SoylentNews is people
SoylentNews
Audioguy was one of the original team who created the existing SoylentNews site. He has stayed with us since that time and has served the community as a sys-admin for over 10 years. It is no exaggeration to say that over the last year or two he has played an almost single-handed role in keeping this site working.
Audioguy has suffered a series of significant personal and medical events over the last 6 months or so. He is now about to commence ophthalmic surgery tomorrow (Wednesday) and is facing other potentially life changing medical issues in the near future. He has, quite understandably and reluctantly, been forced to stand down from his role which was effective from late last week. Unfortunately that has meant that we have lost the ability to correct the current certificates problem. Access to the Linode servers is still controlled by the existing Board and we have experienced additional problems accessing one of our servers by the usual methods. This appears to be common to many staff and has further exacerbated the current problem.
I have written an email to NCommander requesting his assistance in updating the certificates so that the site becomes fully operational again. Your patience is appreciated. What might appear to many in the community to be a relatively minor issue is, behind the scenes, a major blow to the existing team. We have other sys-admins who are ready to pick up the challenge but they do not yet have the necessary access, nor are they yet experienced in managing the beast that that is Slashd.
Returning to audioguy, I am sure that the entire community would wish to join me in thanking him for a decade of support to the site, and to wish him well for the upcoming surgery. He remains one of this community and evidence of his past contributions can be found in numerous bits of code and associated documentation. He has also, for example, been the manager of the technical wiki which has been vital to the support team for all of that period. We are indebted to him.
Good luck for the future, audioguy. Take it easy. Best wishes to you and your family.
(Score: 4, Insightful) by bzipitidoo on Tuesday May 07 2024, @07:04PM (14 children)
Once again, like Cinderella's carriage turning into a pumpkin at the stroke of midnight, in an instant certs have taken a website from perfect functionality to none at all, just because. What was the fairy godmother thinking or, if it wasn't her, why should such a limitation on her magic exist? But that's fairy tales for you. In the real world, it's not because the certs were known to be compromised, or even that there was a minuscule chance they might have been compromised, no, it's only because of reaching a wholly artificial deadline. And because browsers take such events way too seriously. There really should be fallback, graceful degradation of some sort. The website owners couldn't get out even one UTF-8 character, let alone 140, enough to convey a very brief explanation.
I have long wondered why the whole world shifted away from http to https. Sure, good reasons to have more security, but there are still use cases for plain old http. It seems the answer is pretty simple: Google. Google's search. That is, if your website doesn't use https, Google will bury your site. Won't put search results from http at the bottom even, won't list them at all.
Was there nothing to warn the folks maintaining the website that this deadline was approaching? The only way to know is by being proactive? I've an idea. How about a browser add-on to warn the user that a site's cert is near expiration? There are a few. The one I checked, Certificate Expiration by Johan, can be pinned on the toolbar where the user can see at a glance how many days until the cert expires.
(Score: 4, Informative) by Whoever on Tuesday May 07 2024, @07:09PM
You are ignoring the fact that the soylentnews website is sending the HSTS header, which tells the browsers not to connect without full TLS security.
This may be a choice by the developers, or it may be simply an oversight.
However, consider that most people will be sending login information and I would bet that some users use the same login/password pairs on other websites, so no, HTTP access to soylentnews isn't a good idea.
(Score: 5, Informative) by vux984 on Tuesday May 07 2024, @07:45PM
"I have long wondered why the whole world shifted away from http to https."
One of the big ones was ISPs and other middlemen started injecting their own ads into the content, modifying content, and so forth which is trivial to do with unencrypted data.
(Score: 5, Informative) by janrinok on Tuesday May 07 2024, @07:45PM (11 children)
That is an interesting question. In fact, I personally gave audioguy a 1 month warning, a 14 day warning and at least 2 warnings in the last week of the certificate's validity. But nobody knew how dire audioguy's personal situation was. He has explained in his email to me all that he was having to contend with but only after the event. Now that we know what he was facing I am not surprised in the slightest that the site took a back seat to his health and his family. I would hope that you would do the same in a similar situation. A lack of awareness was not a contributory factor in the site's downtime.
In the meantime, despite all of his personal and medical problems he was still fighting with the system to get access to the servers that he needed to update the certificates. Unfortunately time ran out - but we did not discover the full situation that until late Sunday my time, when the site had already been partially offline for 24 hours. We had other staff who tried to assist but they each encountered problems. We had a very quick discussion On Monday (my time) and we decided to request help from NCommander.
Both NCommander and kolie were helpful in turn but there is a time difference between our respective locations. As soon as NCommander woke up he appears to have got straight on with the update and the site was recovered.
[nostyle RIP 06 May 2025]
(Score: 2) by Whoever on Tuesday May 07 2024, @08:36PM (9 children)
It looks like the job isn't fully done.
I don't know what the purpose of the server at sylnt.us is, but it still has the old certificate.
(Score: 2) by janrinok on Tuesday May 07 2024, @08:53PM (7 children)
I don't know either. How did you find out?
[nostyle RIP 06 May 2025]
(Score: 2) by Whoever on Tuesday May 07 2024, @09:01PM (6 children)
I looked at the certificate for soylentnews.org, and saw the other domain name in there, then I went to the website for that other domain name.
(Score: 2) by janrinok on Tuesday May 07 2024, @09:05PM (5 children)
If I click on sylnt.us it takes me to an IRC related page.
[nostyle RIP 06 May 2025]
(Score: 2) by Whoever on Tuesday May 07 2024, @09:21PM (4 children)
Try:
https://sylnt.us/ [sylnt.us]
(Score: 3, Informative) by janrinok on Tuesday May 07 2024, @09:34PM (3 children)
[nostyle RIP 06 May 2025]
(Score: 2) by Whoever on Tuesday May 07 2024, @09:55PM (2 children)
That's true. In fact, if you click on the link for IRC, it goes back to soylentnews.org.
Services on sylnt.us -- note that it is the mail server for soylentnews.org:
Starting Nmap 6.40 ( http://nmap.org [nmap.org] ) at 2024-05-07 21:49 UTC
Nmap scan report for mail.soylentnews.org (72.14.184.41)
Host is up (0.11s latency).
Not shown: 927 closed ports, 61 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
143/tcp open imap
443/tcp open https
587/tcp open submission
993/tcp open imaps
6666/tcp open irc
6667/tcp open irc
6668/tcp open irc
6669/tcp open irc
7000/tcp open afs3-fileserver
Nmap done: 1 IP address (1 host up) scanned in 2.82 seconds
It does appear to be running some kind of irc.
But I'll come back to my original point: first order of business is to automate the certificate updates. I think some complexity in the current setup comes from using wildcard certificates, instead of individual host certificates and perhaps some judicious use of self-signed certificates might simplify things.
Note that the DNS is also a mess: there are tow MX records, but, when resolved, they both point to the same IP address.
(Score: 2) by RS3 on Tuesday May 07 2024, @10:44PM
IIRC someone (NCommander?) said they condensed some of the (too) many servers, so some of the DNS / IP stuff might not have been updated (yet).
Also IIRC there is / was a web interface for IRC. Used to be, but I'm not really an IRC person; I can't remember the last time I was on it, likely more than a year ago.
(Score: 3, Informative) by RS3 on Tuesday May 07 2024, @10:47PM
Seems to be still there: https://irc.staging.soylentnews.org [soylentnews.org]
I don't have time to try it more.
(Score: 2) by janrinok on Tuesday May 07 2024, @08:55PM
It seems to be IRC related.
[nostyle RIP 06 May 2025]
(Score: 3, Interesting) by bzipitidoo on Thursday May 09 2024, @03:35AM
> I personally gave audioguy a 1 month warning, a 14 day warning and at least 2 warnings in the last week
This is one of the more exasperating things about computer technology. Why is cert renewal dependent upon not just one, but a chain of human actions? This is surely something that can be more automated, ideally completely automated. Automation of informational work is the computer's greatest strength. It often feels like the way we use computers is still pretty primitive. Just not seeing all sorts of uses, as if we're old fogeys who hitch horses to cars. We treat computers like they are cars without a reverse gear, in which the users are expected to get out and push the car whenever there is a need to back up. Also, no starter motor, have to hand crank it to start the engine. At one job I had, the boss had college students preparing images by loading them into Photoshop to do a few simple enhancements. Was taking them a week to do a hundred images. I showed them the netpbm suite of image manipulation utilities, and wrote a script to grind through a subdirectory of images. That way, could do in under an hour all the work they were tediously taking a week to do by working the human user interface of Photoshop.
> I would hope that you would do the same in a similar situation.
Quite. I am not so fanatically devoted to any cause that I would sacrifice my and my families' lives for it. I hope audioguy is doing better.