Save Soapblox!

by: Chris Bowers

Fri Jan 09, 2009 at 12:00

Cross posted on Daily Kos and appearing all over the Soapblox network

You know how some politicians are fond of saying "you can't solve a problem by just throwing money at it." Well, here is a problem you can solve by throwing money at it. Send in a contribution to save Soapblox now!.

Goal Thermometer

More in the extended entry.

Chris Bowers :: Save Soapblox!
Why is Soapblox Important?
Soapblox is an inexpensive, community-building content management platform developed by Paul Preston and currently used by over 100 progressive blogs. For only $15 / month, Soapblox has offered most of the features available on sites like Daily Kos and MyDD: user diaries, recommended diaries, promoted diaries, interactive comments, comment ratings, tip jars, and even things like quick hits. It is a lot of functionality for not much price, making it ideal for independent, progressive, grassroots media. As such, it has been adopted by about 90% of the fifty-state blog network, and also by several national sites including Pam's House Blend, My Left Wing, Swing State Project, and my own Open Left. Collectively, the blogs on Soapblox received over 50,000,000 page views in 2008, and provided a huge percentage of the state-level, local politics coverage in the progressive blogosphere.

Why Is Soapblox in Danger?
On Wednesday morning, Soapblox was hacked to within an inch of its life. A quarter of all Soapblox sites went completely offline, and their databases were gone. Most others were threatened, as My Left Wing and Open Left temporarily lost all of their diaries. The hackers were in so deep, that Paul temporarily threw in the towel and declared defeat. Dozens of bloggers that I knew were all frantically emailing each other. Desperate attempts were made to try and copy all of our data before The End. At one point I was, literally, running up and down the stairs in my apartment building freaking out, as there are few things I fear more than my website's content being wiped out. It was an impending blog apocalypse, where the entire archive and operation of over 100 blogs were almost wiped off the Internet with no hope of return.

As the day went on, through a lot of effort Soapblox was able to fend off the attack, save all data, and restore full service. However, the threat remains.

How To Solve The Problem
Here is what Soapblox needs in the immediate short-term to become safe and secure once again:

--Recharge ten servers
--Perform a full security audit of the SoapBlox server/unix infrastructure to prevent hackers from gaining access
--Ensure all backup process are working and functional to guarantee that if hacking happens, data is preserved
--Perform a security audit on the SoapBlox code itself so that hackers cannot exploit the SoapBlox code itself.
--Migrate to new, secure servers

The good news is that, in addition to restoring full service for Soapblox, Paul has already found a system administrator who lives in his area and is able to help. All of the work listed above is currently underway. Here is what it will cost:

--Recharging ten servers at $100 apiece: $1,000
--Purchasing new, secure severs, and migrating the data: $8,000
--One month of full-time work at $50 / hour in order to complete all of the tasks listed above: $8,400

So, for a total of $17,400, we can secure Soapblox, and ensure that yesterday's dangerous attack can never be replicated. Let's make this happen. Save Soapblox and secure online progressive media. Contribute today.

Why BlogPac?
No doubt, many people will ask why the money for this fundraising is going to BlogPac, rather than directly to Soapblox. The answer is two-fold.

First, BlogPac can transparently raise money across several blogs at once through Act Blue. As you read this, dozens of other Soapblox blogs, along with BlogPac's membership, are currently participating in this fundraiser. Also, as a federal PAC, BlogPac will have to disclose the payments to Soapblox, thus leaving a public record and complete transparency for the fundraiser.

Second, over the past two years, BlogPac has been proud to be Soapblox's main contributor. Since January 2007, as part of our fifty-state blogging program, we have paid the website hosting fees of a few dozen state blogs. Also, as part of the BlogPac infrastructure contest, Soapblox was granted $5,000 to help upgrade their service. Now, we are proud to serve as the financial vehicle that will save, secure and help build up Soapblox for the future.

As such, in consultation with Paul and several Soapblox state bloggers, it was agreed that BlogPac would serve as the financial vehicle for the Soapblox fundraiser. We are honored to do so. It is BlogPac's opinion that Soapblox is too big a part of online progressive infrastructure to fail. Also, all money raised in this fundraiser beyond $17,400 will go toward continuing the fifty-state blog grant program, and building up Soapblox over the long-term. For this effort, becoming a contributing member to BlogPac would be a great help. $5 a month goes a long way toward building progressive infrastructure.

For the past three years, Paul has developed and maintained Soapblox on his own. It is a part-time job for Paul, netting him about $10-$12K a year. Given the service he provides, it is the least he deserves. However, to go beyond merely preventing Soapblox from imminent destruction, and building the service up over the long-term, this will need to become a full-time position for Paul. Also, while Paul is working on improving Soapblox, he will need a regular, part-time systems administrator to guard against future attacks.

Paul and I have discussed a wide range of options to pull this off. It will require a mix of increased hosting fees, larger institutional support than BlogPac can provide, and larger donors who can give directly to Soapblox. Once this fundraiser is over, and the work listed above is completed, our first priority will be making sure that this happens. While there is a certain romantic charm to operating on such a shoestring, in order to build the base of power needed to make a progressive America, we need more organization, infrastructure, and resources. Saving, and then building up, Soapblox is an important part of that goal. Send in a contribution to save Soapblox now.

Tags: , , , , , , (All Tags)
Print Friendly View Send As Email

Save Soapblox! | 34 comments
Future of Soapblox (0.00 / 0)
I've read some of the concerns that software programmers have about Soapblox, that it's not written in a format that is going to be future proof. One said it was written in java rather than php. Before the progressive blogosphere puts all this money and time into Soapblox, it is really software that can work for the long haul, especially considering that there are solid alternatives that already have those features? It seems to me that the future of Soapblox is about more than saving and securing what now exists. If someone can convince me that this issue is part of the big plan now on the table, I will donate. Otherwise, I'm just not sure of the long-term value of this effort.

there are no alternatives with these features (4.00 / 2)
A) We need to save these blogs right now. That means saving Soapblox.

B) There are no alternatives with Scoop features. And certainly not in an out-of-the-box format that can be used immediately.

C) Once it is saved short-term, we can work on long-term programming fixes. Those plans are already underway.

[ Parent ]
How about Scoop itself? (0.00 / 0)

[ Parent ]
Takes a lot of programming (4.00 / 3)
This is an out-of-the-box version of Scoop. As far as I know, it is the only out of the box version. As such, for low-cost blogging, and for those without much start-up capital or programming expertise, it is the only way to use Scoop.

For example, when we left MyDD and looked to start Open Left, Soapblox was the only realistic option. Anything else would have taken a large investment of money, time and programming expertise. And then, it would have need separate hosting on top of that. To produce a site like Open Left quickly and easily, this was the only option.

[ Parent ]
If there's some concern (4.00 / 1)
about the security of the soapblox code, maybe it should be abandoned for the well-tested version of scoop used by dkos, assuming Markos is willing to give it away.  

[ Parent ]
That is an idea (0.00 / 0)
Markos has set up some sites, and his Scoop is obviously impressive.

At the same time, he has dumped a lot of money into it, and I wouldn't blame him if he didn't want to just become a cheap hosting system for dozens of new blogs. Perhaps if this failed entirely, but we aren't at that point yet.

For now, we have a path forward to save and fix this program. Markos has provided a lot of help, too. We can pull out of this. Some good stuff is already happening!

[ Parent ]
I think he said at some point (0.00 / 0)
that it was his intention to open source the modifications. He doesn't have to host it. You might ask him how much he's willing to share now.

Paul has done a good job getting soapblox to the level of functionality that it has, but it seems to me that scoop has had many more eyeballs over the years, and now might be a good time to move over.

I worry about how much it's going to cost to secure soapblox as it exists now over the years.

[ Parent ]
The best security are your backups! (4.00 / 1)
Homeland seecurity has spent tons of money on security theatre when the real hero of airline security have been the cheap pilot door locks and the free heroics of passengers willing to crash a plane rather than let it be taken over.

Scoop would be a high price to pay for security theatre. Our real security rests in the fact that each and every Soapblox is it's own database. All we really need are good backups and those are cheap. Soapblox is a very robust piece of software and you can no more design your way to safety from hackers than you can stop floods or earthquakes.

See Bruce Schneier for more expert advice on security.

We are a small blog and we've been running just fine for nearly fours thank you. Indeed we were the first SoapBlox blog after SoapBlox itself. (We are now Prairie State Blue.)

Jeff Wegerson

[ Parent ]
Thanks (4.00 / 2)
I don't deny the need, and glad to hear that "those plans are already underway." I just think it would be good to be more explicit about that aspect of the project. Thanks for your work on this.  

[ Parent ]
Disagree (0.00 / 0)
There are other ways to do it, which I am doing for my own blog (and what I'm developing might just be scalable for multiple blogs). It's also not as intensive to get it working as say straight up scoop. shrug (Let's just say, is also running on the system I want to use for my blog-with-user-diaries development - if it's good enough for the future President...) ;)

That said, Soapblox is the system that exists now, another one would take time to develop and ramp up, even if it's easier to develop than starting from scratch or from scoop. Also the price is right (the hosting fees are very reasonable).

Actually, if things go well with my blog and its structure, I might start looking into how to scale that up. The system I want to use (ExpressionEngine) does have a Multiple Site Manager feature. (And no, before anyone asks, it's not open source, but it's damn robust, and cheap as hell.)

[ Parent ]
java isn't bad (0.00 / 0)
It's the closed source that's a problem, IMHO.

It is true that everything soapblox does Drupal can do as well. Soapblox works like DailyKos out of the box where Drupal takes some work to get it to act that way.

Soapblox is popular because it's a prefab, hosted solution.  You could set up a service hosting preconfigured drupal installations and get the same thing.  Civic Space was doing somthing similar for a while. I don't know if they still are.  

[ Parent ]
He needs to open source it (4.00 / 2)
I know I'm not the only GNU zealot reluctant to donate to closed source software projects.

Besides, what if Paul is hit by a bus?  Giving other people access to the code would at least mean someone else could pick up where he left off.

Open source is necessarily the best way (0.00 / 0)
But a group of people will be working on the programming upgrades, not just one person.

[ Parent ]
to add (4.00 / 1)
We are considering open-sourcing it.

[ Parent ]
But --- (4.00 / 6)
There's a lot more to successfully open sourcing a project than releasing the source code.  The vast majority of open source projects have a single developer.  

Which is my concern about building so much of the state blogging infrastructure on a single piece of code that is not a successful open source project.  

I run one of the 50-state network blogs on Drupal.  Drupal is ALREADY tremendously successful as an open source project.  There is a big developer community.  There are conferences throughout the world, an established infrastructure for development, and I know a lot of the developers personally.  I'd MUCH rather see the progressive movement invest in building a Drupal profile for building a turn-key state blog web site than invest it in trying to open source a niche project like this that will not very likely ever build a developer community.  

In the long run this means that I have a site that can be moved to any capable hosting environment, and that can be modified to do anything that I want it to do, assuming I'm willing to invest the time or money. And it's a project that already has thousands of developers working on it around the world.

I understand the immediate need to shore up the soapblox infrastructure - but I think the community needs to think about this as a long-term problem.  I'm not suggesting that Drupal or any other CMS is necessarily the solution - but that if there is going to be major capital investment, there should be some consideration of alternatives.  

Steve Hanson

[ Parent ]
Agreed (4.00 / 1)
I'm worried that soapblox is a good-looking reinvention of the wheel. It shouldn't be too hard for someone to put together a hosted package of an already secured version of similar software (my suggestion was the dkos version of Scoop, because that's what soapblox tries to imitate anyway).  

[ Parent ]
Sorry, not enough (4.00 / 1)
I'd love to donate, but I'm not going to donate money to a close-source system that only one person has coded.

What happens if he has an accident or some sort of health issue?  No amount of money is going to fix some of those possibilities.  I wish the guy well, but life brings what life brings.  And all the money spent to that point will be for nothing.

If it was closed source with a decent sized company or group of people behind it, maybe.  But it would be better for everyone if it was fully open sourced.

I'm also a bit dubious about soapblox in general.  There are scoop hosting sites out there.  Folks in the Wordpress community have improved it so that it's more userfriendly to admin - investing time and effort into scoop towards a similar goal would be a good idea.  And the DailyKos developer does push stuff back to the scoop community.

There's also slash (which inspired scoop), wordpress and drupal.

I think donors need more information.  I know it's an important part of infrastructure.  I know the guy who wrote it worked hard and deserves credit.  But we should take a hard and honest look at this and think through what the next steps are.  What could go wrong.  How best to spend money on tech.

[ Parent ]
I just dropped a $100 (4.00 / 5)
Thanks and keep up the good work. I already pay the $15/month, but the work you've described is hugely important.

Political speech is consequential, and attacking websites is already becoming a bloodless and relatively normalized form of political violence in many parts of the world. Whether state sponsored or coming from inidividual volunteers, this is a permanent occupational hazard of political blogging.

Some websites of groups that advocate against the Israeli occupation have been shut down since the latest violence started. Last year in the Middle East a sectarian hacker war broke out that affected more than a thousand websites.

I ponied up and I'm unemployed (4.00 / 4)
I ponied up (over at DKos) and I'm unemployed; but this is one more step toward UHC, no?

Now get out there and contribute, people. Don't make me ask again.

Thanks, Chris.

Election law check (0.00 / 0)
As a non-US citizen, can my money go through a Federal PAC if it doesn't go to a campaign?

Failing that, where can I go to donate to SoapBlox directly?

Forgotten Countries - a foreign policy-focused blog

No (0.00 / 0)
But someone should set up a PayPal link for people like you.  

John McCain: Beacuse lobbyists should have more power

[ Parent ]
I'll see if I can set something up (4.00 / 1)
Hadn't thought of that. Thanks for your willingness to help, and I'll try to find a way for you to participate soon.

[ Parent ]
Also (0.00 / 0)
I still can't donate to Open Left. The donation demands to know my zip code, which is something I obviously don't have. Can I do that through PayPal too?

Forgotten Countries - a foreign policy-focused blog

[ Parent ]
Soapblox has a Paypal donation button (0.00 / 0)

Thank you for your support-however it's expressed-from across the pond.

[ Parent ]
Is the FBI investigating? (0.00 / 0)
Has anybody contact the FBI or the Justice Department?  If, as Preston has stated, the hackers intended to compromise sites throughout the internet, it seems like a crime for the feds.

the authorities ahve been contacted (0.00 / 0)
Hopefully, we will have more info soon.

[ Parent ]
Who should I contact about helping with sysadmin stuff? (0.00 / 0)
My brother might be willing to help out.  I'll give him a call if you haven't found anyone else.  He can help with security in general.

OK, he's up for it. (0.00 / 0)
He used to do network security for a larger mortgage lender.

[ Parent ]
I gave a little... (4.00 / 1)
But what I'm waiting for is to see who will be the first politician or organization to step up and offer a matching contribution.

You don't have to be a genius to see that it would be a killer move, what I'm more interested in is who is nimble enough to be the first out of the gate.

On twitter: @BobBrigham

Throwing money at SoapBlox... (0.00 / 0) not at all a solution.  And it's irresponsible, frankly, to solicit on its behalf at this point.

What is needed is a clear technology and governance plan for its future that addresses the major problems highlighted by this meltdown.  Once that exists in a form that gives confidence to its user community, fundraising might be appropriate.

A different measure of irresponsibility (4.00 / 2)
is to knee jerk critique without reading the proposal.

First stage is to get  secure the environment, and get an analysis of what's coming next.  We start from where we are.

[ Parent ]
The proposal is meaningless... (0.00 / 0)
...without a plan for community governance.  Please post a link if such a thing exists.  A single individual with a closed-source codebase is not a vendor worthy of support.

[ Parent ]
Others are being brought into the discussion (0.00 / 0)
and opening up the coding to more than a one person team is happening-though it's not decided whether it will eventually be fully open source.

[ Parent ]
Transparency (0.00 / 0)
I don't just want transparency in government.  I'm not seeing much here.  I'm not seeing how other people can get involved in these discussions.

Asking for money with such meager info is irresponsible.

"Others" are being brought in?  Who are "others?"  Where did you hear this?  Who is deciding it's a secure environment?  Who's auditing that?  Who is auditing the code?

Too many of these: ? means not much of these: $

[ Parent ]
Save Soapblox! | 34 comments

Open Left Campaigns



Advanced Search

Powered by: SoapBlox