SoylentNews

Perhaps the wiki could go https just as the main site? considering the opportunity for manipulation and eavesdropping these days, it would be nice.

From this:
http://wiki.soylentnews.org/wiki/Finances

To this:
https://wiki.soylentnews.org/wiki/Finances

When one submits a story to the editors for publication on the site. It would be useful to have a separate input field where one could write comments on the submission itself. That should stay private between the submitter and the editors.

It could be something like "please check the links, good story but in a hurry" etc.

Leaving a comment inside the submission box in parenthesis or similar has the risk of getting unintended publication..

Over the weekend, there's been a slew of images released showing celebrities in varying states of undress. Now, it appears that a flaw in iCloud could be responsible for the images making their way online.

On Monday, a Python script emerged on Github (which we’re not linking to as there is evidence a fix by Apple is not fully rolled out) that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find my iPhone service. Brute force attacks are where a malicious user uses a script to repeatedly guess passwords to attempt to discover the correct one.

http://thenextweb.com/apple/2014/09/01/this-could-be-the-apple-icloud-flaw-that-led-to-celebrity-photos-being-leaked/

http://www.independent.co.uk/life-style/gadgets-and-tech/is-apples-icloud-safe-after-leak-of-jennifer-lawrence-and-other-celebrities-nude-photos-9703142.html

What impact does the proliferation of new mobile technologies have? How does the sharing of personal data over the Internet threaten our society? Interview with Professor Jean-Pierre Hubaux, a specialist in communication networks and privacy protection, a major field of IT security.
Jean-Pierre Hubaux as a professor at the EPFL's School of Computer and Communication Sciences. During the last decade, Jean-Pierre Hubaux and his team at the Laboratory for Computer Communications and Applications have focused their research efforts on privacy protection, in particular for mobile communication networks (and notably geolocation) and personal data (with genomic data as an application example).
http://actu.epfl.ch/news/protecting-privacy-also-means-preserving-democra-2/

I got news.. That nefarious organization known as NSA is gone! or perhaps there is room for improvement in the search function. Because I have a very distinct memory that there has been a lot of writing on that subject .. ;-)

It's a bit surprising that submitters and editors don't change all links in the submissions from http to https for those sites that support security. Considering that it's fully known that all internet communications is logged by various governments and shady organizations. This perhaps is especially true for readers in less than democratic nations. But the most obvious is the chain of eyes that any person that keeps them selfs informed know about. This information can be used against yourself or your friends at any time in the future. The people that spends big money into that storage operation wants something for their effort.

So make all links https that you can!

Imagine you have written an post. Taken time to check links, wording, context, language etc and perhaps even the facts! To have a look at the results you click "preview". However it perhaps took a while to complete so the server decided you have timed out or your connection fails, but you quickly get back with a new IP. However this makes soylentnews.org to go apeshit and claim "This resource is no longer valid. Please return to the beginning and try again." but if you go back your text is *gone*. Now you can rescue things with /dev/mem or fake webserver (hard with SSL). But any way you deal with it. You are in a world of PAIN. This is detrimental to the motivation to send posts to any site. Yes external editors is possibility and also an integration pain.

So my suggestion is to make sure that even if it takes hours to complete a post or if the IP changes. You still get your submitted post displayed which makes saving it way easier. Or even better cache any submissions for 2 days because the cookie usually reveals which user it is regardless of timeout and IP. So that they are under no circumstances is any submitted text LOST.

In the meantime a good advice to fellow submitters is to click in the text box "select all" and "copy". Then paste it all into a text file before hitting any button on the web page whatsoever. And keep the file as a backup because you can't really be sure where submissions go.

Nicholas Rubin, a 16-year-old programmer from Seattle, has created a browser add-on that makes it incredibly easy to see the influence of money in US politics. Rubin calls the add-on Greenhouse, and it does something so brilliantly simple that once you use it you'll wonder why news sites didn't think of this themselves.

Greenhouse pulls in campaign contribution data for every Senator and Representative, including the total amount of money received and a breakdown by industry and size of donation. It then combines this with a parser that finds the names of Senators and Representatives in the current page and highlights them. Hover your mouse over the highlighted names and it displays their top campaign contributors.

In this sense, Greenhouse adds another layer to the news, showing you the story behind the story. In politics, as in many other things, if you want to know the why behind the what, you need to follow the money. And somewhat depressingly, in politics it seems that it's money all the way down.

http://arstechnica.com/tech-policy/2014/08/track-whos-buying-politicians-with-greenhouse-browser-add-on/

If you want to participate or just follow along, you can install Greenhouse for Firefox, Chrome, and Safari over at http://allaregreen.us/ Grab the add-on and then follow @allaregreen on Twitter.

It seems that when you load soylentnews using https-encryption and then fill out the login form and click Login. You get directed after login to using the standard protocol http which features no encryption or authentication whatsoever. If you don't lock at your address bar, this is easy to miss!

This means the association between user-id and IP is spilled to any party that captures your network packets. Perhaps the password too? It also opens up for any man-in-the-middle spoofings.

It would be really nice if starting with https, left you in https mode.

Four U.S. Drug Enforcement Administration employees saw or heard a handcuffed San Diego student locked in a cell for five days without food or water, but did nothing because they assumed someone else was responsible, investigators said Tuesday. The Justice Department's inspector general faulted several DEA employees for their handling of the April 2012 incident that left Daniel Chong in grave physical health, cost the agency a $4.1 million settlement and led to nationwide changes in the agency's detention policies. The employees told investigators they found nothing unusual in their encounters with Chong and assumed whoever put him in the cell would return for him shortly. Chong, then 23, ingested methamphetamine, drank his own urine to survive and cut himself with broken glasses while he was held.

http://bigstory.ap.org/article/4-dea-employees-encountered-man-forgotten-cell