Slashdot Mirror
Slash v0.9 Released
The one thing that you'll notice missing is some of the Slashboxes. We've decided to only include Slashboxes that use the standard RDF format for backend information. This ought to be plenty of Slashboxes to get anyone started. The reason we decided to do this is that most of the remaining sites use backends that we had to ask for permission to use. You'll have to ask the same permission from the appropriate Webmasters.
This project has consumed countless hours on the parts of CowboyNeal and Patrick, and a to a lesser extent, me. We're all really excited to finally have a release ready to go, and to finally have a CVS server ready to help accelerate and coordinate future development. There's a lot of work left to do in this codebase, so if you're feeling spunky, feel free to send diffs.
Some notable features
- Many tables are cached locally in Apache to reduce SQL calls
- Mass moderation
- Customizable homepage
- Skinable look and feel by the sysadmin
- A plethora of default Slashboxes to get you started
- Highly configurable sections, including Look & Feel, and extension tables for extra fields (like the ISBN code fields we use in the authors table for example)
- Note passing system for authors in submissions
- Much of the site is remotely administratable with complicated but efficient Webforms.
TODO & BUGS
There are lots of both. Smoother installation. Preview bugs. Assorted troll protection bugs. Lots of new ideas to experiment with in the moderation system. A few security problems. Lots of interesting ways to make parts of the site more flexible for other users. Instant Messaging. Assorted advancements for the backend to help make distributed content management easier. Distributed/Load Balanced SQL. Cached Comments to reduce SQL. And much much more.
There are lots of ways to use Perl effectively to build and maintain sites. I used modules and mop_perl for my Aliens, Aliens, Aliens site. Most of the functionality comes from a single module which is used by various scripts which access particular tables.
However, if I had to build it again, I would have gone with HTML::Mason, which is a very powerful embedded perl system, like PHP, Cold Fusion, ASP, Zope, etc. It is open source and very nice if you already know Perl. If you don't, wouldn't Cold Fusion be the easiest embedded HTML language to use? Consider that Allaire is close to release CF for Linux. 8-)
In the end, any system which helps you the programmer separate form from functionality is the tool to use. The days of hard coding perl scripts to generate HTML are over, I hope.
- Search-and-replace: a lot of site-specific things can simply be replaced by global variables, which can be put into some other included configuration file. (It IS PERL, after all.)
- CowboyNeal has absolutely no life outside of his job (whatever it is) and BSI projects, and lately he's been permaidle on #everything - rare for him - meaning he was definitely pulling some major hours elsewhere.
- Depending on how the code is structured (I haven't looked at it yet), it may have only seemed to be site-specific but maybe there was some simple way to liberate it. And in any case, it's not like they wrote hand-coded assembler which would only work on one particular release of libc6.1 on Debian 2.2 (Potato) which had been last apt-get updated on 1999/12/23.
Basically, I don't know what to believe, but frankly I don't really care so much, and there's plenty of explanations for any standpoint. Yes, this could just be some "investor relations" crap Andover.net suddenly decided to pull to raise their stock price, or it could be Rob and company suddenly realizing that they have had a decent release for some time, or maybe they really did work their asses off to make it releasable. I'm inclined to believe the latter.---
"'Is not a quine' is not a quine" is a quine.
"'Is not a quine' is not a quine" is a quine.
Quine "quine?
just hope there arent any holes for script kiddies to find and DoS
A very good point. The trolls and first posters are annoying enough, but bringing the site down every five minutes would be very easy if there are holes in the code. Is this something that was considered before the code was released? I know security through obscurity is not generally thought of as security at all, but this would only make it easier for the arseholes of this world to wreak havoc.
Like it or not, Slashdot is now a relatively well recognised place, and in general our opinions make themselves felt. What would happen if it was brought down?
"Sir, I'd stake my reputation on it."
"Kryten, you haven't got a reputation."
Here is the letter that I sent to do my part...
/g; # Stupid fix for long lines
/g;
/g;
What does this do?
1. I fixed the bug which meant that if you typed , previewed, then posted your post did not match your preview. (I needed to add a new stripByMode mode for this.)
2. I fixed the bug that made exttrans the same as plaintext.
3. I added a nice feature that allows people to indent lines just by indenting their submitted text. (eg If people try to paste Python code, it will now display.)
4. I made a minor modification to make the displayed comments a little easier for humans to read.
5. I modified your "Reduce the count of multiple lines" to not just reduce them by 2/3, but to actually keep them to a max of 2. I made them substantially harder to fool.
All in all little stuff that had been bugging me for a looong time...
My stupid email may cause these diffs to wrap. Make the obvious fix by hand if it does...
First the diff to public_html/comments.pl
$ diff -u comments.pl.00.01.26 comments.pl
--- comments.pl.00.01.26 Fri Jan 21 10:42:01 2000
+++ comments.pl Wed Jan 26 14:34:10 2000
@@ -219,7 +219,7 @@
"</td></tr>\n";
print "<tr><td align=right valign=top>Comment</td>";
print "<td><textarea wrap=virtual name=postercomment rows=10 cols=50>";
- print $$F{postercomment};
+ print &stripByMode($$F{postercomment}, "literal");
print "</textarea><BR>(Use the Preview Button! Check those URLs!
Don't forget the http://!)</td></tr>\n";
print "<tr><td> </TD><TD>\n";
Now to Slash.pm
$ diff -u Slash.pm.00.01.26 Slash.pm
--- Slash.pm.00.01.26 Wed Jan 26 13:18:55 2000
+++ Slash.pm Wed Jan 26 14:54:28 2000
@@ -1175,14 +1175,20 @@
my $str = shift;
my $fmode = shift || "nohtml";
- $str=stripBadHtml($str);
- if($fmode eq "plaintext" || $fmode eq "exttrans") {
- $str=~s/[\n]/<br>/gi; # pp breaks
- $str=~s/\<br\>\<br\><br\>/<br><br>/gi;
- } elsif($fmode eq "exttrans") {
+ $str =~ s/(\S{90})/$1
+ if ($fmode eq "exttrans" or $fmode eq "literal") {
+ # Encode all HTML tags
$str=~s/\&/&/g;
$str=~s/\</</g;
$str=~s/\>/>/g;
+ }
+ if($fmode eq "plaintext" or $fmode eq "exttrans") {
+ $str=stripBadHtml($str);
+ $str=~s/[\n]/<br>\n/gi; # pp breaks
+ $str=~s/(?:\<br\>\s*){2,}\<br\>/<br><br>/gi;
+ # Preserve leading indents
+ $str =~ s/\t/
+ $str =~ s/\<br\>\n?( +)/"<br>\n" . (" " x length($1))/eg;
} elsif($fmode eq "nohtml") {
$str=~s/\<(.*?)\>//g;
}
@@ -1195,7 +1201,6 @@
{
my $str = shift;
- $str =~ s/(\S{90})/$1
$str =~ s/<(?!.*?>)//gs;
$str =~ s/<(.*?)>/approveTag($1)/sge;
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
A very good point. The trolls and first posters are annoying enough, but bringing the site down every five minutes would be very easy if there are holes in the code. Is this something that was considered before the code was released? I know security through obscurity is not generally thought of as security at all, but this would only make it easier for the arseholes of this world to wreak havoc.
Releasing the code does indeed make any security holes visible for outside attackers to take advantage of. However, the flip side to that is that it makes any security holes visible to honest people who will either point them out to the dev team or send patches themselves. Because of this, most vulnerabilities should be transient at worst.
Re. security through obscurity. That will certainly work in the short term, with much less effort on the part of the dev team. The problem is that security holes will eventually become known, which means that the code will have to either be fixed or thrown out after a finite and probably shorter-than-expected time period. The argument for this is that it may still be less work to re-write the code every n months than to find and patch security holes as they are exploited. The argument against this is that with visible code, you have a vast army of users augmenting your dev team's efforts.
Which is better? I can think of cases in which each would be clearly the best option. In most cases, though, you just wind up with a Holy War on the subject.
Well, considering how people were mentioning wanting a php-based slashdot earlier I guess I should plug phpslash Seeing as I work on it and all:)
It's not slash0.9, (based on slash0.2 with improvments) but it's in php and in resonable development with plans to add all the current slashdot goodies.
True, but look at it from slashdots point of view. I doubt they will intergrate many features created by the public into their codebase. I've talked to Malda a number of times about new ideas and most of the time hes said that he isn't interested in putting xyz into slashdot.
The only thing they will loose if someone takes slashdot, and uses it on their own site, but doesn't distribute it, is any changes this person made, and any bug fixes.
Esentially here, slashdot (unless they've had a change of heart), don't want the community developing it for slashdot. (Yes, they don't mind the community developing the slashcode for themselves, but its unlikely they will incorperate many ideas into slashdot).
There are some really neat features that I'm sure the slashdot crew will incorperate, but I suspect they don't care that much if someone comes up with a new slashdot mod but doesn't distribute the modification.
If I were CmdrTaco, and last time I checked I'm not, I'd release it under the GPL, then fork the code. Have the pure slashdot code that I maintain, and let someone else maintain the public slashcode, that gets all the neat features added in. And if i saw a feature I liked, get a patch and add it to my slashdot.
---
I use to have a funny sig, but slash cut it off, and I forgot what the punchline was.
I must say, I was beginning to think that the corporatization/borgification of /. had begun. Given the lack of progress up to this point, I figured that Andover would copyright the code, patent the moderation system (and I think it IS patentable) and would begin licensing the software to other discussion sites. Glad to see I was wrong :)
You should not forget about Squishdot (runs on top of Zope). While it still has a long way to go, it's quite usable. It runs on technocrat.net, if you want an example.
Petru
Let's face it, Perl and Python are (usually) mutually exclusive. :)
;-P)
I have used Perl, Python, and PHP3 (no PHP4/Zend yet) extensively. I continue to use both. I use Python on several projects where I have to work with other individuals on the code.
So far, they seem to find it easier to understand my meaning in Python.
(I'm the sort of fellow who uses multiple pointer indirection in C/C++ w/o really thinking about it much... not good for most of the people I work with
When I have a quick script to write, I choose Python or Perl based on what is most readily to hand, as they seem nearly equal for this purpose. I do prefer Perl's documentation style. I like man-pages (though I seem to be very much alone in that), and find the regexp search features in less considerably easier that going to X for dvi, or lynx for html help for python. (html help is nice, but I can only search the current page, or use the limited search capacity provided by the website)
I've mostly used PHP3 when working with projects based in PHP3. IMP, TWIG, and PHPMYADMIN are all fun to work with. I implemented several complex MySQL based database interfaces with PHP3, rather than Zope, because it was easier to make the web-pages completely dynamic, using a single page to render subsets of columns from single tables, and multiple joins, with easy query's on whatever columns happened to be present.
When not constrained by other factors, I prefer to use Zope and DTML for my web-design, with Python as a backup to accomplish that which is beyond DTML.
The only thing which strongly pushes me from one ot the other, is if it seems to me that the project would be best implemented in an object fashion, because I don't like how Perl works with objects.
[ I do have to admit, I may not be the best example of a Perl vs. Python programmer, as I am also something of a language junkie. I have yet to use Postscript output extensively in a program, but I learned enough Postscript to write several PS programs to generate iterative and algorithmic images from our HP LJs. ]
The point of this rambling post, I guess, is merely to state that I am a single counterexample to his Ranger Rick's statement that Python and Perl are mutually exclusive. Of course, that means nothing, since he qualified it with 'usually', so I guess this means nothing at all!
Oh well.
Howard C. Shaw III Grum
The problem with releasing a website's code under the GPL is that it's entirely possible for someone to use the code without distributing it -- what's distributed is the content generated by the code, not the code itself (or binaries thereof). This is the same problem with GPLing optimizing compilers, and it hasn't prevented anyone from releasing plenty of compilers, but it is an application where the GPL might not be ideal.
Congratulations all the same.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
I would be very upset and very happy if they released a PHP-version of /. - I am currently in the process of programming my own site (modelled in part on /.) using PHP. If the current release were executed in PHP I would have release from my programming woes (setting up and managing the messaging system) and new woes - incorporating in those elements that I have already created.
Honestly, I was stunned by the cleverness of the Slashdot design the first time I saw it. I have learned more about PHP through trying to recreate those elements I like myself than I ever would have learned by simply configuring it to work. By programming it myself, using PHP, I have not only become very comfortable in PHP but I am building a far better site as a result. Originally my site was a directory of websites with an attached message board (which saw too little use) - now it will become a more tightly integrated combination of both. The directory portion - with attendant management tools on the Admin side - is complete, the remaining elements focus on the most difficult section - the messaging and topic creation system.
Once I have a fully functional website with the minimum of required elements in place then I can begin to study how the moderation system, and other elements of Slashdot work.
It would probably be far quicker for me to simply download 0.9 and configure it for my purposes (and it may come to that) but I am so far very happy with the performance and ease of learning/use of PHP.
For anyone not already versed in perl (and even then) I would urge them to explore PHP if they are engaging in dynamic website design.
Sorry I can't place a link to my site but its not ready for viewing yet - it looks pretty and some portions work but there are major holes in it. I think I will be ready to unveil it as beta inside of a month or so with luck.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
KissAssAtAndover (hellyeah);
return NothingToCommunity;
}
In what's sure to make Ye Olde Taco throw down his hands with grief(lets not even talk about Neal and Pat, whose entire faces are only moments away from contorting into paryoxysms of fear, rage, and inevitability)...
Next up is the SlashDistro.
Maybe it'll be Mandrake, maybe it'll be Redhat, maybe it'll be the next jaw dropping creation from a couple of sixteen year olds, but we're going to see something you slap onto a spare server that gives you your own personal Slashdot, preinstalled.
You *know* it's coming to ISPs. You *know* "personal slashdots" are coming, at minimum, to dedicated Colos, and soon, everything from Geocities to whatever.
There have been other works of Weblog sites and software, but nothing as feature complete as Slash. The cost of eyeballs just went up--thanks, guys!
Homestead's already done some stuff with integrating Palmpilots and personal web pages. The most interesting stuff I see is a total integration of the wireless experience with a the online log.
The diary strikes back.
Then again, there's nothing sadder than an empty comment field...look for the first major mod to the Slash code is topic-level threading instead of story level.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Go ye therefore to http://lists.slashdot.org/mailman/li stinfo.cgi and subscribe to yonder slashcode mailing lists.
Thanks
Bruce
Bruce Perens.
How close, other than the mentioned slashboxes, is this to the real thing(tm).
I suppose you could sum it up two ways:
Is it bug for bug the same?
If we come up with a new amazing idea that is so amazing CmdrTaco instantly wants to put it in, will our patch to the Slash v0.9 go straight onto the real site, or is Slash v0.9 a total rewrite from the current running slashdot on slashdot.org?
---
I use to have a funny sig, but slash cut it off, and I forgot what the punchline was.
In meta-moderation, the message at the top of the page states that duplicates are fine. I say _some_ duplicates are fine. I understand that one is moderating a moderation, not the displayed comment. But as the moderation is a discrete value, it really should be the case that if several people moderate a comment as, for example, Interesting, then only one instance of Interesting should appear on a meta moderation page, and a meta moderation of Fair or Unfair should be applied to all the moderations with the same value. This would further increase the amount of meta moderation done without adding any user effort. Maybe I am just unlucky, but I see this kind of duplicate almost every day.
well um, save etoy.com! oops, done too.
then find the mars polar lander! oh, we have signals too! damn, everything is getting resolved today. Guess there won't be news on slashdot tomorrow. ;-P
Is this the appropriate time to drop a shameless plug for your weblog? :) I remeber reading some time ago that perl was chosen because of its efficiency with all the string manipulation and stuff while being easy to develop at the same time. I've found that php has worked wonderfully for my purposes (although I get nowhere near even a fraction of the traffic that /. gets) and that it's much more easy to develop in. There seems to be a function for everything in web development, and it has a mostly perl compatible regexp function (and a few of its own). I've tried php4 (for speed tests), but it broke a few of the regexp functions that we had in place. So, to get to the point, what do the people feel is the best language for writing such a weblog in terms of efficiency and development time?
And here's my shameless plug - Digital Theatre News
just hope there arent any holes for script kiddies to find and DoS /. now that the new code is out
I'm sorry, sir? Is sir perhaps suggesting that opening up source code helps attackers to exploit security holes? Has sir not read the words of Bruce Schneier ? Is sir not aware that keeping source secret is the way to make it easier for script kiddies to discover security holes? Despite what sir thinks, sir will find that skript kiddies prefer to scrutinise binaries for security holes, spurning such vulgarities as source code. As Mr Schneier has pointed out again and again, the only way to be truly safe from DoS attacks is to be repeatedly DoS'd again and again until everyone loses interest ^H^H^H^H^H^H the community helps patch the holes.
This move is a punch in the nose for the "security through obscurity" movement and a shining vote of confidence in the "open source security model". Inspired, I have carried out the following moves to purge my life of "security through obscurity".
I hereby announce that my home phone number is +34 0191 429 7342. I hope that this will protect me from telemarketers.
My userid is "admin", and my password is "goyoujets", thus securing my website.
My financial details will shortly be published on the web, so that the "community" can help to protect me from tax audits. I am currently evading around £20,000 of VAT per year, and would appreciate help in fixing this bug before HM Customs and Excise throw me in jail.
And my medical records will be made public as soon as I can persuade my doctor to co-operate. This will cure me of all known diseases.
Follow my example! Open-source your life today! Bruce Schneier has!
I'll have my (white) limo at LWCE, we'll have a sign for Bruce to wave as he stands in the sunroof, AND Emmett will be there with a brand-new Sony digital Hi-8 camcorder to make a permanent record of Bruce making a spectacle of himself, which we will post online for your downloading and viewing pleasure.
(All this is "weather permitting," of course.)
;-)
- Robin "roblimo" Miller
I've put a mirror up at http://shiftq.linux.com/~mmichie.
Enjoy. After all, I'd hate to see Slashdot get Slashdotted (I need to feed my addiction dammit)! :)
The more you know, the less you understand.
Kurt
Server51.freshmeat.net
[(quoted from Bruce Perens IRC Interview)
:]
_ _____________
"Q: If we release the Slash code, will you paint your car yellow? (Submitted by roblimo1)
A: If slashdot releases the slash code as Open Source, Roblimo can drive his limo to LinuxExpo New York, on Feb 2nd, park it in front of the Javitz Conference Center, and I'll pop out of the sun roof and wave signs at people saying that "Slashdot code is now open source", and in general make a spectacle of myself. ]
Well now. I believe we can all forget the bantering concerning politics and reasoning behind this release. The above statement is validation enough in itself.
See ya all at the Expo!
_______________________________________________
--
driph
First, thanks to the guys at SlashDot for the release, and for making the damn thing in the first place.
:) ) But you know, that's really the author's perogative. Sometimes, you have a lil pride in what you want to show people.
Second, either thanks or a big ole kick in the nuts to all the trolls and me too'ers who jumped on hounding CmdrTaco to release the source-- I haven't decided which yet. You guys were ruthless, and though I think you all are patting yourselves on the back on "making this happen," I somehow think that this was in the works for a bit longer than the latest round of fervor.
How many of you asking-- demanding!-- for the source to be released, have an Open Source software project of your own out there? (I do. It's the Iaijutsu Web Application Framework Project, also on SourceForge.)
Now I'm not asking this to say "Ah hah! Go make a release of your own before you throw stones!" However, it would be nice if you knew what it were like. I suspect there weren't a large proportion of people in the outcry who actually to have active Open Source projects out there. I tend ot think that those people who DO have projects going out there were going easy on the guys at SlashDot.
Why? Because making a release is HARD WORK, *especially* if your web application project has come to be tightly wedded to the machine it's running on and is not particulrly general to install on others. It's *especially* tough when you have a day job that takes up a lot of your time, such as oh say, running a major Internet destination for news and information. Most times its easier to just put it off awhile..
BUT!! You say. ESR told me to release early, release often! And I believe this-- but look at what happened to Mozilla. It's working now, but it took awhile-- they released *too early*. I truly think there *is* such a thing, release too early, without a clean enough package, without enough documentation, and people will bitch just as much to you about your crappy tarball as they have been about you not releasing earlier.
This isn't *POOF* "Sorry guys, I've been a prick, I guess I'll release all the top secret RPMS, Debian packages, tarballs, and 100 pages of docs and man pages I've been sitting on." There *is* a bit of work to be done to 1) Even get SlashDot code pried out of the machine it's running on, and 2) Package it up so that you can wedge it into your machine, and 3) Make it look vaguely like something someone other than CmdrTaco can understand.
Now I know a lot of you are going to say, screw you, I would have loved to have just the pure pile of steaming dung of random code SlashDot may be RIGHT THIS SECOND. (Apologies to SlashDot, but I've gotten the impression that tho it works well, it might not be pretty.
I also know that, even tho you hopeful conumers of raw unpretty code may say you exist out there-- I know that there'll be just as many who download it and e-mail CmdrTaco "i cant get this Slish thing to do c00l stuph on my 31337 LinuxOne machine". So there's a support issue involved, even if you say you're not going to support it. So you have to have *some* answer to it, even it it's just taking a bit more time in the packaging, docs, and commenting to stave off some confusion.
So, have fun with it, and *please* try to go easy on the author of the release now that it's out... He's been called every name in the book, whil probably working his ass off. The last thing he needs now is a billion questions and everyone to say, "You know, this wasn't that cool after all, Slashdot code sucks!"
:)