Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.
posted by NCommander on Friday March 13 2015, @01:00PM   Printer-friendly
from the big-changes-are-afoot dept.
As we get past our first anniversary, its time to sit back and talk about future site updates. While I alluded to it in a journal post, we're getting ready to roll out a fairly large update to the site, which is in line with the first major update we made in April 2014. For those of us who were with us back then, you'll likely remember that the site finally got to 'mostly usable' status with that upgrade which fixed many of the broken CSS (such as users.pl) and the like.

Given the unique nature, we're breaking it into two parts. The first is Slashcode 15.03, which is mostly a housekeeping/bugfixing update. This will be the final update of the legacy mod_perl 1 branch, and our final update using Slashcode. Here's what you can expect with this feature-packed installment.

Slashcode 15.03 - Changelog
  • Moderation Improvements (better handling of Spam mods, template fixes, etc) (credit: TMB)
  • Require prior moderation to use Overrated/Underrated (credit: TMB)
  • No karma hits for someone moderated Overrated/Underrated (credit: TMB)
  • Add karma floor of 10 to be able to down mod, tweakable in vars (credit: TMB)
  • Monthly and Semiannual Subscriptions (credit: paulej57)
  • User Selectable Pricing, with minimum (credit: paulej57)
  • Auto Renewing Subscription option from PayPal (credit: paulej57)
  • Reorganized the moderation dropdown list to avoid miss-moderations (credit: paulej57)
  • Mod-bomb detection page for admins: this can now get you banned from moderating the same as if you'd abused Spam (credit: paulej57)
  • Closed out the following bugs:
    • Fix for issue #412: fixed login redirects to user Apache request_uri string.
    • Fix for issue #411: added mod_banned info to admin user screen, now with date validation
    • Fix for issue #405: removed users email from the daily stats email.
    • Fix for issue #401: remove coremetrics scripts from few templates.
    • Fix for issue #378: updated moderation FAQ to reflect new mod system.
  • SN-specific: Retiring nitrogen, carbon, and beryllium back-end servers (in progress)
  • Other Miscellaneous Fixes

If you can't wait to see what this is all about, take a look at our development version of the site. Feel free to create an account and try things out. If you find a bug, please Report it on GitHub or let it be known on the #Soylent or #Dev channel on IRC using your favorite client, or using a web-based interface.

If you want to know what this mysterious 'Rehash' is, check past the break.

Introducing Rehash

One of the long-standing complaints is that we should finalize our break with The Other Site, by renaming slashcode. In what has been a running theme with SoylentNews since golive, naming stuff seems to be our Achilles heel. While calls for renaming to SoylentCode, or something similar have been long been made, the fact is this site, and the engine that powers it is something more. Rehash is our port of slashcode to MP2 (mod_perl version 2), and introduces the first set of upgrades to allow greater community building and interaction.

The name came about due to paulej72 renaming my work folder on lithium to "rehash", and well, I liked it (before this, the Apache 2 port was 'imaginatively' called Slashcode 15.03a2)

One of the longest points of tension within the community is what SoylentNews aims to be — what our focus should be. Even now, I'm not sure we could define it in one specific sentence. Some of you may remember when I wrote up the draft of the site manifesto, which lays out our goals and values. As a reminder, here is both the preamble, and mission statement from that document, which goes into why we were founded, what we stand for, and what we intend to do:

Preamble

In recent years, many alarming trends have surfaced regarding the free interchange of news and ideas on the internet. The practice of selling users' information for profit, without their approval or even knowledge, has become rampant. People are being prosecuted simply for expressing their opinions. A "Big Brother is Watching" mentality from both state and commercial actors, with universal surveillance now becoming common, has created a chilling effect, preventing people from exercising their rights or speaking up.

Unpopular or unusual views are being actively suppressed, diversity of opinion is too often deemed a problem, and actively restricted, at the whim of corporate and political power.

Too often, the focus upon profit has led to owners forgetting that sites exist for the benefit of their community, and the leadership and staff live to serve that community.

Too often, useful help and input from a site's community is ignored by staff and management who are so out of touch with the very people they serve that they will destroy the support of the community they built, and eventually the business itself.

Statement of Purpose

Our aim is to stand in stalwart opposition to these trends. We will be the best site for independent, not-for-profit journalism on the internet, where ideas can be presented and free discussion can take place without external needs overshadowing the community.

With rehash, we're going to be able to *finally* deploy a long talked about feature: nexuses. We've talked about them in passing, but due to various technical issues, we've held off deploying them on production. For those who remember the other site of old, you may remember how the site was subdivided into sections, such as bsd.slashdot.org, apache.slashdot.org, etc. The initial deployment of this feature will allow editors to select a nexus for a story, and then individual users can select which nexuses they wish to read (or not read) in the user control panel.

In effect, this is our version of reddit's subreddits. Furthermore, having full nexus functionality allows us to implement features like hosting different languages of SN, and allow our community to create their own sections of the site for any topic they want. Want to talk about DIY projects, Pokémon, or similar? Well, soon, that will be possible.

A little known feature of the codebase is that its built on a plugin architecture which makes expansion easier and allows for multi-hosting. That is to say, we can have multiple sites out of a single installation; i.e., soylentnews.jp and soylentnews.org can both point to the same installation, but show a different mainpage. While we're still somewhat far off from supporting this kind of user-generated content, this upgrade sets the framework for allowing it to happen. The mainpage of SN will remain as it is, but allow the community to form and discuss any topic they wish, all handled under the same familiar interface you use now.

I'll probably write more on the topic of nexuses in the coming weeks, but I figure this sneak-preview on where we're going should introduce some interesting discussion. As always, I'll be reading comments below, and responding.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by Anonymous Coward on Friday March 13 2015, @01:37PM

    by Anonymous Coward on Friday March 13 2015, @01:37PM (#157257)

    That's still not much of a definition.

    One concern of mine:

    What if one poster has a habit of making pointless, non-offensive, but still high-noise posts. Say half of his posts are noise and half his posts are at least mildly insightful. Once you notice this pattern it becomes one of those things where after you become aware of it, it really stands out. I get mod points and decide to moderate down those high-noise posts whenever I see them, and since I'm primed to see them, I see them a lot - but I don't touch his posts that I feel contribute to the discussion.

    It sounds like this "mod-bomb detection" thing is going to pick me out as a mod-bomber because it isn't going to show all the other posts by that user which I did not down-mod, chances are anyone reviewing the pattern of down-modding the noise will think I just ran out of points instead of deliberately picking-and-chosing the posts based on their content.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  

    Total Score:   2  
  • (Score: 2) by q.kontinuum on Friday March 13 2015, @01:46PM

    by q.kontinuum (532) on Friday March 13 2015, @01:46PM (#157264) Journal

    If I understood previous discussions correctly, they intend to use hashes of the IP-addresses to identify sock-puppet accounts owned by the same user used to mod the same other user. So, normally you shouldn't be identified as a mod-bombe.

    I have some other concerns, though.
    - IPv4 pool is small enough that hashing IPs doesn't provide any benefit. It would be trivial to get plaintext-IPs from the hashes via rainbow-tables or even brute-force. Storing the IPs is not good for a site used for controversial discussions.
    - Some organizations might use proxies, all users of those organizations would share one public IP

    --
    Registered IRC nick on chat.soylentnews.org: qkontinuum
    • (Score: 2) by paulej72 on Friday March 13 2015, @02:29PM

      by paulej72 (58) on Friday March 13 2015, @02:29PM (#157276) Journal

      Although there is a page to help us identify mod-bombs, all changes are done by a human looking at the situation. The report just shows us places where there might be a problem. I expect that the admins will look at each comment of a possible mod bombing individually and determine if it a true down mod or someone who has a vendetta against the commenter.

      As for the hashed ip values, the code was already there, so it seems silly to change it. It does make it harder for us to give out a user's ip address if asked by law enforcement. The ips are only stored for the time that moderation and comments are allowed for a story, then purged. We need this data to help keep rogue ACs from becoming a problem on the site, because ip is the only way to differentiate between different ACs.

      Proxies will also be relatively easy to spot as we can see multiple users from the ip, and real users behave differently from most sock puppet accounts.

      --
      Team Leader for SN Development
    • (Score: 3, Interesting) by The Mighty Buzzard on Friday March 13 2015, @03:54PM

      Yeah, that is an issue but it's one without a really good solution. I'm currently pondering ways of salting the ip addresses before hashing them to make this less of an issue but it's still an extremely small pool. Maybe a unique salt for each permutation of the first three quads and just any salt for ipv6 addresses and rotating the salts on a monthly basis, I dunno, haven't put a lot of thought into it yet. If you have any suggestions feel free to drop me an email. Anonymously if you feel the need.

      Without us having some way to compare an incoming ip addresses, we'd be incredibly limited in our ability to block spam/hack attempts/similar acts of douchebaggery, so realistically they have to stay unless you all are willing to put up with that.

      --
      My rights don't end where your fear begins.
      • (Score: 2) by NCommander on Friday March 13 2015, @11:50PM

        by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 13 2015, @11:50PM (#157576) Homepage Journal

        Or just removing the salts. Honestly, I've been leaning to this option a *lot*

        --
        Still always moving
      • (Score: 2) by Justin Case on Saturday March 14 2015, @10:57AM

        by Justin Case (4239) on Saturday March 14 2015, @10:57AM (#157720) Journal

        > I'm currently pondering ways of salting the ip addresses before hashing them to make this less of an issue but it's still an extremely small pool. Maybe a unique salt for each permutation of the first three quads and just any salt for ipv6 addresses and rotating the salts on a monthly basis, I dunno, haven't put a lot of thought into it yet.

        That's pretty much where my thoughts were heading as well, although I haven't spent a lot of cycles cogitating about it. My instincts are that it would still be reversible by someone who obtained the algorithm and had some CPU to spend on it.

        Maybe you need flat out encryption, repeatable so the same plaintext always produces the same cyphertext, but computationally difficult to brute force without the secret key. Then your remaining issue becomes protecting and rotating that key.

        Open to criticisms of that too... when writing code to keep secrets, many eyes are needed.

        • (Score: 2) by The Mighty Buzzard on Saturday March 14 2015, @11:20AM

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Saturday March 14 2015, @11:20AM (#157726) Homepage Journal

          Real problem there is it's primarily law enforcement I'd worry about and they'd just seize or have the chops to hack the servers which would necessarily have the key to any two-way encryption on them. One-way is really the way to go here, I just haven't had time to work out how best to do it what with being in the middle of preparing to move. Probably do two-way for stored email addresses soon-ish but anyone who thoroughly pwns the boxes will have the key to that as well.

          --
          My rights don't end where your fear begins.
  • (Score: 2) by mrcoolbp on Friday March 13 2015, @02:44PM

    by mrcoolbp (68) <mrcoolbp@soylentnews.org> on Friday March 13 2015, @02:44PM (#157287) Homepage

    To clarify, this is not something we see an immediate-need for, but it was relatively easy to implement, so we did. What we do see a lot of is complaints about potential cases, so we worked up this tool to help us monitor in case something like this does happen.

    --
    (Score:1^½, Radical)
  • (Score: 3, Insightful) by frojack on Friday March 13 2015, @09:42PM

    by frojack (1554) on Friday March 13 2015, @09:42PM (#157507) Journal

    Say half of his posts are noise and half his posts are at least mildly insightful. Once you notice this pattern it becomes one of those things where after you become aware of it, it really stands out.

    If you worry that it might hurt you to be doing this, then stop doing that.

    From the moderation box on the front page: Concentrate on promoting more than demoting.

    Any comment that is not destructive is constructive. All we need do is mod down destructive comments, and mod up the good comments, and let the rest fall where they may.

    I contend, sir, that your gate keeping is a tad too aggressive.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 2) by Reziac on Saturday March 14 2015, @04:02AM

      by Reziac (2489) on Saturday March 14 2015, @04:02AM (#157658) Homepage

      "Any comment that is not destructive is constructive."

      This should be the primary rule to mod by.

      --
      And there is no Alkibiades to come back and save us from ourselves.
    • (Score: 1, Funny) by Anonymous Coward on Saturday March 14 2015, @05:53AM

      by Anonymous Coward on Saturday March 14 2015, @05:53AM (#157671)

      > Any comment that is not destructive is constructive.

      Adding noise is destructive.

      • (Score: 2) by frojack on Saturday March 14 2015, @06:15AM

        by frojack (1554) on Saturday March 14 2015, @06:15AM (#157675) Journal

        says the AC.....

        --
        No, you are mistaken. I've always had this sig.
        • (Score: 0) by Anonymous Coward on Saturday March 14 2015, @08:16PM

          by Anonymous Coward on Saturday March 14 2015, @08:16PM (#157839)

          Are you really trying to intimate that AC posts are all destructive?
          Because of those two posts, yours seems to be a much more negative contribution to the discussion than the other.

          Or is it just that having lost the argument you felt you had get in some sort of quip in order to assuage your wounded ego?