As you will all be aware there has been much happening behind the scenes at SoylentNews. This is an update on activities which you possibly haven't noticed.
Administrative Documents
It has been necessary to redraft many of the documents for the original site which no longer refer to the correct business entity behind the new site. In most cases they are merely reprints of the original documents with typographical and grammatical corrections along with minor changes to reflect the company name. However, some are new documents (e.g. the new Bylaws, and how to successfully complete a bank transfer to our account if you wish to do so in preference to using either Stripe or Paypal etc). I would welcome any necessary corrections that you identify in them.
Bylaws
The Bylaws were written over many months with community contributions throughout. They affect how the business is managed from a legal aspect but not how the day-to-day activity is controlled. They were adopted by the Board and they were submitted to the relevant Federal and State organisations that control the creation and operation of such things when Soylent Phoenix was created. The Bylaws are significant to you in a couple of ways. Firstly, there are no shareholders/stakeholders on the Board - you own this site. Secondly, in the future any major changes to the operation of this site will require at a minimum a consultation with the community and possibly a formal vote to authorise the adoption of the proposed change. You now have a much louder voice in how this site will be run. Nevertheless, that does not mean that every minor change requires full community approval; the decision will ultimately rest with the Board.
If you wish to read the Bylaws they can be found at Soylent Phoenix - Bylaws (as submitted for Company Registration). Details of the current voluntary Board members can also be found there. The Board will require a confirmatory election by the community where other community members will also have an opportunity to be elected rather than the existing Board members. However, the voting software that was to be used to manage the vote became unavailable when audioguy left the site. I am still looking for replacement software that is reliable enough to ensure a free and fair vote. I would welcome any suggestions that you may have.
Tax Status
For those US members of our community who can benefit from it we are registered as an IRC Section 501(c)(3) company which means that subscriptions and donations are tax deductible for those lucky people. Subscriptions and donations can be made by Stripe or Paypal, but additionally now also by direct bank transfer either inside the USA or internationally.
Soylent Phoenix Policy
The Policy statement is for the most part a copy of the original statement but there are some differences. One is the inclusion of a policy statement regarding doxxing which I hope is self-explanatory. The second relates to the removal from view of persistent spamming. Removal of spam content has always been part of the site policy since its inception but it is both reaffirmed and clarified by the latest statement. Software is under development to assist with this function which will also give the community increased oversight of how such things are managed.
Definitions and Common Terms
To support the Soylent Phoenix Policy statement there is also a new document called Definitions and Common Terms. This is necessary because some community members seem to be confused over certain definitions as they apply to this (and the previous) site. I have searched through numerous Metas issued over the last decade and extracted the approved essential elements so that they can be viewed in one place. I will continue to update this document as needs dictate.
Transfer of Assets
In May of this year NCommander announced that the funds had run dry and he asked for community support while the change between companies was taking place. The community responded brilliantly and you donated enough to keep the site operational for around another 6 months. Those of you with a sharp brain will realise that the pot was empty again in late Oct . The 2 treasurers acting on behalf of their respective Boards ensured that money from the new company was used to pay the final bills as they came in. I am grateful to both of them for their work in doing this and to both Boards for working cooperatively. It was also to our benefit. NCommander agreed to gift all the assets from SoylentNews PBC to Soylent Phoenix in their totality. It was a generous gesture and much appreciated. The terms of this agreement are available for your perusal at the Transfer of Assets Agreement.
DRAFT - Discussion Policy
There is one document that is presented in Draft format and I would welcome your comments. Again it results from apparent 'confusion' over what is permitted in a journal and what is not. Essentially, journals have little to no staff control. They belong to the person who creates the journal. The Discussion Policy is an attempt to state the purpose and function of all discussions on this site as clearly as is possible. It is important to realise that this is a statement of what is already agreed and has been the policy since 2014. I would like your comments regarding its clarity and not whether you agree with what some people write in their journals. The latter would need a change of policy and would have to be addressed ultimately by the Board and the community.
Hardware
The move of all data from Akamai/Linode servers was completed several weeks ago. It was carried out in stages and Linode staff were very helpful. The account was closed when the work was finished. It removes a significant expenditure from our running costs.
Software
The site is now functional but if you experience anything unusual or unexpected please let us know so that it can be investigated to ensure it is nothing amiss in the software that we are using.
There is still software being developed by kolie, (with occasional help from NCommander), and a new member of the Dev/Sysadmin Team - that is Robc (Robc207 - 3408). Welcome!
Some of the software under development, in addition to the spam management software that I have already mentioned, includes improved security hardening of the site and additional administrative tools. You should remember that although quite a bit of work has been carried out on the community's UI, there has been very little work on the administrative software - which still looks and behaves as it did when it was first written almost 30 years ago.
We are also actively seeking a secure way to enable ACs to rejoin the community in main page discussions. This is a significant problem but there are several ideas that are being developed and tested to see if it is a practical proposition.
Joining a Team
If anyone wishes to assist in the running of this site then please do not hesitate to contact any of the staff. In particular, we are currently looking for someone (1 or 2 people) to manage the mediawiki. This is a very light task (a couple of hours per month at most) but at the moment almost every task is being shared among a very small group of people. Having someone to take responsibility for the mediawiki would free others up to enable them to do more of their primary role. I am not asking for someone to write the wiki contents (although if that is a job that you fancy then please step forward) but someone to control wiki access and do a little bit of wiki housekeeping.
Anonymous Coward Contributions to this Discussion
It is a fact that if this discussion were to be open to ACs on the front pages it would quickly become a focus for Spam from a very small group of people. Therefore, the contents of this Meta will be reproduced as a journal belonging to "AC Friendly" [https://soylentnews.org/~AC+Friendly/journal/] and ACs will be welcome to comment there. Valid points of discussion will be copied across to the front page story under the username of "AC Friendly". If an AC wishes to respond to a specific comment then please link to that comment in the first line of your own comment. Spam in that journal will be treated appropriately.
Finally...
It doesn't matter what religion you follow or what your beliefs are, the time is approaching when many people celebrate a notable festival of some kind and the end of the current year. The team at SoylentNews send their very best wishes to the community and to those close to them over the holiday period.
(Score: 2, Insightful) by Anonymous Coward on Monday December 16, @02:56PM (8 children)
First, thank you for the detailed update, all good news!
2nd, you wrote:
> ... but additionally now also by direct bank transfer [soylentnews.org] either inside the USA or internationally.
About 20 years ago I posted similar USA bank data when I was handling the finances of a small (but international) group. Within a month, a thief (cracker, not hacker!!) had set up a brokerage account and made a fraudulent withdrawal of USD $10,000. Luckily for me, I knew the people at my local bank branch, they flagged the transaction (which was for much more than the money in the account). After a session of signing papers, the fraud was reversed, account numbers changed and I've never posted account/routing/Swift numbers again!
Q. Does SN have a different sort of bank account that is "deposit only" or other mechanism in place to prevent unauthorized withdrawals?
(Score: 4, Informative) by janrinok on Monday December 16, @03:29PM (6 children)
There are only 2 people who are authorised to access our account. In much of the world the transfer of money using the internet or phone are commonplace. I pay numerous bills this way and I and I use both methods frequently. Accounts here can be paid into but not withdrawn from. Of course, payments can be made but that is an entirely different procedure.
One of the reasons that our original company was moved from West Virginia to Oregon is that our current bank insisted that both of the authorised users visited a branch of the bank in person, which was not possible with a bank located in West Virginia.
In France (and as far as I know most of Europe), it is easy to arrange for someone to transfer money into your your account. Withdrawals have to be separately verified and approved with 2FA and, with my bank at least, I can specify a maximum that can be withdrawn.
This system is called the SWIFT system and is widely used throughout the world. One of the sanctions that has been placed on Russia by the West is that they have been denied access to the SWIFT system. You will notice that the same system is in use for donations and subscriptions from international banks in the document that you are referring to. Internally the US seems to have its own system but I cannot comment on the security of that system.
Without knowing more about how the 'brokerage account' was created and how he achieved authorisation to take over an account I cannot comment any further.
If a bank permits the transfer of money out of an account that it manages then either it either has very poor security or the person owning the account has.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 0) by Anonymous Coward on Monday December 16, @09:30PM (3 children)
> Without knowing more about how the 'brokerage account' was created
Parent AC here. Thanks for the detailed reply.
Since I'm not the thief, I don't know how the brokerage account was set up. In the records that I saw for my account, the line was (from 20 year old memory), something like:
ACH Withdrawal | $10,000 | Ameritrade
This was back when online access to brokerages was new. One thought is that the security breakdown may have been between new player Ameritrade (trying to "reduce purchasing friction" for their brokerage customers) and the old USA banking system.
One thing I learned some time ago is that the USA banking system was first to "computerize". However, any first mover advantage has been lost to more recent and better designed systems in other parts of the world. While I think most USA banks now support SWIFT, this is a fairly recent development (in my experience).
Yes, I know that when I sent a check, the Routing and Account numbers are on the check. This is seen by a limited number of people (sort of "security by obscurity") and I'm relying on my Payee and their bank to not employ anyone likely to defraud me. This seems quite different from posting the same numbers on the internet where they can be found easily by anyone looking for a target?
(Score: 2) by janrinok on Monday December 16, @09:58PM (1 child)
I wasn't implying that you were a thief. However, most attempts at attacking an account are directed at the owners of the account by using various means to get them to compromise a password or whatever.
If a bank that I am using gives my money away then they will 1. not be my bank for much longer, 2. be prepared for some very bad publicity, and 3. face me in court for my losses and costs..
Nevertheless, I am intrigued. If your partner, or a close member of your family needs some funds temporarily and they are not close enough to just hand it to them, how would you transfer the money? I just use my phone to put it directly into their account, and they can use their phone or debit card to spend it. Time taken, 10 minutes?
And the reason that I will not use Paypal is that I once lost a significant sum of money (or, more correctly, they once lost a significant sum of my money, by using their services. Maybe they are better nowadays, but I am not going to find out.
Take a look at this site [wise.com] if you want to see how easy it is.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 1, Interesting) by Anonymous Coward on Monday December 16, @10:41PM
Sorry for any confusion:
> I wasn't implying that you were a thief.
I didn't interpret your reply that way!
What I should have said was: once I filled out the forms at my local branch (remember, 20 years ago), they reversed the fraud and I never heard any more about it. I was, of course, curious to know if they found the fraudster, what it took to set up that brokerage account tied to my account, etc. The bank would never tell me anything about how it was resolved between the bank and Ameritrade, or if the fraudster was caught.
> 3. face me in court for my losses and costs..
Perhaps. While I haven't read all the fine print, I strongly suspect that my deposit accounts (in USA) limit my options for redress, and may require "arbitration" which is outside the court system.
> ... and they are not close enough to just hand it to them, how would you transfer the money?
Back when I was in college (1970s), if I needed some money, my parents would mail me a check and the university "Bursar's Office" would cash small checks with student ID. The mail service between two cities (about 500 miles/800km apart) was two days, perhaps three if there was a rare problem. It was up to me to anticipate my needs by a few days--which I always managed successfully. More likely, I'd scrape by until my next trip home (often hitchhiking--which used to work marvelously). All this "last second" stuff is very modern indeed!
In recent times, I've used PayPal to settle small debts between friends (once or twice a year). My financial life is quite simple (no kids, few relatives). I keep a small balance at PayPal and that funds transfers that happen almost instantly -- no waiting for PayPal to contact my linked bank account (which always has a low balance).
By small PayPal balance, I mean a few hundred dollars max, in my case this is an amount that I'd prefer not to lose, but it wouldn't hurt me if it was lost--effectively I'm "gambling" that balance in exchange for convenience.
Mostly I use that balance to buy small items on eBay that aren't available locally (perhaps a couple of hundred dollars total per year). I suspect that sellers appreciate this--the money is available to them immediately and it seems that they usually ship very quickly.
Thanks for the link to Wise, good to know about it, if anyone wants to send me money that way. It does involve fees, but cheaper than traditional Western Union.
Old fashioned checks (in USA) are free. A few weeks ago I wanted to order a copy of a self-published book from an artist friend. He mailed the book the same day I sent him a check, and the mail was two days each way--everyone happy.
(Score: 2) by quietus on Tuesday December 17, @01:33PM
Working with SWIFT codes is actually the older system -- IBAN numbers are generally used, since 1997: you do an online transfer, and next day your contact in Hong Kong has it in her account.
The United States system of handling payments seems ... peculiar. My impression is that the check system, with all its delays and fees (for international payments), is put in place to force you to use a credit card.
(Score: 3, Interesting) by Whoever on Monday December 16, @09:47PM (1 child)
I recently linked a brokerage account to a credit union savings account. In some cases, the brokerage account will make a couple of very small deposits and then ask you to tell the brokerage company how much money was deposited. There is no real check at the credit union's end. I have seen this same process with major banks.
Security depends on two things: a general assumption of honesty and vigilance from the account holder. A few years ago, I heard about a wealthy person who discovered that over $100,000 had been removed from his account. He challenged the bank, but it was over 90 days after the withdrawal, so they told him to pound sand.
(Score: 0) by Anonymous Coward on Monday December 16, @10:52PM
Years ago when I linked a bank account (low balance) to PayPal it was the same way -- small deposits in the bank from PayPal. I reported these back to PayPal and then the accounts were linked. Now I can go to PayPal and move money to and from my linked bank account--might take a few days.
Didn't think about it at the time, but this could be pretty easy to crack? All you need to start are the bank account routing and account numbers. After that, it may not take many tries to guess the amounts of the small transfers...and then successfully impersonate the actual bank account owner.
Obvious moral of your story: Check bank statements when they come in!!
(Score: 2) by janrinok on Monday December 16, @03:32PM
An additional thought - if you have ever paid a bill using a cheque then you have given exactly the same information to the recipient. They have your account number, bank sorting code, your name, and they know the name of your bank. You have no idea who has been able to see that cheque once you hand it over.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 3, Interesting) by bzipitidoo on Monday December 16, @07:02PM (2 children)
I've been looking at what it takes to set up a business website, and have found things have changed a lot over the years. What I know is setting up a simple web server. I have never done a full LAMP stack, with user accounts, forums with pics and perhaps even videos, email verification, etc. I hear that spam and viruses are tremendous problems. The instant you hook up, before you've even thrown the switch to go live, attackers are already probing you. If you hook an email server up to the Internet, it will be spammed faster than you can say "Jack Robinson". You must have protection in place before connecting.
I have seen only a little of the financial side-- the core technical part is adding super sekret bank binaries (which at the time I saw this were still 32bit) to your LAMP stack. I imagine the hardest part of setting up the finance is setting up and linking a suitable bank account, with of course much protection from fraud and theft. And one must be wary of bad deals-- monthly fees that at first glance don't seem like much, but which add up, and other expenses.
Running a website on your own hardware in the office looks less and less viable. ISPs appear to have permanently blocked the well known www ports, on home service at any rate. So if you go that route, you have to get some sort of "business class" Internet service, likely for more $. Or should you use the cloud? Or, do you rent space in a server farm? The final option is to pay one of these service companies monthly. I hate that option. They stick you with a crippled CMS interface, WordPress that has been hobbled in various ways, treat you like you don't know anything about the back end, and hold you hostage. Want to migrate to a different web site service? They make that hard to do. You can take your phone number to a different provider, but your website? You can't back up your own website yourself, the CMS interface does half a job of that. You'll get your data, but you don't get the glue.
(Score: 0) by Anonymous Coward on Monday December 16, @09:59PM (1 child)
Can you say more about what you are planning? Is it a personal site where you want to sell goods or services? Or is the site for an existing business that you work/consult for?
For my little engineering company, our website is for information only, zero commerce. In recent years we've had good service from https://www.stablehost.com/ [stablehost.com] They give us a cPanel interface which does include Wordpress, but we ignore that. Instead, our old site is almost all in straight HTML.
I'm not the webmaster, but a quick look suggests that all the files (a few hundred including images, pdfs for download, etc) live in directory "public_html" which sits directly below top-level.
Yes, the old school website looks very dated, but, wow, even complex pages load "instantly."
(Score: 3, Informative) by bzipitidoo on Tuesday December 17, @02:10AM
Wants:
1) Basic info about us. What we do and who we are. We're a small business selling a service to professionals. Don't anticipate much traffic.
2) A way to collect payments. Credit card should do. No need for crypto currencies. Have Paypal only if that's easy to do.
3) Control. No website vendor between us and our site. I don't mind a CMS such as WordPress, so long as I have the keys to it all, and can update WordPress myself, and the OS if I wish, and run backups.
4) Low cost. Can't I just run this on a Raspberry Pi, piggyback off the office WiFi, and have a name service like what DynDNS used to offer? Does it even make sense to think of doing it that way?
We're not going to run a user forum. Way too much hassle. Not looking to add lots of bling to the web page. It seems the standard front page of a small business website these days is a rotating set of still images, with marketspeak verbiage. Which almost certainly means JavaScript, though it occurs to me it could be done in part with APNG. But if you use APNG, you couldn't have the little row of dots to let the visitor jump around in the sequence and see where they are. Also doubt that APNG can specify fades or other fancy shifts with a few bytes, that would have to be by hand so to speak, with a whole series of images. I suppose even considering APNG instead of using a WordPress theme is another example of just the sort of way in which I believe I am woefully dated in my thinking.
(Score: 1) by AC Friendly on Friday December 20, @07:34AM
This is only a partial comment. The rest is off-topic and irrelevant. I will assume that this person (AC) would not vote for the documents.