Slash v0.9 Released

I'm excited to announce that after countless hours of hacking and slashing through piles of perl, Slash 0.9 is finally out. It's definitely a long ways from 1.0, but we think you'll be able to download it from the FTP Server or the CVS Server and, assuming you are comfortable installing mod_perl and mysql, get your own Weblog up and running in a reasonable amount of time. The improvements and changes are too many to list here, but it's almost a full rewrite since the last release. And credit where it's due, Patrick Galbraith has really pulled it together... as both thanks and punishment, he is now the coordinator for Slash. We are starting up a mailing list to coordinate devel. Finally we also are happy to note that we have decided to use the GPL as the official license for the project. There are several other notes below.

The one thing that you'll notice missing is some of the Slashboxes. We've decided to only include Slashboxes that use the standard RDF format for backend information. This ought to be plenty of Slashboxes to get anyone started. The reason we decided to do this is that most of the remaining sites use backends that we had to ask for permission to use. You'll have to ask the same permission from the appropriate Webmasters.

This project has consumed countless hours on the parts of CowboyNeal and Patrick, and a to a lesser extent, me. We're all really excited to finally have a release ready to go, and to finally have a CVS server ready to help accelerate and coordinate future development. There's a lot of work left to do in this codebase, so if you're feeling spunky, feel free to send diffs.

Some notable features

• Many tables are cached locally in Apache to reduce SQL calls
• Mass moderation
• Customizable homepage
• Skinable look and feel by the sysadmin
• A plethora of default Slashboxes to get you started
• Highly configurable sections, including Look & Feel, and extension tables for extra fields (like the ISBN code fields we use in the authors table for example)
• Note passing system for authors in submissions
• Much of the site is remotely administratable with complicated but efficient Webforms.

TODO & BUGS

There are lots of both. Smoother installation. Preview bugs. Assorted troll protection bugs. Lots of new ideas to experiment with in the moderation system. A few security problems. Lots of interesting ways to make parts of the site more flexible for other users. Instant Messaging. Assorted advancements for the backend to help make distributed content management easier. Distributed/Load Balanced SQL. Cached Comments to reduce SQL. And much much more.

Re:The first hack I plan

[Yarn]

ok, for incoming posts strip any moderation line, and have:

X-Slashdot-User:
X-Slashdot-Pass:

X-Slashdot-Moderate: [message id] [moderation]

Of course its a kludge. You think it isnt already!?

The first hack I plan

[Yarn]

NNTP comment retrieval, followed by NNTP comment posting...

* Yarn fires up vim
* Yarn remembers exams, and postpones :/

Re:The first hack I plan

[Yarn]

how about a header:
X-Slashdot-Moderation: -1 (troll)

maybe also
X-Slashdot-Parent:
X-Slashdot-Children: ...

Re:The first hack I plan

[matthewg]

I wrote it for 0.3, plan to update for 0.9. Check the code link.

Re:The first hack I plan

[AT]

X-Slashdot-Parent:
X-Slashdot-Children:

These might be nice, but it would much really cool to have newsreaders properly thread the articles. I think most newsreaders do threading on the References header, so of course it should support that.

Re:The first hack I plan

[Foogle]

Like I said: A big fat kludge ;) But hey, it's an idea anyway...

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:The first hack I plan

[Foogle]

You could do it, but it sounds like the whole system would be an awful kludge. Besides, you couldn't moderate while in NNTP mode, and anyone could hack their posts to have

X-Slashdo-Moderation: +4 (insightful)

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:The first hack I plan

[kgarimella]

If I recall correctly, there isn't a sort of moderation system that has evolved here in Slashdot when dealing with Newsgroups. I *think* what happens is that the administrators end up moderating the groups themselves. However, with a site like Slashdot, there's no way the admins would be able to moderate every single post, so in an NNTP setup, would we all be moderators? Or would a different client have to be created? I'm curious as to how exactly the threshold system will function in a newsgroup to keep Spammers/Trollers/Etc. down...

Re:In progress?

[Yarn]

Of course its feasable, I'd not be trying it otherwise :)

I looked at the code page but I want to do it my own way, from scratch.

Re:Python

[Ranger+Rick]

The point of this rambling post, I guess, is merely to state that I am a single counterexample to his Ranger Rick's statement that Python and Perl are mutually exclusive. Of course, that means nothing, since he qualified it with 'usually', so I guess this means nothing at all!

You think your post means nothing? Well, check this out!

:)

Re:The release of the code

[mce]

Exactly.

I sure have written crappy code in the past, when deadline pressure became too big and the boss was breathing down my neck. This works "fine" in a closed environment: if the program works, things are OK (hmmm, actually, most of the time things already are OK if it merely exists, but my professional pride demands that it also works). But tell me to open source that code, and that same professional pride will make me insist on cleaning it up first.

--

Re:Troll Prescience

[phil+reed]

There's a bug (or maybe it's a feature) that allows you to make up your own SID in the URL, thereby creating your own article. I've seen a few referenced on some articles.


...phil

Re:Thanks, guys... This must've been a lot of work

[sjames]

There are so many of those things that you have to change, and they're scattered all over the place.

I haven't looked at the new slash release yet, but I've seen EXACTLY that problem before. The nice thing about perl is that it is easy to make little tweaks here and there and evolve a CGI rather organically. The bad thing is that doing that can make 'portable' code remarkably non-portable.

Of course, none of us ever give in to the temptation of the quick and dirty fix that can lead to this problem [GRYNNE]

Re:Problem with GPL websites

[Fastolfe]

I hear this as an often quoted failing of the GPL, the fact that anyone can take a GPL'ed project private and allow people to use it (sans binary access) without necessarily being required to release the source.

Why is this a bad thing?

This allows GPL'ed, tried and tested code to make its way into proprietary networks and architectures. If we required all modifications to GPL'ed projects to be re-released, regardless of how the project was to be used, that would totally destroy the ability of companies to make proprietary, customized modifications to GPL'ed software for internal use, which is, by far, one of the most appealing things about GPL.

Re:Congrats to all concerned...

[jd]

I'd like to second that. (Well, thirty forth it, given all the other replies. :)

A -VERY- big congratulations to the entire Slashdot team, for a job well-done! The Slashdot code is perhaps one of the premiere news dialogue systems in existance, and it's authors deserve to feel proud of their achievement.

Last, but not least, any comment I've made in the past, wrt the source, I have done my utmost to be constructive from all sides and accepting of any decision made by the Slashdot team. However, ideals and me don't always mix too well, so I'd like to take this opportunity to offer a sincere and unconditional apology for -any- post or e-mail of mine which came across, to any degree, as offensive, whinging or trolling.

I -hope- nothing I have written about the Slash code has come across that way, but it's really not my place to tell others how they should take something.

GPL considerations...

[jelwell]

On the Slash code page you mention "The only restriction is that you must put a Slashdot Logo and a link back to Slashdot on any site that uses our code. Beyond that, have a ball." I don't know if you're aware of this or not, but that is a violation of the GPL. Maybe you meant to alter the license so that users cannot do whatever they want with the code, as long as they release updates - that are distributed - back into the fold.

We gave Corel hell for it's GPL mistakes. Now it's time to see just how stupid even Slashdot can be. Is there something about the GPL that makes it too hard to understand? Is it freedom?
Joseph Elwell.

Re:GPL considerations...

[sethg]

Maybe the code page used to say that, but it doesn't now. I quote:

If you want, you're more than welcome to put a Slashdot Logo and a link back to Slashdot on any site that uses this code.

That's an encouragement, not a demand. The license is straight GPL.
--
"But, Mulder, the new millennium doesn't begin until January 2001."

You weren't waiting for a clean release!

[roystgnr]

Honestly, can you really go from "it's too site-specific and ugly to release" to "here's slash v0.9" in a few days? I don't think so.

No, clearly the slash release was ready last week when we were all whining about it, but CmdrTaco decided it would be fun to see how many Slashdot regulars he could sucker into make asses of themselves in said whining first.

Consider me suckered. Egg on my face.

Thanks for the code, guys.

Re:You weren't waiting for a clean release!

[Pascal+Q.+Porcupine]

Actually, in their defense, I do believe that they could go from one point to another in just a few days, for the following reasons:

1. Search-and-replace: a lot of site-specific things can simply be replaced by global variables, which can be put into some other included configuration file. (It IS PERL, after all.)
2. CowboyNeal has absolutely no life outside of his job (whatever it is) and BSI projects, and lately he's been permaidle on #everything - rare for him - meaning he was definitely pulling some major hours elsewhere.
3. Depending on how the code is structured (I haven't looked at it yet), it may have only seemed to be site-specific but maybe there was some simple way to liberate it. And in any case, it's not like they wrote hand-coded assembler which would only work on one particular release of libc6.1 on Debian 2.2 (Potato) which had been last apt-get updated on 1999/12/23.

Basically, I don't know what to believe, but frankly I don't really care so much, and there's plenty of explanations for any standpoint. Yes, this could just be some "investor relations" crap Andover.net suddenly decided to pull to raise their stock price, or it could be Rob and company suddenly realizing that they have had a decent release for some time, or maybe they really did work their asses off to make it releasable. I'm inclined to believe the latter.
---
"'Is not a quine' is not a quine" is a quine.

Re:Where are the karma points?

[Pascal+Q.+Porcupine]

Karma was never something designed to be boasted about, and although it was fun to have a publically-visible high karma, I got an enormous backlash from little snots who decided that my high karma was a sign that I was simply out to gain karma in any way I possibly can. Read my user info for more information.
---
"'Is not a quine' is not a quine" is a quine.

Hooray!

[otis+wildflower]

Now it's time for those of us (myself included) who have been whinging for months about this to put up or shut up...

Anyone have any feature ideas? (My fave so far: _cancel_ your own messages.. VERY TRICKY to manage those trees, but possible...)

Let the hacking begin!
Your Working Boy,

Re:Hooray!

[otis+wildflower]

Maybe (to make it super simple) allow any registered user to self-down-moderate, with karma penalties... Hmm, maybe after the departmental meeting, time to patch moderateCid.. ;)


Your Working Boy,

Re:Hooray!

[ufdraco]

And this would be a bad thing? Karma is not an end-all and be-all. The whole point of moderation is to get rid of the crap that isn't worth reading and point out the good stuff. So if they got moderated down big time and deleted their post as a result, then all the better--nobody has to read the crap anymore and the poster has learned his lesson. And by the same token, a highly moderated person can retract on finding that their apparent "insight" was completely wrong (as happened to Sig11 once--and there wasn't a moderator willing to moderate it down--I tried, but nobody seemed to understand the "offtopic" as being valid (all they had to do was read the replies...))

At any rate, you could still have the moderation stick, as the karma is located in a separate field that moderation only makes +1/-1 modifications to. If when deleting the comment, you don't undo the moderation that was done on it, the karma stays the same. Ta da! Problem solved!

As to how to handle the reparenting, don't. If it has children, replace the text with <this comment has been retracted> and perhaps wipe the poster's name as well. If there are no children, then delete it straight. Not that hard, as I see it.

I don't have anywhere to put it

[tilly]

Case of a $#!@$#! firewall.

I just wanted to be sure that they saw it. (They did.) According to the response I got it is in a queue and should get tested today or tomorrow.

Cheers,
Ben

Re:And now try to make them happy that they did it

[Syberghost]

I for one appreciate your modifications and enthusiasm in sharing them, and if I had moderator points I'd even give ya one right now, but I gotta say, I think that in general it'd be better to put a diff file out on the web somewhere and post a link; no reason why the whole thing should take up space on Slashdot's hard drives, and no reason why it should use up bandwidth every time somebody views the page.

Re:SlashDistro? SlashoColo!

[doom]

Yeah, just think: six months from now, every
weblog in the Universe will come equipped
with a Katz filter!

In progress?

[Johnboy]

Well, under the code page there's an indication that this is feasible. You did read the links, didn't you?

Thanks and congratulations!

[Linux+Freak]

To CmdrTaco and the rest of the Slashdot crew, thanks for this gift to the Open Source community.

[Now, if your next version is PHP-based, I might end up using it myself ;-) ]

(Score: -1, Flamebait but Insightful)

Quick! Mirror it before the DVD CCA sues them!

[DragonHawk]

Oh, wait, that's DeCSS, not Slash. I got confused.

Ah, the CCA will probably sue them anyway. Little things like actually doing something wrong don't bother them much.

Oracle

[Robert+S+Gormley]

I prefer Oracle's default password for one of its accounts:

"ChangeThisAfterInstall" (or something very similar)...

:-)

Re:SlashDistro? SlashoColo!

[Le+douanier]

As much as I respect their work, the guys at Slashdot have to eat, sleep, and post articles. They can't be coding round the clock.

Why not??? Then we should jail them and give them for only distraction the possibility to write / code, without having the possibility to post stories of course, this would take too much time for them to check the story and they probably would complain of having been jailed and other human rights stupidities.

NOTE to moderators: DON'T TAKE IT SERIOUSLY

Re:Congrats to all concerned...

[Menthos]

Well, I want to say a serious "Thanks!" to Rob and the rest on Andover responsible for this too!

Moderators: Even if this may be redundant, I don't think that Rob & Co. could get enough thanks to compensate for the bitching and harassments they have recieved previously, trust me, I was one of those thinking Bad Things (tm) about Rob and thought "hypocrisy", even if I didn't post those thougts on Slashdot, but merely agreed with every other person bitching.

I feel truly sad for myself and my judgement today, and happy for Rob and all others who have quietly worked behind the scenes to make this happen, even with the flames and bad thoughts from qlueless people like me.
Not only has Rob listened to those who wanted the source up-to-date, he has made it GPL too, made one Andover employee code maintainer, and fulfilled every other wish Slashdotters had. That's nice work.
Again, thanks, and keep the good work going. And my apologies for our behavior.

Re:Can we use 'X-priority' to sort by Score/Priori

[GregWebb]

But is this an issue if we use Slashdot-controlled news servers ratehr than standard servers?

I mean, if we're getting comments from (for example) nntp.slashdot.org couldn't that still create it all on demand?

Greg

Re:Releash Slash!

[Jburkholder]

Good. Now can we finally move on?

I mean really, it's true that it was kind of a contradiction that not releasing the source for the site that openly supports open source, but the hysteria and trolling around it was too much.

So, you've won. Slash is released. Time to move on to some other all-important issue to bitch and whine about at -1 on every thread. What will it be? Where will all the complainers focus their hostility now? LinuxOne? RedHat? George Lucas? Hot grits?

Lots of (negative) energy floating around out there now without a single purpose anymore. What an opportunity to re-direct all of than onto some new life/death cause!

Sheesh.

Re:Congrats to all concerned...

[Vladinator]

Kudo's to the entire tarball team! Thanks guys, we knew you'd get it out, 'When ready'. Rob's comments aside, we're greatful!


Hey Rob, Thanks for that tarball!

Re:A request

[Foogle]

This is almost not a bad idea. I don't know how much strain it would place on the service (which IMHO needs to be improved anyway), but customizable censor-rules would be kind of neat. I mean, it wouldn't be censorship really, just a more potent form of browsing at a higher level. That way you could still read posts at 0, but you wouldn't have to hear all the crap about Natalie Portman and whatever people are pouring down their pants nowadays.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:Releash Slash!

[hattig]

Today will be the day that Microsoft files for Chapter 11 at this rate... after cancelling Win2000 because it doesn't perform to the kind of standard that they want it to. Office 2000 will be released for Linux under the GPL.

Sun will suddenly release Java under the GPL or BSD licensing schemes.

Intel will slash chip prices across the board to just above fabrication costs.

Music will become free for anyone to download and play. Movies likewise.

All governments will merge into one big global mega government and suddenly world peace will occur.

Futurama will get funny.

~~

Re:A request

[quadong]

"I am pouring hot gr1ts down Natolie Port-man's pertifi3d pa|\|ts!"

A lot of good your troll filter did there, huh?

Re:Simple. Use regexps.

[quadong]

Yeah, and when your exhasustive method starts blowing away perfectly legitamate posts because they make reference to the new RIT5 encoding method (or ATA13 drives or something) you'll feel really clever. There is no way you will institute a filter that will catch all trolls and only trolls. Even catching a few trolls and only trolls is a challenge. The best you can do is search for posts that repeat the same long string over and over again. This is the only troll catcher I can think of that isn't likely to start tossing good posts.

Re:SlashDistro? SlashoColo!

[speek]

You *know* it's coming to ISPs. You *know* "personal slashdots" are coming...

Hmmm, with that many "slashdot's" around, wouldn't it be nice if they could all work together somehow? To create a meta-slashdot network? All user-logins are shared, moderation totals are shared. Popular slash sites can become slashboxes at other slash sites. Submissions can finally get moderated themselves, and moderation totals can go higher than 5 allowing for slash-search sites that return the most popular posts of the day, culled from all registered slash-sites...

I could go on....
Open source is great :-)

Re:Portability of Slash

[PotPieMan]

I believe that deusx (the original poster of this thread) was saying that Slash is very specific to the Slashdot site. I haven't looked at this release yet, but Slash 0.3 was arguably very specific to Slashdot. Indeed, there were no configuration files in the 0.3 release that could be easily tailored to your site (and I doubt there are any in this release).

That isn't to say that it is impossible to configure Slashdot (or a Slash-based site), but the time involved is much greater. Add to that the fact that Slash, out of the box, was designed to run under mod_perl with mysql running the backend database management. I would assume that CmdrTaco, CowboyNeal, nate, and countless others edited and compiled much of the afformentioned software to work with Slash better. Slashdot runs as well as it does (I'm not being sarcastic) because the site admins have worked at it for so long. So, part of it is changing the locations of files, generating tables, etc. A lot of it is the actual implementation of the code so that it runs.

Re:Python

[Our+Man+In+Redmond]

Differnt strokes for differnt folks. Personally I've never found Perl to be all that difficult, and it does allow for some things that are tough or maybe impossible to do in Python, like:

for ($i = 1; $i < 10; $i++)
{
$myname = "FD" . $i;
$$myname = "This is variable number $i";
}
print $FD6; # prints "This is variable number 6"

There's probably a way to do this in Python, but I don't know what it is. I also find Perl's quoting and regular expressions to be more comprehensive than Python's. It's probably just because I've used them more in Perl, and let's face it, Perl was built to muck with text files and it does a great job of that.

On the other hand you're right in that Python is a lot easier to read once it's written. Plus, its OO foundation makes writing things like GUIs much easier. OO in Perl always struck me as something of an afterthought, probably because it didn't come in until version 5.

At any rate both languages have quite a bit to recommend them. I'm glad I learned both, although I will admit not every language is suited for not every coder. I for instance have had a terrible time trying to grok C and C++, though I find them easier to deal with since I started using Perl.
--

Can we use 'X-priority' to sort by Score/Priority?

[stefanlasiewski]

News Access for /. is a really good idea (Something I've been thinking about for a while, but don't have the experience or time to do). I'm glad someone else thought of it.

Netscape Newsreader uses 'X-priority' headers to rate the importance of a Message. This Priority is set by the sender when they send out a message via NNTP or Email. The Receiver can click a button on their buttonbar to sort the message by Priority.

'X-Priority' could be used to translate ./ scores to a an Importance Ranking. If we translate the Slashdot Moderation score to the X-priority like this:

X-Priority...........Slashdot Score

Lowest: 5...........-1
Low: 4...........0,1
Normal: ?...........2,3
High: 2...........4
Highest: 1...........5

.. Viola! You enable certain newsreaders to organize the ./ News based on Importance.

Sure, it's lacking in features (For example, it does not distuinguish '3, Insightful' from '3, Funny'), but it works on a basic level.

I don't have Mozilla up and running at work, but I assume it supports some sort of Priority. MSOE 5 doesn't use Priority headers for News (It has 'X-MSMail-Priority: High|Low' for email).

Whaddya think?

-= Stefan

Re:SlashDistro? SlashoColo!

[PurpleBob]

Of course, there would have to be meta-Slashdot moderators, because otherwise someone could set up a slashdot where they do nothing but moderate up their own posts. So that entire slashdot would have to be moderated down.

And if you get enough Karma on various slashdots, you could become a meta-Slashdot moderator, moderating other Slashdots up and down, but then of course there would have to be meta-meta-Slashdot moderators to control them. And if one of these meta-meta-Slashdot moderators says that to moderate a certain Slashdot down because its meta-moderation system is faulty is an unfair moderation, he's meta-meta-meta-moderating (M4). Whee.

The whole problem here is that someone - a metagod (M[infinity]) - would have to run the meta-Slashdot. And what if people don't like the way it's run? Does he have to be moderated by a metagod-moderator (M[infinity + 1])?
--

Re:Releash Slash!

[dennisp]

and we all live unhappy in utopia forever and ever ...

slashv1.3.tgz...

[NoWhere+Man]

This came as a surpirse to me because 6 months back I went looking for a more updated version then pre0.3. I went to filez.com (when it was still up) and found a bunch of sites (like ftp.cdrom.com) that had versions of slash code at 1.3. I even have it lying around on my HD still. Does anyone know if this is Slashdot.org code? Or someone elses similarly named code for another program?
If you want a copy, email me (nicksworld@netscape.net), I'll send it to you as quickly as I can.

Re:SlashDistro? SlashoColo!

[dsplat]

The cost of eyeballs just went up--thanks, guys!

I have two comments on this. First, I have long insisted that any closed source product that is not at least as good than an open source alternative is defective. Second, you are right in your comment. Slashdot has set the standard. And since they are using the GPL, other sites that want to use the code will have to GPL modifications. It is just possible that this will lead to improvements. As much as I respect their work, the guys at Slashdot have to eat, sleep, and post articles. They can't be coding round the clock.

Re:Someone make Bruce a sign to wave!

[technos]

Proposed signe for Bruce Perens to wave

'Look at the Gimp' complete with a logo of the Gimp.
'I love you, Hemos!'
'Does anyone have a tubesock I can borrow?'
'Me, you, and ide.c. Lets get it on!'

Simple. Use regexps.

[Zipo+Bibrok+5e8]

Set up filter expressions like these:
[Gg]*[Rr]*[iI1]*[Tt+]*[Ss5]
[Nn]*[Aa4]*[Tt+]*[Aa40Oo]*[Ll1]*[eE3]
[Pp]*[Oo0]*[Rr]*[Tt+]*[Mm]*[Aa4]*[Nn]
[Pp]*[eE3]*[Tt+]*[Rr]*[iI1]*[Ff]*[iI1]*[eE3]*[Dd]
[Pp]*[Aa4]*[Nn]*[Tt+]*[Ss5]
Score a certain amount for each of them, and toss out posts above a specified score.

But what will theTrolls do?

[Jack+William+Bell]

About time. I was getting really tired of wasting moderator points in moderating down the "Rob is a hypocrite because he won't release Slash." Trolls. I guess those folks will have find something else to bitch about. Or else return to making obtuse comments about grits...

Jack

Re:now hopefully...

[TheCarp]

While I agree about the stupid trolls...I
just have 2 points about DOS and Script Kiddies.

A) (As others have said) If there are holes, they
will be found and fixed. Not a big deal. An
activly exploited hole can only survive for so
long.

B) Slashdot becomes saturated and stops responding
for at least an hour a day or so anyway.
The place is so popular that reading it
amounts to a DoS attack. What more could a
malicous attacker do? how much MORE slow could
you make it (try accessing it around 1 pm (EST))

Where are the karma points?

[jw3]

So. Is it the new version of /.? I remember, some time ago it was possible to look at someone else's karma. I mean - what's the reason of karma points if I can't boast about it? HELLO! I want all the world know that I have, um... oh, forget it.

Seriously, though, it happened to me several times lately that I get posts with high scores displayed underneath a couple of "Score 2" posts. Yes, I reloaded the page, stating explicitely that I want "Highest scores first". No, it wasn't a "4" response to a "2" article.

Least but not least, I want to express my outmost joy about having the possibility to read /. and seeing it developed. I think /. i a precursor of future shape of Usenet-like forums: self-moderated discussions with a configurable look&feel.

Regards,

January

Re:Perl eh? Sure - Cold Fusion

[tdenkinger]

If you don't, wouldn't Cold Fusion be the easiest embedded HTML language to use? Consider that Allaire is close to release CF for Linux.

I used Cold Fusion for years on the unmentionable operating system and it is easy to pick up and use. Unfortunately, it lacks the ability to easily encapsulate and abstract and encourages the use of global data; complex applications can quickly become festering pits of misery.

The perceived simplicity of the "language" also encourages people with poor programming skills to use it for everything. I once met a guy who wrote 2000 lines of Cold Fusion to parse text files. I was horrified. One of the other developers rewrote the code in about 100 lines of Perl.

Honestly, I never want to go back to writing Cold Fusion. While it is similar to Perl in that you can write quick and dirty web apps with it, Perl has the ability to let you go beyond the quick and dirty.

Troy Denkinger

Re:Mirror

[Lucabrasi]

Another mirror here: http://www.y2brand.com/slash/

Re:Perl eh? Sure

[jjohn]

There are lots of ways to use Perl effectively to build and maintain sites. I used modules and mop_perl for my Aliens, Aliens, Aliens site. Most of the functionality comes from a single module which is used by various scripts which access particular tables.

However, if I had to build it again, I would have gone with HTML::Mason, which is a very powerful embedded perl system, like PHP, Cold Fusion, ASP, Zope, etc. It is open source and very nice if you already know Perl. If you don't, wouldn't Cold Fusion be the easiest embedded HTML language to use? Consider that Allaire is close to release CF for Linux. 8-)

In the end, any system which helps you the programmer separate form from functionality is the tool to use. The days of hard coding perl scripts to generate HTML are over, I hope.

Re:now hopefully...

[Psiren]

just hope there arent any holes for script kiddies to find and DoS

A very good point. The trolls and first posters are annoying enough, but bringing the site down every five minutes would be very easy if there are holes in the code. Is this something that was considered before the code was released? I know security through obscurity is not generally thought of as security at all, but this would only make it easier for the arseholes of this world to wreak havoc.

Like it or not, Slashdot is now a relatively well recognised place, and in general our opinions make themselves felt. What would happen if it was brought down?

"Sir, I'd stake my reputation on it."
"Kryten, you haven't got a reputation."

And now try to make them happy that they did it!

[tilly]

Here is the letter that I sent to do my part...


What does this do?

1. I fixed the bug which meant that if you typed &nbsp;, previewed, then posted your post did not match your preview. (I needed to add a new stripByMode mode for this.)

2. I fixed the bug that made exttrans the same as plaintext.

3. I added a nice feature that allows people to indent lines just by indenting their submitted text. (eg If people try to paste Python code, it will now display.)

4. I made a minor modification to make the displayed comments a little easier for humans to read.

5. I modified your "Reduce the count of multiple lines" to not just reduce them by 2/3, but to actually keep them to a max of 2. I made them substantially harder to fool.

All in all little stuff that had been bugging me for a looong time...

My stupid email may cause these diffs to wrap. Make the obvious fix by hand if it does...

First the diff to public_html/comments.pl

$ diff -u comments.pl.00.01.26 comments.pl
--- comments.pl.00.01.26 Fri Jan 21 10:42:01 2000
+++ comments.pl Wed Jan 26 14:34:10 2000
@@ -219,7 +219,7 @@

"</td></tr>\n";

print "<tr><td align=right valign=top>Comment</td>";

print "<td><textarea wrap=virtual name=postercomment rows=10 cols=50>";
- print $$F{postercomment};
+ print &stripByMode($$F{postercomment}, "literal");

print "</textarea><BR>(Use the Preview Button! Check those URLs!

Don't forget the http://!)</td></tr>\n";

print "<tr><td> </TD><TD>\n";

Now to Slash.pm

$ diff -u Slash.pm.00.01.26 Slash.pm
--- Slash.pm.00.01.26 Wed Jan 26 13:18:55 2000
+++ Slash.pm Wed Jan 26 14:54:28 2000
@@ -1175,14 +1175,20 @@

my $str = shift;

my $fmode = shift || "nohtml";


- $str=stripBadHtml($str);
- if($fmode eq "plaintext" || $fmode eq "exttrans") {
- $str=~s/[\n]/<br>/gi; # pp breaks
- $str=~s/\<br\>\<br\><br\>/<br><br>/gi;
- } elsif($fmode eq "exttrans") {
+ $str =~ s/(\S{90})/$1 /g; # Stupid fix for long lines
+ if ($fmode eq "exttrans" or $fmode eq "literal") {
+ # Encode all HTML tags

$str=~s/\&/&amp;/g;

$str=~s/\</&lt;/g;

$str=~s/\>/&gt;/g;
+ }
+ if($fmode eq "plaintext" or $fmode eq "exttrans") {
+ $str=stripBadHtml($str);
+ $str=~s/[\n]/<br>\n/gi; # pp breaks
+ $str=~s/(?:\<br\>\s*){2,}\<br\>/<br><br>/gi;
+ # Preserve leading indents
+ $str =~ s/\t/ /g;
+ $str =~ s/\<br\>\n?( +)/"<br>\n" . ("&nbsp; " x length($1))/eg;

} elsif($fmode eq "nohtml") {

$str=~s/\<(.*?)\>//g;

}
@@ -1195,7 +1201,6 @@

{

my $str = shift;


- $str =~ s/(\S{90})/$1 /g;

$str =~ s/<(?!.*?>)//gs;

$str =~ s/<(.*?)>/approveTag($1)/sge;

Cheers,
Ben

Releasing both produces and counters this issue.

[Christopher+Thomas]

A very good point. The trolls and first posters are annoying enough, but bringing the site down every five minutes would be very easy if there are holes in the code. Is this something that was considered before the code was released? I know security through obscurity is not generally thought of as security at all, but this would only make it easier for the arseholes of this world to wreak havoc.

Releasing the code does indeed make any security holes visible for outside attackers to take advantage of. However, the flip side to that is that it makes any security holes visible to honest people who will either point them out to the dev team or send patches themselves. Because of this, most vulnerabilities should be transient at worst.

Re. security through obscurity. That will certainly work in the short term, with much less effort on the part of the dev team. The problem is that security holes will eventually become known, which means that the code will have to either be fixed or thrown out after a finite and probably shorter-than-expected time period. The argument for this is that it may still be less work to re-write the code every n months than to find and patch security holes as they are exploited. The argument against this is that with visible code, you have a vast army of users augmenting your dev team's efforts.

Which is better? I can think of cases in which each would be clearly the best option. In most cases, though, you just wind up with a Holy War on the subject.

Another Shameless Plug

[thedude]

Well, considering how people were mentioning wanting a php-based slashdot earlier I guess I should plug phpslash Seeing as I work on it and all:)

It's not slash0.9, (based on slash0.2 with improvments) but it's in php and in resonable development with plans to add all the current slashdot goodies.

Re:Problem with GPL websites

[Zaffle]

The problem with releasing a website's code under the GPL is that it's entirely possible for someone to use the code without distributing it -- what's distributed is the content generated by the code, not the code itself (or binaries thereof). This is the same problem with GPLing optimizing compilers, and it hasn't prevented anyone from releasing plenty of compilers, but it is an application where the GPL might not be ideal.

True, but look at it from slashdots point of view. I doubt they will intergrate many features created by the public into their codebase. I've talked to Malda a number of times about new ideas and most of the time hes said that he isn't interested in putting xyz into slashdot.

The only thing they will loose if someone takes slashdot, and uses it on their own site, but doesn't distribute it, is any changes this person made, and any bug fixes.

Esentially here, slashdot (unless they've had a change of heart), don't want the community developing it for slashdot. (Yes, they don't mind the community developing the slashcode for themselves, but its unlikely they will incorperate many ideas into slashdot).

There are some really neat features that I'm sure the slashdot crew will incorperate, but I suspect they don't care that much if someone comes up with a new slashdot mod but doesn't distribute the modification.

If I were CmdrTaco, and last time I checked I'm not, I'd release it under the GPL, then fork the code. Have the pure slashdot code that I maintain, and let someone else maintain the public slashcode, that gets all the neat features added in. And if i saw a feature I liked, get a patch and add it to my slashdot.

---

Jolly good show...

[dillon_rinker]

I must say, I was beginning to think that the corporatization/borgification of /. had begun. Given the lack of progress up to this point, I figured that Andover would copyright the code, patent the moderation system (and I think it IS patentable) and would begin licensing the software to other discussion sites. Glad to see I was wrong :)

And there's also the Zope competition coming

[ppetru]

You should not forget about Squishdot (runs on top of Zope). While it still has a long way to go, it's quite usable. It runs on technocrat.net, if you want an example.

Re:Python

[hcsiii]

Let's face it, Perl and Python are (usually) mutually exclusive. :)

I have used Perl, Python, and PHP3 (no PHP4/Zend yet) extensively. I continue to use both. I use Python on several projects where I have to work with other individuals on the code.

So far, they seem to find it easier to understand my meaning in Python.

(I'm the sort of fellow who uses multiple pointer indirection in C/C++ w/o really thinking about it much... not good for most of the people I work with ;-P)

When I have a quick script to write, I choose Python or Perl based on what is most readily to hand, as they seem nearly equal for this purpose. I do prefer Perl's documentation style. I like man-pages (though I seem to be very much alone in that), and find the regexp search features in less considerably easier that going to X for dvi, or lynx for html help for python. (html help is nice, but I can only search the current page, or use the limited search capacity provided by the website)

I've mostly used PHP3 when working with projects based in PHP3. IMP, TWIG, and PHPMYADMIN are all fun to work with. I implemented several complex MySQL based database interfaces with PHP3, rather than Zope, because it was easier to make the web-pages completely dynamic, using a single page to render subsets of columns from single tables, and multiple joins, with easy query's on whatever columns happened to be present.

When not constrained by other factors, I prefer to use Zope and DTML for my web-design, with Python as a backup to accomplish that which is beyond DTML.

The only thing which strongly pushes me from one ot the other, is if it seems to me that the project would be best implemented in an object fashion, because I don't like how Perl works with objects.

[ I do have to admit, I may not be the best example of a Perl vs. Python programmer, as I am also something of a language junkie. I have yet to use Postscript output extensively in a program, but I learned enough Postscript to write several PS programs to generate iterative and algorithmic images from our HP LJs. ]

The point of this rambling post, I guess, is merely to state that I am a single counterexample to his Ranger Rick's statement that Python and Perl are mutually exclusive. Of course, that means nothing, since he qualified it with 'usually', so I guess this means nothing at all!

Oh well.

Problem with GPL websites

[/]

The problem with releasing a website's code under the GPL is that it's entirely possible for someone to use the code without distributing it -- what's distributed is the content generated by the code, not the code itself (or binaries thereof). This is the same problem with GPLing optimizing compilers, and it hasn't prevented anyone from releasing plenty of compilers, but it is an application where the GPL might not be ideal.

Congratulations all the same.

Re: PHP

[Phrogman]

I would be very upset and very happy if they released a PHP-version of /. - I am currently in the process of programming my own site (modelled in part on /.) using PHP. If the current release were executed in PHP I would have release from my programming woes (setting up and managing the messaging system) and new woes - incorporating in those elements that I have already created.

Honestly, I was stunned by the cleverness of the Slashdot design the first time I saw it. I have learned more about PHP through trying to recreate those elements I like myself than I ever would have learned by simply configuring it to work. By programming it myself, using PHP, I have not only become very comfortable in PHP but I am building a far better site as a result. Originally my site was a directory of websites with an attached message board (which saw too little use) - now it will become a more tightly integrated combination of both. The directory portion - with attendant management tools on the Admin side - is complete, the remaining elements focus on the most difficult section - the messaging and topic creation system.

Once I have a fully functional website with the minimum of required elements in place then I can begin to study how the moderation system, and other elements of Slashdot work.

It would probably be far quicker for me to simply download 0.9 and configure it for my purposes (and it may come to that) but I am so far very happy with the performance and ease of learning/use of PHP.

For anyone not already versed in perl (and even then) I would urge them to explore PHP if they are engaging in dynamic website design.

Sorry I can't place a link to my site but its not ready for viewing yet - it looks pretty and some portions work but there are major holes in it. I think I will be ready to unveil it as beta inside of a month or so with luck.

The Slashdot Source Release Procedure (C)2000 Rob

func ReadEmail () {

while (email >> RobsMind) {

if (Mail.Contains (("slash" || "slashdot") && "source")) { TimeToReleaseSource += 24; MoveMailTo ("trash");
Insult.Flame ("community that made Slashdot what it is");
}

else {

MoveMailTo ("trash");
JackOff ("two goddamn hours");
}

}

SmokeMoreCrack (hellyeah);
KissAssAtAndover (hellyeah);
return NothingToCommunity;
}

SlashDistro? SlashoColo!

[Effugas]

In what's sure to make Ye Olde Taco throw down his hands with grief(lets not even talk about Neal and Pat, whose entire faces are only moments away from contorting into paryoxysms of fear, rage, and inevitability)...

Next up is the SlashDistro.

Maybe it'll be Mandrake, maybe it'll be Redhat, maybe it'll be the next jaw dropping creation from a couple of sixteen year olds, but we're going to see something you slap onto a spare server that gives you your own personal Slashdot, preinstalled.

You *know* it's coming to ISPs. You *know* "personal slashdots" are coming, at minimum, to dedicated Colos, and soon, everything from Geocities to whatever.

There have been other works of Weblog sites and software, but nothing as feature complete as Slash. The cost of eyeballs just went up--thanks, guys!

Homestead's already done some stuff with integrating Palmpilots and personal web pages. The most interesting stuff I see is a total integration of the wireless experience with a the online log.

The diary strikes back.

Then again, there's nothing sadder than an empty comment field...look for the first major mod to the Slash code is topic-level threading instead of story level.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Slashcode Mailing Lists Up

[pudge]

Go ye therefore to http://lists.slashdot.org/mailman/li stinfo.cgi and subscribe to yonder slashcode mailing lists.

Re:Someone make Bruce a sign to wave!

[Bruce+Perens]

OK, Rob, I'll be there. Can you pick me up at Laguardia Airport, U.S. Airways Express terminal, 11:20? And I'll make my own sign.

Thanks

Bruce

How close is it though?

[Zaffle]

How close, other than the mentioned slashboxes, is this to the real thing(tm).

I suppose you could sum it up two ways:

Is it bug for bug the same?

If we come up with a new amazing idea that is so amazing CmdrTaco instantly wants to put it in, will our patch to the Slash v0.9 go straight onto the real site, or is Slash v0.9 a total rewrite from the current running slashdot on slashdot.org?

---

OT? Improvement suggestion

[Taurine]

In meta-moderation, the message at the top of the page states that duplicates are fine. I say _some_ duplicates are fine. I understand that one is moderating a moderation, not the displayed comment. But as the moderation is a discrete value, it really should be the case that if several people moderate a comment as, for example, Interesting, then only one instance of Interesting should appear on a meta moderation page, and a meta moderation of Fair or Unfair should be applied to all the moderations with the same value. This would further increase the amount of meta moderation done without adding any user effort. Maybe I am just unlucky, but I see this kind of duplicate almost every day.

Releash Slash!

[Frac]

Release Slash! oops, done.

well um, save etoy.com! oops, done too.

then find the mars polar lander! oh, we have signals too! damn, everything is getting resolved today. Guess there won't be news on slashdot tomorrow. ;-P

Perl eh?

[KillBot]

Is this the appropriate time to drop a shameless plug for your weblog? :) I remeber reading some time ago that perl was chosen because of its efficiency with all the string manipulation and stuff while being easy to develop at the same time. I've found that php has worked wonderfully for my purposes (although I get nowhere near even a fraction of the traffic that /. gets) and that it's much more easy to develop in. There seems to be a function for everything in web development, and it has a mostly perl compatible regexp function (and a few of its own). I've tried php4 (for speed tests), but it broke a few of the regexp functions that we had in place. So, to get to the point, what do the people feel is the best language for writing such a weblog in terms of efficiency and development time?

And here's my shameless plug - Digital Theatre News

Re:Perl eh?

[Hemos]

When Slash was written, the main core of it rather, PHP wasn't where it is now. Perhaps if PHP had been better developed at that point, we would have used it - but it wasn't, so....

Re:now hopefully...

just hope there arent any holes for script kiddies to find and DoS /. now that the new code is out

I'm sorry, sir? Is sir perhaps suggesting that opening up source code helps attackers to exploit security holes? Has sir not read the words of Bruce Schneier ? Is sir not aware that keeping source secret is the way to make it easier for script kiddies to discover security holes? Despite what sir thinks, sir will find that skript kiddies prefer to scrutinise binaries for security holes, spurning such vulgarities as source code. As Mr Schneier has pointed out again and again, the only way to be truly safe from DoS attacks is to be repeatedly DoS'd again and again until everyone loses interest ^H^H^H^H^H^H the community helps patch the holes.

This move is a punch in the nose for the "security through obscurity" movement and a shining vote of confidence in the "open source security model". Inspired, I have carried out the following moves to purge my life of "security through obscurity".

I hereby announce that my home phone number is +34 0191 429 7342. I hope that this will protect me from telemarketers.

My userid is "admin", and my password is "goyoujets", thus securing my website.

My financial details will shortly be published on the web, so that the "community" can help to protect me from tax audits. I am currently evading around £20,000 of VAT per year, and would appreciate help in fixing this bug before HM Customs and Excise throw me in jail.

And my medical records will be made public as soon as I can persuade my doctor to co-operate. This will cure me of all known diseases.

Follow my example! Open-source your life today! Bruce Schneier has!

Re:Someone make Bruce a sign to wave!

[Roblimo]

I'll have my (white) limo at LWCE, we'll have a sign for Bruce to wave as he stands in the sunroof, AND Emmett will be there with a brand-new Sony digital Hi-8 camcorder to make a permanent record of Bruce making a spectacle of himself, which we will post online for your downloading and viewing pleasure.

(All this is "weather permitting," of course.)

;-)

- Robin "roblimo" Miller

Mirror

[maelstrom]

I've put a mirror up at http://shiftq.linux.com/~mmichie.

Enjoy. After all, I'd hate to see Slashdot get Slashdotted (I need to feed my addiction dammit)! :)

Re: Corrections to CVS instructions (read this)

[Kurt+Gray]

I'm going to abuse my karma /and/ attach this to a highly-rated early comment so hopefully enough people will see this. Here are better CVS instructions then what we have posted at Server 51 (which I'm working on):

1. cd into a directory you want to download the slash source files to.
2. cvs -d :pserver:anonymous@cvs.server51.freshmeat.net:/cvs root/Slash login (anonymous password is blank -- just type return)
3. cvs -d :pserver:anonymous@cvs.server51.freshmeat.net:/cvs root/Slash co slash
4. cvs -d :pserver:anonymous@cvs.server51.freshmeat.net:/cvs root/Slash logout

Kurt
Server51.freshmeat.net

Someone make Bruce a sign to wave!

[Driph]

[(quoted from Bruce Perens IRC Interview)
"Q: If we release the Slash code, will you paint your car yellow? (Submitted by roblimo1)

A: If slashdot releases the slash code as Open Source, Roblimo can drive his limo to LinuxExpo New York, on Feb 2nd, park it in front of the Javitz Conference Center, and I'll pop out of the sun roof and wave signs at people saying that "Slashdot code is now open source", and in general make a spectacle of myself. ]


Well now. I believe we can all forget the bantering concerning politics and reasoning behind this release. The above statement is validation enough in itself.

See ya all at the Expo! :]


________________________________________________ _____________

Thanks, guys... This must've been a lot of work!

[deusx]

First, thanks to the guys at SlashDot for the release, and for making the damn thing in the first place.

Second, either thanks or a big ole kick in the nuts to all the trolls and me too'ers who jumped on hounding CmdrTaco to release the source-- I haven't decided which yet. You guys were ruthless, and though I think you all are patting yourselves on the back on "making this happen," I somehow think that this was in the works for a bit longer than the latest round of fervor.

How many of you asking-- demanding!-- for the source to be released, have an Open Source software project of your own out there? (I do. It's the Iaijutsu Web Application Framework Project, also on SourceForge.)

Now I'm not asking this to say "Ah hah! Go make a release of your own before you throw stones!" However, it would be nice if you knew what it were like. I suspect there weren't a large proportion of people in the outcry who actually to have active Open Source projects out there. I tend ot think that those people who DO have projects going out there were going easy on the guys at SlashDot.

Why? Because making a release is HARD WORK, *especially* if your web application project has come to be tightly wedded to the machine it's running on and is not particulrly general to install on others. It's *especially* tough when you have a day job that takes up a lot of your time, such as oh say, running a major Internet destination for news and information. Most times its easier to just put it off awhile..

BUT!! You say. ESR told me to release early, release often! And I believe this-- but look at what happened to Mozilla. It's working now, but it took awhile-- they released *too early*. I truly think there *is* such a thing, release too early, without a clean enough package, without enough documentation, and people will bitch just as much to you about your crappy tarball as they have been about you not releasing earlier.

This isn't *POOF* "Sorry guys, I've been a prick, I guess I'll release all the top secret RPMS, Debian packages, tarballs, and 100 pages of docs and man pages I've been sitting on." There *is* a bit of work to be done to 1) Even get SlashDot code pried out of the machine it's running on, and 2) Package it up so that you can wedge it into your machine, and 3) Make it look vaguely like something someone other than CmdrTaco can understand.

Now I know a lot of you are going to say, screw you, I would have loved to have just the pure pile of steaming dung of random code SlashDot may be RIGHT THIS SECOND. (Apologies to SlashDot, but I've gotten the impression that tho it works well, it might not be pretty. :) ) But you know, that's really the author's perogative. Sometimes, you have a lil pride in what you want to show people.

I also know that, even tho you hopeful conumers of raw unpretty code may say you exist out there-- I know that there'll be just as many who download it and e-mail CmdrTaco "i cant get this Slish thing to do c00l stuph on my 31337 LinuxOne machine". So there's a support issue involved, even if you say you're not going to support it. So you have to have *some* answer to it, even it it's just taking a bit more time in the packaging, docs, and commenting to stave off some confusion.

So, have fun with it, and *please* try to go easy on the author of the release now that it's out... He's been called every name in the book, whil probably working his ass off. The last thing he needs now is a billion questions and everyone to say, "You know, this wasn't that cool after all, Slashdot code sucks!"

:)