If you can't wait to see what this is all about, take a look at our development version of the site. Feel free to create an account and try things out. If you find a bug, please Report it on GitHub or let it be known on the #Soylent or #Dev channel on IRC using your favorite client, or using a web-based interface.
If you want to know what this mysterious 'Rehash' is, check past the break.
Introducing RehashPreamble
In recent years, many alarming trends have surfaced regarding the free interchange of news and ideas on the internet. The practice of selling users' information for profit, without their approval or even knowledge, has become rampant. People are being prosecuted simply for expressing their opinions. A "Big Brother is Watching" mentality from both state and commercial actors, with universal surveillance now becoming common, has created a chilling effect, preventing people from exercising their rights or speaking up.
Unpopular or unusual views are being actively suppressed, diversity of opinion is too often deemed a problem, and actively restricted, at the whim of corporate and political power.
Too often, the focus upon profit has led to owners forgetting that sites exist for the benefit of their community, and the leadership and staff live to serve that community.
Too often, useful help and input from a site's community is ignored by staff and management who are so out of touch with the very people they serve that they will destroy the support of the community they built, and eventually the business itself.Statement of Purpose
Our aim is to stand in stalwart opposition to these trends. We will be the best site for independent, not-for-profit journalism on the internet, where ideas can be presented and free discussion can take place without external needs overshadowing the community.
With rehash, we're going to be able to *finally* deploy a long talked about feature: nexuses. We've talked about them in passing, but due to various technical issues, we've held off deploying them on production. For those who remember the other site of old, you may remember how the site was subdivided into sections, such as bsd.slashdot.org, apache.slashdot.org, etc. The initial deployment of this feature will allow editors to select a nexus for a story, and then individual users can select which nexuses they wish to read (or not read) in the user control panel.
In effect, this is our version of reddit's subreddits. Furthermore, having full nexus functionality allows us to implement features like hosting different languages of SN, and allow our community to create their own sections of the site for any topic they want. Want to talk about DIY projects, Pokémon, or similar? Well, soon, that will be possible.
A little known feature of the codebase is that its built on a plugin architecture which makes expansion easier and allows for multi-hosting. That is to say, we can have multiple sites out of a single installation; i.e., soylentnews.jp and soylentnews.org can both point to the same installation, but show a different mainpage. While we're still somewhat far off from supporting this kind of user-generated content, this upgrade sets the framework for allowing it to happen. The mainpage of SN will remain as it is, but allow the community to form and discuss any topic they wish, all handled under the same familiar interface you use now.
I'll probably write more on the topic of nexuses in the coming weeks, but I figure this sneak-preview on where we're going should introduce some interesting discussion. As always, I'll be reading comments below, and responding.
(Score: 2, Interesting) by Anonymous Coward on Friday March 13 2015, @01:37PM
That's still not much of a definition.
One concern of mine:
What if one poster has a habit of making pointless, non-offensive, but still high-noise posts. Say half of his posts are noise and half his posts are at least mildly insightful. Once you notice this pattern it becomes one of those things where after you become aware of it, it really stands out. I get mod points and decide to moderate down those high-noise posts whenever I see them, and since I'm primed to see them, I see them a lot - but I don't touch his posts that I feel contribute to the discussion.
It sounds like this "mod-bomb detection" thing is going to pick me out as a mod-bomber because it isn't going to show all the other posts by that user which I did not down-mod, chances are anyone reviewing the pattern of down-modding the noise will think I just ran out of points instead of deliberately picking-and-chosing the posts based on their content.
(Score: 2) by q.kontinuum on Friday March 13 2015, @01:46PM
If I understood previous discussions correctly, they intend to use hashes of the IP-addresses to identify sock-puppet accounts owned by the same user used to mod the same other user. So, normally you shouldn't be identified as a mod-bombe.
I have some other concerns, though.
- IPv4 pool is small enough that hashing IPs doesn't provide any benefit. It would be trivial to get plaintext-IPs from the hashes via rainbow-tables or even brute-force. Storing the IPs is not good for a site used for controversial discussions.
- Some organizations might use proxies, all users of those organizations would share one public IP
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by paulej72 on Friday March 13 2015, @02:29PM
Although there is a page to help us identify mod-bombs, all changes are done by a human looking at the situation. The report just shows us places where there might be a problem. I expect that the admins will look at each comment of a possible mod bombing individually and determine if it a true down mod or someone who has a vendetta against the commenter.
As for the hashed ip values, the code was already there, so it seems silly to change it. It does make it harder for us to give out a user's ip address if asked by law enforcement. The ips are only stored for the time that moderation and comments are allowed for a story, then purged. We need this data to help keep rogue ACs from becoming a problem on the site, because ip is the only way to differentiate between different ACs.
Proxies will also be relatively easy to spot as we can see multiple users from the ip, and real users behave differently from most sock puppet accounts.
Team Leader for SN Development
(Score: 3, Interesting) by The Mighty Buzzard on Friday March 13 2015, @03:54PM
Yeah, that is an issue but it's one without a really good solution. I'm currently pondering ways of salting the ip addresses before hashing them to make this less of an issue but it's still an extremely small pool. Maybe a unique salt for each permutation of the first three quads and just any salt for ipv6 addresses and rotating the salts on a monthly basis, I dunno, haven't put a lot of thought into it yet. If you have any suggestions feel free to drop me an email. Anonymously if you feel the need.
Without us having some way to compare an incoming ip addresses, we'd be incredibly limited in our ability to block spam/hack attempts/similar acts of douchebaggery, so realistically they have to stay unless you all are willing to put up with that.
My rights don't end where your fear begins.
(Score: 2) by NCommander on Friday March 13 2015, @11:50PM
Or just removing the salts. Honestly, I've been leaning to this option a *lot*
Still always moving
(Score: 2) by Justin Case on Saturday March 14 2015, @10:57AM
> I'm currently pondering ways of salting the ip addresses before hashing them to make this less of an issue but it's still an extremely small pool. Maybe a unique salt for each permutation of the first three quads and just any salt for ipv6 addresses and rotating the salts on a monthly basis, I dunno, haven't put a lot of thought into it yet.
That's pretty much where my thoughts were heading as well, although I haven't spent a lot of cycles cogitating about it. My instincts are that it would still be reversible by someone who obtained the algorithm and had some CPU to spend on it.
Maybe you need flat out encryption, repeatable so the same plaintext always produces the same cyphertext, but computationally difficult to brute force without the secret key. Then your remaining issue becomes protecting and rotating that key.
Open to criticisms of that too... when writing code to keep secrets, many eyes are needed.
(Score: 2) by The Mighty Buzzard on Saturday March 14 2015, @11:20AM
Real problem there is it's primarily law enforcement I'd worry about and they'd just seize or have the chops to hack the servers which would necessarily have the key to any two-way encryption on them. One-way is really the way to go here, I just haven't had time to work out how best to do it what with being in the middle of preparing to move. Probably do two-way for stored email addresses soon-ish but anyone who thoroughly pwns the boxes will have the key to that as well.
My rights don't end where your fear begins.
(Score: 2) by mrcoolbp on Friday March 13 2015, @02:44PM
To clarify, this is not something we see an immediate-need for, but it was relatively easy to implement, so we did. What we do see a lot of is complaints about potential cases, so we worked up this tool to help us monitor in case something like this does happen.
(Score:1^½, Radical)
(Score: 3, Insightful) by frojack on Friday March 13 2015, @09:42PM
Say half of his posts are noise and half his posts are at least mildly insightful. Once you notice this pattern it becomes one of those things where after you become aware of it, it really stands out.
If you worry that it might hurt you to be doing this, then stop doing that.
From the moderation box on the front page: Concentrate on promoting more than demoting.
Any comment that is not destructive is constructive. All we need do is mod down destructive comments, and mod up the good comments, and let the rest fall where they may.
I contend, sir, that your gate keeping is a tad too aggressive.
No, you are mistaken. I've always had this sig.
(Score: 2) by Reziac on Saturday March 14 2015, @04:02AM
"Any comment that is not destructive is constructive."
This should be the primary rule to mod by.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 1, Funny) by Anonymous Coward on Saturday March 14 2015, @05:53AM
> Any comment that is not destructive is constructive.
Adding noise is destructive.
(Score: 2) by frojack on Saturday March 14 2015, @06:15AM
says the AC.....
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Saturday March 14 2015, @08:16PM
Are you really trying to intimate that AC posts are all destructive?
Because of those two posts, yours seems to be a much more negative contribution to the discussion than the other.
Or is it just that having lost the argument you felt you had get in some sort of quip in order to assuage your wounded ego?