddos, particularly since bot development has been encouraged and it's easy to cause a flood whilst testing a bot. There is a test channel for it but if he was banned for flooding a channel other than test whilst developing a bot, it would seem an undue punishment on the face of it. You are of course welcome to not jump to conclusions, but the rest of us will jump to whatever conclusions we see fit tyvm.

          • (Score: 0) by Anonymous Coward on Friday March 14 2014, @01:36PM

            by Anonymous Coward on Friday March 14 2014, @01:36PM (#16354)

            Dude calls out mattie_p in his comment on the other site, so maybe we can get mattie_p to comment on this?

            • (Score: 0) by Anonymous Coward on Friday March 14 2014, @01:52PM

              by Anonymous Coward on Friday March 14 2014, @01:52PM (#16366)

              I read the irc log for the day in question (searching for khyber from the moment he joined the channel). I honestly don't see what he did wrong. If he made threats in a private message, there's no public evidence of it that I know of (yet). He may have been acting like a dick, but he's in good company here. My conclusion is that he was censored for being a dick on irc. Maybe it was justified, maybe it wasn't but I'm not buying the ddos accusation without any kind of evidence. The bigger issue here is that if censoring (for whatever reason) becomes acceptable, there will be a reputation that comes with that.

              • (Score: 0) by Anonymous Coward on Friday March 14 2014, @01:59PM

                by Anonymous Coward on Friday March 14 2014, @01:59PM (#16374)

                You're absolutely right: we shouldn't ban people for language they might want to use, even if they're insulting other people. This is a bastion of free speech, no? And if it's not, who has the say in what can be said or not said? Does the First Amendment apply here?

              • (Score: 2, Informative) by sglane on Friday March 14 2014, @02:30PM

                by sglane (3133) on Friday March 14 2014, @02:30PM (#16393)

                I honestly don't see what he did wrong. [...] but I'm not buying the ddos accusation without any kind of evidence

                Some excerpts from http://logs.sylnt.us/%23soylent/2014-03-11.html [sylnt.us]

                [03:29:27] I'm willing to smack both of these ignorant nagging niggers upside the head to teach both of these ignorant fucks a lesson

                [03:36:49] I'm sick of being held hostage
                [03:37:05] So, I'm about to turn all my video chat servers into a bandwidth buster. Not a DDoS. Just a legitimate bandwidth bill raiser.
                [03:37:38] I'll start at 40TB aggregate bw and slowly bring it up to 400TB with legit page refreshes, link trawling, all multi-ip cloud-based
                [03:37:41] and you'd admit this in chat?
                [03:37:47] Let's see how they like a hostage fighting back
                [03:37:51] Why not?
                [03:38:00] to what end?
                [03:38:18] wait... how are we hostages? And does being a hostage mean no more free cheese?
                [03:38:19] Teach them an expensive lesson in holding their comunity hostage
                [03:38:27] teach them this squabbling is about to bite them in the ass and HARD

                [03:51:34] Well, in about 5 minutes I'll have this script finished and running. Stil not cutting either of these two fuckers some slack until they learn their lesson.
                [03:51:49] PLAY NICE OR DON'T PLAY AT AL

                [03:56:32] Legitimate page refreshes and link trawling have already been held as legal. I'm not doing a DDoS. I'm simply loading a page as requested by HTTP link trawling. Nothing different from a bot crawler except this one doesn't respond to robots.txt
                [03:56:45] and it constantly refreshes every link to check if there's been a change in the page
                [03:56:57] Khyber, to what end?
                [03:57:06] right, but you've now stated that you're doing it with intention to harm the site owners and users of the stie
                [03:57:07] What is the best case scenario resulting from this?
                [03:57:07] My own personal satisfaction, damn the lot of you.

          • (Score: 5, Informative) by isostatic on Friday March 14 2014, @02:26PM

            by isostatic (365) on Friday March 14 2014, @02:26PM (#16392) Journal

            The only conclusion i came to was that he may have been blocked and if he was it must have been for something bad.
            If it was due to evidence of ddos on his part then fair enough

            [03:27:35] <Khyber> So what the fuck is this Im reading about a buyer? We're already sold out? Well, fuck it, no more contributions from me. This is the last time for me guys. I'm out of this bulshit.
            .......
            [03:29:27] <Khyber> I'm willing to smack both of these ignorant nagging niggers upside the head to teach both of these ignorant fucks a lesson
            [03:29:35] <Khyber> And I'm starting to hunt their asses down right now.
            [03:29:44] <ibogi> you kiss your mom with that mouth?
            .......
            [03:36:49] <Khyber> I'm sick of being held hostage
            [03:37:00] <prospectacle> Sounds reasonable
            [03:37:05] <Khyber> So, I'm about to turn all my video chat servers into a bandwidth buster. Not a DDoS. Just a legitimate bandwidth bill raiser.
            [03:37:38] <Khyber> I'll start at 40TB aggregate bw and slowly bring it up to 400TB with legit page refreshes, link trawling, all multi-ip cloud-based
            [03:37:41] <Blackmoore> and you'd admit this in chat?
            [03:37:47] <Khyber> Let's see how they like a hostage fighting back
            [03:37:51] <Khyber> Why not?
            [03:38:00] <iammasci> to what end?
            [03:38:18] <SpallsHurgenson> wait... how are we hostages? And does being a hostage mean no more free cheese?
            [03:38:19] <Khyber> Teach them an expensive lesson in holding their comunity hostage
            [03:38:25] * SpallsHurgenson has a cheese fixation tonight
            [03:38:27] <Khyber> teach them this squabbling is about to bite them in the ass and HARD
            .......
             
            [03:58:10] <Khyber> Get NCommander and Barrabas in here if you want ANY chance of a peaceful settlement
            [03:58:16] <swiss> You're going to raise the price of the site, possibly to the point where all the investors stop putting in money?
            [03:58:16] <MrBluze> There is no fighting n ow
            [03:58:22] <BadCoderFinger> The end result is taking the site down.
            [03:58:28] <Khyber> cuz I'm down to testing the script on my own site right now to see if everythign works. Two minutes tops.

            He's a troll, but that's a common reason to ban someone from IRC.

            • (Score: 2, Informative) by Anonymous Coward on Friday March 14 2014, @03:04PM

              by Anonymous Coward on Friday March 14 2014, @03:04PM (#16417)

              Who kept feeding the troll? Trolls don't begin by threatening a ddos attack. Surely anyone who has been around irc for more than 5 minutes would know that the worst way to deal with a troll is to respond. If khyber's rants were ignored as all rants should be, it likely would never have escalated to such bitterness. Irc is full of trolls. If ops go around threatening anyone that they think might be trolling, users won't know what they can talk about and they're likely going to kill the channel (not literally, but it won't be interesting enough to keep users engaged).

        • (Score: 0) by crutchy on Friday March 14 2014, @01:57PM

          by crutchy (179) on Friday March 14 2014, @01:57PM (#16373) Homepage Journal

          He's the guy who ran a DDoS against SN from the IRC logs.

          Nice to see you're not jumping to conclusions.

    • (Score: -1, Troll) by Anonymous Coward on Friday March 14 2014, @01:07PM

      by Anonymous Coward on Friday March 14 2014, @01:07PM (#16328)

      It's true! I am blocked from posting!

      Seriously, what answer are you expecting? People who are blocked can't answer you. People who do the blocking won't crack under your non-Guantanamo-style interrogation technique. This all assumes that there is blocking going on.

    • (Score: 5, Informative) by mattie_p on Friday March 14 2014, @02:00PM

      by mattie_p (13) on Friday March 14 2014, @02:00PM (#16375) Journal

      I replied to him there, and I can reply here as well. First, he is not banned from the site [soylentnews.org], just from IRC.

      We asked him to calm down on IRC several times. This all started because I downmodded him and he went on a tear. [sylnt.us]

      Just re-reading the logs now, he was talking about fixing something on the front page, but I couldn't understand him at the time because he was apparently just ranting and raving. After being muted, he made threats via pm to a channel op, which resulted in the ban on IRC.

      • (Score: 0) by crutchy on Friday March 14 2014, @03:07PM

        by crutchy (179) on Friday March 14 2014, @03:07PM (#16420) Homepage Journal

        You fed a troll you silly man.

        • (Score: 1) by clone141166 on Saturday March 22 2014, @02:27PM

          by clone141166 (59) on Saturday March 22 2014, @02:27PM (#19701)

          Wow crutchy, I think you annoyed somebody... Someone has gone through and down-modded most of your comments as -1 Overrated. I had mod-points lying around so I went back through and up-modded some of them as appropriate. :)

          It would be nice to have a privacy option to hide comment lists from non-friend users to stop this sort of thing from happening. I had someone do the same to a bunch of my comments a while ago.

          • (Score: 0) by crutchy on Saturday March 22 2014, @02:49PM

            by crutchy (179) on Saturday March 22 2014, @02:49PM (#19706) Homepage Journal

            thanks clone. it's ok i don't get too wrapped up in the whole mod thing
            worst case i can just post AC
            cheers matey

  • (Score: 2, Interesting) by goodie on Friday March 14 2014, @03:25PM

    by goodie (1877) on Friday March 14 2014, @03:25PM (#16435) Journal

    Reminds me of something that many people on the old website went "WTF! How could you mess up something so simple as certificates" when reading http://www.computerworld.com/s/article/9237076/Mic rosoft_39_s_Azure_service_hit_by_expired_SSL_certi ficate [computerworld.com]

    Not that I think it was easy to avoid, just that I read this and though that I read about this somewhat recently. It's the type of stuff that easily goes through the cracks...