Save Soapblox -- a fundraiser

Done (0.00 / 0)

The only way I know how to lead is from the front.  So I made my donation.  Given that my "reserves" are so minimal, if I can do this, you can do this.  I don't ask anyone else to do what I am not willing to do.

Deborah Sirotkin Butler
AmberPaw dot @aol.com

"Failure to plan is planning to fail."
Proverb

---

by: AmberPaw @ Fri Jan 09, 2009 at 12:00:26 PM CST

once the fix is complete, (0.00 / 0)

what are plans for having more people than Paul running the platform?  Pam Spaulding raised a great point elsewhere: what happens in the unfortunate event that something serious happens to Paul?  If he holds all the keys, all the backups in the world won't help anyone.

Also, I do hope that the backups will not reside in the same location as the main servers.  I've seen this done before, to great tragedy if the building burns or crumbles.  Has BMG obtained backups of its own data yet?

I decided to become a voluntary subscriber to Pam's House Blend.  Should have done so long ago, but the soapblox thing really snapped me to as to my responsibilities towards something I consider a valuable resource.  Anyway, I figure since she has a lot more insight into this sort of thing than I do, she can allocate my subscription fee (or not) towards this fundraiser of she wants to.

I must say that while I appreciate the idea of the fundraiser to keep things moving if the alternative is worse, doesn't Paul have fiscal responsibility here?  Even Paul gets a bailout for failing to run his business responsibly.  It just makes my head hurt.  If he can't do the job alone and responsibly, he needs to increase his fees so that he can hire a 2nd person to help administer the thing.  And not just during the fix, for the next month, but forever.

Click HERE and sign up: Campaign For Military Partners.

---

by: Laurel @ Fri Jan 09, 2009 at 12:02:01 PM CST

There are a few copies of the keys around (0.00 / 0)

Paul has had a few people helping with sysadminning and coding in little ways. If he was hit by a bus, soapblox wouldn't just die.

---

by: bolson @ Sat Jan 10, 2009 at 08:05:01 AM CST

[ Parent ]

I'd contribute... (6.00 / 1)

if sufficient/all of the code was going to be released to public domain in one of any number of different licenses.

Frankly, the problem is that so much hinges on Paul.  He did great work to be sure, but clearly he's not perfect, in code or in management.  The code needs more eyeballs, and I'm not talking about another two eyeballs for $18 large.

Right now, Paul is the lynch pin.  Robust projects simply don't have single points of failure, and until Paul brings other folks in, it's destined to fail again.

---

by: stomv @ Fri Jan 09, 2009 at 12:03:58 PM CST

It's no longer a one-man operation (0.00 / 0)

From Chris's post:

Paul has already found a system administrator who lives in his area and is able to help. All of the work listed above is currently underway.

As for open-sourcing the code, that's under discussion, and may well happen.  Many others have raised the same issue, and my guess is that it will happen, though I can't say when.

---

by: David @ Fri Jan 09, 2009 at 12:08:32 PM CST

[ Parent ]

Furthermore, (6.00 / 1)

much of the expense is equipment-related -- new servers and data migration, e.g.  The rest is to pay the new sys admin to do that work.  Doesn't seem unreasonable to me -- someone has to do it, and why should they do it for free?

"More eyeballs" will of course come with open-sourcing the code.  I hope they do that.  But the immediate need is to secure the project as it now exists.  And that's worth doing.

---

by: David @ Fri Jan 09, 2009 at 12:13:47 PM CST

[ Parent ]

I read that bit (0.00 / 0)

to mean that he found someone to help with the short-term fixes.  Are you certain that he has found someone to help long-term?

Click HERE and sign up: Campaign For Military Partners.

---

by: Laurel @ Fri Jan 09, 2009 at 12:20:02 PM CST

[ Parent ]

I think you're right. (0.00 / 0)

The long-term thing remains under discussion, both because we don't yet know how much $$ can actually be raised, and also because the open-source decision isn't yet made AFAIK.

---

by: David @ Fri Jan 09, 2009 at 12:58:01 PM CST

[ Parent ]

As I wrote... (6.00 / 1)

two more eyeballs -- as a direct hire -- doesn't cut the mustard.  There needs to be an organization, so there's not a single point of failure.

I see no point of investing in the project until it becomes clear that the investment will bring a project that doesn't rely on him individually to remain stable and useful.

---

by: stomv @ Fri Jan 09, 2009 at 14:06:24 PM CST

[ Parent ]

See my response below. (6.00 / 1)

Short version: if soapblox fails now, it's a catastrophe for us, and for the progressive blogosphere.  Avoiding that immediate meltdown is worth raising a bit of money.  We can worry about the other stuff in due course.

---

by: David @ Fri Jan 09, 2009 at 14:15:58 PM CST

[ Parent ]

If it has a license, it's not public domain (0.00 / 0)

Public domain works have no restrictions on them.

Open source, Free, etc., software, have licenses which DO have various restrictions.  Most of these are restrictions that are intended to keep the code open, but they are restrictions nonetheless.

While I think that Paul should really consider opening up the code, I do not think he should make it public domain.  A small but important distinction.

Brian

---

by: syphax @ Fri Jan 09, 2009 at 12:12:19 PM CST

[ Parent ]

I understand the difference (0.00 / 0)

I meant "public domain" in the general layperson sense, not in the AFL/GPL/LGPL/OSL/W3C et al sense.

But yes, agreed.

---

by: stomv @ Fri Jan 09, 2009 at 14:08:48 PM CST

[ Parent ]

Sorry man (6.00 / 1)

 
Just trying to be precise.

---

by: syphax @ Fri Jan 09, 2009 at 15:27:16 PM CST

[ Parent ]

Any way to get PayPal as a payment method? n/t (0.00 / 0)

---

by: lodger @ Fri Jan 09, 2009 at 12:31:57 PM CST

Yes, (6.00 / 1)

you can give directly to Soapblox via this link.

If that doesn't work for some reason, visit the soapblox home page and look for the PayPal icon in the right-hand sidebar.

---

by: David @ Fri Jan 09, 2009 at 13:06:45 PM CST

[ Parent ]

The differently-winged (0.00 / 0)

I doubt the Republicans and conservative independents among us are eager to contribute through ActBlue.

---

by: KBusch @ Sun Jan 11, 2009 at 16:42:43 PM CST

[ Parent ]

No reason they shouldn't. (0.00 / 0)

ActBlue doesn't take a cut -- it's just a conduit.  But whatever -- the PayPal option is available.

---

by: David @ Sun Jan 11, 2009 at 17:02:16 PM CST

[ Parent ]

Not a solution (0.00 / 0)

I hate to say it, but I don't think this is actually a solution to the problem.  For a complex software project like this, you either need really deep pockets to hire several people full time or a large community of developers.  You'd be better off to use the money to migrate to a well-supported CMS like Drupal, Joomla, or Plone, in my opinion.

-- Steven BREWER

---

by: Steven Brewer @ Fri Jan 09, 2009 at 13:33:54 PM CST

A couple of problems (0.00 / 0)

1. We at BMG can't raise all this money ourselves.  This is a national effort.

2. Can you guarantee the preservation of four years of archives -- nearly 15,000 posts, over 150,000 comments, nearly 5,000 user accounts, etc. -- if we switch to something else?

3. Who is going to administer the site at a new location?  None of us is a techie, so we have to have someone else do it.

4. Soapblox may not be perfect (in fact, it clearly is not), but it does an awful lot pretty well.  Do all of those other systems offer the functionality of Soapblox?  Did you read over the comments in the previous thread, in which several discussions over the relative merits of various of these other options have been discussed?

There are no simple answers here.

---

by: David @ Fri Jan 09, 2009 at 13:41:05 PM CST

[ Parent ]

And this is part of the problem... (6.00 / 1)

with a one-man shop.  You're stuck.  No data migration path.  He's got you by the balls -- so much so that instead of raising money for political races or charities or whatever, you're raising money for a project that, when complete, will still have you by the balls.

There's no easy solution, to be sure... but getting him back up and running without reassurances that you won't be stuck in the same rut later seems awfully short sighted to me.

---

by: stomv @ Fri Jan 09, 2009 at 14:11:09 PM CST

[ Parent ]

And what is your alternative suggestion? (0.00 / 0)

Your point about needing an organization is well taken.  But that begs the question: who is going to pay for it?  

There are short term needs, and longer term needs.  We are trying to address the short term needs with this fundraiser.  The longer term issues will be sorted out soon.  Right now, we have an immediate problem that demands an immediate solution that will cost about $17,000.

---

by: David @ Fri Jan 09, 2009 at 14:14:57 PM CST

[ Parent ]

Tie conditions to the money. (0.00 / 0)

You want money to fix it, cool.  But if it's our money, we've got conditions on the fix... like make sure you can't personally let it get screwed up again.

Otherwise, how soon do you have good money chasing bad?

---

by: stomv @ Fri Jan 09, 2009 at 16:07:14 PM CST

[ Parent ]

Official version of what happened to soapblox (0.00 / 0)

from Paul

To all customers, bloggers, and media.

Starting on Tuesday, some of the SoapBlox servers were infiltrated by a currently unknown source for unknown reasons.

SSH access was acquired by the hackers, where they were able to install port scanning scripts on to the machines.  SoapBlox servers were then being used to scan other servers across the Internet, looking for vulnerabilities.  

The disruption of service was caused by our ISP disconnecting the affected servers when they became aware of the port scanning.

The attack was limited in scope, effecting 4 separate SoapBlox servers.  While around 25 SoapBlox sites were offline, thousands of people were affected.

Steps are being taken now to identify who did this, and proper legal action will be taken.  If you have any insight on to who perpetrated this attack, please let us know.

At this time, all services are returned to normal.

We have many wonderful people now volunteering to ensure this doesn't happen again. Clean servers are being created, and existing sites will be migrated shortly on to these more secure servers.

Discussions are currently underway on how to best provide the SoapBlox service, continually improve it, and keep it funded in a way that keeps everything running smoothly.  Soon we will be establishing a way for you to help provide whatever you are willing to keep SoapBlox--and a large chunk of the progressive blogosphere--safe, secure and constantly improving.  

Please monitor SoapBlox.net for future announcements, and feel free to contact us at soapblox@gmail.com with any ideas or suggestions you might have.  Everything is on the table.

I apologize with all of my heart for the events of the past two days--from the lack of proper communication, to not seeking help that so many of you are willing to give earlier.  

We've all invested so much time and effort in the software and communities, and I am nothing but humbled by the outpouring of support being given.  It shows the true strength of the progressive blogosphere, and these events will lead to a stronger, better SoapBlox platform for all.

Paul Preston
President,
SoapBlox Network, Inc.

---

by: David @ Fri Jan 09, 2009 at 13:46:40 PM CST

So either (0.00 / 0)

The hackers exploited an SSH vulnerability (unlikely) or they guessed (doable by various methods) Paul's password(s).

I'm going with the latter.  Google the recent Twitter hacks to see where weak passwords will get you.

---

by: syphax @ Fri Jan 09, 2009 at 15:29:06 PM CST

[ Parent ]

I think this is pretty clear (0.00 / 0)

1. Fix soapblox in the short term.

2. Decide the longterm solution when BMG's current state is secured.

I would make demands for regular copies of backup data being sent to one of the BMG editors, as well as open source coding once this most recent security problem is fixed and everything's moved to more secure servers.  

---
My thoughts are mine and mine alone. They should not be considered representative of any other organization, group or person - save me.

~Ryan.

---

by: Ryepower12 @ Fri Jan 09, 2009 at 15:21:46 PM CST

RELEASE THE CODE AS OPEN SOURCE (0.00 / 0)

Sorry for all caps, but the best long-term solution seems so obvious to me that I need to yell.

Paul's not trying to be the next Bill Gates.  He has a hobby that makes him a little cash and a whole lot of headaches.  

So why not make SoapBlox a community effort by opening the code and publishing under the GPL or any other similar license?  So everyone who cares to can look at the code, modify it, document it, use it, etc.?

As others have noted, and I tend to agree, Open Source isn't the solution to all ills.  But it is a perfect fit for this situation.

Releasing the code would help lift the load off of Paul's shoulders.  Many eyeballs make light work.  It would also allow people to deploy Soapblox on other hosts, either as a backup or permanently.  

I kind of like soapblox (for those complaining about the many clicks to post, have you checked your settings? It's possible to post in-line on a page, and it's pretty nice).  But I'm not inclined to give Paul a penny unless I understand if he's running a for-profit enterprise or a non-profit service.  If the former, I'd be inclined to run away.  If the latter, I don't understand why he wouldn't or shouldn't open the code.

Lots of open source projects have foundations- that's a reasonable setup.  A 1-man, closed source, sort-of for-profit, blog unreliable hosting service is not.  BlueMassGroup is currently hosted on a machine running Linux and Apache, both of which are open source, and both of which have foundations: Apache and Linux.

If Paul published the code under an open-source license, I'd help support the cost of a programmer, etc., to help him fix things.  Because I know we'd all benefit.  

---

by: syphax @ Fri Jan 09, 2009 at 15:52:10 PM CST

Open Source is in the works (6.00 / 3)

I've talked to Paul about this, it's been planned for a long time. I think the primary reason it hasn't been is: 1. parts are embarrassingly ugly (programmer pride wants to clean it up first), 2. parts probably do have security holes and he's been showing the code to a few people to get those cleaned up before it goes fully open.

As for security, it sounds like this attack wasn't soapblox specific, but merely an attack on some software in the underlying server. I'm not enough of a security nerd to go through and find all those holes and plug them, I'm just lucky that my server isn't interesting enough to have been broken into yet. Hopefully he's found a good security nerd to help with his little server farm.

---

by: bolson @ Sat Jan 10, 2009 at 08:03:03 AM CST

[ Parent ]

Has he formally committed (0.00 / 0)

to opening up the source, complete with a time frame and scope, and maybe even the license type?  If so, got a link?

---

by: stomv @ Sat Jan 10, 2009 at 12:49:33 PM CST

[ Parent ]

He has communicated the same to me (0.00 / 0)

in an email (in response to an email I sent him re: releasing the code).  

---

by: syphax @ Sun Jan 11, 2009 at 22:00:15 PM CST

[ Parent ]

"embarassing ugly"? (0.00 / 0)

As a professional programmer, why would I want to give money to someone who won't open source his code because it is "embarassingly ugly"? That sounds like a bad investment to me.

---

by: HR's Kevin @ Sat Jan 10, 2009 at 21:07:00 PM CST

[ Parent ]

Huh (5.50 / 2)

Go ask the billions who hold stock in Microsoft.  Ugly doesn't mean unworkable.

~~~~
Believe it or not, I have even more to say...

---

by: sabutai @ Sun Jan 11, 2009 at 10:13:29 AM CST

[ Parent ]

I wouldn't donate money to MS either. (0.00 / 0)

---

by: HR's Kevin @ Mon Jan 12, 2009 at 08:50:13 AM CST

[ Parent ]

Ugly does not mean it doesn't work (6.00 / 1)

I submit that the world mostly runs on exceedingly ugly software. When might you incur the expense to make working but ugly software beautiful? When might you be willing to risk breaking ugly but functioning code to improve its unseen appearance?

---

by: KBusch @ Sun Jan 11, 2009 at 16:39:53 PM CST

[ Parent ]

I don't think you understand (0.00 / 0)

"embarassingly ugly" code is bad not for some aesthetic reason, but because it is seriously flawed. It tends to be hard to maintain, hard to change, and is rife with hidden bugs and security flaws. You don't rewrite "ugly" code to fix its "appearance" but to fix its deep flaws, and then only when it makes economic sense to do so. Most such software is not even worth fixing.

I agree that the world is full of somewhat or even mostly functioning bad software, but please don't ask me to contribute money to make more of it.

---

by: HR's Kevin @ Mon Jan 12, 2009 at 08:55:54 AM CST

[ Parent ]

Was Soapblox "hacked" by the Air Force (0.00 / 0)

http://georgewashington2.blogs...

http://blog.wired.com/defense/...

http://arstechnica.com/news.ar...

There are 6 million other hits including this nifty piece.

http://www.foxnews.com/story/0...
Must be a Homeboy Insecurity Issue.

---

by: Lasthorseman @ Sat Jan 10, 2009 at 16:52:38 PM CST