This is why I don't post here anymore
How could I possibly out-do the events of this week? I became redundant a long time ago. Rob Malda gets anonymously bitchslapped by a World of Warcraft Administrator. He spends hours* writing a rant about how he totally understands, isn't angry, and then renames his character "Violated". Right.
When he says "the irony of the situation isn't lost on me", he's right. I'm sure the Atlantic Ocean isn't lost on him either. You just can't ignore something so vast, powerful, and... salty.
When Taco bitchslapped my public IP in his Apache config, I created an account named "Trolls" spelled backwards. We're pretty much the same guy. Except I can spell.
In the end, my job has been taken over by the pants of the Malda household, who has responded to Rob's second public posting since his wedding proposal by posting a couple pictures of her cleavage on the Internet with the caption "that'll show my husband, CmdrTaco, that he's not the ONLY one who knows how to assume fake ranks that they didn't earn!" and "Commander Cleavage(why am I posting this?!??)".
I almost got into an argument once with this lady at a gas station. I was talking on my cell phone, and she shut my pump down, turned on the PA, and told me my cell phone could kill everyone. The Eyes of The Gas Station were upon me. I went inside and mentioned that she was voicing a myth. Out poured a tirade of fiction about incinerated cell phone toting firebugs, and I felt it, you know, that old urge to refute stupidity.
But then I realized that being that stupid bitch at the gas station was its own punishment, and I kept driving.
Have fun playing Warcraft, Rob.
*Hours? Yes. There's not a single spelling mistake. He brooded over that shit.
"Subject: Slashdot User Password for sllort"
Two password reset attempts on my account within hours of each other, different user agent, different offshore proxies. Yay for you guys!!! I'd thought all the love was gone.
ps hi fv
Date: Sat, 11 Jun 2005 09:49:32 +0000
In case you get multiple emails you didn't request, the requester's IP
was 184.108.40.206. Its user agent was
"Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050"
(not that you should trust that value, but it might be interesting).
Date: Sat, 11 Jun 2005 11:38:43 +0000
In case you get multiple emails you didn't request, the requester's IP
was 220.127.116.11. Its user agent was
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
(not that you should trust that value, but it might be interesting).
New Slashcode Afoot
As an (occasional) contributing editor to Trollback, I can assure you that there will be some coverage of some new Slashcode features in the upcoming issue. Before I get to the meat, here's a summary roundup of recent changes:
Slashcode port & service scans anonymous posters.
Modbombing a single user now has adjustable consequences (on Slashdot, it is most likely a bonus, however the default consequence is set as a penalty).
The "excessive bad posting" detector has been given new teeth, blocking the class C subnet of anyone who a moderator disagrees with for periods ranging from weeks to months. See upcoming Trollback for details, or read some journals.
There's a new feature afoot right now, however, which has not been comitted to Slash's public CVS repository yet. The change involves setting someone's Karma from (whatever it was) to "Moderation Abuser". Presumably if you have excellent Karma, and a moderation you make is found to be unfair, your Karma will be changed to "Moderation Abuser". CmdrTaco has repeatedly stated that "Karma is worthless", so officially this doesn't mean anything - however unofficially, it could have big consequences for your account. Here's a first person account. Has anyone else observed this, and some possible consequences?
Comments are enabled, share what information you have.
P.S. I was finally removed from CmdrTaco's Friend-of-Friends list for this post in his journal, in which I revealed that they had changed Slashcode to adjust the token count of modbombers (in the middle of a diary where he was berating a user for modbombing...). Unable to get Brian Aker (Krow) to de-friend me, Taco de-friended Krow. Alas... sorry Brian! I realize that pointing out that Taco was writing an entire diary about something that Jamie had handled in the code months ago - without telling any of his readers it was handled - was going to be pretty embarassing for Rob, but I didn't expect him to act like such a child.
P.P.S. Has anyone looked at Slashdot's two year Alexa ranking? I wonder why their popularity has basically regressed to 2002 levels over the last year... thoughts?
It came to my attention recently that my ongoing trouncing of CmdrTaco had been interrupted by having myself retired from Whatsbetter.com. Of course I had to do my best to rectify the situation, and the good folks at Whatsbetter.com were happy to oblige. Much to my dismay they had interpreted my lack of recent journal posting as a sign of my demise. While I admit I owe you all a status update on Slashcode (it's coming!) I will have to make do for now with some tidbits from the mailbag:
I've re-enabled the item... One of my admins must have retired it. Your /.
jounal has not been updated in the last 5 months. Spending your time at K5
these days? Or have you found new and better places to troll ;-)
Enjoy the site,
>hello, noticed that in the following pairing:
>one Slashdot user was retired as "old" and the other was not. Just wanted
>to let you know that neither user is old nor retired, we both write
>journals regularly, here are the links:
>I do not like being retired as "old", i'm only 27, i'm active on the site
>and i'm as active now as when i was added.
>let me know what you decide,
Of course, I have no idea what he's talking about with this "trolling" nonsense, but he's re-activated my account for more Taco-crushing, and that's what's important. Thanks, Chris.
as far as I am unknown, the best thing is to introduce myself.
Working in political sciences but interested by IT since I'm 15 (4 years
already), I just took some distant glances at /., so far. I just got
involved in the overall /. picture, until I got moderation points, too
quickly in my opinion.
I quickly realized that some deep trends where impairing the very spirit of
what was in my mind a quite flawless system. I posted various documented
posts questionning Apple's software, marketing policy, prices policy etc.
until I just went aware that they were plainly ignored, or modded down. I
just had the bad taste to say that, at last, Windows XP was a respectable
OS. I just had the foolish idea of defending Oracle.
Then I decided to make some researches about people in the same frustrating
state of mind as mine. And quite quickly I found this by now old story about
the troll survey. I found that many many clever people were relayed in the
remote electronical sphere of purgatory. And that maybe you were the boldest
one of these.
So my questions are naturally coming to you : what do you think of Slashdot
by now ? Did you improve to evaluate how many people were backing you ? Are
they any other sites as /., with other moderation/participation systems ? If
not, what about building an alternative one ?
It just looks like many of us stay frustrated by the current status of /.
And frankly this is sad.
If in any case you can't/don't want to respond, plz leave a blank message.
I'll keep looking for freedom advocates.
p.s : reading Top Ten ?
Wow. "remote electronical sphere of purgatory". Putting aside for a moment your... diction... yes, I've spent some time at k5 recently. K5 is what Taco would call "navel gazer's anonymous", what Seth Finkelstein would call "more writer fair", and what I would call "fractionally less fucked up". As far as being upset with /. - well, they've managed to stay "in business" for five years, and nobody's threatening their market niche yet, though God only knows if they're profitable. It's a sad thing that some real assmasters are in charge, but we can always hope that something better will come along - or as you point out, we can do something about it.
As far as reading goes, allow me to suggest the September and October edition of Trollback - the new editorial staff deserves plenty of praise.
Krow Dead at 2
I just heard some sad news on talk radio - Slash Team icon Brian Aker's job at OSDN was found dead in the noncompetitive OSDN payroll ledger this morning. I'm sure trolls and /bots alike will miss him - even if you've been freaked by everyone, there's no denying that krow was the Slashcode contributor that didn't suck. Truly a Slashdot icon.
He will be missed.
Well, yesterday's IRC thing went off without me, though had I been there, my questions would have been dumped anyway, so no big deal. It's a pretty long log, so I took the liberty of snipping the good parts and adding some translations for those who don't speak Slash. Hope you enjoy, and I apologize in advance for any inaccuracies.
<Questions> w00t asks: Will /. users ever be able to change the "look and feel" of Slashdot? Such as the colors, and general layout?
<CmdrTaco> Maybe a little, but not much. 20:04
It's computationally expensive.
<hemos> The new machines will be 2x P3 1.4 Ghz, with 2 gigs of RAM.
<CmdrTaco> It's programatically tricky.
Even removing images will increase our computational workload. We'll never change this, but patches are always welcome.
Patches are always welcome tho ;)
<Questions> reefer asks: Is there any system in place or a plan on developing some system to prevent duplicate posts?
<CmdrTaco> Whatever. 20:06
<hemos> Reefer: There is one.
We have a pretty good system that we copied from fark, but Rob still sneaks a couple through.
<Questions> jew asks: At LWCE 2000 NYC, you stated that you were considering developing alternate systems of accessing the site's content than HTTP/HTML. You mentioned NNTP. Have you considered or implemented any alternate means of accessing the site, such as RRS? If not, why?
<CmdrTaco> We don't have time to implement much in the way of other protocols.
<hemos> CmdrTaco: We did try the chat thing with whatever program that was.
Er, not chat. 20:07
<CmdrTaco> Yeah, we had an IRC bot.
That gated stories & discussions.
That was fun.
Worked really well.
Nobody used it :)
The trolls had a very popular IRC bot called Slashbot that gated stories, and we murdered comments.pl and banned about a hundred IPs to shut it down, but we shut down our version because no one used it.
<CmdrTaco>Karma isn't worth anything. Why would we change that? 20:09
Except for: how many posts you can make a day, your initial comment score, your ability to moderate or metamoderate, and almost any other interaction with the site, that is. We'll never change karma's fictitious worthlessness like we did before.
<Questions> OcelotLM asks: Have you considered changing the Games colour scheme to something less garish?
<hemos> You should have seen the first round of it.
Ok, ya, it sucks. Get over it. Remember Slashdot succeeded because our HTML is the best.
<CmdrTaco> (I'm just skipping trolls btw ;)
I'm not going to tell you why moderation is anonymous and why we IP banned www.w3c.org from our site. This is because the answers are not for those among us who do not drink the gin with the tonic.
<Questions> limerickey asks: What happened to John Katz?
<CmdrTaco> We had to let him go during a round of layoffs last summer.
We miss him, and were sad to see him go. 20:15
He added a lot to Slashdot, and it was really unfortunate.
<hemos> the acerbic nature of some of the people also turned him off.
Realized that if he continued to pander his career for Matrix fans, he'd never work as a journalist again. Also the trolls.
<Questions> sebi asks: Did you ever consider adjusting the amount of moderator points based on Metamoderation results (like add a point for every 100 fair metamods, subtract one for every 5 unfair ones ore something like that)
<CmdrTaco>what you are asking is does M2 affect getting M1 points.
And yes, it does.
If you meta modearte, you will get more mod points. 20:17
It isn't 1 point for 100 fairs or anything.
But it's a lot.
If you moderate good, and meta moderate whenever it is offered to you, you can get mod points fairly quickly.
See, we created a discussion site, which by its very existence proves that people disagree, otherwise there'd be no need for discussion, and then we've implemented a moderation system based on the idea that disagreement over what "to moderate good" means is impossible. There exists, in this world, "absolute good" and "absolute bad", and we have written a system to detect it in Perl. Thank you. Thank you very much.
<Questions> TrollBridge asks: Despite the junk that trolls (as I myself once was) have posted in the past, is it a fair statement to say they have indirectly contributed to the polishing of the Slashcode?
<CmdrTaco> I'm sure there is no web discussion system that is harder to crapflood than Slashdot.
So thanks for making us have to waste our time writing that code.
We COULD have had RSS for subscribers or NNTP interfaces or something.
<hemos> I can say personally that the trolls have taken time away from my kids birthda's.
So, I hope you feel very proud of that.
<hemos> What I would say is the trolls have made it so that we haven't made features
<hemos> but instead have had to think of ways to stop people from accessing the site.
It sucks having to program stuff to prevent a crapflood when we COULD be adding cool fun new shit for folks.
We're not going to address what the trolls have done, but the crapflooders have really fucked with us. We blur the distinction; you should too. P.S. even though no one could crapflood Fark.com to save their life, we're even tougher. The routine, unchecked scripted crapflooding of sid=20721 is proof.
<Questions> mmh asks: Will there ever be a section dedicated to site issues and discussions? Stuff like Slashcode updates, hardware issues, suggestions, etc. Whenever things come up in regular stories, people posting about it are off topic. It would be nice to have a place for this (and a place that you guys read to get the suggestions).
<CmdrTaco> www.slashcode.com has some of that.
<CmdrTaco> My journal has some more of that.
<hemos> The problem with one section for discussing is that then no works gets done.
<CmdrTaco> I don't foresee a Slashdot section dedicated to Slashdot.
There are only so many hours in the day,
I can't spend all of them talking about what I do,
<hemos> Because it's navel gazing at its finest.
<CmdrTaco> and then still have time left to DO anything.
We're not 50 people here.
And I don't want to read a website about Slashdot.
I hate reading websites where half hte content is discussion about the website.
CNN isn't about CNN.
many community driven content sites are OBSESSED with themselves.
I'd rather not be.
A couple forums a year. A journal entry a week. A few hudnred emails a day.
Isn't that enough :)
If we'd had a META section, or listened to our users, we could have ripped off the early-story subscriber plum years earlier - same thing with CAPTCHA. And I don't think we were ready for that then. So, no, sounds like a bad idea.
<Questions> pwrlnkid asks: Have you given any thought to allowing subscribers to see the story queue and "moderate it". Seems to be an easy way on your parts to get rid of dupes or old news.
Mention K5 again and I'll kill you.
<CmdrTaco> Mmm. Scotch.
<hemos> Man, I'm getting a G&T.
We watch anime. We lease our BMW's. We drink gin & tonics. We solved the drivel problem. Excuse us.
<hemos> Yeah, the patch situation is a fun one.
Because the reality is that hardly anyone submits pathces.
<hemos> So, yeah, the code is open...but really that just means people donwload it and install it.
<CmdrTaco> We don't get many patches. Which is really unfortunate. 20:44
<hemos> Yeah, essentially we have all the costs of being OSS
without any of the benefits.
<CmdrTaco> We spend a lot of time making the system (relatively) easy to install for others, but we're not actively getting a lot of benefit back.
We do it more out of a labor of love than for business reasons.
We really WANT this thing to be open source. We think its cool. 20:45
<hemos> Because we end up supporting people using it, but get nothing back.
Frankly, if I were deciding it strictly on business merits, it's current status as open source is a lot of work without much back.
<CmdrTaco> There is no other open source CMS that will work on the scale of slash.
But most people just want a dinky little site.
They can use one of the *nuke clones.
They don't need a steak, they're cool with hamburger ;)
We don't know why people don't feel motivated to contribute. It annoys us how at K5 there's all these cool features added by users like those awesome Dynamic Comments, and we're stuck back here in the Stone Age with Nested Mode (I mean STEAK MODE). Oh well - pass the alcohol .
<Questions> erigol asks: Have you considered setting up a slashdot Wiki, since Wiki's are, like, the rage, and stuff.
<CmdrTaco> Wiki is silly. Not scalalble.
<hemos> Wiki's make me want to guage my eyes out.
WE MAKE THE STEAK. THE STEAK IS THE BEST. KEEP YOUR MUTTON AWAY.
<CmdrTaco> Users in .d bitching that we post Microsoft Ads ;)
<CmdrTaco> I can't understand why that offends people. I find it hilarious.
<hemos> The irony of that is amazing.
<CmdrTaco> SCO shoudl advertise with us.
How can something be bad ironic when it pays for our single malt? That's good ironic. Bad ironic is when we IP-ban the W3C, because that doesn't pay for STEAK, BMW leases, or gin. Puh-lease.
<Questions> Cephalien asks: Out of curiosity: Do you think that the ever-growing popularity of Slashdot, and the occasionally negative publicity offered there towards certain companies (Microsoft comes to mind), do you think that those companies might intentionally seed people to post comments? If so, how often, and how much do you think that effects the overall 'feel' of the comments about a story?
<CmdrTaco> I'm sure it happens to some degree.
<Aaton> CmdrTaco: no problem
<CmdrTaco> But astrotrufing by a major corporation will never outnumber Slashdot's population.
Unless they get ahold of that script that routinely floods sid=20721... but we don't talk about that.
<CmdrTaco> Web petitions are stupid. I delete them all.
My IQ is not zero, and I can prove it.
<CmdrTaco> I don't want to say something will "Never" appear on Slashdot.
If someone could convince me, I'd do anything.
Moderation with names attached?
Open Submissions Queue?
But few people understand the scope of such changes.
These two features have been implemented at K5 already, dumbfuck. Do you really think we'd copy someone else's feature? We're the STEAK, they're navel-gazing hamburger. Sister puh-leaze.
<CmdrTaco>What's sad is that anonymous posting serves a very important purpose.
It exists so that you can say thigns that might be held against you.
Remember how earlier we said Carnivore was watching so anonymous posting wasn't really anonymous? Keep thinking about that while I fix another drink..
Slashdot Interview Tonight
There's an IRC interview with Taco & Hemos tonight. I won't be there, I have plans tonight. There are millions of things that could be asked: why are messages now batched so we can't tell when we've been mass moderated, why are the moderation totals hidden so we can't tell when a comment has been mass moderated, why are comment numbers randomized instead of starting at 1, what percentage of editor moderation is "Over/Underrated" (we've been handed the editor's aggregate M2 stats forever, why not document the loophole?)
The way they run these interviews is usually that you submit to a question bot, but can't talk, and they pick questions off the bot. In short, none of the above has any chance of getting asked. Neither do the following three questions, though they are probably the three questions to which the answer is the most interesting:
- Why doesn't a Moderation Results message include the name of the Moderator?
- Why aren't we told when an editor moderates our posts?
- Why is the W3C HTML Validator at www.w3c.org IP banned from Slashdot?
Have fun folks, and remember, Never disturb a man.
The Easy Way to W3C Approval!!
The absolute best way to to get the W3C to validate your site is to ban their IP address. Because, if your HTML doesn't check out, who's the wiser?
I'd like to take this opportunity to congratulate Rob & co on not having a gigantically flawed W3C validator page for the first time in their illustrious five-year history. Way to go, guys!
Fyodor Responds... Kinda
Well, Fyodor wrote a rather lengthy reponse today, collating a whole bunch of geocities pages in order to prove that any allegation made against him is false, and that he is not a terrorist.
I don't really know what to make of his response: it's weird, because he kind of denies hacking sdem's computer, but he doesn't deny posting screenshots of sdem's page to his website, and talks about "trolling trolls" and "rhetorical devices".
I honestly can't make heads or tails of it - I thought that his page on breaking into sdem's machine was a much better piece of writing on his part - but here's the link for you all to try to make sense of:
Interestingly he accuses me of slander and says that he would press charges if he weren't busy with an important project. That certainly would be interesting, considering I could haul at least ten witnesses into any courtroom that saw his "Troll Hunting 101" post.
Modbombing and Interview Control
Update: This comment by an AC claims that a user moderator, not an editor, was one party to the moderation attack on this comment. While an AC comment doesn't prove much, it is at this point pretty unlikely that editors were involved. I'd like to remind everyone reading that the name of the posting account isn't sufficient information to grade an entire post; in this case, the linked post is factual, polite and accurate, and fully deserving of the +5 Interesting score the users originally gave it.
Original journal entry:
Slashdot interviews send the best of the 5-rated user comments to an interview candidate. Users pick the best questions, and Slashdot sends the interview. Right?
Take a look at the Fyodor Interview. Scroll down to this comment which asks, in a polite fashion, whether Fyodor has ever chosen to use his hacking skills to break the law, and cites the Slashdot troll hacking incident detailed earlier in my journal. This question received a score of 5 from the users of Slashdot, and was therefore eligible to be part of Fyodor's interview.
Today, alert reader Gendou pointed out that four days after the story posted, a flurry of moderation activity had occurred in this posts's thread. The post was moderated down as a "Troll", heavily, till it reached threshold 3, and every comment in the thread which mentioned Fyodor's hacking incident also received large quantities of "Troll" moderation.
Now, who gets moderator points, opens up a four day old story, and starts using moderation to push an agenda? More than 5 points were used in the attack, which means that either a large group of users acting in concert attacked the thread, or a user who is gaming Slashdot's system attacked the thread, or an editor did it. Who was bent on removing any shred of legitimacy from complaints that this question was not forwarded to Fyodor?
The users of Slashdot gave this comment a score of 5.
Slashdot Moderation is unaccountable, and I don't know who did this. For now, I'd like anyone who saw that the users of Slashdot moderate this question to 5 to vouch for that fact in the comments, as I am vouching here. We may never find out who manipulated the comment scores, but we can set the record straight.
New Fyodor Evidence Released
Trollaxor.com has obtained a cache of Fyodor's "Troll Hunting 101", briefly posted to www.insecure.org/tmp/trolls in 2002 by Fyodor shortly after hacking the computer of a Slashdot prankster. I have been advised that the images and content in this cache have been modified to protect the name and personal information of Fyodor's hacking victim (SumDeusExMachina) which Fyodor initially saw fit to publish. The modifications appear in bold and are clearly marked as REDACTED.
I would like to invite anyone who witnessed this firsthand in 2002 to post a comment certifying that this content is accurate to the best of their recollection below in the comment section.
I personally certify that this content was posted to www.insecure.org in 2002, and that I personally loaded and witnessed it.
What Can Illegal Hacking Do For MY Business?
Slashdot has an interview with security legend Fyodor, admin of the famed insecure.org and author of the world's most affordable port scanner, nmap.
The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.
*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.
Sdem had created a hoax account entitled electricmonk, and used it to post this comment pronouncing that he was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.
Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.
This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.
First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.
Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.
Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.
Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.
After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here. Very interesting reading.
So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise this man has in illegally penetrating computers across state lines and getting away with it. I'm sure that many companies would like to have a man of this caliber at their disposal in order to infiltrate and destroy their competitor's IT infrastructure.
Of course, no sane person would use this man's software without compiling it from inspected source, given his history. Fortunately the folks at Redhat pore over his code with a fine toothed comb before including it in their distribution, so if you've ever wanted to peer into the mind of a madman, I encourage you to take a look at Redhat's copy of nmap.
Also if anyone has a cached copy of fyodor's insecure.org/tmp/trolls page, please let me know in the comments so we can get it hosted. This particular piece of sordid Slashdot history just became more relevant.
Sdem's account of the incident
Trolltalk cache, circa break-in
Cache of Fyodor's "Troll Hunting 101" from www.insecure.org/tmp/trolls
Above are caches of both Fyodor's bragging about the break-in on his web site, and his bragging in a Slashdot comment about having hacked Sdem. Numerous people witnessed this and have posted comments in my following journal entries certifying to the veracity of these mirrors. To date, no one at Slash Team and no one at insecure.org has denied it. Nor will they; they have almost certainly been advised by legal counsel not to speak about it in public.
That said, any journalist or researcher wishing to pursue this story may wish to take additional steps. The Slashdot editorial staff was well aware of this story when it happened. Jamie McCarthy used Fyodor's information to penetrate the irc server Fyodor discovered and attack the irc bot he found there. Jamie McCarthy and Michael Sims are both aware of the details surrounding this incident and can confirm their recollection and involvement in the incident by email. Their email addresses are easily available to a curious researcher so I won't bother repeating them for spam robots, but suffice it to say that asking Jamie the question "did you see Fyodor's page on his web site in which he took screen captures from a hacked trolls computer" will probably yield you positive confirmation. There is the possibility that they won't want to involve themselves for legal reasons, but I doubt it. Jamie is historically honest to a fault and forthcoming when approached with a legitimate question.
So, if you're a doubter, email the Slashdot editorial staff. Fyodor is a Black Hat, and the eds know it.
Slashdot Math Returns!
Remember everybody's favorite signature? Slashdot Math: 50+1-1 = 49. Taco was so incensed about that he decided to hide Karma from everyone so they couldn't criticize his math skills. This was a good idea, and one he should have stuck with.
Recently, Slashteam decided that printing moderation totals was a bad idea. It's part of a continuing development trend of hiding the Slash backend from the users (not a bad idea). Maybe Krow has been playing an audio version of Chromatic's O'Reilly article to Taco while he sleeps. Maybe Taco's pride has finally yielded enough that he's willing to listen to someone else. Who knows. For whatever reason, someone's trying to make it harder to game the Slash system by removing anything that could be construed as "points" (I'm wondering how they plan to make it impossible to count your friends, but that's another story).
Personally, I like to think that Trollback was responsible. But that's just ego talking.
In any event, moderation totals are now shown as percentages in an attempt to hide the number of times a post has been moderated. While it's pretty simple to reverse-engineer this number, you now need a calculator, which raises the bar a bit.
The funny thing, however, is that Taco has once again exposed his math skills to the world. So, once again, we get to put "Slashdot Math" in our .sigs. Are you ready?
Slashdot Math: 30+40+10 = 100
Update: As many have pointed out in the comments, it is true that this change has a few side affects. One is that editors can now disguise their modbombing activity a little easier. The second is that by activating a division-based mod system, SlashTeam has proven that all its protestations about K5's moderation not scaling are a bogus. Of course, if you haven't accepted the fact that modbombing and handwaving are a way of life around here, you're blind, and you don't read my journal.
RIAA Spokesperson Tells a Lie.
Many of you have seen that Verizon has been ordered to disclose customer profiles to anyone who sues them. This is pretty funny, and hopefully someone will sue Hillary Rosen's ISP soon. In the meantime, I'd like to point you in the direction of this interesting quote:
"Now that the court has ordered Verizon to live up to its obligation under the law, we look forward to contacting the account holder whose identity we were seeking so we can let them know that what they are doing is illegal," said Cary Sherman, president of the Recording Industry Association of America.
So we know two things:
- The RIAA doesn't know who the account holder is
- The RIAA wants to let the account holder know that he/she has broken the law
The only problem with this is that for the account holder to have broken the law, it must be proven that the account holder does not own a legally purchased copy of all the songs he or she downloaded. How can the RIAA know this about the account holder? Existing Fair Use law states that you can obtain a backup copy of a song you already own. Can the RIAA have charges brought against the account holder without proof that the account holder does not legally own all these songs?
I've spent a bit of time cataloging the names of every song on every CD I own. Having painstakingly removed anything which could possibly be available Live or As A Cover, I have a list of about 9,600 song titles which I can legally download. I am in the process of setting up my Gnotella agent to continually download all these songs. I have a little DB app which will overwrite my existing copy of each song with the new copy. This will ensure that at any given time, I have only one backup copy of each song I own, and also that my connection will look like a gigantic music leech 24/7.
I'm only one person, and the chances of the RIAA bringing suit against me are pretty low, even though they target high-bandwidth automated users. But I can hope (actually if I am sued my bravado will probably dissipate and I will piss my pants while I write the ACLU, EFF, and the Pope). The prospect of Trolling the RIAA is just too good to give up. And walking into court with a legally purchased, nicely aged copy of every single song I'm charged with obtaining illegally would be way too much fun.
Yes, for those wondering, I typed up the list of songs, dated it, took pictures of my entire cd collection and put it in the envelope, included the Washington Post, and I'm going to mail it to my bank certified mail with return receipt attn: my safe deposit box. That's the best I can do for proving I didn't purchase the music ex-post-facto.
If you like this little exercise in law-abiding, feel free to join me.
New SourceForge Slashcode Project.
There's a new project on SourceForge for anyone who's ever been told to "submit a patch". I have no idea why they accepted it.
Addendum: This is not my project; I'm just linking to it.
Want to see something bad happen?
Talk about a case for deleting comments. This guy has got problems. Load it quick before the men in suits come.
<Captain_Tenille> Seen the presidential threat comment yet?
<rusty_> oh yeah
<rusty_> he's gonna get a visit
<Captain_Tenille> Have *you* been contacted by the goons yet?
<Captain_Tenille> Oh my
<rusty_> i turned over the info. this is as clear-cut a case as I cna possibly imagine. I just wish the secret service would investigate threats made on ordinary people too
Anybody Moderating Again?
Remember back when Taco et al went on a reign of terror and banned hundreds of users in a little Civil War? We all got the $rtbl flag for moderating up a single post... And most of us are aware that Administrator-enforced blacklisting died with the $rtbl (Realtime Black Hole List).
What I'd like is for everyone who was originally banned from moderating (anyone who was $rtbl'd) to talk about whether they've gotten mod points since the $rtbl was repealed. Everyone should be able to MetaMod now, but I'm talking about flat out Mod Points.
People have often pointed out that just because Slashcode is open doesn't mean Slashdot is. I'd like to know how many formerly $rtbl'd users have gotten mod points, how many haven't... post your experiences, post-$rtbl.
New Issue of Trollback!
I wanted to let everyone know that a new issue of Trollback hits the shelves today. Much of the credit for this issue goes to our newest editor Gustavo. Grab yourself a copy and enjoy.
GPGP for Slashbots and Normal People
Since I've started posting anonymously and signing my posts, I've received a surprising number of emails along the following lines:
- What's to keep me from signing my emails with your key?
- Is this post yours?!?! (link)
- How do I validate your signatures?
- You idiot, signatures require a pen!!!
While I'm hoping that a large percentage of these emails are just people trying to troll me, I guess it's only fair that I present a quick HOWTO document for checking GPG signatures. You can use this document to determine whether or not a /. post was actually written by me (quite a few with my name on it aren't).
Step 1: Getting the software.
Windows users (Graphical Installer for GPG)
Source Code for all Unix users
If you're a Windows user, unzip the file and run the setup program. If you're a Unix user, you probably know what you're doing, i.e. ./configure;make;su -;make install. Additionally most modern Linux distributions (specifically RedHat) come with some version of GPG; just type 'gpg --version' to see if you have it.
Step 2: Getting my key
My key is available from Slashdot's public key hosting space: http://slashdot.org/~sllort/pubkey . All you need to do is save this web page (or its text contents) to a file somewhere on your hard drive, using wget in Linux or Save As in Windows. Next, you'll want to import my key. There are a number of ways to do this, but the best is probably to use the command line and 'gpg --import'. Just type 'gpg --import (name of my public key on your hard drive). Here's an example of how to do it in Linux:
[firstname.lastname@example.org root]# wget http://slashdot.org/~sllort/pubkey;gpg --import pubkey
Resolving slashdot.org... done.
Connecting to slashdot.org[18.104.22.168]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/plain]
[ ] 1,298 181.08K/s
19:47:15 (181.08 KB/s) - `pubkey' saved 
gpg: key E8D51376: not changed
gpg: Total number processed: 1
gpg: unchanged: 1
Your output will look a little different since you'll be importing a new key, not an old one.
Step 3: Validating a signature
This is somewhat tricky. Any post in which I use HTML formatting such as bold, italics, links, etc, must be copied from the HTML source, not from your browser. I try to avoid HTML formatting for just this reason, so if you don't see bold or italics, just highlight and copy the whole thing from '----BEGIN PGP' to 'END PGP SIGNATURE-----'. Nice Windows clients like NAI's PGP let you validate the contents of your clipboard (nice!) - this lets you highlight, right click, and press 'Validate PGP Signature'. The basic way to do this is to paste your selection into a file, save the file, and run 'gpg --verify' on the file like this:
[email@example.com]# gpg --verify .sllortpost
gpg: Signature made Tue 29 Oct 2002 12:51:18 PM EST using DSA key ID E8D51376
gpg: Good signature from "Sibil Llort (sllort) "
If you see anything other than 'Good signature from Sibil Llort', you're reading content from one of my dilligent fanboy impersonators. Lucky you!
Moderation Guidelines: an Addendum
Slashdot Moderation Guidelines : Addendum.
Slashdot's venerable Moderation Guidelines have long been a subject of speculation and interpretation. This is due in large part to the fact that they contain almost no information on how one should actually moderate. The Guidelines are in general rife with vague handwaving such as 'Bad Comments are flamebait' [sic] (from which we can divine that 'Flamebait' always means 'bad comment', as illogical as that may sound). This addendum has been written to be a useful resource for new Moderators and battle-hardened Slashdot readers alike. It is my intention that this Addendum, frequently updated, shall serve as a companion document to the original Guidelines and hopefully improve the quality of Slashdot moderation in general. If you would like others to read this document, you can place a link to it in your signature or user history:
<a href=/~sllort/journal/15007>have you read the Moderation Guidelines Addendum?</a>
- Patience. As a moderator, you have five points and three days to use them. There's no need to 'blow your load' and go moderate everything at once. You have a very limited amount of influence. You should save it for comments which are extraordinary, whether they be extraordinarily good or extraordinarily bad. If you are knowledgeable about something, pick stories which you know something about to moderate - this will help you to avoid accidentally moderating up garbage. Additionally, the best comments in a story are usually written well after the story is posted. In general, ignore the first hundred comments before you moderate.
- Maturity. When you moderate a user, you affect their karma, an internal score which is the single most important thing in dictating someone else's Slashdot experience. If you negatively moderate the same user with all your points (for instance), that user will probably be gagged from posting, and may suffer a decrease in their posting score, a decrease in their number of posts per day, and other negative consequences. You have been granted power which, if exercised malicously, can be used to silence or even eliminate someone else's voice from Slashdot. Approach this ability with maturity, and avoid using it. While Slashdot Editors have been known to use this power in anger, Slashdot users must hold themselves to a higher standard.
- Objectivity. It's easy to hold your own convictions close to your chest. When someone thoughtfully points out that the Verisign certificate used by Windows Update is in fact more secure than apt-get without signature checking, it's easy for Linux users to get angry at their operating system's weakness and direct that anger into bad moderation. While this is just one example, it's applicability is universal: don't break the system and moderate poorly just because someone has pointed out a fact you're uncomfortable with. As it stands, this is probably the #1 problem with Slashdot moderation today.
How to view a story
You may have already heard that Moderators should always view a story in '-1,Nested,Newest First', with all your Reason Modifiers set to Zero. If you haven't heard this before, now is the time to memorize it, because it's true. Here's why:
- Threshold: -1. Yes, you have to read the crap at -1 as a Moderator. Horrors! It's really not that bad, especially if you're reading the newest posts first, and not reading the first 100 comments. After the first 100 comments have gone by, most of the stuff that the average Slashdot reader objects to is no longer posted (because the visibility is too low to bother). The reason it is so important to read at -1 is to spot posts that have been unfairly moderated to this level and correct the mistakes. You won't believe how often this happens until you read at -1 and see for yourself.
- Nested: This is simple - the best comments on Slashdot are almost always replies, so you should read all of them. This is because, in general, people who reply have first considered someone else's opinion before considering their own. Think about it.
- Newest First: This too is a no-brainer. The older a comment is in a story, the less time someone spent thinking about it and writing it. Newer comments include people who read the article, people who did some research, or people who learned something new. All the good comments are the newest ones, and they are also the ones that Moderators tend to ignore. You can fix this problem by reading Newest First.
Remember to set your Reason Modifiers (located in User Preferences->Homepage) to zero if you've modified them already. Nonzero Reason Modifiers will distort your view of comments so that you can't find out what tier comments are viewed in by default.
- Krow, 10/23/02
So remember: -1, Nested, Newest first, zero Reason Modifiers. Don't click Moderate without it.
This is probably the biggest mystery on Slashdot. What do Insightful, Informative, Interesting, Offtopic, Flamebait, and Troll actually mean? You'd be surprised how many people don't know. This is probably because Slashdot has never documented what these labels mean. Are they mystical, magical, and purely subjective...? No. Here's what they really mean.
- Troll: The Big Ugly Moderation, reserved for those nasty people who live under bridges and eat children. What is a Troll comment? Well, the Troll moderation actually comes from the phrase "trolling for newbies", a fishing reference. The Troll moderation does not have anything to do with mythical creatures, and never has. Dedicated gun nut and German dance sensation Eric Raymond defined in detail what a troll is in his Jargon File. While hard to define, a Troll comment is a very specialized type of post which is crafted by an author to provoke replies which reveal the person replying to be stupid or immature. The key requirement when you are considering moderating a comment as a 'Troll' is to determine whether or not the person writing it was just kidding. This requires a great deal of insight, a personal trusted relationship with the author, or (preferably) psychic powers. If you are unsure of the author's intent, avoid this label like the plague, as you will (justifiably) be destroyed by MetaModeration. The Troll label is for 'experts only'.
- Flamebait: It is noteworthy to point out that the Jargon File entry for Flamebait reads 'See also: troll'. Flamebait is actually more specific than Troll, as it is a moderation label for troll posts which are designed to start an angry discussion or 'flamewar'. Because flamewars are universally stupid, Flamebait and Troll both meet the general requirement of attempting to humiliate anyone who replies. Flamebait is even harder to use than Troll, and requires not only the psychic ability to read the intent of the original poster, but also the ability to determine that the author was attempting to provoke a flamewar. This is a double-diamond super-expert moderation label. If you can use it correctly, you're probably either psychic or God. Keyword: correctly.
- Underrated: The most confusingly labelled moderation in existence, this should probably be renamed 'Good'. Underrated provides a means of raising a comment's score without judging it, and this dovetails with our goal of Objectivity nicely. Because you're not attempting to divine why a comment is good, you are not subject to MetaModeration when using Underrated. If you are a beginning moderator, you should probably use this 100% of the time. Once you are an expert, you can toss in the occasional "Informative" or suchlike moderation when you're really, really sure.
- Overrated: Overrated is also poorly labelled, as it can in general be applied to comments which are scored too highly but also to comments which are bad, useless, or stupid (for which no moderation labels exist). This can apply to content-free 'first-posts', meaningless babble, etc. Overrated is especially useful when attempting to wipe out the smattering of +5 scored comments from the first 100 posts which are content-free and posted for the sole purpose of elevating a user's karma. Overrated should be your negative moderation of choice, except in cases where you're 100% sure something is way Offtopic, or you're a psychic capable of using Troll. Remember, Overrated is immune to MetaModeration!
- Offtopic: The most abused moderation on Slashdot. The most important rule when using Offtopic is that the context of a post is relative to its parent. Therefore direct replies to the story should have something vaguely to do with the story, and direct replies to a comment should have something vaguely to do with that comment!. Here is an example:
- Poster A replies to a story about video cards with the comment 'I have one of these and I like it a lot'.
- Poster B replies to poster A with the comment 'Thanks for sharing. Your comment told me nothing, idiot.'
Which one of these comments should be marked Offtopic? Neither. They both are direct, on-topic replies to their parent post. The second comment is probably Overrated, though, because it contributes little to the discussion, and there is no 'Uncreative Insult' moderation label.
- Insightful, Informative, Interesting: These vanilla positive moderations are pretty easy to understand, and require little interpretation. Remember that when you use them, you limit the ability of a comment to be interpreted as anything else. If a comment is both insightful and informative (think Jon Carmack) and you label it Informative, you've put the comment in a little labelled box that constrains it from being thought of as insightful unless someone actually reads the comment. Remember that each label has a subjective, user-defined score, and some people may have Informative rated higher than Interesting - so be careful when boxing up comments to make sure they fit. Remember, when you're not sure, use Underrated. If a comment is already marked as Informative, and that label is correct, there is no need to pile on another Informative moderation. Just use Underrated instead.
- Funny: Never use this. Well, ok, you can use it, but understand that a lot of people have it set to zero. If you've never read Laugh Lab's 'world's funniest joke', now is the time for you to read it. This will help you understand that what you find funny is often not what someone else finds funny, and things that are universally funny are at best mildly amusing. That said, this moderation can be appropriate, but it's usually just a waste of your points.
This is probably the least understood facet of moderating on Slashdot. There are seven possible scores for every comment, each score representing a tier with requirements for each tier. If a comment is where it belongs, leave it there - otherwise move it. That is your job as a moderator.
- +5 : Absolute Gold. Comments worthy of a score of 5 are rare, and may not occur in every story. A +5 comment should be clearly written and contain information which really makes you a better person for having read it. Think about that requirement for a minute before realizing how few comments actually fit that bill.
- +4 : The Good Stuff. This is the category for exceptional comments which are not just clearly written but contain something valuable such as unique information, a relevant experience, or a new perspective.
- +3 : Good Comments. This is where you put just the good comments, stuff that may have some spelling or grammar errors but is far from useless. Informative links, calls for comments, enlightened discussion in general.
- +2 : Good conversation. This is where most regular Slashdot readers post by default. Toss someone out of this tier only if their content is hard to understand or lacks value. A little bit of adversarial tussling is ok in this tier.
- +1 : Average Conversation. This is where the millions of screaming voices that make up a Slashdot discussion should sit. Nothing extraordinary, nothing particularly well written nor anything particularly abusive. Moving someone down from this tier should only be done for good reason, such as abuse or illegibility.
- Zero : Anything but Abuse. Leave everything at tier zero unless it has a reason to go up except abuse.
- -1 : Abuse. This is the tier for attempts to break browsers, rendering hacks, malicious exploits of Slashdot or user browsers, hate speech, and copyright infringment. Think of tier -1 as 'deleted', and use it with the utmost care. Nothing belongs at tier -1 unless it was written to harm someone else.
Go forth and Moderate!
Hopefully reading this document has made you a better moderator (or at least helped you understand the system better). I will continue to add good suggestions to this document as I learn more, so feel free to send me your ideas and suggestions via the comment section or via email at operation_mongoose 'at' ziplip.com.