If you can't wait to see what this is all about, take a look at our development version of the site. Feel free to create an account and try things out. If you find a bug, please Report it on GitHub or let it be known on the #Soylent or #Dev channel on IRC using your favorite client, or using a web-based interface.
If you want to know what this mysterious 'Rehash' is, check past the break.
Introducing RehashPreamble
In recent years, many alarming trends have surfaced regarding the free interchange of news and ideas on the internet. The practice of selling users' information for profit, without their approval or even knowledge, has become rampant. People are being prosecuted simply for expressing their opinions. A "Big Brother is Watching" mentality from both state and commercial actors, with universal surveillance now becoming common, has created a chilling effect, preventing people from exercising their rights or speaking up.
Unpopular or unusual views are being actively suppressed, diversity of opinion is too often deemed a problem, and actively restricted, at the whim of corporate and political power.
Too often, the focus upon profit has led to owners forgetting that sites exist for the benefit of their community, and the leadership and staff live to serve that community.
Too often, useful help and input from a site's community is ignored by staff and management who are so out of touch with the very people they serve that they will destroy the support of the community they built, and eventually the business itself.Statement of Purpose
Our aim is to stand in stalwart opposition to these trends. We will be the best site for independent, not-for-profit journalism on the internet, where ideas can be presented and free discussion can take place without external needs overshadowing the community.
With rehash, we're going to be able to *finally* deploy a long talked about feature: nexuses. We've talked about them in passing, but due to various technical issues, we've held off deploying them on production. For those who remember the other site of old, you may remember how the site was subdivided into sections, such as bsd.slashdot.org, apache.slashdot.org, etc. The initial deployment of this feature will allow editors to select a nexus for a story, and then individual users can select which nexuses they wish to read (or not read) in the user control panel.
In effect, this is our version of reddit's subreddits. Furthermore, having full nexus functionality allows us to implement features like hosting different languages of SN, and allow our community to create their own sections of the site for any topic they want. Want to talk about DIY projects, Pokémon, or similar? Well, soon, that will be possible.
A little known feature of the codebase is that its built on a plugin architecture which makes expansion easier and allows for multi-hosting. That is to say, we can have multiple sites out of a single installation; i.e., soylentnews.jp and soylentnews.org can both point to the same installation, but show a different mainpage. While we're still somewhat far off from supporting this kind of user-generated content, this upgrade sets the framework for allowing it to happen. The mainpage of SN will remain as it is, but allow the community to form and discuss any topic they wish, all handled under the same familiar interface you use now.
I'll probably write more on the topic of nexuses in the coming weeks, but I figure this sneak-preview on where we're going should introduce some interesting discussion. As always, I'll be reading comments below, and responding.
(Score: 2) by q.kontinuum on Friday March 13 2015, @01:46PM
If I understood previous discussions correctly, they intend to use hashes of the IP-addresses to identify sock-puppet accounts owned by the same user used to mod the same other user. So, normally you shouldn't be identified as a mod-bombe.
I have some other concerns, though.
- IPv4 pool is small enough that hashing IPs doesn't provide any benefit. It would be trivial to get plaintext-IPs from the hashes via rainbow-tables or even brute-force. Storing the IPs is not good for a site used for controversial discussions.
- Some organizations might use proxies, all users of those organizations would share one public IP
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by paulej72 on Friday March 13 2015, @02:29PM
Although there is a page to help us identify mod-bombs, all changes are done by a human looking at the situation. The report just shows us places where there might be a problem. I expect that the admins will look at each comment of a possible mod bombing individually and determine if it a true down mod or someone who has a vendetta against the commenter.
As for the hashed ip values, the code was already there, so it seems silly to change it. It does make it harder for us to give out a user's ip address if asked by law enforcement. The ips are only stored for the time that moderation and comments are allowed for a story, then purged. We need this data to help keep rogue ACs from becoming a problem on the site, because ip is the only way to differentiate between different ACs.
Proxies will also be relatively easy to spot as we can see multiple users from the ip, and real users behave differently from most sock puppet accounts.
Team Leader for SN Development
(Score: 3, Interesting) by The Mighty Buzzard on Friday March 13 2015, @03:54PM
Yeah, that is an issue but it's one without a really good solution. I'm currently pondering ways of salting the ip addresses before hashing them to make this less of an issue but it's still an extremely small pool. Maybe a unique salt for each permutation of the first three quads and just any salt for ipv6 addresses and rotating the salts on a monthly basis, I dunno, haven't put a lot of thought into it yet. If you have any suggestions feel free to drop me an email. Anonymously if you feel the need.
Without us having some way to compare an incoming ip addresses, we'd be incredibly limited in our ability to block spam/hack attempts/similar acts of douchebaggery, so realistically they have to stay unless you all are willing to put up with that.
My rights don't end where your fear begins.
(Score: 2) by NCommander on Friday March 13 2015, @11:50PM
Or just removing the salts. Honestly, I've been leaning to this option a *lot*
Still always moving
(Score: 2) by Justin Case on Saturday March 14 2015, @10:57AM
> I'm currently pondering ways of salting the ip addresses before hashing them to make this less of an issue but it's still an extremely small pool. Maybe a unique salt for each permutation of the first three quads and just any salt for ipv6 addresses and rotating the salts on a monthly basis, I dunno, haven't put a lot of thought into it yet.
That's pretty much where my thoughts were heading as well, although I haven't spent a lot of cycles cogitating about it. My instincts are that it would still be reversible by someone who obtained the algorithm and had some CPU to spend on it.
Maybe you need flat out encryption, repeatable so the same plaintext always produces the same cyphertext, but computationally difficult to brute force without the secret key. Then your remaining issue becomes protecting and rotating that key.
Open to criticisms of that too... when writing code to keep secrets, many eyes are needed.
(Score: 2) by The Mighty Buzzard on Saturday March 14 2015, @11:20AM
Real problem there is it's primarily law enforcement I'd worry about and they'd just seize or have the chops to hack the servers which would necessarily have the key to any two-way encryption on them. One-way is really the way to go here, I just haven't had time to work out how best to do it what with being in the middle of preparing to move. Probably do two-way for stored email addresses soon-ish but anyone who thoroughly pwns the boxes will have the key to that as well.
My rights don't end where your fear begins.