Kuro5hin - Bitter and Hopeful 254
Dylan Griffiths, known to Kuro5hin users as Inoshiro, gives us the sysadmin play-by-play:
"This started on Sunday night. Basically, I had been over at a friend's place, there had been a storm watch, and he's a ham radio guy. He's a member of Canwatch, which is a volunteer ham radio thing you can do once you get a license. We were out driving around all afternoon. We got home, watched some TV, and dropped me off at home. At that point it was pretty late and I was about to go to bed. Normally, I would just go to bed, but I sat in front of the computer to check out Kuro5hin, and I noticed that there were about nine stories in the moderation queue. I thought that was a bit odd, because we normally get one or two stories at a time, and they get voted on, so they either show up or disappear quickly. I went to the submission queue, and I saw one or two stories posted by people with handles, and the rest were all Anonymous Hero. I initially thought that perhaps some fellow had decided to post a few things on Sunday night so it would be there for Monday morning, because weekend traffic is about half of our weekday traffic. I figured I would just delete the extras. The subject lines for the submissions were all just random strings of text. I didn't know why that would be, so I deleted a couple of them, and noticed that a couple came back. So, I logged into the server and I was going to see if I could block the garbage submissions. I also logged into the IRC channel to see if anyone knew what was going on. That's where people told me about a user named Kano, and how he was angry that his story was voted down so quickly. In the interest of getting the facts, I wanted to block what was going on, and get more of the story. I blocked it, fired off a couple of mails to [Kuro5hin creator] Rusty (Foster), and talked with some of the guys on IRC because on the whole, they're nice people. Kuro5hin has a great bunch of people that helped me and Rusty through this. We talked about it, and one of the channel members mentioned that the machine the attacks were coming from looked like it had a bunch of ports open. When I traced it through the whois database, it was a part of a server farm in a hosting company. So, you'd think they'd only have web, and maybe ssh and telnet open for admin purposes, and everything else would be centralized, because that's what you do when you have 400 machines."
The team leaps to action
Inoshiro continues, "Rusty joined the chat on Sunday night, and the IRC channel users banded together. We banned two subnets, and the channel people helped us clean up the submission queue. The box on one of the subnets we banned was obviously cracked. In addition to ftp ssh and http, they had sunrpc open, nfs, mysql and irc. So, besides the obvious fact that mysql should be open like that and the Sunrpc services, irc is something you don't see on a webhosting farm. I don't think the spammer expected us to block him quite so quickly. It took me about 40 minutes for me to block him because a router between me and k5 went mad and was giving me 3000ms latency. It was the first time I'd actually had to do it. Once it was blocked, that's when the channel helped us clean up. Then, within 20 minutes, it started coming in again. That one was blocked within about ten minutes, and that was a proxy server. Everything else since then has been cracked boxes.
"I got it down to the point where we would see five scroll by, and when we got to the end, I basically ignored everything else I was doing, and blocked submissions as they came in. It wasn't until Monday night that the router between myself and k5 stopped giving us incredibly high ping times.
"I went to bed, and I slept in a little bit. I got up, joined the channel. Since I finished school earlier this month, I talk to people in the channel in the morning because most of the people I know are asleep or have a job. I've been sort of looking for employment recently, but I've been spending a lot of time working on k5. I usually talk to them in the channel, because Rusty was gone for two weeks and I was the only admin around. I'd been spending more time just talking to people. We had a bit of a chat, a few people proposed ideas about who they thought might have done it. Nothing was really resolved. Then I noticed that there was more stuff coming in the queue. I contacted Rusty at work, and he joined the IRC chat, and we talked about it. We spent Monday getting some of the scoop developers to disable anonymous story submissions, then we added logging to a bunch of things. Basically, Monday was the day when we were babysitting k5. The poster would switch their submission to a new cracked box. I was watching the output of the log and ipchains the subnet, look up the person responsible, and cc: it to Rusty. The people Rusty used to work for, intes.net, offered legal support. They've been really great about it because even though Rusty doesn't work for them anymore, they were still hosting the box until we get it all moved."
On Tuesday, the system abuse continued not only in the submission queue, but also in the commenting system used by readers to share their feelings or concerns about news items that Kuro5hin posts throughout the day.
More from Inoshiro: "I mailed [Slashdot Founder] Rob (Malda) on Tuesday morning, and I wasn't sure how he'd take it. Usually his replies are given out with as few words as possible. After a couple of replies, we were sending 8 or 9 paragraphs back and forth all day. He suggested a few things, and Rusty said he didn't realize it could have gotten that bad so quickly. My buddy from Sunday came over, and I watching Kuro5hin and he was helping me set up networking booting with an OpenBSD box I have here. It was ten o'clock, and we went to watch The Simpsons. While we watched, the guy had just been spamming the server more. he started spamming about fifteen minutes after we went to watch The Simpsons. How could someone do this? This is like proving a windshield is made of glass by smashing it."
So, at three in the morning at the Villa Hotel in San Mateo, Rusty Foster, Kuro5hin's creator, replaced his website with a black page telling the story of the denial of service attacks. I got a chance to speak to Rusty today while he was in his office at OpenSales.
Rusty said, "Today I'm bitter and hopeful. Yesterday I was bitter and depressed. It bothers me a lot, is the best I can put it."
The fact that Kuro5hin is entirely volunteer-run, added to the fact that they've got an active IRC presence and die-hard fans, lends itself to community building. People read Kuro5hin, post comments, and share their feelings and criticisms with people around the world. In the end, the Kuro5hin staff is resolved to not let the misguided destruction of one incident destroy the community they have built from the ground up.
"I think that we will get the site back up," Rusty said. "It will not be entirely the same as it was before. Anonymous access is gonna go. That's all there is to it. There's a place for anonymous access and I'm all for free speech, but there's also got to be a place for real people who will stand up and identify themselves, more or less. We're not even asking for identities, we're asking people to create a pseudonym and use it. Slashdot pretty much has the market cornered on free and open access, and I'm a lot more impressed now with the crap you put up with."
I'm aiming for a month. I'm leaving in August to go to Italy, and then immediately after that, my sister's getting married. I won't be back here with reliable access until the middle off August. There are a bunch of great developers that work on the code, and I'm going to put together a list of things that need to be done. Knowing them, they'll probably do most of them. Whatever remains, I'll do when I get back, and then we will re-launch amid great fanfare. I got a lot of great E-mails from people supporting the site, and a lot of them supprting my decision to close it until we've taken care of the problem, and I would like to thank them collectively for all their support, making me feel better, and inspiring me to actually get the site back."
Update: 07/26 08:59 PM by CT : Just wanted to throw my 2 bits in... VA Linux Systems is gonna help with some hardware since the Kuro5hin system really was strugglign to keep up with their existing hardware. That doesn't address the spam attacks which we've also spent quite a bit of time discussing. I'm personally finding this really interesting since I've gone through it all with Slashdot over the years, and seeing it done to someone else with the benefit of hindsight and experience is quite interesting. The frusteration you feel when something you work so hard on is screwed with by troublemakers is hard to describe: especially when you're just a volunteer. Slashdot wouldn't have survived that stage without help from a lot of people... Best of luck to you guys, and I hope to see ya pull through this.
Re:Another one (better?) (Score:1)
You have learned me the haiku.
I will try harder.
....
Kuro5hin is gone
To rally its defenses.
Wait in eager hope.
Re:Kuro5hin - what Slashdot could do to help (Score:2)
OT: Interbase docs (Score:1)
Interbase documentaion is available from ftp://ftp2.interbase.c om/pub/products/beta6.0/ib_b60_doc.zip [interbase.com]
It's in PDF, from memory.
Re:Kuro5hin - what Slashdot could do to help (Score:1)
A few "Company X is going down, I know because I work there" posts, but otherwise you're right.
Of course, the difference between "MrBogus (173033)" and Anonymous Coward is 1 point and a whole lotta nothing.
Re:Hope (Score:1)
Re:Whatever Help They Need.. (Score:1)
Heck, why stop with open-source, distributed-development software? Let's go for distributed-development network infrastructure and policing as well. This was obviously perpetrated for purely malicious purpose and for no good reason, so let's find the bastards and show them what for.
Re:TM ain't everything (Score:1)
But otherwise, you're basically right--they are all GPL so anybody who thinks they can do better are free to do so.
Re:Y'all betta listen up! (Score:1)
Amen, brother Lethargy!
I fully agree with Mr. Moore's implied statements. I'm still planning to vote for Gore (as he assumed) but now, at least, I will be sure to vote. (Before, it was going to be just 'if I have time'...) While some of the moderators believe that your comment is a troll (I *DO* have to agree with the two that think it offtopic, even if it *IS* good...) I found it very enlightening.
Hey, not all trolls are bad trolls... ;-)
Tracking them down? (Score:3)
I mean it may take a few times (if the box is vulnerable, sure there's an increased likelyhood of a lack of clueful administration) before you'll find someone that can help you, and if they're bouncing between multiple hops, it'll mean coordinating or conferencing phone calls, but it CAN be done.
The reason script kiddies get away with shit like this is because nobody ever takes the time and effort to track them down and prosecute. Since nobody does it, the l33t0 hax0r kiddies figure they're invincible and keep right on doing it.
The tools DO exist to track them down. There's always a trail if you can just find admins willing to help you every hop of the way. Given the nature of the attack, he's probably using the cracked machines solely for their unique network addresses, not as a means of hiding his identity. Given the number of such hosts, it should have been trivially easy to find SOMEONE willing to track this asshole back to his ISP.
Re:deja vu (Score:1)
Re:Crackers should be hunted down - Not a Flame Ba (Score:1)
Slashdot deciding on what is right and wrong isn't really a good idea. News is (ideally) unbiased. News != Opinion. Of course, this is never true and any account of anything is inherently biased in some way, but there are levels of bias and slashdot is fairly unbiased imho (other than linux/opensource issues, of course
Clear rules as far as reporting goes brings us closer and closer to the orwellian nightmare of 1984.
Kuro5hin does allow anonymity (Score:1)
Re:Kuro5hin - what Slashdot could do to help (Score:2)
Re:Glasscode/Half-Empty (Score:1)
Since I'm already posting this, might as well add some more info. It's running Java 1.1 servlets (JServ/Apache) with MySQL.
That's all
Re:I guess you're kinda new here. (Score:1)
In other words.. Get a face, get a name, don't hide behind AC's skirts.
Re:About using *so* many cracked boxes... (Score:1)
No, it's in the ethernet header. And only if
the source is on the same segment as the target.
>Is that spoofable?
Yes.
Re:Y'all betta listen up! (Score:1)
Re:I got a solution (Score:1)
Did I mention anything about hacking those boxes?
Post the IP's of the cracker, not the cracked boxes.
False. Post the IPs of both so we can contact those admins and slashdot them with requests to fix those systems to stop the DoS, and then pressure the authorities to get involved.
You, 11223, jump to conclusions far too quickly. Not only that, but your posting history seems conspicuous to say the least... troll.
Re:Kuro5hin - what Slashdot could do to help (Score:2)
"K5 Troll" Script ; "Slashtroll" no longer exists (Score:5)
Apparently this script [subdimension.com] was used to spam K5, and the guy that created it has a web site [subdimension.com], although it offers no explanation on WHY they did this. Maybe having the script will help you block it. The address of the script was posted as another anonymous message in this thread.
He claims he was inspired by Slashtroll [tripod.com], a similar script for trolling Slashdot. The author of Slashtroll (zk65) removed the program after seeing what happened to K5, and posted a message here [tripod.com].
Implementing a trust metric for kuro5hin (Score:5)
I think this was metioned in the other story [slashdot.org], but it's such a good idea that it bears repeating here.
How about making kuro5hin based on a trust metric?
Here's how it might start out. rusty and Inoshiro and a few trusted other (perhaps loyal kuro5hin readers) would start off as the web of trust. As people begin to submit stories and get them moved to the front page, they can get "moderated" up to be trusted to submit reasonable stories. Perhaps as people gain trust, they can have their stories moved to the front page faster. Presumably, these same people would eventually be included in the trust web and extended "moderation" privileges. And soon you would have enough people that the load would be distributed evenly.
Of course, there could also be an increasingly (exponential) penalty for submitting crap, eventually cumulating in the banishment of the user/IP from submitting stories for some amount of time. If the banishment is not for all time, then the trust would have to be slowly extended back to this person. This would hopefully prevent cyclical occurences of spammation.
I think this preserves the idea of kuro5hin, allowing the community to decide what gets posted, while limiting the community to something reasonable. The same idea could even be applied to comments as well, to prevent people from screwing the comment queue as well.
Thinking of it in Slashdot terms, for those of you who are die-hard Slashdot fans, the trust web is akin to karma.
I really miss kuro5hin. This was the first idea that popped into my head for fixing things.
What do people think?
This is kinda funny (Score:1)
But really, leave reasoning to people who are capable of it. For now, just repeat after me: If somebody with a nick says the sky is green, and an AC says it's blue, the guy with the nick is still a moron and the AC is still right, regardless of which statement is associated with which name.
He can reason better than you can. Your empirical anylsis has one major flaw which cannot be said enough, because you don't seem to listen: NO EVIDENCE, nothing, in fact all evidence suggests the opposite. I am in no way saying malda, roblimo, or anyone is god/deserves more respect than another human. But when everything points towards /. and kuro5hin getting along like friends, especially with kuro5hin current page providing links to discuss on /., claiming a viewpoint like this is just dumb.
Not done yet...
You also claimed in your original post that /. and kuro5hin were "competitors" of somekind. How so? /. is up there with sites like arstechnica ZDnet and C|net. Kuro5hin is a hobbiest site done in its spare time for chrissake. They've even said on the blackout page that they are considering moving the focus to nicks only to avoid DOS attacks, and you are posting as an AC here. Ha! That's just funny.
I'll go now
It's not the links (Score:1)
Intermediate links? They're all fine: pings and traceroutes go through without problems in tens of milliseconds. It's just /.- it's by far the least reliable site I visit often. (Phillynews.com is a distant second.)
Eric
Staggering irony department (Score:1)
Check again: well it got posted. Decided to write this message. Took 3 attempts to get the post comment page, and so far at least one failure to post...
Sigh
No, it's obvious you're an idiot. (Score:1)
No proof. No evidence. No reason for believing something other than you have a personal gripe against /. for some reason.
I note you're afraid to stake *ANY* name behind what you say.
What Slashdot could do to suck? No thanks. (Score:2)
The level of clue on Slashdot has dropped exponentially for the last several months (at least). I don't care about all the morons who post on Slashdot. I can ignore them even when browsing at -1.
But, I don't want them picking the stories I read.
Other sites in danger as well (Score:3)
Although I didn't see any problems on it earlier this week, Scoop.kuro5hin.org has been under attack all day.
--
Be insightful. If you can't be insightful, be informative.
If you can't be informative, use my name
Yahoo DOS today? (Score:1)
I couldn't find any news items about a Yahoo dos today.
Just my isps dns?
Re:Anonymous Twits (Score:1)
Re:Open letter to Rusty (Score:2)
Additionally, I intend to be unemployed for a couple of weeks in August, and would happily volunteer time to do grunt coding work, etc, if they need it.
Robert West
aphrael@nospam@burble.org
Re:Kuro5hin - what Slashdot could do to help (Score:1)
I personally have made at least five posts in the last year or so with information that I would not have been able to pass on if I could not be an AC. Most recently this included the 5-day exchange server outage at the large company that I work for, which was due to bugs which Microsoft will never own up to in public. I don't know if my posts were "informative" or "interesting", but I do know they would probably terminate my current employment if they were traced back to me. I also know that they contain information that needs to be passed on to the world, and I can't do that if I'm not an AC.
Also, originally registered users who admitted they were moderators lost their moderator access, so it was necessary to post discussions of moderation as an AC. This hasn't been enforced for a while, though, as far as I can tell.
...signed, Anonymous Coward (of course)
Re:(OT) Anyone noticed Cryptome is down too? (Score:1)
I saw an article earlier (possibly on Wired?) that cryptome was also suffering from a DOS attack.
Re:Irony (OT) (Score:1)
I've notice that refresh seems to work
For me, I've noticed major issues with the slashdot.org address. If I manually switch the link to slashdot.com, I get an instant reponse, and about twice the speed at loading the page, before IE decides to take an hour processing the HTML for display... (still faster than Netscape, though, only reason I use it).
My connection is a T1 to UUNET, and it's normally a VERY empty T1 at that. Late at night, west coast, about 1-2 people sharing the T1 with me...
Everything except (Score:4)
--
Re:TM ain't everything (Score:2)
I find the whole thing confusing.
*wink*
They need suits (Score:5)
Re:animosity (Score:3)
check out Advogato.org (Score:2)
Re:Not trying to be flaimbate... (Score:2)
Maybe, had I interpreted it the way you did, I wouldn't have been so harsh, but the fact still remains. JonKatz is always advocating geeks to act rather than sit on their asses (Take "Shut down Metallica, not Napster" by JK). JK is usually extremely verbose. Why doesn't he give some suggestions as to how we can help K5 or what he's doing to help?
I think we both have points here. I apologize that I may have misinterpreted his original post. If I had read it differently, I wouldn't have been so harsh, but I'd still raise the same point.
kwsNI
I'm really pissed (reward offered) (Score:3)
I was in a great mood yesterday until this happened. I'd just had my first story ever accepted by Slashdot (The Interbase one), I had an interesting job interview, and then K5 goes down.
I read K5 more than Slashdot these days, and post a lot more on there. I try and submit a story or two a week, and I have great fun there.
I had this great book review (of "The Forever War" by Jon Haldeman - great book, possibly the best '70s Hard SciFi I've ever read) half typed up. I log on, and I saw the submission queue with 25 entries. I think "Oh shit.. They are trolling K5" - sure enough, that's what it was.
Why would someone do this? I never understood people doing it on Slashdot, either. Once in a while, a good hand written troll is funny because of the reaction, but script-trolling? Why? Everyone knows you can do it - there is no challenge.
Anyway. I'm going to do something about it. I'm offering a $200 reward (that's Australian $s) in the event of someone turing the K5 troll in, and successful legal action being taken.
Sure, it's not a huge amount, but I hope a few others will do the same, and we'll see what happens. Yes, I'm serious.
Re:Open letter to Rusty (Score:3)
D
----
Re:Everything except (Score:2)
And spiralx was a very good member of Smokedot [smokedot.org] as well, until the DSL connection died for about three weeks. I haven't seen him back there since.
--
Wouldn't work. (Score:2)
Even then, the pipe between your router, and the internet can be clogged, depending on how fat it is. I suppose it could be theoretically scripted so that it monitors incoming traffic at the server, and when it has a suspected spam attack happening, it logs into the router, and blocks the address or subnet the the attack is originating from. I'd be a little squeamish about my webserver having that kind of control over my router tho.
Re:Tracking them down? (Score:2)
Crackers should be hunted down - Not a Flame Bait! (Score:2)
I wish this guys would identify those script kiddies and wipe the floor with their ass. I was looking at the "Know thy enemy" article on rootprompt.org and its quite interesting to see the type of people who does this, and who profess to be hackers. I could imagine "nothing to do" 14 yr old kids, morons who have no better job to do, and people who are trying to prove to the world that they could make an impact on this economy and the internet that fosters it, by bringing it down. Though I would respect the meticulous manner in which some of these attacks are organised, I would definitely love to see them go down. It doesnt make the world a better place, coz there would be still a lot of them out there and you could only do so much.
Slashdot for one, need to make a clear definition as to whats right and whats wrong. If we tell the future generations that pirating is ok, trading pirated software is ok, then theres nothing stopping them from resorting to dos attacks like this, just because they believe what they do is true. This is a never ending question and theres no clear cut answer as to whats right or wrong. The line is thin and it borders on the consciousness of us human beings. Most of the times, we are so hard to identify whats right or wrong. Whats right ? Is trading pirated software right thing to do ? Is napster evil ? Or is it the Music Industry who is licking their fingers ? Who is the winner and whos the loser ? There are no clear rules in this game. As long as there are people who believe that the laws of the land doesnt apply to them, and they could do what they please, we would see more of this. And if they are careful enough to cover their tracks, like anonymous cowards, they would keep on doing it. But the question that begs attention is, are we right in condemning them ? Are we better off than these script kiddies ??
This is not a flame Bait. I wish we could all debate on this.
Script Kiddies and Perceived Threat (Score:2)
Considering what others have said on the subject of Script Kiddie Psychology [slashdot.org], it figures that these kids would attack those in a position to make compare favourably to them.
It struck me that this point of view is essentially identical to that of the schoolyard bully who picks on smart kids, because everyone is always telling him he's not smart (for example).
Still, I find it strange that these kids would want to attack someone who may be a fellow IT peer a few years down the track. All depends on who you feel most threatened by, no? The schoolyard bully sees more threat in the nonviolent academic kids than in the schoolyard principal.
Anyway, I don't want to start generalizing. I am only talking about this particular instance of the scriptkiddies.
--
Re:Kuro5hin - what Slashdot could do to help (Score:2)
How can you know you don't like it before you read it, heh?
I think that's one of the nice aspects of moderation, if an anonymous person posts something interesting, it's usually modded up.
Just my .02
Re:USA - Centre of the world! (Score:2)
Puh'leeze... we're out here
Okay... I'll do the stupid things first, then you shy people follow.
K5 Troll || Beware the blackhole (Score:2)
This is obvoiusly the software that is being used to do this, If anybody wants the annonuncement it was posted on sid=slashcode, this seriously angers me, that someone should take it to this extent, I admit i've done crap to slashdot but seeing what I can do i've stopped developing sTs and put an explaination why on slashtroll.tripod.com
It pisses me off that someone should take a whole website down
Re:Implementing a trust metric for kuro5hin (Score:2)
Have you seen Advogato? They do exactly this.
That's kind of where I got the idea from. :)
Re:Open letter to Rusty (Score:3)
Re:Open letter to Rusty (Score:3)
D
----
K5 Troll 0.1 (Score:2)
K5 Troll Developer
Re:Open letter to Rusty (Score:2)
I will gladly accept donations on behalf of k5.
j/k
On a serious note, I want to reiterate that it's great to see everyone rallying together like this. Where exactly are the k5 staff located? That information may help out in letting you know what we can do to help. If you're in the Chicago area, I know a great bunch that would love to assist you guys. Since you aren't necessarily going to be able to go through all your mail, I thought it would be an idea to post that here.
Dissenter
Errm, wrong, but nice try (Score:2)
Slashdot and kuro5hin were at war - the only people who believed this were the pathetic slashdot trolls like spiralx and fluffy grue(who wants DDoSed slashdot) who were always pushing the conspiracy theory edge.
Not to put too fine a word on it, but bollocks. I've never believed /. and k5 were at war or even in competition, its obviously not the case to anyone with half a clue about either site. A few sly jokes was about the most it ever got to.
I like kuro5hin and I read it every day during the week whilst I'm at work. I don't post that often, but I do when I've got something to say. I haven't trolled k5 and I won't troll k5, because it simply doesn't have the knee-jerk crowd /. has.
You need to calm down and stop throwing blame around. I don't think anyone really thinks /. attacked kuro5hin.
Re:K5 Troll 0.1 (Score:2)
itachi, responding to a troll for no good reason
S/N, not bandwidth (mostly) (Score:3)
Rusty pulled K5 "because I didn't want my name associated with what was showing up on the site". The issue was discriminating signal from noise. At a certain point, things reached the level of crashing scoop.k5.org, but this wasn't the initial or principle problem.
The problem is that IP-based blocking only works against finite IPs. In this case, the attacks were coming from a relatively small number of sites, but things kept escalating beyond the ability of the K5 volunteer staff to deal with them.
Yes, chokepoint DoS is a possible attack, but the weblog was choking on poor quality data long before that.
What part of "Gestalt" don't you understand?
Scope out Kuro5hin [kuro5hin.org]
Re:Damn shrewd of VA (Score:3)
Are you kidding? It's one of the best marketing moves they could have made. You can't buy publicity like that. Even if they weren't really nice guys they'd probably be doing it for the free advertising.
You're probably right, but that goes for any good deeds a company does. And usually, people get suspicious no matter how altruistic you are. Coors got in trouble for giving a hundred thousand dollars to a gay rights group with their community because the owners sometimes give money to conservative groups, too. Coors is one of the best places you can work if you're g/l/b, but get branded as an 'enemy' anyway.
I think you are totally correct when you say that this is a great move from a marketting standpoint, but I also get really annoyed when people get all suspicious of 'big corporations'. People don't seem to have any rational basis for their anti-company bias, other than something they heard on TV or in a movie.
Then you get companies like VA, which is filled with people who work their asses off to make great products, and they get jumped on. It is this kind of anti-corporatism bias which leads to script kiddie vigilantes. K5 was a volunteer effort, but the same principle applies: you get punished for being successful and useful for thousands of people.
With all that said, now that I think of it, everyone who reads K5 who would buy VA stuff probably already does. It isn't like they need more visibility or Open Source community legitimacy.
Re:I got a solution (Score:2)
If a post is overrated, yeah, moderate it overrated. But don't decide that just because you don't like a poster, the rest of us should have to wade through whiny complaints or miss posts moderated purely for dickish motives.
The internet would be a much better place if people would just take a fucking pill and chill out. And that includes both the people with the anti-Kuro5hin vendetta and a lot of Slashdot posters.
All the complaints about karma-whoring are far more annoying than the karma-whoring is in the first place.
Response to all the childish conspiracy theorists (Score:4)
It is sad enough that one of the most interesting online discussions I've had in a while has been lost due to kuro5hin going down but now to see people cheapen the memory of the site in a CHEAP attempt to karma whore and seem deep is just too disgusting for words.
To all the idiots who think slashdot had something to do with this I'd like you to consider your words in this light...
- Slashdot and kuro5hin were at war - the only people who believed this were the pathetic slashdot trolls like spiralx and fluffy grue(who wants DDoSed slashdot) who were always pushing the conspiracy theory edge.
- Micheal [slashdot.org] has posted to kuro5hin several times and the other slashdot authors read it as well. CmdrTaco offered rusty help and gave advice on how to deal with the DDoS attempts several times. The only people who have ever believed they are at war are the small-minded people who can not like two things at once, who must always believe something has to be one "hip", "cool" or "in thing to do or like. These people have been spreading disinformation, malice and discord simply bnecause they have nothing beter to do with their time. They are quite similar to the "Redhat wants to be the Linux monopoly" idiots but only this time, they are posting their drivel at an innoportune moment.
Frankly this entire affair has deeply shaken my faith in human nature. There I was thinking that online I'd find a community of like-minded intellectuals who I could share and discuss ideas with that I couldn't find In Real Life. Instead one community turns out to be as full of petty, small-minded individuals as my hated highschool was while the other has probably been destroyed forever by some immature individual because his story on masturbation was rejected by the community.I gotta go I've got a Physics test in an hour. I will say this though, if anyone wants to start another kuro5hin and needs an extra pair of hands mail me [mailto].
Cracker doesn't watch the Simpsons??? (Score:5)
Damn right! Doesn't this cracker have any sense of cultural literacy? I bet he watches the Home Shopping Network for fun.
Re:About using *so* many cracked boxes... (Score:2)
-Davidu
Re:Irony (Score:2)
Bear in mind that I am not trying to flame slashdot, obviously I like it or I wouldn't read it. But most of these problems I see in the middle of the night (eastern time2 or 3 am). You have to wonder then because you KNOW they aren't getting nearly as many hits as they are getting at 11 or 12 am. That's all. I do love /. and if I was a coder I would contribute, but I'm not so I suggest instead.
And true /. is not in the same league as Yahoo, but I consider it to be a lot larger than my friend from colleges site, and they have a LOT of money and major corporate backing.
Just my opinion mind you.
Marc
Damn (Score:2)
We don't know how bad things are in north korea, but here are some pictures of hungry children. -- CNN
It's pretty obvious.. (Score:2)
/. sub queue (Score:2)
Of course, with /., we don't know what goes on in the sub queue, or if/when it's being attacked. It would be interesting to know about this, though there is the copycat problem associated with asking the question.
And I've got to say, /.'s been a great friend of K5 today, shout out to VA as well. Thanks, people. The world may not be perfect, but parts of it are excellent.
What part of "Gestalt" don't you understand?
Scope out Kuro5hin [kuro5hin.org]
Re:Everything except (Score:2)
I (== fluffy grue, incase you couldn't guess) trolled here only briefly. I quickly got tired of it, after I discovered Kuro5hin. This is the first time I've been to Slashdot in several months, because someone on Everything2 asked me if what was being said about me is true.
I was quite open on Kuro5hin about having been the President Clinton spammer. My handiwork is visible at the top of the Hall of Fame page. Aside from that, I haven't caused any permanent damage, and my relatively-harmless prank DID lead to some necessary changes in the way that anonymous posts on here were dealt with. I resent that it was called a DDoS, because it never even slowed down Slashdot's server, and it wasn't from multiple IP addresses (it was only from a single IP address, hence it was not distributed).
I resent being called a 'conspiracy theorist.' Any conspiracy theories I ever spouted off about were meant to be purely tongue-in-cheek. I never believed or stated that K5 and /. were at war, I just stated that I disliked /. and felt I had no reason to ever go back. And, aside from hearing about and finding this thread concerning me, I haven't come back, and I haven't had any reason to come back, and I will not continue to have any reason to come back, so I, most likely, will not come back.
Yes, it sucks that I trolled and spammed here (for a WHOLE THREE DAYS, no less). In the long run, what harm did it do? Not a whole lot; it did more good than harm (as it gave Rob&co. a bit of a clue regarding the notion of 'throttling').
If I hadn't done the spambot, someone else would have. In fact, other people have, since then, and I know I wasn't the first to write any sort of auto-trolling thing. The only differences were a matter of scale (it was obvious that these problems needed to be POINTED OUT to the administration here) and the fact that I released my source.
FWIW, my original idea was to mirror the Linux kernel source in comments, using comment parenting as a directory hierarchy, but I got caught up in the moment and did all that fortune crap instead. :)
I think that my only regret was that my "State of the Spam address" got moderated down and therefore nuked. I should have saved a copy; I personally thought it was brilliant, as did RL friends of mine who were there at the time. (In case you missed it, I took the post-Monica Lewinsky speech and changed just enough words that it vaguely referred to the spambot instead of the sex scandal.)
Oh, though I've heard that someone else has started posting Clintonesque speeches as their troll shpiel. It was kinda flattering to hear that. :)
Anyway. Not to get too carried away in talking about my last few days on Slashdot... If you must discuss this with me, email me (use my academic account address, joshagam at cs dot nmsu dot edu, since I wouldn't want the good friend who hosts my personal account to have his relatively-small connection frotzed up because of someone who has a vendetta against me deciding to spam me at it). I'm trying my hardest to be civil and forthcoming. I'd hope that anyone who feels like continuing this discussion to feel the same.
Now if you don't mind, I'm leaving /. again.
---
"'Is not a quine' is not a quine" is a quine [nmsu.edu].
Irony (Score:5)
But here's how I see it, /. is on hardcore equipment, and pays people to run it. If I ran a server (NT jokes aside) that was this unreliable I would be fired in about a week.
How about the odd story that at least tells us what is going on. Just throw something in the quickies like Hey we had some problems due to a mySQL misconfig, here's what happened and why. Not only would this satisfy a lot of us /bitchers, but it may provide a learning experience for all of us using similar tools.
History (Score:5)
Why did we think public-comment websites would be substantially different from Usenet? The only real social diff here is that Usenet has a much bigger group of volunteers trying to keep it working (cancelbots, etc.). It seems like the experiments in trust-based submission networks haven't given use the best answer yet.
I feel really bad for Kuri5hin. But as a denizen of one of the hotter parts of Usenet for the last decade, it is all eerily familiar, and in these web-spaces there are no killfiles to adjust.
Re:Implementing a trust metric for kuro5hin (Score:2)
Good for them... (Score:2)
It really is complicated to think about the best methods of moderation compared to traffic levels. I've got a creative writing [storysprawl.com] site that makes group-created cyoa books - right now it's low-traffic enough that I don't need any of these techniques, but I've thought a lot about how to increase it with popularity. The best idea I've had so far is a sort of clustering approach where people vouch for each other - popularity combined with there being an "in" crowd - but that feels a bit complicated to implement for someone who doesn't have a CS degree like myself.
Looking forward to next month when they come live again...
tune
Is slash vulnerable to the same thing? (Score:3)
Breakfast Cereal Contamination Alert! [freep.com]
Read this [freep.com] if you or your kids eat General Mills breakfast cereal.
Re:Kuro5hin - what Slashdot could do to help (Score:4)
Not at all true. Other web based forums rely upon a valid E-Mail address that the user must be able to reply from in order to register. One that I know of that remains quite busy has the additional restriction of not allowing you to use free services, such as hotmail or yahoo. With such a system in place, you can actually make those bans stick.
True, even in this case there are ways to get around the system, but it requires a lot more work for the average spammer.
Not trying to be flaimbate... (Score:2)
Of all people, I wouldn't expect you to be one to say: We should do something. If there's anything that's consistent in your articles, it's that you advocate action, even if what you don't succeed. You've always been one to stand up and do something if you believe in it. I'm pretty disappointed...
kwsNI
Re:Open letter to Rusty (Score:2)
Hey, we're a community, right? And aren't community members supposed to help each other out in times of need?
Absolutely. This is what we need to be seeing. I am personally going through some pretty tough times, and it has been the support and assistance of my friends and my community which brought me through it. I am not a K5 reader, but it made my blood boil to hear about how someone tore them down.
I'm especially impressed that VA Linux is donating machinery to help. This is a time when we have to help one another out. So that, a year from now, the script kiddie is in jail or paying off a fine, while K5 is as strong as ever.
Blogs and discussion sites give people tremendous freedom. But things like this are a reminder that unless exercised responsibly, freedom is short lived. Sites which are constantly abused end up, if they survive at all, locked down, restricted and paranoid.
Re:Open letter to Rusty (Score:5)
Anyway, for all those who can't wait, basically, I appreciate all your support a whole lot. A bunch of people have offered various things, from hardware to bandwidth to security services, and they are all appreciated. I'm just trying to get on top of the whole situation right now, but I will get back to everyone who wrote. This community rocks, and is the reason I'm "bitter and hopeful" now rather than bitter and depressed. Thanks all.
--
Re:Kuro5hin - what Slashdot could do to help (Score:5)
TM ain't everything (Score:2)
What pains me is that the Three Big Weblogs (TBW) have portions of the solution. Slashdot has filtering tools. K5 has a good moderation system. Advogato has a good membership vetting system. However, the pieces need to be put together. Having them on seperate systems doesn't quite cut it.
What part of "Gestalt" don't you understand?
Scope out Kuro5hin [kuro5hin.org]
Re:Irony (Score:2)
Ya know, people talk about how unreliable
The way I figure it, no site posted on
Unless I'm wrong.
Re:Kuro5hin - what Slashdot could do to help (Score:3)
Re:Riiiight. Sure, don't mention who really did it (Score:5)
--
More of a joke people don't get. (Score:2)
It's like how good friends mock each other and pick on each other, etc. K5 and /. do that. K5 constantly puts up things like "at a certain other discussion site" and so forth.
Re:Is slash vulnerable to the same thing? (Score:2)
--
Why I posted this... (Score:2)
Since they've all been moderated down, my post seems weird out of context. There were also several sub-level posts that played this angle up but I don't have time to find links to all of them. Frankly, several people on K5 do try to play up the Slashdot vs. kuro5hin angle more than you do I simply remembered your name and that of fluffy grue. Probably because you both troll or have trolled slashdot.
PS: I like Jon Erikkson, keep it up.
Re:Glasscode/Half-Empty (Score:2)
Unfortunately, it takes more than great code to make a great site. You could have perfect code, incredible features, but if you don't have an active audience and interesting content, your site *will* fail.
I am in an opposite position than you are; I have an audience, I have content, I have a server that can work for the time being, but I have no code. And most of all I lack the experience to prevent attacks like this one on k5 from happening to my site or even the knowledge of what to do if my site were to be attacked. Thus it is a liability for me to put up a site like k5.
I've gone on too long on this tangent, but let me reiterate that it takes both sides of the equation to make a site really work.
Another one (better?) (Score:2)
Where kuro5hin used to be.
Fuck you, skr1pt k1ddi3z.
(Can one say fuck in haiku? I hope so...)
--
That's not really the idea (Score:2)
The idea is more to put the fear of being caught into the mind of the troll.
I'm really, really serious about the reward. I will pay it, and I will consider paying some/most of it for any infomation leading to getting him at least kicked of his ISP.
Open letter to Rusty (Score:5)
"Howdy. I've been reading k5 for a few months now, and I was really getting to enjoy it. Not just the site, but the community of people that read and posted there. Needless to say, I was saddened to find that k5 has been brought down by script kiddies. I'd like to do something to help, but I probably can't offer anything in the way of coding skills that you guys don't already have. Thus, I was wondering if I'd be able to send you guys some sort of monetary donations, to be put towards higher-end hardware or better net connectivity or whatever. The only other person I've talked to about this is interested in donating as well.
Hey, we're a community, right? And aren't community members supposed to help each other out in times of need?"
Slashdot next? (Score:5)
On a related note, what's up with Slashdot tonight, it seems slower than ever... Hello, am I reaching?
--
Confused by typos? (Score:5)
I just donated $20 to Rusty; how about you? (Score:3)
I sent a $20 donation to Rusty Foster (Kuro5hin.org's founder) with PayPal [paypal.com] using the rusty@intes.net [mailto] address listed in the WHOIS servers as he contact for kuro5hin.org. He has replied to me in email, so I know he received it. (He replied from rusty@kuroshin.org [mailto], which I almost used in the first place.)
Here's the message I included along with the money:Anyone else care to join me, and show that their all-volunteer efforts really are appreciated?
animosity (Score:4)
flood ebay with crappy auctions.. flood amazon with fake orders.. flood hotmail with fake accounts sending gigs of email to each other... i'm not advocating these things, but if you're going to do destruction for destruction's sake, pick something better than k5.
wish
---
Re: Slashdot should be censored. (Score:2)
Are you volunteering to lead this crew of Thought Police? What criteria do you propose we use to excise subversive posts--shall we use strict legality according to current U.S. law? What about the international audiences
Part of the charm of Slashdot and k5 is that these sites don't discriminate among its posters' ideas beyond the moderation imposed by its own readers. For example, if you are on the side of the RIAA in the Napster debate (and many
Speaking of
Most of the times, we are so hard to identify whats right or wrong.
That's because most of the time one cannot so narrowly determine the "rightness" of a given idea. Privacy is both right and wrong depending on circumstance and the value system of the one assessing its rightness. Copying software or music is both right and wrong--even the strict U.S. legal definition of "fair use" is a gray area. In fact, the continued existence of nuclear weapons is both right and wrong. (Is keeping an arsenal of weapons of mass destruction necessarily "wrong" if the weapons are never used, if total war is prevented by MAD, and if much human suffering is thereby circumvented?) In my mind the most interesting discussions are those where moral ambiguity arises. If I want someone else to make all these decisions for me, then I can just tune in to Rush Limbaugh.
Re:K5 Troll 0.1 (Score:2)
If he wasn't resposible for the attacks then we can't exactly get angry with him, can we? Like DeCSS, this is just a tool. It's up to you how you use it (although DeCSS was written with a much more altruistic goal). There are valid uses for this as well (improving Scoop comes to mind)
In my mind, the blame falls directly on the person who used this code.
Just a side note: Can
I disagree. (Score:2)
Now, poor security shouldn't be tolerated but I'm not going to DoS someone because they were cracked. The only thing those sys admins should get is an e-mail telling them they've been owned.
kwsNI
DDoS attacks maybe? (Score:2)
How about the odd story that at least tells us what is going on.
Could it be because slashdot is tired of calling attention to the myriad DDoS attacks they get weekly? [slashdot.org]
When rusty first mentioned the DDoS attacks on kuro5hin, a lot of us suggested not giving the spammer coverage so as not to feed his ego, because we 'd seen how that made slashdot more of a target. I guess we were wrong and that didn't help. Of course, rusty and Inoshiro threatening to contact the law may have also pushed the spammer over the edge.
Probably from another timezone (Score:5)
So don't be silly; the cracker was probably working from another timezone where the Simpsons had already ended or hadn't yet begun. I mean, just because he's an immature criminal vandal doesn't mean he's a complete monster!
Re:speaking of trolls (Score:2)
About using *so* many cracked boxes... (Score:3)
This entity also had to be doing it in pretty real time, since they could switch boxes so fast after being banned. Of course, perhaps there could be scripts to handle that too, I dunno. Anyone care to speak up?
Bye!
people suck, plain and simple (Score:3)
Unfortunately too, the sites that are the most likely to be hit are ones where the creators and admins actually care about the site and pay attention to the community. Notice how noone talks about ZDNet discussion board trolls? It's cause noone cares, and the ZDNet people couldn't give a fuck if people trolled them or not.
I hate to sound bitter, but after seeing sites I have run suffer the same kind of sabotage as this I have to say it: people online are often inclined to be complete and utter assholes, and the only people it hurts are the ones who CAN be hurt because they care.
sig: