So, to say the last week has been a dumpster fire is drastically underselling what I've been through. This, combined with having to put things in place to migrate off Twitter, and otherwise deal with all the fallout of that hot mess has, to put it frankly, put free time at something of a premium, hence why this post took so long. For those who missed it, I did fairly long overhaul of our backend, upgrading boxes from Ubuntu 14.04, and rebuilding and replacing others.
At the moment, the site is mostly working, with two exceptions, site search is still down, and IRC is still down. Deucalion has taken up the task of rebuilding the IRCd on modern server software, so it's time to lay down the road going forward past this point.
Read past the fold for more information ...
Right now, the backend is mostly built on an outdated version of mod_perl 2.2, and MySQL cluster, which is very much not a good place to be. Originally as envisioned, I planned this site to be able to be easily scalable, with a larger user base. That's why the infrastructure was designed to be as scalable as it was, with the downside of having a much higher overhead than a more traditional setup has. Furthermore, rehash (the code that powers this site) is, uh, to put it frankly, a beast to work on. It's a 90s era Perl code base and pretty much everything else that implies; if it wasn't for the fact that rehash is one of the main reasons to use SoylentNews, I'd argue it might be time to replace it.
Right now, I'm working on doing another round of server hardening. As it is at the moment, I've got rehash and Apache running in an AppArmor jail, and everything is pretty well sandboxed from everything else, but I still need to go through and adjust a lot of firewalls, and finish decommissioning out a bunch of the boxes. That said, the site is running faster than it has in a long while since a lot of small things got corrected as we went. Sometime this weekend, I'm going to finish adjusting the firewalls to lock it down further, and that should mostly get back to the point where I might have restful sleep again. That being said, there's still a fair bit more to do.
Moving ahead, we need to get off MySQL cluster, and either onto the current mod_perl, or, ideally, FastCGI, to end the Apache dependency entirely. Unfortunately, working on Rehash is quite difficult, and it requires a very specific setup to be viable. My current plan here is to basically get it working in Docker, so its easy to spin up and spin down instances, and return to a less cursed variant of MySQL. This is probably a few hours of work, but I'm hoping that overall it is going to be easy and straightforward to do since most of the backend is fairly well documented at this point. This also leaves me in a decent position to implement a couple of long overdue features, but modernization efforts come first. I'm hoping to livestream my efforts on this on the weeks to come, and I will make stream announcements as I go along.
My intent, based off the policy changes that were made to disallow ACs to post on stories is to sunlight the feature entirely, including in journals and more. The decision to have ACs on SoylentNews was made in 2014, when the Snowden leaks were only a few months old. Furthermore, we've seen from experience that the karma system doesn't go far enough at keeping bad actors from still getting a +2 status. By and large, the numbers underpinning the system need a rework. My general thought is to cap karma at either 10 or 15, and drastically decrease how far into the basement you can go, as well as uncapping posts in moderation to be able to go to -5.
As a rule, incredibly bad takes do get moderated out of existence, but because there's no real penalty for doing so, we get constant shitposts. Time to make this a bit harder to abuse. I've documented the antispam measures on the site before, but the site keeps track of IP addresses and subnets in the form of hashed /24, and /16s (/64 and /48 for IPv6), which has a karma number attached to them. If an IP range goes too far into the basement, it ends up posting at 0 or -1. By adjusting the caps, it should allow this threshold to be reached much more easily, and help bring the signal to noise ratio back to something more "positive".
Furthermore, I believe its generally in the site's interests to allow editors to delete comments. This functionality is actually built into rehash, but has been long disabled. At the time, I felt the community was best self-moderating, but I think on the whole, its better to treat this like a moderated subreddit, and have messages get a notice that they've in-fact been deleted ala reddit. This is a fairly large departure for the site as a whole, but I think one justified given the state of the Internet on 2022. I am open to discussions on all of this, but let me see what all your thoughts are like.
I do intend to keep livestreaming my progress with the site as we go along; and we raised another ~500 dollars towards Trevor Project during the last livestream. I've left that stream unlisted until I've had a chance to finish implementing all the hardening measures I've discussed, but I'm hoping at the end of it, I'll have a pretty good documentary on what it takes to modernize an aging website. As usual, if you want to support me directly: Ko-fi is available for one time donations, or Patreon for a recurring donation.
[ If you are an AC and wish to make a constructive comment, please see my journal. janrinok ]
(Score: 5, Interesting) by tangomargarine on Monday November 21, @08:47AM (7 children)
So wait...you're saying, no more AC posts anywhere, ever? Can't say I'm a big fan of this idea. After the fiasco of...whatsisface, aristarchus or He Who Must Not Be Named or whoever it was, hasn't it been somewhat demonstrated that being able to post anonymously is still a valuable feature? Because that 1 in 1000 whack-a-doodle will decide to devote his life to making multis and trying to destroy the entire site and doxxing you and hounding you until you stop posting?
Hmm...how confident are we that the "multiple account" problem has been solved? Because if not it becomes that much easier for said abusers to stop honest users that tick them off from commenting.
Not sure, but sounds abusable as per above. What is the current floor?
No objection here, I guess, but would that have any added effects?
Count how many posts a user makes that gets to -5? Admittedly that's still abusable with enough monkeys (see above).
Ah, details! Excellent! Thank you.
Hmmm...will there be any oversight system involved? Of course any monarch can be noble, but we roll the dice with each.
And of course such a task is rather thankless. Will editors be notified on some sort of automated trigger, on certain posts? Or are they expected to do their own scanning?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by janrinok on Monday November 21, @09:00AM
See my https://soylentnews.org/meta/comments.pl?noupdate=1&sid=52490&page=1&cid=1280770#commentwrap [soylentnews.org]
I agree with and support some of your comments.
(Score: 2) by Kell on Monday November 21, @09:20AM (1 child)
I'm normally supportive of the efforts the admins make here, but there are good points raised here. I do not support these initiatives - the green site worked well for years as it was, and it's a proven formula. I'm not opposed to deleting dox info but I agree that oversight is needed... somehow.
Scientists ask questions. Engineers solve problems.
(Score: 3, Informative) by janrinok on Monday November 21, @09:32AM
(Score: 5, Interesting) by janrinok on Monday November 21, @09:29AM (1 child)
As you are probably aware, I have spent a large proportion of my time on here looking at multiple accounts.
There are some accounts that always appear at the same time. moderate the same stories the same way, and support each other. However, there is at least one credible explanation for this (which has certainly been believed by some administrators here over the last 8 years) - they all work in the same office. The accounts belong to different people. If I can prove abuse of the moderation system or suppression of specific accounts then I will take action. We must nevertheless err on the side of caution. The accounts are tagged and I am watching them closely, both physically and with software. There are a few others too.
The sock-puppet problem is now reasonably under control. The major abuses by sock puppets have stopped and sock puppet accounts are much harder to create without being spotted. New accounts are often identified and disabled within 90 seconds on average. But there will still be some on the site somewhere. If they begin to abuse the system then, again, I can hopefully spot them and disable them. There are a couple of sock-puppets that we have identified but are sitting dormant for the time being. I am taking no action but this is intentional - for now they serve a purpose that we can exploit to our own advantage.
If by solved you mean there are no multiple account holders then I must answer "No, there probably are some". Are they abusing the system to the detriment of other users? I don't think so; there is no evidence to support the idea.
(Score: 2) by tangomargarine on Monday November 21, @05:08PM
I of course didn't mean to imply that the only acceptable answer to me is "yes, the system works perfectly now."
Thank you for your hard work!
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 4, Interesting) by Thexalon on Monday November 21, @12:58PM
I will just add that as an occasional target of mod-bombing at least in the early days, having the karma cushion is definitely a nice-to-have.
And I also keep it in perspective: If the forum is large enough to bother trolling, there will be trolls. If you try to filter the trolls, you will be imperfect and also catch some legitimate people engaging in important free speech. If you manage to filter only the trolls most of the time, the trolls will complain that you're interfering with their free speech. If you try to create systems that increase the number of accounts and IP addresses involved, the trolls will set up one account for home, another account for the office, a third account that relays through the Tor onion, etc. Your only real block is the point where it becomes more of a pain in the butt to troll than it is fun or profitable to do it, which can take a while. So don't beat yourself up over being less than perfect at this, because it's pretty much a guarantee, and far better-funded outfits than Soylent ever was have failed at least as thoroughly.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by NCommander on Tuesday November 22, @12:01AM
My intent here was that AC posts would be removed entirely. Based off the comments, I'm seeing I'm in the minority about this, so perhaps I will have to go back and rethink this. Frankly, I don't think the feature belongs on the modern Internet, because it essentially allows for consequence free posting, and requires either editors or moderators to do something. I've literally seen first hand the consequences of this.
There's a karma based subnet system, but IP addresses (even at a subnet level) change so often that I honestly don't think its useful as an anti-abuse measure. Keeping the "Post Anonymously" button may be the way to go, but put a karma cost on using it. I'm undecided at this very moment.
While I won't say its perfect, you'd have to go out of your way to get multiple accounts to actual positive karma by posting something positive. I'd have to recheck the criteria in which mod points are given, but I believe its still just requiring positive karma to be used. By and large, most of the mod points used expire. Maybe this is too simplistic though
Still always moving
(Score: 5, Interesting) by janrinok on Monday November 21, @08:50AM (5 children)
Administrators are NEVER above community criticism - we have to take it on the chin and justify why we are taking any particular action.
AC posting for account holders is essential for many of our community. It should be permitted anywhere on the site.
Deleting comments and even complete journal entries is sometimes justified but it is a very rare occasion indeed and it is not an action to be taken lightly. Doxing, pornography, political soapboxing, personal verbal assaults, incitements to violence etc have no place in our community. Doxing is particularly difficult - we cannot verify every statement made and we must therefore assume that, if it appears to reveal personal information, it is accurate and thereby act accordingly. This is one area where having the email contact of the abused/victim is highly desirable.
Deleting comments smacks of censorship - which I am categorically against. I do not want an echo chamber of repeated acceptable views. It must not become a method of expressing 'I Disagree' even by an editor. Moderation should be the first choice and deletion the very last option. The process should be, as a minimum. a 2 stage process. Any editor should be able to remove a comment from view regardless of it's current moderations. Often there is only 1 editor available to take action. The removal from view must therefore be easy to action but must also be reversible. The commentator should be notified that it has happened by automatic admin-to-user message therefore an AC comment must be attributable to a genuine account. True deletion, IMO, should require at least 2(?) different administrators in agreement and should also be controlled procedurally with records of when and why the deletion was carried out and by whom. If we do not keep such records we leave ourselves open to accusations that we are 'losing' an individual's comments or that we are doing something underhand. We must remain accountable.
The hijacking of another person's published story or journal entry to express entirely off-topic and irrelevant views is unacceptable. Discussions will often change direction and this is entirely normal but abuse by others who simply refuse to have an account to create their own journal is not.
Dummy or fake accounts (not sock puppets) should be removed from the database if they are not activated within a specific time period (28 days?). This will effectively counter the numerous fake accounts that are being created by bots - for what purpose I have no idea.
The current rules for sock puppets (they are forbidden) are sufficient.
The acceptability of throwaway or single-use email addresses for accounts should be discussed. The use of them makes creating sock puppets significantly easier than it need be, and makes the prevention of the abuse much more difficult. The detection and countering of sock puppets places a significant burden on administrators.
(Score: 5, Insightful) by NotSanguine on Monday November 21, @01:12PM (4 children)
I get the idea and nobody (except those whose goals include wasting everyone's time) wants to see constant shitposts, spam and other sundry nastiness.
But deleting content is something to which I am (mostly, with specific exceptions) categorically opposed, mostly because it can be abused, and unpopular ideas could end up caught in a too broad application of such a policy. Not that I think (at least given the current make up of the staff) such abuse is likely, but one of the things that kept me here for so long was knowing that what I (or others) express will be memorialized in the context of the discussions around that expression.
That said, no content should be allowed that might threaten the existence of the site (CSAM, doxxing, credible death threats, etc.) through the ruinous cost of litigation and/or the involvement of law "enforcement". SN couldn't continue if under such threats, and I want SN to continue.
As for other stuff, as unpleasant or disruptive as it might be, the moderation system is here to handle that, IMHO. An additional feature that might be useful would be akin to the '-10 Spam' mod (and even combined with it) to not display content that's been modded below a certain point, along with a Hacker News style 'showdead' option [ycombinator.com] for logged-in users.
But even that seems like a bit over the top to me, as I've always read at -1 and while some content was patently offensive and worthless, if folks don't see it unless they choose to do so, the jerks who post such garbage will be discouraged from doing so.
It would seem that such a 'showdead'-like option might be a good compromise between controlling shitposts (stuff that could threaten the existence of the site should be terminated with extreme prejudice, but that's not what I'm referring to here) and maintaining a mostly free speech environment.
I expect that some folks will disagree (or agree) with this take, and I'd be happy to discuss it with anyone who'd like to do so -- which is an important part of SN, and the main reason I've (mostly) stuck around since near the beginning.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 5, Interesting) by acid andy on Monday November 21, @02:18PM (3 children)
I agree provided, as I've suggested in the past, "not display" means the comment isn't sent to the client at all, rather than just being hidden by CSS or similar. Some of the more offensive shitposts here may not have been considered strictly illegal by the admins (possibly legal in the US and possibly not in other jurisdictions) but that doesn't mean all readers would be comfortable with having that content on their computer or browsing history.
While I'm commenting here I want to add that I really, really don't like the idea of completely disabling AC comments and don't even like the idea of banning them on journals very much either.
Master of the science of the art of the science of art.
(Score: 2) by NotSanguine on Monday November 21, @09:50PM (2 children)
An interesting point. Although I'm not sure that's a reasonable ask (not sure if a 'showdead'-type function is either), as (IIUC -- someone please correct me if I'm wrong about that) page rendering is done client-side rather than server-side.
If you live in a jurisdiction that criminalizes viewing certain speech (or even if you just live with folks who like to look through your browsing history -- a little creepy, but I try not to judge), installing browser addons to delete your cache/browsing history is probably a good idea even if you don't visit SN, whether shitposts are displayed or not.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Tuesday November 22, @12:10AM (1 child)
Aren't going to work if data is collected by the service provider and/or government. Local files can also be undeleted unless extra care is taken.
I'm not certain exactly how it builds the pages of comments but consider that the server does make user specific alterations to the page such as showing your own user name and the modding controls if you have modpoints. And of course you can add modifiers to friends and foes which would alter their displayed comments scores on the page. I'm sure that's happening server side. So skipping over comments based on user settings ought to be possible on the server. It's just a question of how big the code changes would be and what side effects that change might have on the other features and code.
(Score: 2) by NotSanguine on Tuesday November 22, @12:45AM
Yup. Good opsec is important where necessary. But that wasn't what GP was talking about.
And it's not my job to teach good opsec. I'd also expect that GP (and IIRC, they are fairly technical) doesn't need me (or anyone else) to explain how to stay secure online.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Insightful) by canopic jug on Monday November 21, @09:41AM
Thanks for the detailed explanation and, of course, the large efforts in keeping the site going. I've thrown a small, symbolic amount in the Patreon tip jar and will keep that going a quarter or so, and will re-subscribe soonish.
Tangomargarine beat me to the many of the same questions in comment 1280769 above [soylentnews.org] which I was about to ask.
Money is not free speech. Elections should not be auctions.
(Score: 5, Informative) by janrinok on Monday November 21, @11:00AM
If you are an AC and wish to make a constructive comment, please see my journal. [soylentnews.org]
(Score: 5, Insightful) by pTamok on Monday November 21, @12:15PM (1 child)
I disagree with this, and would likely leave the site if that rule were enforced.
I use an anti-spam mail address that many regard as 'throwaway', and I will not provide the back-end email address which messages are forwarded to. This strategy means my level of spam has been pretty much insignificant over the past more-than-a-decade.
However, I don't administrate soylentnews, which I understand to be a pretty thankless task, so I would understand if it becomes necessary to deal with bad actors wasting good people's time. I would be driven away, but that's my choice, in wanting to keep my actual email address less public than it otherwise would be. I am carefully not saying private, as I am savvy enough to know it can be found out by the technically astute. If you know how, please keep it to yourself. Thank you.
What I would say it that it should be made clear that the administrators have complete power to edit, delete, moderate down or otherwise modify postings, for any or no reason at all. It would be helpful if there were an 'immutable' audit trail that allowed administrators to review each others actions in this regard, and potentially, with appropriate redactions, for the entire userbase to see what is being done. The site will then be held ransom to having moderators that take decisions accepted by enough people to keep the site viable. There might be a legal problem here: once you start exercising editorial control of content, I think you could end up taking responsibility/liability for content, which might not be what you want. You also have the risk of building yet another echo chamber.
I hope a workable solution can be found. I like this place: it's one of the few regular watering holes I go to, and is a lot less crazy that many other popular places.
(Score: 3, Interesting) by shrewdsheep on Monday November 21, @12:37PM
Indeed there needs to be a definition of what constitutes a "throw-away email address". OTOH it is clear that the site needs to be as strict as necessary to ensure a productive conversation. But no stricter. Saying the same, it should be as lenient as possible. But not more lenient. How this materializes at any given time depends on the site's user base and the composition of the staff. Less productive comments lead to stricter rules. Having a small staff also entails stricter rules as fewer cases can be handled on an individual basis.
The core requirement is that the staff can be reached and is willing to discuss proposals and any measures planned or taken. This is the case IMO which is my reason for staying. Becoming staff, I guess, will give you considerable power on soylentnews, so anyone really wanting to have a say should step up.
(Score: 5, Interesting) by looorg on Monday November 21, @01:27PM (5 children)
If you lower the karma cushion wouldn't that just make it easier to nuke people or opinions that you do not like? If the floor (or basement) gets lower then those accounts might never make it back. Rightful in some cases but others might just get nuked from orbit due to a difference of opinions, after all there still by modders isn't any kind of consensus on what constitutes trolls and disagreements etc or for that matter what is the other side of spectrum -- everyone finds different things interesting and informative. It's really down to opinions and perhaps there is to much emphasis put on hope or that the common greater good or sense will kick in and take over.
Perhaps this can be resolved by having some kind of karma-decay. It could work both on negative and positive numbers. Over time dragging you down (or up) to zero. If you had one (or many) bad posts eventually they'll be forgotten and forgiven over time as it decays towards zero again. Just as having a gigantic cushion, currently peeking at +50, would over time decay down towards zero or some upper nice_guy_bottom. Incentive to keep up the good work to keep you up there and not just live on previous postings. If mod points are given out each and every 24h cycle you might as well run all the accounts and +- the cushion according to some rules to such as moving a point per day towards zero or some other arbitrary limits.
If the roof is changed to being plus 10 or 15 instead of plus 50 are you still going to hand out 10 mod points per day?
If this then combines with a crackdown on disposable- or throwaway email addresses, whatever they are -- I used google as a disposable email previously but I assume it's more of the once that you don't even really register and you just keep for hours and then they are gone. Still what constitutes a throwaway address that won't be accepted should then be defined and stated, as noted by others.
While I would like an edit function, I can't even recall the number of times you write something and then post and then moments later you notice that your spelling was wrong etc. Always less then amusing. But then perhaps there should be a window on how far into the past you are allowed to edit a post before it becomes locked. Similar then with delete if you just want to remove it all. But it might not play nice with the current structure and people responding to posts that then just go away, will they also then go away or will they be somehow left hanging or will a deleted post just in essence be edited to say something that "post removed", but then what if the person that have previously responded to it had quoted etc. Weirdness could ensue.
Beyond that I think what has been said or noted as problematic have already been said.
(Score: 3, Interesting) by canopic jug on Monday November 21, @01:39PM
Or there could be a half-life for each karma point so that it drops back over time, thus providing a very strong incentive for positive interactions. However, the full implications of that would have to be worked out in advance before adding that to the already long list of things to code to be sure that it can't be gamed in a way worse than the current situation.
Money is not free speech. Elections should not be auctions.
(Score: 5, Interesting) by fab23 on Monday November 21, @02:47PM
In the HN FAQ (linked from somebody else), I discovered this part:
In my opinion this would be safe solution to be able to edit / delete a comment after posting. It is kind like the send delay some mail clients (web) provide, where you can abort if needed.
(Score: 2) by NCommander on Monday November 21, @11:48PM
Right now, at most, you can loose three points per post if your post starts at +2, and you get lowered to -1. If you starting at karma 50, you end up at 47. Meanwhile, if you forgo the +1 boost, you can get +4 per post, and its often easier to go up than down. Submitting stories also gives a user +3 karma. The problem here is the constant low grade noise, which adds up and makes the site unpleasant to use. By and large, troll accounts tend to still have 40-50 karma on average since people do mod them up from time to time, and this includes misinformation on the site.
Still always moving
(Score: 2) by NCommander on Tuesday November 22, @12:07AM (1 child)
By and large, it doesn't happen. Most of the major troll accounts here have positive karma, despite being downvoted into oblivion because they generally don't post with +1 bonus, so at most its a 2 point lost. One insightful post negates everything, and submitting stories also gives you karma back, even if they're not accepted. As it stands, you have to be at -10 to have your starting score lowered to -1, and -20 (I think) to have your score lowered to -1 to start with. That means you have to have a sustained period of nothing but garbage getting downmodded before the karma system has any effect. I don't remember seeing anyone actually get that low beforehand.
Oh, that's a good question. TBD.
If there was an edit button, it would be time locked to maybe 30 minutes, and show a flag that a post has been edited. Solves the quick mistake stuff, prevents really rampant abuse.
Still always moving
(Score: 2) by looorg on Tuesday November 22, @01:37AM
Right. So the cushion is to large then, or the punishment to small. If you at most lose four points for a post out of 50 point cushion that is hardly a dent and it's as noted quite easy to fix your occasional trolling, bad or misunderstood posting. As noted moderation isn't always equal.
Still there is a big difference in losing 4/50 (2/25 or about 8%) points vs losing 4/10 (2/5 or 40%) or 4/15 (or 27%). One is clearly to small and insignificant to matter. While the others might be to large. Still if submitting a single story is more or less all that it takes to cover it up then one could argue if there really is a punishment or moderation at all. There is, or might be one, for the story people are reading but as a consequence for the poster? Probably not.
I would assume most people with an account are more or less at or around 50 karma as it is these days. The only real way I find out that I have been down-modded somewhere is if the number shrinks below 50, and I might not even notice since someone else could just pull it back up again since the order of moderation matters.
So getting to -10 points if +50 is the max then yes that would take some serious effort. Still even if the max was just +10 then getting to -10 is five complete garbage posts without anyone liking it or you making a single submission of a story either. So while it was unlikely at +50 changing it to just +10 might not really matter or have that big an impact either. Most of the plus +50 then is just really extra padding.
I'm not even sure how you would really solve it. Just closing the gap doesn't even seem to matter in that regard. Sure it's less padding but it's still a lot of wiggle room.
Regarding the edit option. Yes it might solve the quick fat finger mistake but on the other hand I don't really think it matters to much. Not to mention even if there was a window of editing I'm sure I would miss that one to and I wouldn't notice it until it just closed. It's just that you miss it when you don't have it but if you had it then you might not even use it anyway.
(Score: 3, Insightful) by GlennC on Monday November 21, @02:12PM (5 children)
One statement in particular caught my eye.
Is the software underlying the site really so important that it can't be replaced as the site's needs change?
Sorry folks...the world is bigger and more varied than you want it to be. Deal with it.
(Score: 3, Informative) by fliptop on Monday November 21, @03:28PM (3 children)
Not necessarily, but Slash would have to be completely rewritten to use new libraries instead of crusty old CPAN modules. Trying to do it in a modular fashion might be possible but I think it would be much more work than a rewrite.
To be oneself, and unafraid whether right or wrong, is more admirable than the easy cowardice of surrender to conformity
(Score: 2) by bart9h on Monday November 21, @07:20PM
let's rewrite it in Raku instead :)
(Score: 2) by RamiK on Monday November 21, @10:15PM
I've mentioned it in another post (that might have been lost to the last database mishap) but hosting a Lemmy node with a tweaked front end would work and would probably be many times less resource intensive due to a compiled backend (rust + postgresql) and a fairly modern front end with multiple implementation (two official web front ends, two android apps... probably a few more so the protocol is stable enough to have something that looks like soylent run on top of it): https://join-lemmy.org/ [join-lemmy.org] https://join-lemmy.org/instances [join-lemmy.org] https://github.com/LemmyNet/lemmy [github.com] https://github.com/LemmyNet/lemmy-ui [github.com]
Lobsters are running a ruby-on-rails thing that they seem to keep up-to-date which should also very close to soylent: https://lobste.rs/ [lobste.rs] https://github.com/lobsters/lobsters [github.com]
Probably a half dozen more are around...
(Score: 2) by NCommander on Tuesday November 22, @12:08AM
It was largely why the site was founded and successful IMHO. That said, that was 8 years ago.
Still always moving
(Score: 0) by Anonymous Coward on Monday November 21, @10:32PM
Isn't pipedot.org all "modern" code? For those not familiar, it was another site started at the time of buck feta. It ran fine for awhile and then in the spirit of "don't split the vote", the owner blocked new topics once SN seemed to have a good sized user base.
Has a number of nice features that would be nice here--take a look if you haven't been there.
From memory, at least part of pipedot has been heavily spammed, so there aren't any magic bullets in that department.
(Score: 4, Interesting) by Fnord666 on Monday November 21, @05:33PM (1 child)
NCommander - Where can we find alerts for when you will be livestreaming?
(Score: 2) by NCommander on Monday November 21, @11:45PM
Subscribe to my channel, and I'll be posting them here.
Still always moving
(Score: 3, Interesting) by janrinok on Monday November 21, @08:05PM (3 children)
Rather than take away the ability to post as AC on the site, what we actually want is some way of controlling AC posts so that those who participate in good faith can do so, and those that abuse the privilege can be stopped. We don't actually need to know, in fact we do not want to know, who is behind the AC or any other account. We simply want them to have an internal identity.
Everybody has a id_rsa.pub which should be unique enough to identify an anonymous person without compromising any personal information. Could we (and I am spit-balling this as I go) issue account identities based solely on production of the id_rsa.pub? Maybe just a normal username if they wish. We could then tell one user apart from another but without the need for anything that might tell us who or where they are? There would be a limit to what such an account could expect. Without an email contact we could not accept a renewal of an account with a different id_rsa.pub because anybody could be making that request. Our communication to them would be limited to admin-to-user messages. Replies would currently have to be via email but providing they can quote a specific 'query reference' which we would provide then they could use any type of email they wished - even temporary ones.
Everyone could then join in the front page discussions. If they play the game they can have karma and moderation rights. I am not sure how we would manage this yet - but perhaps after issuing a new identity they have a probationary period before they get full privileges. If they do not contribute (which might only require reading the stories) then the account can be withdrawn after a certain period of time. This might be a way forward and would also work for all other accounts, I think.
It would require specific software to be written but would remove the need for passwords. After all, each connection to the server provides the id_rsa.pub anyway.
This is outside my area of expertise - so anyone, please chip in with ideas.
(Score: 2) by janrinok on Monday November 21, @08:33PM (2 children)
fingers working faster than my brain:
DELETE: After all, each connection to the server provides the id_rsa.pub anyway.
(Score: 0) by Anonymous Coward on Monday November 21, @10:40PM (1 child)
Far outside my area too, but I remember something that was discussed once here that might be similar?
Assign ACs a unique identifier -- AC001, AC002, ... -- By Article. So if I'm AC005 in this discussion of "Site Updates and The Road Forward ...", my additional posts in this discussion are also AC005. Would help untangle parents and g-parents, etc under the more hotly discussed articles.
(Score: 2) by janrinok on Monday November 21, @11:46PM
That doesn't make them accountable for their actions.
I have no problem with people being entirely anonymous. But the negative side of this is that they all share one account and thus all ACs get penalised for the bad behaviour of the few. I am suggesting that we devise a method of creating accounts where no personally identifiable information is required at all. One method is perhaps use something that is unique to each user but does not identify them, They do not need to have special names they can just use any nickname they choose as every other user does. The benefit is that we will hold no personally identifiable information on ACs, which they say is the the main reason that they do not want to create accounts. We would no longer need Anonymous Coward because everybody can have an account that cannot be linked to them personally in real life, but it is their persistent identity which does not change with each login.
By having invidual accounts only those that refuse to accept the site rules need by sanctioned rather that all accounts. We do not need nor want to know who people actually are, or where they live etc.
The one piece of information that every computer account can have is an id_rsa.pub which is used for SSH connections. the '.pub' element is designed to be given away freely so we are not asking for something that gives away personal information. However, it is not without its own problems. How do we make that item of data transferrable during the log in process to our site? That is something that I haven't solved and would welcome technical advice from the community.
Perhaps we can use the SSL/TLS data that is part of each HTTPS connection but I do not know whether this is feasible. Perhaps somebody with a better understanding of TLS can advise?
(Score: 2) by inertnet on Monday November 21, @09:20PM (5 children)
First of all, thanks for all the work.
Could this idea work? Would it be possible to give actual anonymous comments (posted by unregistered users) an initial 'purgatory' status and all registered users "purgatory editor" status? Display a message with each article like: "currently there are 3 comments in purgatory for this article". Any registered user can preview these comments and individually release or reject them for inclusion in the comment section. Your "purgatory editor" status will be revoked for a good number of days if you abuse this privilege. In addition a separate page that displays the entire purgatory would be handy for comments that were added to older articles.
(Score: 2) by janrinok on Monday November 21, @10:07PM (3 children)
I am suggesting that they be able to create an account without giving any personally identifiable information. No email address - but rather use a secure key. The accounts need not look any different. The advantage is that AC's will have a unique identity (a hash or key) rather than all sharing one account. They can participate in the whole site but remain completely anonymous. Only those that do not want to play by the agreed rules need be penalised rather than every AC having to be punished for the behaviour of a few.
(Score: 2) by inertnet on Monday November 21, @10:46PM (2 children)
That could work, although I guess you still need a way to weed out hit and run posters.
(Score: 2) by janrinok on Monday November 21, @11:55PM (1 child)
That was why I proposed a probationary period. They could have site access but not be given comment posting rights until a certain time limit had passed. The software to control comment posts already exists in the Perl code and is used for certain short term bans.
What I haven't identified is what piece of information does each computer hold which is unique, does not include any personal information, and can be easily transferred during a login session? There are several possibilities but I do not know how feasible they are.
(Score: 2) by inertnet on Tuesday November 22, @12:23AM
I would not use unique computer information because I've read in the past that some people post from work as well as from home or mobile. When I read your proposal I was imagining a sort of password or phrase for such people to get a unique, but hidden user id.
(Score: 2) by looorg on Monday November 21, @10:53PM
I might be misunderstanding the post but isn't this sort of what moderation already does and/is supposed to do in general? A good anonymous post that gets some ++mods are going to become visible to the masses, or at least not ignored, while the anonymous shitposts are going to be stuck in purgatory, ignored and read by nobody except those that just browse all the posts and have no limits to their reading choices. It's just that as of late we for the most parts don't get any anonymous posts from total AC people (and not just the once that are logged in but click the post anonymously box). This might work for those people. But then so did moderation under ideal conditions.
(Score: 2) by iWantToKeepAnon on Monday November 21, @09:58PM
rehash is open source and could be used by schools, clubs, etc... This would mean no other user of rehash could allow ACs too; right? How about just leaving the setting disabled? Or is the code just too difficult to maintain?
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
(Score: 2) by JoeMerchant on Tuesday November 22, @12:30AM
I just want to congratulate you on continuity of service.
I made the mistake of installing Ubuntu 15.10 on a virtual server back around the end of (you guessed it) 2015, and I'm in the process of adding 1TB storage to it, got it provisioned, partitioned, formatted (I thought), but then when I put it in /etc/fstab and rebooted: BOOM! no more ssh access. Bemusingly enough, all the old webserver/wiki still works, but ssh refuses to respond so now I need to get back access to the VM control panel, which in our corporate IT support world is most likely to happen some time in January (it took since September to get the 1TB provisioned.)
Luckily, our server isn't web-exposed, so I'm going to let the (absolutely not upgradeable at this point) 15.10 base OS stick in there, even with it's funky RSA ssh key incompatibilities, it should server our 6 users for another 7 years to come reliably and securely-enough behind all the firewalls and scanners....
Україна досі не є частиною Росії. https://en.interfax.com.ua/news/general/878601.html Слава Україні 🌻
(Score: 3, Insightful) by ElizabethGreene on Tuesday November 22, @01:29AM (1 child)
I do hope you'll reconsider vis-a-vis anonymous posting. I appreciate the difficulties of dealing with dedicated shitposters, but would argue there are benefits to being able to post anonymously as well. As a real-name account, here are times, infrequently, when I need to not associate a reply with my identity. Specifically, when I feel data needs to be shared, but I fear personal or career consequences for sharing it. I could create a throwaway account, but that would introduce a nontrivial amount of friction into the process.
Thanks for considering my opinion.
(Score: 2) by Joe Desertrat on Tuesday November 22, @02:21AM
I agree with this, and I also might add that the site has just become less interesting with the fewer posts without the anonymous posts. It's a tightrope to walk, there were too many spam posts, but now we have lost a lot of interesting discussions. I don't envy the people running the site the tasks they have taken on, and I certainly appreciate the difficulty and effort involved in what they do.
I think something like the purgatory idea is a place to start, perhaps an anonymous post that gets tagged as spam more than once should have to be voted out of purgatory by a certain number of logged in users, if someone flags things as spam and they always get voted out of purgatory, perhaps that user should be limited with the spam mod ability. Just bouncing some ideas, I assume any and all of this is difficult to implement.