Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.
posted by NCommander on Friday March 13 2015, @01:00PM   Printer-friendly
from the big-changes-are-afoot dept.
As we get past our first anniversary, its time to sit back and talk about future site updates. While I alluded to it in a journal post, we're getting ready to roll out a fairly large update to the site, which is in line with the first major update we made in April 2014. For those of us who were with us back then, you'll likely remember that the site finally got to 'mostly usable' status with that upgrade which fixed many of the broken CSS (such as users.pl) and the like.

Given the unique nature, we're breaking it into two parts. The first is Slashcode 15.03, which is mostly a housekeeping/bugfixing update. This will be the final update of the legacy mod_perl 1 branch, and our final update using Slashcode. Here's what you can expect with this feature-packed installment.

Slashcode 15.03 - Changelog
  • Moderation Improvements (better handling of Spam mods, template fixes, etc) (credit: TMB)
  • Require prior moderation to use Overrated/Underrated (credit: TMB)
  • No karma hits for someone moderated Overrated/Underrated (credit: TMB)
  • Add karma floor of 10 to be able to down mod, tweakable in vars (credit: TMB)
  • Monthly and Semiannual Subscriptions (credit: paulej57)
  • User Selectable Pricing, with minimum (credit: paulej57)
  • Auto Renewing Subscription option from PayPal (credit: paulej57)
  • Reorganized the moderation dropdown list to avoid miss-moderations (credit: paulej57)
  • Mod-bomb detection page for admins: this can now get you banned from moderating the same as if you'd abused Spam (credit: paulej57)
  • Closed out the following bugs:
    • Fix for issue #412: fixed login redirects to user Apache request_uri string.
    • Fix for issue #411: added mod_banned info to admin user screen, now with date validation
    • Fix for issue #405: removed users email from the daily stats email.
    • Fix for issue #401: remove coremetrics scripts from few templates.
    • Fix for issue #378: updated moderation FAQ to reflect new mod system.
  • SN-specific: Retiring nitrogen, carbon, and beryllium back-end servers (in progress)
  • Other Miscellaneous Fixes

If you can't wait to see what this is all about, take a look at our development version of the site. Feel free to create an account and try things out. If you find a bug, please Report it on GitHub or let it be known on the #Soylent or #Dev channel on IRC using your favorite client, or using a web-based interface.

If you want to know what this mysterious 'Rehash' is, check past the break.

Introducing Rehash

One of the long-standing complaints is that we should finalize our break with The Other Site, by renaming slashcode. In what has been a running theme with SoylentNews since golive, naming stuff seems to be our Achilles heel. While calls for renaming to SoylentCode, or something similar have been long been made, the fact is this site, and the engine that powers it is something more. Rehash is our port of slashcode to MP2 (mod_perl version 2), and introduces the first set of upgrades to allow greater community building and interaction.

The name came about due to paulej72 renaming my work folder on lithium to "rehash", and well, I liked it (before this, the Apache 2 port was 'imaginatively' called Slashcode 15.03a2)

One of the longest points of tension within the community is what SoylentNews aims to be — what our focus should be. Even now, I'm not sure we could define it in one specific sentence. Some of you may remember when I wrote up the draft of the site manifesto, which lays out our goals and values. As a reminder, here is both the preamble, and mission statement from that document, which goes into why we were founded, what we stand for, and what we intend to do:

Preamble

In recent years, many alarming trends have surfaced regarding the free interchange of news and ideas on the internet. The practice of selling users' information for profit, without their approval or even knowledge, has become rampant. People are being prosecuted simply for expressing their opinions. A "Big Brother is Watching" mentality from both state and commercial actors, with universal surveillance now becoming common, has created a chilling effect, preventing people from exercising their rights or speaking up.

Unpopular or unusual views are being actively suppressed, diversity of opinion is too often deemed a problem, and actively restricted, at the whim of corporate and political power.

Too often, the focus upon profit has led to owners forgetting that sites exist for the benefit of their community, and the leadership and staff live to serve that community.

Too often, useful help and input from a site's community is ignored by staff and management who are so out of touch with the very people they serve that they will destroy the support of the community they built, and eventually the business itself.

Statement of Purpose

Our aim is to stand in stalwart opposition to these trends. We will be the best site for independent, not-for-profit journalism on the internet, where ideas can be presented and free discussion can take place without external needs overshadowing the community.

With rehash, we're going to be able to *finally* deploy a long talked about feature: nexuses. We've talked about them in passing, but due to various technical issues, we've held off deploying them on production. For those who remember the other site of old, you may remember how the site was subdivided into sections, such as bsd.slashdot.org, apache.slashdot.org, etc. The initial deployment of this feature will allow editors to select a nexus for a story, and then individual users can select which nexuses they wish to read (or not read) in the user control panel.

In effect, this is our version of reddit's subreddits. Furthermore, having full nexus functionality allows us to implement features like hosting different languages of SN, and allow our community to create their own sections of the site for any topic they want. Want to talk about DIY projects, Pokémon, or similar? Well, soon, that will be possible.

A little known feature of the codebase is that its built on a plugin architecture which makes expansion easier and allows for multi-hosting. That is to say, we can have multiple sites out of a single installation; i.e., soylentnews.jp and soylentnews.org can both point to the same installation, but show a different mainpage. While we're still somewhat far off from supporting this kind of user-generated content, this upgrade sets the framework for allowing it to happen. The mainpage of SN will remain as it is, but allow the community to form and discuss any topic they wish, all handled under the same familiar interface you use now.

I'll probably write more on the topic of nexuses in the coming weeks, but I figure this sneak-preview on where we're going should introduce some interesting discussion. As always, I'll be reading comments below, and responding.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by q.kontinuum on Friday March 13 2015, @01:46PM

    by q.kontinuum (532) on Friday March 13 2015, @01:46PM (#157264) Journal

    If I understood previous discussions correctly, they intend to use hashes of the IP-addresses to identify sock-puppet accounts owned by the same user used to mod the same other user. So, normally you shouldn't be identified as a mod-bombe.

    I have some other concerns, though.
    - IPv4 pool is small enough that hashing IPs doesn't provide any benefit. It would be trivial to get plaintext-IPs from the hashes via rainbow-tables or even brute-force. Storing the IPs is not good for a site used for controversial discussions.
    - Some organizations might use proxies, all users of those organizations would share one public IP

    --
    Registered IRC nick on chat.soylentnews.org: qkontinuum
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by paulej72 on Friday March 13 2015, @02:29PM

    by paulej72 (58) on Friday March 13 2015, @02:29PM (#157276) Journal

    Although there is a page to help us identify mod-bombs, all changes are done by a human looking at the situation. The report just shows us places where there might be a problem. I expect that the admins will look at each comment of a possible mod bombing individually and determine if it a true down mod or someone who has a vendetta against the commenter.

    As for the hashed ip values, the code was already there, so it seems silly to change it. It does make it harder for us to give out a user's ip address if asked by law enforcement. The ips are only stored for the time that moderation and comments are allowed for a story, then purged. We need this data to help keep rogue ACs from becoming a problem on the site, because ip is the only way to differentiate between different ACs.

    Proxies will also be relatively easy to spot as we can see multiple users from the ip, and real users behave differently from most sock puppet accounts.

    --
    Team Leader for SN Development
  • (Score: 3, Interesting) by The Mighty Buzzard on Friday March 13 2015, @03:54PM

    Yeah, that is an issue but it's one without a really good solution. I'm currently pondering ways of salting the ip addresses before hashing them to make this less of an issue but it's still an extremely small pool. Maybe a unique salt for each permutation of the first three quads and just any salt for ipv6 addresses and rotating the salts on a monthly basis, I dunno, haven't put a lot of thought into it yet. If you have any suggestions feel free to drop me an email. Anonymously if you feel the need.

    Without us having some way to compare an incoming ip addresses, we'd be incredibly limited in our ability to block spam/hack attempts/similar acts of douchebaggery, so realistically they have to stay unless you all are willing to put up with that.

    --
    My rights don't end where your fear begins.
    • (Score: 2) by NCommander on Friday March 13 2015, @11:50PM

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 13 2015, @11:50PM (#157576) Homepage Journal

      Or just removing the salts. Honestly, I've been leaning to this option a *lot*

      --
      Still always moving
    • (Score: 2) by Justin Case on Saturday March 14 2015, @10:57AM

      by Justin Case (4239) on Saturday March 14 2015, @10:57AM (#157720) Journal

      > I'm currently pondering ways of salting the ip addresses before hashing them to make this less of an issue but it's still an extremely small pool. Maybe a unique salt for each permutation of the first three quads and just any salt for ipv6 addresses and rotating the salts on a monthly basis, I dunno, haven't put a lot of thought into it yet.

      That's pretty much where my thoughts were heading as well, although I haven't spent a lot of cycles cogitating about it. My instincts are that it would still be reversible by someone who obtained the algorithm and had some CPU to spend on it.

      Maybe you need flat out encryption, repeatable so the same plaintext always produces the same cyphertext, but computationally difficult to brute force without the secret key. Then your remaining issue becomes protecting and rotating that key.

      Open to criticisms of that too... when writing code to keep secrets, many eyes are needed.

      • (Score: 2) by The Mighty Buzzard on Saturday March 14 2015, @11:20AM

        by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Saturday March 14 2015, @11:20AM (#157726) Homepage Journal

        Real problem there is it's primarily law enforcement I'd worry about and they'd just seize or have the chops to hack the servers which would necessarily have the key to any two-way encryption on them. One-way is really the way to go here, I just haven't had time to work out how best to do it what with being in the middle of preparing to move. Probably do two-way for stored email addresses soon-ish but anyone who thoroughly pwns the boxes will have the key to that as well.

        --
        My rights don't end where your fear begins.