Hi Guys, Soylent's Editors do a lot behind the scenes to keep the community going. As a gift idea for them this year, please consider submitting lots of stories over the next two days to get the queue nice and full. Then they'll be able to schedule in their appearance on the home page ahead of time and take Christmas (or Hanukkah) off to spend time with their friends and families.
My own method is to find tech/science articles from SN's RSS-bot or a dozen other sources like the BBC or sciencenews.org, grab the title, and a couple of paragraphs that communicate the gist. Often I'll add a quip, question, or note of my own, but that's up to your personal taste. It's easy and takes under 5 minutes per story.
Thanks for reading, and have a happy holiday!
[Ed Note: The week between Christmas and New Years is always slow for submissions and time is a precious commodity for all of us. The more subs in the queue, the further out we can get the story queue, and the more time we have to spend with our loved ones. Any help you can give would be appreciated!]
Hopefully you will have noticed a number of new editors that have appeared to help keep this site running. They have been active for over a week but you might not have noticed them if you have been enjoying the Thanksgiving Day holiday, or just spending money during Black Friday (which seems to last longer each year!)
Snow, Charon, FatPhil, Fnord666, and GreatOutdoors have completed their training and are busy making their contributions to the team, and there are several more volunteers who will begin training in the near future. I hope that you will welcome them and keep them busy by providing more and varied submissions for them to battle with. They have already significantly reduced the strain on the editorial team and we are all breathing a collective sigh of relief back here. Thank you for volunteering guys!
I will put this to you, the community, in a very straight, simple (hopefully understandable) way.
The editorial staff is a small, hardworking group. There are currently about 5 of us that are actively pushing stories out on a regular basis, and we need help.
We humbly come to you, the community, to solicit for a volunteer or two. We will provide all the necessary training, at a cost of just 3 easy payments of $999.99US, or entirely free if you apply before 1 Apr 2099.
For that pittance, you can expect to learn:
In all seriousness, we all are busy and have lives. So do you, and we get that, but for this community to continue to thrive, we need a little fresh blood on the editorial staff. Some of us have been at this since the site went live almost 3 years ago (janrinok and martyb have posted over 3000 articles EACH). To put it in perspective, the site has only run about 14,500. Some of us came on almost a year later, but like any organization, there has been attrition, and we need to replenish.
We are starting to see some of the tell-tale signs of burnout, and to avoid that, we need your help.
If you are interested, please feel free to reach out in the comments below, via email ([nick] at soylentnews dot org), or hit us on IRC. If we aren't there (we all LOOK like we are logged in all the time due to the bouncer, but we may not actually be there), /join #editorial and leave a message — we will get back to you.
Remember, it isn't all doom and gloom! Working on staff, you will be on a team with a fantastic group of REALLY smart (myself excluded) people. I can honestly say I have made some really good friends from this experience, and I've even gotten to meet one of the guys in meat space. It is something that I am truly glad I took advantage of when the opportunity came around.
Thanks for listening, and with a little luck, we will see one or two of you pretty soon.
Live Long and Prosper,
[TMB Note: Seriously. You really don't want me having to pick stories.]
[Update: see this comment below if you've expressed interest in volunteering.
So, as per usual, I like to occasionally check the pulse on the community to make sure that people for the most part are happy and satisfied with the day-to-day operation of the site. For those of you who are new to the community, first, let me welcome you and explain how these work.
When I open the floor to the community, the intent is to provide a venue to discuss anything related to site operations, content, and anything along those lines. I actively review and comment on these posts, and if one issue pops up multiple times in comments, I generally run follow up articles to try and help address issues the community feels is important before someone decides to take rehash and form a spinoff. Feel free to leave whatever thoughts you want below.
In contrary to my usual posts, I don't have that much to say to this, so to both the community and editorial team's relief, I'll cut this off right here before it becomes Yet Another NCommander Novel.
Right, so there's currently a DDoS of our site specifically happening. Part of me is mildly annoyed, part of me is proud that we're worth DDoS-ing now. Since it's only slowing us down a bit and not actually shutting us down, I'm half tempted to just let them run their botnet time out. I suppose we should tweak the firewall a bit though. Sigh, I hate working on weekends.
Update: Okay, that appears to have mitigated it; the site's functional at a reasonable rate of responsiveness.
Update2: Attack's over for now. You may go about your business.
Since the launch of SoylentNews in February of 2014, there have been 274,870 comment moderations made against the 412,100 comments that our community has posted to our site. Who has posted the most comments? Who garnered the most up-moderations? The most down-moderations?
Such simple questions, but they led to a fun bit of DB querying. The results surprised me, and I thought others might be interested, as well. Most surprising to me was the assessment of comments from Anonymous Cowards.
The Retro-Malware series is an experiment on original content for SoylentNews, written in the hopes to motivate people to subscribe to the site and help grow our resources. The previous article talked a bit about the programming environment imposed by DOS and 16-bit Intel segmented programming; it should be read before this one.
Before we get into this installment, I do want to apologize for the delay into getting this article up. A semi-unexpected cross-country drive combined with a distinct lack of surviving programming documentation has made getting this article written up take far longer than expected. Picking up from where we were before, today we're going to look into Terminate-and-Stay Resident programming, interrupt chaining, and get our first taste of how DOS handles conventional memory. Full annotated code and binaries are available here in the retromalware git repo.
As usual, check past the break for more. In addition, if you are a licensed ham operator or have ham radio equipment, I could use your help, check the details at the end of this article.
We have been informed by Linode (which hosts our servers) that there is some hardware maintenance being performed tonight. The impacted servers are 'fluorine' and 'neon'. Here is the message we received:
Linode continuously monitors the health of our equipment and we've been alerted to a condition which affects the physical server on which your Linode is hosted. While we have determined that this is not an emergency, this should be addressed in order to optimize the performance of your Linode. We have scheduled a maintenance window for the physical server on which your Linode is hosted:
Friday, September 16, 2016 at 1:00 AM EDT (5:00 AM UTC)
Downtime from this maintenance is expected to be no more than 1 hour. Please note, however, that the entire maintenance window may be required. Your Linode will be gracefully powered down and rebooted during the maintenance. Services not configured to start on a reboot will need to be manually started. If this time frame does not work for you, you have the option of migrating to another host which has these settings enabled.
Thanks to redundancy between our front end and database servers, our main site should remain functional. There will, however, be some minor inconveniences. During this period:
We appreciate your understanding and patience while the servers are being serviced.
We anticipate most of the affected services should auto-restart; those that do not will be addressed starting around 0600 CDT (0700 EDT / 1100 UTC).
UPDATE: All is shiny and happy again.
I've made no secret that I'd like to bring original content to SoylentNews, and recently polled the community on their feelings for crowdfunding articles. The overall response was somewhat lukewarm mostly on dividing where money and paying authors. As such, taking that into account, I decided to write a series of articles for SN in an attempt to drive more subscriptions and readers to the site, and to scratch a personal itch on doing a retro-computing project. The question then became: What to write?
As part of a conversation on IRC, part of me wondered what a modern day keylogger would have looked running on DOS. In the world of 2016, its no secret that various three letter agencies engage in mass surveillance and cyberwarfare. A keylogger would be part of any basic set of attack tools. The question is what would a potential attack tool have looked like if it was written during the 1980s. Back in 1980, the world was a very different place both from a networking and programming perspective.
For example, in 1988 (the year I was born), the IBM PC/XT and AT would have been a relatively common fixture, and the PS/2 only recently released. Most of the personal computing market ran some version of DOS, networking (which was rare) frequently took the form of Token Ring or ARCNet equipment. Further up the stack, TCP/IP competed with IPX, NetBIOS, and several other protocols for dominance. From the programming side, coding for DOS is very different that any modern platform as you had to deal with Intel's segmented architecture, and interacting directly with both the BIOS, and hardware. As such its an interesting look at how technology has evolved since.
Now obviously, I don't want to release a ready-made attack tool to be abused for the masses especially since DOS is still frequently used in embedded and industry roles. As such, I'm going to target a non-IP based protocol for logging both to explore these technologies, while simultaneously making it as useless as possible. To the extent possible, I will try and keep everything accessible to non-programmers, but this isn't intended as a tutorial for real mode programming. As such I'm not going to go super in-depth in places, but will try to link relevant information. If anyone is confused, post a comment, and I'll answer questions or edit these articles as they go live.
More past the break ...
It has only been six short months since SoylentNews' Folding@Home team was founded, and we've made a major milestone: our team is now one of the top 500 teams in the world! We've already surpassed some heavy hitters like /. and several universities, including MIT. (But now is not the time to rest on our laurels. A certain Redmond-based software producer currently occupies #442.)
In case you aren't familiar with folding@home, it's a distributed computing project that simulates protein folding in an attempt to better understand diseases such as Alzheimer's and Huntington's and thereby help to find a cure. To that end, SoylentNews' team has completed nearly 16,000 work units.
If you'd like to contribute to our team by donating some spare CPU/GPU cycles, you can get started here. There are clients available for Linux, Windows, and OSX. Once you have installed the software, enter the TeamID 230319 to join us.
Feel free to join #folding on our IRC channel if you need any help, or just want to chat.
Thank you to all that have participated, and a special thanks to our top 10 folders:
In the ongoing battle of site improvements and shoring up security, I finally managed to scratch a long-standing itch and signed the soylentnews.org domain. As of right now, our chain is fully validated and pushed to all our end-points.
Right now, I'm getting ready to dig in with TheMightyBuzzard to work on improving XSS protection for the site, and starting to lay out new site features (which will be in a future post). As with any meta post, I'll be reading your comments below.
Are subjects passé in comments on the post-social media web? Or are they a valid feature to enable human eye-scanning and relevant search results?
It is the opinion of this anonymous submitter that putting "Subjects are an anachronism"  or "SubjectsinCommentsareStupid"  is unhelpful at best and spam at worst. SoylentNews has a long legacy going back to Chips & Dips, the predecessor site to Slashdot (from whose code SoylentNews was forked).
With that in mind, subjects are not a vestigial feature but a useful and defining one. It makes longer threads friendly to readers, and separates this site from Digg, Reddit, Voat, and so many other disposable social media sites. Just as email would be worse without subjects, so too would SoylentNews.
Ed Note: I'm of two minds as to running this story. This is presented as one person's opinion and makes a case for continuing to have a Subject for each comment. As noted, others do not feel the same way. As SoylentNews is a community, your input guides us. So, what say you? Should we continue as-is? Make subjects optional? Dispense with them entirely? Other? What benefits and/or problems are likely to result?
So, during the last site update article, a discussion came up talking about how those who work and write for this site should get paid for said work. I've always wanted to get us to the point where we could cut a check to the contributors of SoylentNews, but as it stands, subscriptions more or less let us keep the lights on and that's about it.
As I was writing and responding to one specific thread, part of me started to wonder if there would be enough interest to try and crowdfund articles on specific topics. In general, meta articles in which we talk deploying HSTS or our use of Hesiod tend to generate a lot of interest. So, I wanted to try and see if there was an opportunity to both generate interesting content, and help get some funds back to those who donate their time to keep the lights on.
One idea that immediately comes to mind that I could write is deploying DNSSEC in the real world, and an active example of how it can help mitigate hijack attacks against misconfigured domains. Alternatively, on a retro-computing angle, I could cook something in 16-bit real mode assembly that can load an article from soylentnews.org. I could also do a series on doing (mostly) bare metal work; i.e., loading an article from PXE boot or UEFI.
However, before I get in too deep into building this idea, I want to see how the community feels about it. My initial thought is that the funds raised for a given article would dictate how long it would be, and the revenue would be split between the author, and the staff, with the staff section being divided at the end of the year as even as possible. The program would be open to any SN contributor. If the community is both interested and willing, I'll organize a staff meeting and we'll do a trial run to see if the idea is viable. If it flies, then we'll build out the system to be a semi-regular feature of the site
As always, leave your comments below, and we'll all be reading ...
Since people seem to rather enjoy when I run articles on backend upgrades, here's another set of changes I made over the last week as I get back into the full swing working on the site.
The short list:
Read past the fold for more information.
So after an extended period of inactivity, I've finally decided to jump back into working on SoylentNews and rehash (the code that powers the site). As such, I've decided to scratch some long-standing itches. The first (and easiest) to deploy was HSTS to SoylentNews. What is HSTS you may ask?
HSTS stands for HTTP Strict Transport Security and is a special HTTP header that signifies that a site should only be connected to over HTTPS and causes the browser to automatically load encrypted versions of a website should it see a regular URL. We've forbid non-SSL connections to SN for over a year, but without HSTS in place, a man-in-the-middle downgrade attack was possible by intercepting the initial insecure page load.
One of the big views I have towards SoylentNews is we should be representative of "best practices" on the internet. To that end, we deployed IPv6 publicly last year, and went HTTPS-by-default not long after that. Deploying HSTS continues this trend, and I'm working towards implementing other good ideas that rarely seem to see the light of day.
Check past the break for more technical details.