Skip to main content

Dean's diary gives you the gist of what's going on -- but there are some questions in the comments that bear more in-depth answers.

Namely, Why does SoapBlox matter?

So, why does SoapBlox matter?

DailyKos runs on a software platform called Scoop. It's a great platform, but leaves some things to be desired in terms of software maintainability and development. With that in mind, Paul Preston (a.k.a.) SoapBlox, started writing a software platform he called jScoop, which later grew into SoapBlox, as a hosted alternative to Scoop.

SoapBlox includes all the major features of a community blog -- namely, user diaries and other community-building features. These features are NOT readily available in any other software platform WordPress, MoveableType and others make it exceedingly difficult to do things like diaries and frontpage promotions, and SoapBlox makes it easy.

SoapBlox is used by approximately 90% of the 50-State Blog Network -- the sites that were instrumental in the DNCC embedded blogger program, and as a community have worked together to improve and expand state-level blogging across the country. Calitics, My Silver State, NMFBIHop, Loaded Orygun, LeftInTheWest, MN Progressive Project, Burnt Orange Report, Tondee's Tavern, The Albany Project, Raising Kaine, Blue Mass Group, Blue Jersey, and many others use this platform.

One downside for SoapBlox is that Paul has, since the beginning, been the only person actively working on the development, maturation, and maintenance of the SoapBlox system. Another is that all the SoapBlox sites currently affected by this fiasco (which is to say, ALL SOAPBLOX SITES), have their actual content hosted in the SoapBlox system, and not in their own hosting accounts with GoDaddy or BlueHost or another service.

So when the hackers got ahold of his servers, they crushed a bunch of sites all at once. They installed exploits on the SoapBlox servers, which caused the servers to behave badly, and the ISP providing the servers took them down. It's a bad situation, and we need to sort out A.) what happened, B.) how to fix it in the short term so we can limp along for a while, C.) what to do in the long term -- does SoapBlox really die? If not, how do we provide the resources necessary to keep this critical resource alive, functioning, and safe? If so, where do we move these sites?

These are all community sites, and the progressive blogosphere is a community. If we cannot come together to keep these communities alive, the larger community won't be worth much -- and I say that as more than just a blogger whose site got hosed.

This is a critically important juncture for us all.

Originally posted to jbnr51 on Wed Jan 07, 2009 at 09:29 AM PST.

Tags

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  Sorry to jump the tj...thanks for posting this. (9+ / 0-)

    We use Drupal for the ePluribus Media community site and Joomla for the Journal (that's in a nutshell; more details if folks are interested).

    Both permit user diaries and a front-paging system, as well as comments and other stuff.

    Code is Open Source.

    Perhaps something using one or the other could be set up to help get some sites back up?

    A corrupted government. Patriots branded as renegades. This is how we roll.

    by GreyHawk on Wed Jan 07, 2009 at 09:36:12 AM PST

  •  Probably need to find another high volume blog (2+ / 0-)
    Recommended by:
    dereau, MikeTheLiberal

    that has withstood the test of time and see what program that they have developed and replicate that model.

    Any suggestions?

    Notice: This Comment © ROGNM

    by ROGNM on Wed Jan 07, 2009 at 09:37:08 AM PST

    •  Umm (9+ / 0-)

      The program isn't the issue, it's the resources behind that program. In fact Soapblox iteslef was a java version of Scoop (which powered DailyKos for all those years). What has helped DailyKos stay up and flourish isn't the program per se, but the hard work of ct (and others?) behind the scenes to deal with the server issues. That is what costs money and where Soapblox generally was weakest (because of its low cost and generally low revenue stream).

      PrairieStateBlue - Open Source Illinois Politics

      by ltsply2 on Wed Jan 07, 2009 at 09:43:26 AM PST

      [ Parent ]

      •  I run a Soapblox blog (16+ / 0-)

        And we make very little off ads, etc. but I'm not doing it for money anyway and would be willing to pay more.  Without Soapblox or a similarly simple to use platform, we're hosed.  My interest in blogging is in the dissemination of information, not in the technical details where I have no expertise anyhow.  Soapblox is a tremendous tool that has enabled a lot of progressive  writers and activists and we need more tools in our toolbox, not fewer.

        •  You run a great blog (3+ / 0-)
          Recommended by:
          opendna, Mooncat, Neon Vincent

          Even if it is in purple. I'm hoping you stay on line but I have no expertise in modern code so I can't help.

          "It's the planet, stupid."

          by FishOutofWater on Wed Jan 07, 2009 at 10:11:51 AM PST

          [ Parent ]

        •  Drupal did it (0+ / 0-)

          the content management systems (CMS) we're talking about share key limitations.  

          `what Paul did with soapblox is laudable but was always unsustainable.  what if god forbid, he was hit by a car?  

          ` Scoop powered dkos for a while but with so few people expert in perl/scoop at the level of Rusty Foster, and so many custom features this one site alone to maintain, Markos forked off his own CMS.

          ` in 2003 the Clark Community Network was built in scoop, outgrew it, needed customizations that the small Scoop developer community didn't have time for, and so in 2004 CCN migrated to Drupal.  and it's been running hard ever since

          http://securingamerica.com/...

          the difference is that the drupal developer community is large and very mature. and very generous sharing well-document modules back into the drupal code library.  plus, drupal sites can be hosted just about everywhere.  
          also, as opposed to more explicitly 'blog' software, the drupal core's code structure makes it easier for sites to grow into new areas and web-based applications, even using the modules contributed back into the code library from distributed evolutions. not from scratch. for free.

          •  dereau, drupal is superior to wordpress (0+ / 0-)

            but that may be a simple vector artifact -- lambert strether, who runs www.correntewire.com, is a hell of a good site admin.

            John Edwards:"One America does the work, another America reaps the rewards. One America pays the taxes, another America gets the tax breaks."

            by BlackSheep1 on Wed Jan 07, 2009 at 11:54:20 PM PST

            [ Parent ]

          •  Every low-budget drupal blog has problems (0+ / 0-)

            as far as i know. And thats why people who pay $15 to $25 a month in SoapBlox can't find anything comparable in Drupal. Drupal bloggers complain about bugs, technical issues, no money to be able to fix it, nor any time to be able to investigate the issues themselves. Right now the resources aren't there for smaller Drupal users to be able to maintain appropriate upkeep, esp if they are low-budget.

            It's awesome to see everyone raise money to repair Soapblox's business model. This is a growing pain that has luckily been met with a great surge of community support. Soapblox will get back up on its feet and move forward in a sustainable fashion thanks to the netroots community.

            The fastest way to power is through identification.

            by sufimarie on Fri Jan 09, 2009 at 04:47:41 PM PST

            [ Parent ]

      •  The program is the issue (0+ / 0-)

        If there's only one programmer working on the project then that's a huge problem. If there's no community developing it what happens when that guy gets hit by a bus? If the code is open source you can hire someone else but they're going to have a steep learning curve.

        •  But (0+ / 0-)

          You are correct in that it would be better if it were OpenSource, if there were more developers, or if there were an increased support structure. SoapBlox itself is not perfect and could certainly stand to have more eyes and hands on it.

          What happened today, however, was not the fault of the SoapBlox software. The software itself was not the source of the exploit. The failure today was the result of less than optimally secured servers in general and a lack of sufficient expertise and manpower to fix the problems. While this may be an error of the way that SoapBlox sites have been implemented, it is not an error within the specific SoapBlox software itself.

          There are actually two issues here. One is in the SoapBlox program development. This is what you address and you are completely correct in your assessment. It is not, however, what the problem was today. The second issue is in the more broad SoapBlox product which includes hosting, customer support and billing, and server security. This second issue is/was the problem today.

          PrairieStateBlue - Open Source Illinois Politics

          by ltsply2 on Wed Jan 07, 2009 at 02:57:23 PM PST

          [ Parent ]

  •  Good diary (4+ / 0-)
    Recommended by:
    Mooncat, Newzie, stillwaters, Neon Vincent

    It is the problem with anything that is "community" based.  It's great for the people, but bad for paying the rent.

    Maybe the Open Software Foundation can take it on?

    And where is that tip jar??

    "People should not be afraid of their government; governments should be afraid of their people." --V

    by MikeTheLiberal on Wed Jan 07, 2009 at 09:39:44 AM PST

  •  I was going to (4+ / 0-)
    Recommended by:
    Ray Radlein, drewish, Newzie, Neon Vincent

    add that I've installed Drupal as well as Movable Type.  Drupal certainly supports the community blogging scenario.  There is a version of Movable Type that does as well ... see TalkingPointsMemo ... but it's tres expensive and not an option as such.

    From my research Joomla would support it as well but there are other elements would move Joomla to the bottom of my list of alternatives.

  •  Was it "all at once?" (1+ / 0-)
    Recommended by:
    Neon Vincent

    So when the hackers got ahold of his servers, they crushed a bunch of sites all at once

    Seems to me that if they had server level access, then ALL of the hosted sites would have been affected.  We also don't know if these exploits happened all at once, or gradually over an hour's time.  I'm not saying one thing or the other, I just haven't seen anything that leads me to think it isn't a hole in the CMS which allow each site to get individually exploited.  Corrupt the master db via the CMS, and it gets replicated out to all the slaves.

  •  At Docudharma... (17+ / 0-)

    ...we promote user diaries to the front page as many as 8 times in a day.  There are 9 promoted diaries at present.  And we have a Rec List and a Recent Essays List and a Recent Comments List (DK doesn't even have this last feature).

    We would not be what we are without SoapBlox.

  •  Exactly. (17+ / 0-)

    I looked through Dean's thread and shook my head at all the people chastising us SoapBloxers for using it, without understanding why we chose SoapBlox to begin with.

    SoapBlox offers dKos-like functionality, which is a plus because so much of the progressive blogosphere revolves around dKos. dKos is successful not because of Markos himself, but ultimately because the Scoop software allows an unprecedented level of interaction between users.

    Those of us who started and ran state blogs back in the day all came from dKos and needed a platform we could get up and running without a lot of fuss and which functioned like the platform we were used to.

    Long live SoapBlox.

  •  It is really horrible that this happened, (1+ / 0-)
    Recommended by:
    Norbrook

    but this is and will continue to be the risk of relying on central server-based software for websites. I always thought it was a bad model for software... although I guess I'm kind of a hypocrite since I use gmail...

    •  It really depends (2+ / 0-)
      Recommended by:
      boadicea, On The Bus

      If you're running a large company, then probably not.

      But a blog?  Not everybody wants to take the time to learn how to admin their own solution, etc.  For instance on your gmail example.  I've been running a mail server out of my own house for years, and it's been pretty solid.  But I was thinking it might be nice to not really have to worry or mess with it, so I've been thinking about moving to hosted gmail.

      •  I understand that, but surely that can be (0+ / 0-)

        overcome by designing an easy-to-install package...

        •  But... (0+ / 0-)

          That works well for desktop apps... but websites are usually hosted elsewhere.

          There are some relatively easy to install packages, but it's not trivial.  There's usually some configuration that has to be changed, like connections to databases, etc.

          There are some web hosting companies that have control boards which allow you to install such a package automatically.

          But from a technical standpoint, is using such a host really much different from a hosted application?

          Just thinking outloud.

      •  OR... better yet... (0+ / 0-)

        giving the option to download and install if you would prefer.

  •  I'm no programmer, but Soapblox has allowed us (6+ / 0-)

    to easily write some very basic html and add it to the different "blox", allowing us to have a great site and an easily changed and updated site.  

    I do hope all ends well here, as I would hate to have to try to migrate to drupal or some other far more technically intensive blog formats, where in my opinion, you don't get half the functionality of Soapblox.

    The Republican Party's agenda to subjugate average Americans is so rotten, it smells worse than the toilet seat on a shrimp boat." Aristotle

    by funluvn1 on Wed Jan 07, 2009 at 10:20:08 AM PST

  •  As weird as this sounds, perhaps Kos could (5+ / 0-)

    contribute some funds and expertise to help them - and me, since Turn Maine Blue is on Soapblox.

  •  I'm building something similar (1+ / 0-)
    Recommended by:
    by foot

    I was not even really aware of soapblox, but I absolutely agree with you that this is a really great thing for building communities.

    I guess I'm working on building a similar functionality site.  I was thinking more in terms of local groups, user groups, civic groups, HOAs and whatnot.  Kind of a replacement for yahoo groups that is more full featured.

    I've always kept my experiences with dailyKos in the back of my mind, but I guess I never considered the full content creation opportunities that dKos platform allows you.  I'll have to think about that more with my design.

    I'm a ways off though.  It's an experiment I'm working on in my spare time.  But we'll see.

    I'd personally like to understand better what happened to soapblox.  Was it a Linux vulnerability, SQL injection, or something else?

  •  It may not be the particular software (8+ / 0-)

    i.e.; SoapBlox that's the problem, but whether the servers and associated packages were kept secure.  I don't know which server OS was being used on the host, but no matter which one, you need to keep it patched up.  A security hole is a security hole.  That also applies to the related software (databases, etc.)  

    There's also security in practice.  You never, ever leave the default passwords in place - I remember as a system admin doing "white hat" hacking, being able to hack an incredible number of SQL Server boxes by simply using the password "sa".  There's a whole series of things you do to lock down a server.  It doesn't mean that it can't possibly be hacked, but it means that it's much more difficult to do it.  That means that most hackers move on to finding an easier target.  

    I think that I have had enough of you telling me how things will be. Today I choose a new way to go ... and it goes through you!

    by Norbrook on Wed Jan 07, 2009 at 10:23:17 AM PST

  •  A lot of you looking at this wrong (6+ / 0-)

    I keep seeing comments like "drupal does this" or "joomla does that" and yes they CAN.

    But out of the box they do not and that is why there are so many that rely on SoapBlox. I have not administered a SoapBlox site, but from what I have seen they basically make it so you need minimal technical knowledge to get up and rolling. Maybe some HTML or CSS skills to "pretty" it up and you are fine.

    It takes a decent amount of know-how and a willingness to do some PHP coding to really tweak systems such as Drupal and Joomla to behave like a DailyKos or other similar blog with user diaries, rating, front page recommends etc. Also, you have to be on top of security patching etc which can be tricky because oftentimes if you customize the code too much the patches can conflict with and you might need to re-customize some of the code.

    Honestly, the best solution long-term would be for many of the liberal blogs out there with resources cough Markos cough to invest in and support an open source platform that supports the common features 90% of the folks here want.

  •  Where is the open source for Soapblox? (0+ / 0-)

    Does the Soapblox open source exist?

  •  Not a crisis (0+ / 0-)

    Just a bump in the road. I hadn't even heard of it and I'm a pretty active blogger. Haven't visited MLW in a long time, though.

    Hits on websites and blogs are part of life. If SoapBlox has security holes and can't fix them, some other platform will come along.

    Is it not written "the freaks shall inherit the earth"? (Lu Tse)

    by MakeChessNotWar on Wed Jan 07, 2009 at 01:14:46 PM PST

    •  not a crisis to you (3+ / 0-)
      Recommended by:
      boadicea, On The Bus, SadieSue

      But a crisis to many, especially the state blogs - which are very different and serve very different functions than the national blogs. Many of the national blog readers don't read their state blogs and vis versa, but that doesn't mean the local/state blogs aren't just as important and have just as strong an impact on the state and local levels. Blue Mass Group, from Massachusetts, raised the 3rd most money for Act Blue in '08 out of any blog in the country, ahead of blogs like AmericaBlog (from what I remember). The community has made a huge difference in Massachusetts, impacting the process, helping nudge the media, getting a Democratic Governor elected, etc. etc. etc.

      So, yeah, it actually is a crisis if these sites go down. Even if it's only a crisis to some people and communities - while some people "haven't heard of it."

      You can't just say "well, another platform will come along" since you can't transfer the old sites to those new platforms. SoapBlox is really just going to have to release their source, pronto, or there's going to be a LOT of lost data and angry customers/communities/readers.

      •  If the site isn't backed up (0+ / 0-)

        Shame on them! Failure to keep a backup is a sign of major incompetence. Backups should be done daily. I'm not very sympathetic.

        Cyberspace is a war zone. We need both good practices and good defenses.

        Is it not written "the freaks shall inherit the earth"? (Lu Tse)

        by MakeChessNotWar on Wed Jan 07, 2009 at 11:08:37 PM PST

        [ Parent ]

  •  What does this mean for the average reader? (0+ / 0-)

    I understand that SoapBox is in trouble and I understand that it's been hacked, and I'm sorry for that, because it messes up some good voices on the net.

    Having said that, does this mean that my computer has been hacked because I read dKos?

    Does this mess up all of us?

    I'm a non-techie, so be kind, please.

    •  For the end user it only means the loss of (1+ / 0-)
      Recommended by:
      Bernie68

      service if you are a reader of those blogs affected. You have nothing to worry about on your personal system and it didn't affect DKOS at all.

      "We know now that Government by organized money is just as dangerous as Government by organized mob." FDR

      by JC Dufresne on Wed Jan 07, 2009 at 07:31:44 PM PST

      [ Parent ]

  •  A bandaid (0+ / 0-)

    Feel free to share this with anyone, but a bandaid solution could be to get a regular blog and a regular forum. Have the forum create an RSS feed of new threads (phpBB does). Then use the GoogleAJAX Feed API so that by just putting some Javascript in your blog template, you can have a list of all recent forum threads running down the side of your blog. It will look just like diaries, and it will link people from the blog to the forum. Unfortunately, you would not be able to front-page the forum threads in the sense that you could bring over all the thread replies into the blog comments section, but you could still highlight forum posts you're interested in on your blog. I don't know who to forward this suggestion to, but I hope someone who does, will.

  •  This is patently false (0+ / 0-)

    This is very, very wrong:

    SoapBlox includes all the major features of a community blog -- namely, user diaries and other community-building features. These features are NOT readily available in any other software platform WordPress, MoveableType and others make it exceedingly difficult to do things like diaries and frontpage promotions, and SoapBlox makes it easy.

    Soapblox is a closed-off blackhole that is already about 3 1/2 years behind the major CMS's (Drupal, WordPress, Joomla) in terms of features and innovations. In addition to the three CMS's above being easily configurable - I happen to know that there are a bunch of politically minded developers out there who are happy to get things like this together for people for free or nearly free. (I myself am one of them)

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site