Slash v0.9 Released

I'm excited to announce that after countless hours of hacking and slashing through piles of perl, Slash 0.9 is finally out. It's definitely a long ways from 1.0, but we think you'll be able to download it from the FTP Server or the CVS Server and, assuming you are comfortable installing mod_perl and mysql, get your own Weblog up and running in a reasonable amount of time. The improvements and changes are too many to list here, but it's almost a full rewrite since the last release. And credit where it's due, Patrick Galbraith has really pulled it together... as both thanks and punishment, he is now the coordinator for Slash. We are starting up a mailing list to coordinate devel. Finally we also are happy to note that we have decided to use the GPL as the official license for the project. There are several other notes below.

The one thing that you'll notice missing is some of the Slashboxes. We've decided to only include Slashboxes that use the standard RDF format for backend information. This ought to be plenty of Slashboxes to get anyone started. The reason we decided to do this is that most of the remaining sites use backends that we had to ask for permission to use. You'll have to ask the same permission from the appropriate Webmasters.

This project has consumed countless hours on the parts of CowboyNeal and Patrick, and a to a lesser extent, me. We're all really excited to finally have a release ready to go, and to finally have a CVS server ready to help accelerate and coordinate future development. There's a lot of work left to do in this codebase, so if you're feeling spunky, feel free to send diffs.

Some notable features

• Many tables are cached locally in Apache to reduce SQL calls
• Mass moderation
• Customizable homepage
• Skinable look and feel by the sysadmin
• A plethora of default Slashboxes to get you started
• Highly configurable sections, including Look & Feel, and extension tables for extra fields (like the ISBN code fields we use in the authors table for example)
• Note passing system for authors in submissions
• Much of the site is remotely administratable with complicated but efficient Webforms.

TODO & BUGS

There are lots of both. Smoother installation. Preview bugs. Assorted troll protection bugs. Lots of new ideas to experiment with in the moderation system. A few security problems. Lots of interesting ways to make parts of the site more flexible for other users. Instant Messaging. Assorted advancements for the backend to help make distributed content management easier. Distributed/Load Balanced SQL. Cached Comments to reduce SQL. And much much more.

Re:now hopefully...

just hope there arent any holes for script kiddies to find and DoS /. now that the new code is out

I'm sorry, sir? Is sir perhaps suggesting that opening up source code helps attackers to exploit security holes? Has sir not read the words of Bruce Schneier ? Is sir not aware that keeping source secret is the way to make it easier for script kiddies to discover security holes? Despite what sir thinks, sir will find that skript kiddies prefer to scrutinise binaries for security holes, spurning such vulgarities as source code. As Mr Schneier has pointed out again and again, the only way to be truly safe from DoS attacks is to be repeatedly DoS'd again and again until everyone loses interest ^H^H^H^H^H^H the community helps patch the holes.

This move is a punch in the nose for the "security through obscurity" movement and a shining vote of confidence in the "open source security model". Inspired, I have carried out the following moves to purge my life of "security through obscurity".

I hereby announce that my home phone number is +34 0191 429 7342. I hope that this will protect me from telemarketers.

My userid is "admin", and my password is "goyoujets", thus securing my website.

My financial details will shortly be published on the web, so that the "community" can help to protect me from tax audits. I am currently evading around £20,000 of VAT per year, and would appreciate help in fixing this bug before HM Customs and Excise throw me in jail.

And my medical records will be made public as soon as I can persuade my doctor to co-operate. This will cure me of all known diseases.

Follow my example! Open-source your life today! Bruce Schneier has!

Re:Perl eh?

[Hemos]

When Slash was written, the main core of it rather, PHP wasn't where it is now. Perhaps if PHP had been better developed at that point, we would have used it - but it wasn't, so....

Re:Someone make Bruce a sign to wave!

[Roblimo]

I'll have my (white) limo at LWCE, we'll have a sign for Bruce to wave as he stands in the sunroof, AND Emmett will be there with a brand-new Sony digital Hi-8 camcorder to make a permanent record of Bruce making a spectacle of himself, which we will post online for your downloading and viewing pleasure.

(All this is "weather permitting," of course.)

;-)

- Robin "roblimo" Miller

Mirror

[maelstrom]

I've put a mirror up at http://shiftq.linux.com/~mmichie.

Enjoy. After all, I'd hate to see Slashdot get Slashdotted (I need to feed my addiction dammit)! :)

Re: Corrections to CVS instructions (read this)

[Kurt+Gray]

I'm going to abuse my karma /and/ attach this to a highly-rated early comment so hopefully enough people will see this. Here are better CVS instructions then what we have posted at Server 51 (which I'm working on):

1. cd into a directory you want to download the slash source files to.
2. cvs -d :pserver:anonymous@cvs.server51.freshmeat.net:/cvs root/Slash login (anonymous password is blank -- just type return)
3. cvs -d :pserver:anonymous@cvs.server51.freshmeat.net:/cvs root/Slash co slash
4. cvs -d :pserver:anonymous@cvs.server51.freshmeat.net:/cvs root/Slash logout

Kurt
Server51.freshmeat.net

Someone make Bruce a sign to wave!

[Driph]

[(quoted from Bruce Perens IRC Interview)
"Q: If we release the Slash code, will you paint your car yellow? (Submitted by roblimo1)

A: If slashdot releases the slash code as Open Source, Roblimo can drive his limo to LinuxExpo New York, on Feb 2nd, park it in front of the Javitz Conference Center, and I'll pop out of the sun roof and wave signs at people saying that "Slashdot code is now open source", and in general make a spectacle of myself. ]


Well now. I believe we can all forget the bantering concerning politics and reasoning behind this release. The above statement is validation enough in itself.

See ya all at the Expo! :]


________________________________________________ _____________

Thanks, guys... This must've been a lot of work!

[deusx]

First, thanks to the guys at SlashDot for the release, and for making the damn thing in the first place.

Second, either thanks or a big ole kick in the nuts to all the trolls and me too'ers who jumped on hounding CmdrTaco to release the source-- I haven't decided which yet. You guys were ruthless, and though I think you all are patting yourselves on the back on "making this happen," I somehow think that this was in the works for a bit longer than the latest round of fervor.

How many of you asking-- demanding!-- for the source to be released, have an Open Source software project of your own out there? (I do. It's the Iaijutsu Web Application Framework Project, also on SourceForge.)

Now I'm not asking this to say "Ah hah! Go make a release of your own before you throw stones!" However, it would be nice if you knew what it were like. I suspect there weren't a large proportion of people in the outcry who actually to have active Open Source projects out there. I tend ot think that those people who DO have projects going out there were going easy on the guys at SlashDot.

Why? Because making a release is HARD WORK, *especially* if your web application project has come to be tightly wedded to the machine it's running on and is not particulrly general to install on others. It's *especially* tough when you have a day job that takes up a lot of your time, such as oh say, running a major Internet destination for news and information. Most times its easier to just put it off awhile..

BUT!! You say. ESR told me to release early, release often! And I believe this-- but look at what happened to Mozilla. It's working now, but it took awhile-- they released *too early*. I truly think there *is* such a thing, release too early, without a clean enough package, without enough documentation, and people will bitch just as much to you about your crappy tarball as they have been about you not releasing earlier.

This isn't *POOF* "Sorry guys, I've been a prick, I guess I'll release all the top secret RPMS, Debian packages, tarballs, and 100 pages of docs and man pages I've been sitting on." There *is* a bit of work to be done to 1) Even get SlashDot code pried out of the machine it's running on, and 2) Package it up so that you can wedge it into your machine, and 3) Make it look vaguely like something someone other than CmdrTaco can understand.

Now I know a lot of you are going to say, screw you, I would have loved to have just the pure pile of steaming dung of random code SlashDot may be RIGHT THIS SECOND. (Apologies to SlashDot, but I've gotten the impression that tho it works well, it might not be pretty. :) ) But you know, that's really the author's perogative. Sometimes, you have a lil pride in what you want to show people.

I also know that, even tho you hopeful conumers of raw unpretty code may say you exist out there-- I know that there'll be just as many who download it and e-mail CmdrTaco "i cant get this Slish thing to do c00l stuph on my 31337 LinuxOne machine". So there's a support issue involved, even if you say you're not going to support it. So you have to have *some* answer to it, even it it's just taking a bit more time in the packaging, docs, and commenting to stave off some confusion.

So, have fun with it, and *please* try to go easy on the author of the release now that it's out... He's been called every name in the book, whil probably working his ass off. The last thing he needs now is a billion questions and everyone to say, "You know, this wasn't that cool after all, Slashdot code sucks!"

:)