Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
User Journal

Security Note On Slashdot's "Social Login" Feature 3

Journal by slashdotblog

If you use Slashdot's social login feature (which lets you log into Slashdot by means of an external account, such as one at Facebook or LinkedIn), you've probably noticed that this feature has recently been disabled. We've taken this step because of an exploitable bug in such systems (reported here and here, for instance) which could have let a malicious user log into a Slashdot account to which they should not have access. (To exploit this, an attacker would also have needed to know the email account used to sign up for a Slashdot username as well as create an account claiming that email address on an exploitable third-party social network; we have no reason to think that any reader's account was maliciously exploited.) If you use the social login feature, we apologize for the inconvenience. If you have reason to think that your account has been compromised, please let us know by emailing help@slashdot.org.

User Journal

Introducing Slashdot Deals 37

Journal by slashdotblog

What is Slashdot Deals? It's pretty simple: Slashdot Deals is an online storefront with merchandise that's chosen, stocked, and fulfilled by a third-party; the products are intended to be ones that might interest you. To amplify that: We might have used some of the products on offer, but can't offer an endorsement of any that we haven't. Many readers may remember that Slashdot was for a long time linked to ThinkGeek, and there are some similarities: Slashdot makes money if you buy any of these products through the store, and that helps us bring you more news and discussions; that said, Slashdot Deals is not Slashdot, and vice versa, but we hope you enjoy it.

User Journal

Security Report: Thanks to Manikandan Rajakumar 4

Journal by slashdotblog

Security researcher Manikandan Rajakumar (See his Twitter feed) reported and provided enough information for us to identify and close a cross-site scripting vulnerability. We appreciate his attention and time; his efforts have made everyone in the Slashdot community safer. We always appreciate readers who provide useful feedback on Slashdot, and even more so when readers (ethically!) identify potential security holes. Many thanks!

----------
Spot a security problem on Slashdot? We'd like to give you credit on our security attribution page for helping to protect everyone in the community. Send us email, to feedback@slashdot.org, and include as much detail as you can; screenshots, proof-of-concept code, and details about affected platforms are all useful and appreciated.

User Journal

Security Report: Thanks to Christian Mainka and Vladislav Mladenov 1

Journal by slashdotblog

You may have noticed that OpenID is no longer a login option on Slashdot. (You can still login or create an account directly, or in conjunction with an existing social media account at Twitter, Facebook, etc.) Why not? In large part, because of a valuable warning we received about a possible security flaw in our OpenID login system from two researchers (Christian Mainka and Vladislav Mladenov) from Ruhr University Bochum.

This and other security concerns with OpenID (here's one relevant story), as well as the fact that relatively few readers have preferred OpenID to other login methods, mean that we're unlikely to re-add OpenID as a login method. Security here trumps the additional convenience.

The code that runs Slashdot, like all software, contains code that might be exploited. We always appreciate readers who provide useful feedback on Slashdot, and even more so when readers (ethically!) identify potential security holes. By "ethically," we mean that actually exploiting any security holes, or probing our systems, burdening the servers, engaging in a DDoS just to test things out, doesn't count. Spotting a problem and letting us know does, and we value that contribution highly.

A special thanks go out to Vladislav and Christian. We greatly appreciate their efforts and patience, as we do all readers who pass along suggestions, concerns, or ideas for the site. When readers find and diligently report possible security flaws, we're very grateful for their generosity in doing so.
----------

Spot a security problem on Slashdot? We'd like to give you credit on our security attribution page for helping to protect everyone in the community. Send us email, to feedback@slashdot.org, and include as much detail as you can; screenshots, proof-of-concept code, and details about affected platforms are all useful and appreciated.

User Journal

Check out Slashdot's new Build section! 1

Journal by slashdotblog
Since the early days of Slashdot, we've been obsessed -- among other things -- with technological creativity with a tangible output. Sometimes that output is in the form of a genuinely new invention, but not necessarily. Often, it's in the form of clever applications of existing hardware, serious DIY hobbies, or promising research -- that means re-use of components or devices in ways un-dreamed of by the original makers, the emergence of clever new devices or materials, jury-rigged fixes, a control system to turn a house into a light display visible from space, or one to grow vegetables in an automated micro-dome. Sometimes it means items made just for fun, to save lives, or to save money -- and sometimes just because someone has forbidden it. Luckily, these categories can overlap in interesting ways.

Our new Build section is a work in progress, but it's already a good place to scroll through for ideas and inspiration. Expect a bigger announcement (and more stories in there) soon, but don't hesitate to submit stories, ideas, and suggestions, via our submissions form (or via feedback@slashdot.org). We want to see your project!
User Journal

Progress Report On Slashdot Beta 8

Journal by slashdotblog
It's been a long road. We've been asking for your opinions and suggestions for a while now, to help guide the creation of a new, cleaner look for Slashdot. (Many of the changes are below the surface, too.) What we've arrived at so far in our Beta looks and acts differently in several ways than the early iterations did, thanks to your ongoing input. That input has come in the form of thousands of comments, a few phone calls, many hundreds of emails, and even a fax(!).

Slashdot's been evolving for a very long time, with just a few major redesigns along the way. Looking at the site as it appeared in 1998, 2004, 2006, or even 2010, you can watch this evolution take place. Most of the changes (especially the look of the front page) have been fairly subtle; you can poke through these (and other snapshots) at the amazingly useful Wayback Machine to see when this or that element on the page appeared, disappeared, grew some rounded corners, or moved into an AJAX element. The front page of Slashdot shows how much (but also how little!) has changed in the course of our redesign: Here's that front page in Classic, and in the Beta as it stands.

Unlike our typical changes over the years, though, the Beta has been co-existing with the current look for a long time. That's because the Beta consolidates quite a few changes, and changes have a way of stepping on each others' toes sometimes, so it's important to have the whole thing getting prodded by users. Since we asked for public feedback two short months ago, we've been steadily adding features, tweaking the design, and fixing bugs. Your suggestions have helped us prioritize the important things. Here are some examples:

You said: The comment section is too narrow.

Yup, you were right. Originally the page was divided into two rails (like the front page is, currently). The wider left rail had all the comments, and the right rail held widgets and ads. We've tweaked this now, to let comments stretch all the way across the page. Ads may keep the lights on, but the site is for discussions, and this makes them easier to read.

You said: We can't see comments below our score threshold.

We've added the ability to see that there are comments below your current threshold, and clicking on the 'hidden comments' link will expand those so you can view them. We're not done building this out, yet -- we fully intend to make it easy to drill down into an interesting comment thread.

You said: I don't want images

One of the most polarizing features of the beta site was the addition of pictures to the news feed. We had a view selector that let people switch to basic text, without images, but even after making it bigger and replacing the icon with text, too many users had trouble finding it. So, we've simply made Text-Only the default setting. The view selector remains, at the top of the story column. It also has a headlines-only option, if you want to cram more stories onto the page.

You said: Stop truncating the summaries.

Now that will only happen if you intentionally switch to the Pictures view.

You said: I prefer to see the page denser with text than most of the Beta pages make it. Why is there so much white space?

This is a big area that we're working on, starting with the front page of the site. Getting the fonts, spacing, and elements just right is a tricky business, but we're working on making both front page and story pages easy to scan on a variety of devices and screen types. After a lot of improvements on this front to the front page, we'll next be digging into the look of the comments attached to each story.

You said: Bring back the department lines on the front page.

Ok. They're back. We've also tweaked the formatting on the summaries to be a lot closer to the classic look, which should make them easier to read.

You said: Moderation doesn't work.

It's implemented, and it works now. If you find bugs, please let us know.

You said: Let us link to individual comments.

Ok. Comment links work now.

You said: Where are the daily quotes, the UIDs next to commenter names, indication for mod points?

All implemented. You can see you have mod points on your profile page. We're also going to have a notifier show up in a more prominent place so you don't have to check every day.

Some users were also having an issue with choppy/blinky scrolling, which has been fixed. We've cleaned up the navigation bar, and fixed some of the text formatting.

You said: The beta site's not working on my mobile device.

You're right. Even though the beta has some features intended to be useful on phones, tablets, and other small devices, for right now it's got some rendering glitches that make it the wrong choice there. Until we automatically redirect mobile readers there, we suggest using instead either the site view meant specifically for mobile devices (m.slashdot.org) or -- as many people prefer -- the Classic view of the page.

We're not done.

We've got a giant list of suggestions from the community and a number of minor features that need to be implemented on the new version. We've knocked out a bunch of them, but there's plenty left to do.

And where does that leave the âoeclassicâ Slashdot page?

The Beta's not *finished* (we'll keep working on the code no matter what!), but as of now it's a site we're happy to point readers to, whether they're new readers or long-time users. For a while now, the Beta is where the bulk of development attention has gone, and that will continue. (New features that show up in Beta may never make it to the old look of the site, and features in the old look may appear in different form in the Beta; for instance, the beta's user pages are much easier to read than are the ones on the current look, and in the Beta you'll see a lot less in the way of scattered options and preferences, as we try to make the options that people actually use easier to find and manipulate.)

Many readers prefer to read with the current (as of early 2014) look of the site -- what we've taken to calling Slashdot Classic. We welcome that -- the editors all still use Classic quite a bit, and for all the work that the Beta's seen, we know there are still some features that aren't yet translated to the Beta. So don't panic: Slashdot Classic is going to stick around for quite a while. Feel free to read the site there, to make it your default (just make sure you have cookies active), or to alternate between the old and the new to see how they differ, and how the Beta continues to improve.

What kind feedback is the most helpful?

As we continue to bring the new site up to feature parity with the Classic site, one thing we need to do is prioritize the different bits of functionality. What we'd like from you is to hear what features you can't do without. (For example: linking to individual comments was one of the biggest requests last time around, so we made sure to prioritize that.) Your continued impressions of the current look and feature set are quite welcome as well.

Note: the best feedback is also the kind with details and concrete descriptions. There are a lot of combinations out there of not only hardware and software, but reading preferences and styles. Knowing the details of your OS, browser, and screen resolution can help us replicate problems or better understand your ideas.

Thanks for contributing -- please keep the suggestions coming!
User Journal

Update on the March of Progress: How Slashdot's New Look Is Shaping Up 237

Journal by slashdotblog

In the weeks to come, you'll see Slashdot's ongoing redesign picking up several of the vital features that the
long beta period has been used to craft, as a new, cleaner look is implemented by default for more readers: quite a few of those "coming soon" info bubbles are finally being swapped out for genuine functioning tools that mean improved interfaces for some vital tasks and settings. Of note, since the last time we noted the progress in this blog, these features include:

  • A functioning moderation system
  • Comment filtering and threshold setting
  • Account sign-up
  • Password recovery (for when the inevitable happens)
  • Further improvements to responsive design, and general UI cleanup, as rendering and other kinks get straightened out thanks to your ongoing feedback

By the end of the month, we aim to have in place profile update, newsletter signup, and even more UI cleanup and assorted big fixes!

Watch this space for more details; for most readers, we hope that the elements we've redesigned mean a page that's gentler on the eyes, and has controls that are fewer, more useful, and easier to manipulate. Your feedback is very valuable to us during this redesign, so please tell us if you run into things that don't work for you on Slashdot Beta. If you would like to keep track of the latest updates for Beta, what's in it so far and what's in progress, bookmark our Beta News page, where the evolution is being chronicled.

User Journal

More on the GCHQ Hack Involving Slashdot Users: Official Statement 19

Journal by slashdotblog
Over the weekend, Der Spiegel reported that among Edward Snowden's continuing bonanza of revelations about government surveillance is one that GCHQ, the British spy agency, intercepted user requests to certain websites — Slashdot and LinkedIn, in particular — and spoofed them in order to install spyware on users' computers. As you might expect, the agency denies knowledge.

Here's the official statement from Slashdot's parent company, Dice Holdings:

"We were alerted to these reported government agency actions by a submission on Slashdot made by the community Sunday evening linking to news stories. To be clear, we have not been asked to cooperate with any government agency related to this matter and have not provided access to Slashdot systems or user information. We know of no unauthorized Slashdot code manipulation, or attempts to effect any. We do not approve of this reported activity and if true, it's unfortunate that we are yet another in a long line of internet businesses to suffer this type of intrusion."

This is probably something that should surprise no one: claims, many of them credible and recent, point to various ways in which some well-known web sites and online services (Microsoft, Google, Yahoo, AT&T, Facebook, AOL, Skype, Apple, YouTube, and more) have all been affected by alleged government surveillance of one kind or another.

Being offended (as we on the editorial and coder team at Slashdot all are) by even a hint at spying on readers doesn't help in itself, so here are some practical notes: Nothing here involves Slashdot's code base or user data: the allegation is of transparent proxies between website (LinkedIn and Slashdot happen to be mentioned, but most likely many others) and user. The spoofing and malware injection said to have taken place relies on the fact that between practically any server on the internet and the end user, there are compromisable links. However, it's probably a wise policy to assume that you never know all the possible ways your privacy may be compromised online.

Please keep in mind, too, that Slashdot has long enabled and encouraged anonymous participation; you are welcome to read the site, leave comments, and submit stories, without logging in. (Logged in readers can read with SSL turned on, though.)

User Journal

Quick update from AppsWorld 11

Journal by slashdotblog

After a red-eye flight (my first trip to the UK) I've spent today in London at AppsWorld, live editing Slashdot for everyone who wants to see the sausage get made. "AppsWorld" sounds like a conference all about (you guessed it) mobile apps, and it is that -- but there's also a lot of interesting hardware, hackathons, etc. (It turns out, there's also some enthusiastic synchronized dancing from the Microsoft Surface crew, just across the aisle; but since we have a large screen TV set up, and access to YouTube, I couldn't resist looping in some dancing Steve Ballmer in the background as a sort of enthusiastic instructor.)

At the Slashdot booth, we've gotten some volunteer spam-whacking and department-line suggestions, too, of which more is always welcome, and some good suggestions on ways to keep improving our ongoing Beta page. The conference continues tomorrow; hopefully, you'll see some video on Slashdot soon with some interesting conversations and projects. And if you're here at the conference, come by and have a drink on us, while supplies last.

User Journal

Beta update, and a chance to see Slashdot live in London 9

Journal by slashdotblog
The ongoing Slashdot redesign effort has drawn a few notes from the outside world; here's what TweakTown and Business Insider have to say. Important to remember: the Beta site works — but it's transparently, inherently a work in progress, and the engineers are putting a lot of effort into bringing to the new page feature parity and more. The existing site isn't going away anytime soon, but the more ideas and bug reports we get (on the Beta, and in general) the more robust the next generation of Slashdot is going to be. As we revamp comments, submissions, and other aspects of the site (down to how text flows on various screen sizes), your reactions are crucial.

You can play with the site in the privacy of your own home, of course, too, but in person (at LUG meetings, etc) we enjoy giving "factory tours" of the backend of the site. We've gotten the chance to show off the evolving new design to readers (and passers by) at Interop and at the NYC Tech Meetup earlier this month. If you happen to be in the neighborhood, we'll be at AppsWorld, too, from October 22-23 in London. Stop by and get some swag (while it lasts) and perhaps help us reject some spam or hit Save on a story.
User Journal

Slashdot Beta Update 6

Journal by slashdotblog

A few days ago, we opened the curtains to give everyone an early glimpse of what Slashdot is going to look like. More than a thousand comments and hundreds of emails have poured in, offering some very useful feedback and advice: thanks. As you'd expect, Beta is work in progress — we have a long way to go not only in integrating all the features we want, but in smoothing over inevitable rough edges. This blog post is to give a few updates on the state of the Beta, and tips on using it. As we sifted through your feedback we noticed some common areas of critique:

One group of readers we've heard a lot from are those who don't like seeing the images that the new Beta introduces in its Standard view. Good news: seeing images is a preference that's easy to change. Just select "Classic" from the view-selection widget on the menu that appears near the top of the page. (You can see an illustration here.) You can always change your view, and your choice is persistent until you select a new one.

Likewise, many readers have raised (understandable!) objections to the Beta's fixed-width; expect changes in the near future that will address this. We're aiming for a page that displays cleanly on as many devices, screen sizes, and browsers as possible.

We're only partway into this redesign; a lot of stuff is coming. One big example: the commenting system is only partly in place, which means many of the features currently available on the regular page haven't been implemented yet on the Beta. Likewise, the submissions and login systems are under active development, and you'll see enhancements rolled out in weeks to come as the beta gets closer to production.

We know there are some general problems with readability in the Beta, too; In the coming weeks we'll be experimenting with various fonts, texture and styles to make the page easier on your eyes.

You make Slashdot what it is — so please keep the feedback coming. (Details, including screenshots, make bug reports and suggestions much easier to act on). Watch this space: We'll be giving more updates via this blog on improvements as they're worked on.

User Journal

You're Invited: Take a Look At Slashdot's New Beta 69

Journal by slashdotblog

The Upshot:

Welcome to the first Slashdot blog post in quite a while — it's a big one. Launching today at beta.slashdot.org is the biggest redesign that Slashdot's ever seen, and you're invited to help shape it. (We've put a lot of work into the look and feel, trying to make the site easier to navigate as well as nicer looking, but between true bugs and imperfect ideas, we know that this isn't the end-state: that's why it's a beta! Feedback is welcome!)

What's new (or improved)?

Most obviously, the look of the page is different. We've tried to create a simpler, cleaner experience for login, submission, and navigating the site in general. Slashdot's main page is slightly simpler (but adds some pictures to ponder, too). Most importantly, we've upgraded the ways you can view the page, with three layouts you can choose from: besides the default (the "Standard" view -- that's where you'll see the pictures and brand-new layout), you can view in Classic mode (closer to the Slashdot you're used to), or Headlines mode for quick scanning. Some other changes:

  • You'll see more content, in the form of community-promoted stories, in the "All Stories" view. That means more brain candy in the form of submissions (ones you might have had to search harder for before, because they hadn't been selected by the editors as regular posts) bumped up the food chain to your view of the page.
  • For every user, there's a more informative (and just prettier) profile page to track your comments, conversations, and karma. Now, your profile page (at your option) includes a mini bio, too.
  • There's now a handy shortcut (the "Most Discussed" link) to reach the stories where the most comments are landing, whether you want to dive into the discussion as a participant or just to skim.
  • Under "Topics" in the menu bar, you can jump straight to the most active topics, too, to see what subjects are driving the most conversations.

Along with these, there are lots of smaller improvements, too, that we hope you'll find useful.

What's the same?

  • Under the hood, the same Slashdot editors are still assembling a stew of reader-driven and original news, and still bringing you original reader-participant interviews, Ask Slashdot crowd-sourced questions, and more.
  • Your submissions and suggestions are still the most important ingredient in the site. Please tell us what you think of the beta; we can't take every suggestion at the same time, but if you run into puzzling paths, borked links, or anything else that doesn't behave as you think it should, please let us know.

A big thanks to all the engineers who have worked for months to integrate the pieces that go together to make this upgrade possible. Remember, as a beta, this is an ongoing project, not The Last Word, so look forward to continuing progress as we respond to your feedback. A round of thanks, too, to our users who provided valuable feedback during the alpha stage of this redesign. We couldn't have done it without you! Note: You can sign up to be a beta or alpha tester for any new initiatives on Slashdot or be notified about any cool stuff we're working on.

User Journal

Thoughts From Readers on Replacing Google Reader 50

Journal by slashdotblog
Last week, we asked you about replacements for Google reader. In both this Ask Slashdot (errr, "Slashdot Asks") and this poll, readers responded with suggestions. Not everyone cares about Google Reader; nearly 70 percent of the poll respondents said they didn't use it anyhow. So think of the rest of this post as something like the gum commercials which draw their conclusions from "those dentists expressing a preference." Below, some of the collected wisdom:

There are a lot of RSS aggregators. In the poll, the clear winner of the small list of options we could squeeze into the list was Feedly; in fact, it was the only replacement option to break into a double-digit percentage, tied with the catch-all "other alternative" choice.

Some of the strongest endorsements are for Tiny Tiny RSS (also knowns as tt-rss), including this one from the esteemed Col. Klink (retired), who also links to a "free (and improved) fork of the Tiny Tiny RSS Reader Android app."

An anonymous reader says that Tiny Tiny RSS "would be the 'slashdotter solution,' since it has a lot of strength in its plugin capabilities, is GPL v2, fully stylable, has an API, etc. If you have your own server available (or a shell account somewhere), I can't see any reason to not use this solution. I left Google Reader after several years upon the close-down decision earlier this year, and I have not missed it a bit. For those that have previously tried TT-RSS and didn't like it, it can be said that it has evolved significantly in my eyes during this year. Development is very much alive."

For those who'd rather stay in the browser, stevegee58 is one of several to suggest Netvibes: "It seems like the RSS reader market is flooded with apps so it was difficult to find web-based services. I had grown used to the Reader look and feel so I settled on NetVibes as being the closest fit."

Note: Digg's promised alternative to Google Reader is supposed to arrive soon, too — June 26th, according to that Washington Post article.

For those uninterested in using a yet another app when there's a perfectly good email client to read things in, there's this, from reader devent: a quick HOWTO on setting up an email sink for your favorite RSS feeds.

And for those who'd prefer a bit more esoteric solution, reader yosephi suggests Emacs + Gnus + Gwene, and links to an informative video tutorial, writing "There is a steep learning curve, but having mail and news in one place is nice."

(That suggestion was seconded by reader Sq, who writes "It will turn any RSS to newsgroup, and you can read those with any NNTP newsreader (for which I already have setup .newsrc syncing between accounts).")

Finally, at least two readers (uberjack and billstclair) have written their own alternatives.
User Journal

On the way to LinuxFest Northwest! 7

Journal by slashdotblog

LinuxFest Northwest takes place this weekend in Bellingham, Washington. It's one of my favorite conferences — a long-running, volunteer-run, low-hype gathering with two days of presentations, demonstrations, and kibbitzing at Bellingham Technical College. I'm on the way there now, in an oddball fashion, having hopped a ride from Seattle on the giant bus that Dice.com (the Dice which bought Slashdot's parent company last year) has rented for an ongoing advertising road-trip to promote their stock in trade as employment matchmakers. Since Bellingham is at the north end of their range, I'm going from Seattle to the festival that way.

If you'll be in the area, the conference is excellent and free (!); the bus has enough of an internet connection that I hope to give some demonstrations of the Slashdot admin interface for anyone who'd like to see the flow of stories as the editors do, and click the buttons that will send at least a few pieces of spam to the special circle of hell for which they are destined.

User Journal

Geeknet Media Is Now Slashdot Media 1

Journal by slashdotblog
As of today, what was Geeknet Media has been utterly transformed: now we're Slashdot Media. Actually, it's just the name that's been utterly transformed, at least as far as this site is concerned. We're still News For Nerds, Stuff That Matters — just now with more Slashdot. (And for that matter, we're still just as grateful for and reliant on your news submissions and ideas as ever. Tell us what you want to see.)

What it all means:

For Slashdot readers? Not much. For readers (and editors, and programmers, etc.), this change has no impact on what you'll see on the page, how we select stories, the layout of the page, or anything else except trivial things like the nomenclature on copyright and other legal notices. For others? Slashdot's an advertising-supported site; selling the ads that effect that support — "the business side," vs. "the editorial side" — has its own logistics and its own internal logic. The folks around the world who are in the business of buying ad space online will see the new name in places like letterhead and contracts.

Why? Why? Why?

Because of the business changes last year (if you're not keeping score, Slashdot and ThinkGeek are no longer part of the same umbrella group), this name change was agreed on to prevent confusion about who's who. That makes it easier for the business-side folks to lease out your valuable eyeballs, so we can keep the lights on (well, keep the monitors on) and keep up the flow of news, interviews, reviews, and the occasional bit of snark. And besides, "Slashdot" has a nice ring to it, doesn't it? If you have any questions about this name change, feel free to pass them along to feedback@slashdot.org; we'd like to know if you have any concerns worth addressing for everyone in a followup post.

"Ignorance is the soil in which belief in miracles grows." -- Robert G. Ingersoll

Working...