Wednesday, September 30, 2009

Mightyquiz is powering our reddit census, which is powered by you

We wanted to learn a bit more about you all, the reddit community, and thought a 20 page survey was the least desirable option. Instead, we partnered with MightyQuiz, who built us this platform for polling (and quizzing!). And here's the best part: you can write your own questions.

This is a white-label product they're building for any online community, but we're anxious to see what you all will do with it. This is the community that sent a couple of unemployed dudes around the U.S.A. to do their errands.

Have fun with it. And let us know what you think.

Monday, September 28, 2009

We had some bugs, and it hurt us.

As many of you noticed last night, or heard this morning, we had a bug in reddit that allowed someone to start a comment bomb. Specifically, we had two bugs.

The bugs have been squashed, and it is perfectly safe to open your inboxes again.

It is important to point out here that as a site that gets all of its content from users, we take sanitization very seriously. We sanitize both input and output. In this particular case, our output sanitizer was broken in a non-obvious way. As a matter of fact, these bugs were only exploitable because we are open source. The worm author had to scour the source of our output filter to find these holes. We cannot hide behind security though obscurity, and we like it that way. We also rely on our users reporting security bugs in a responsible manner.

We have spoken to the worm author, and he has apologized for his actions and admitted that what he did was irresponsible. He has promised that he will follow the path of responsible disclosure in the future.

We would also like to take this opportunity to thank the mods who spent time banning all of the malicious comments in their reddits.

And lastly, a special thanks to everyone in the IRC channel who helped us track down and fix this problem, with an extra special thanks to chromakode for his help last night.

Technical Details

The first bug wasn't really a bug, but a feature of markdown that we hadn't removed. This feature allowed one to specify a variable for replacement later on. This feature alone however was not enough to carry out the exploit.

The second bug was also in the markdown library. To prevent double escaping of certain characters, they are run through MD5 after being escaped once, and then the MD5 is undone at the end. Since the MD5 is the same every time, someone figured out that if you just put the MD5 into your comment, it would be unescaped at the end.

Putting the two holes together allowed a user to create a comment that had javascript in it that would run via onmouseover and automatically post new comments on the user's behalf.

To fix the first hole, we disabled that feature, which probably should have been disabled before. To fix the second, we added a salt for the MD5, so that it would not be predictable. You can see the patch here:

http://code.reddit.com/changeset/1f1f0606f5b6bf14a0db55a28cfd03e1e42e3550

Friday, September 25, 2009

Evgeny Morozov studies how the Net is used as a means of repression, just as effectively as it liberates - ask him anything

Submit your questions here.

Is the Internet what Orwell feared? Evgeny Morozov is a contrarian of the online revolution, reminding us all that while the Internet has done a tremendous amount of good - liberating ideas, facts, and people - it just as useful at continuing oppression. His insightful TED talk details examples of how regimes are learning to use the Internet for furthering propaganda and simultaneously silencing dissent.

Morozov is "known for debunking -- with facts, figures and sound research -- myths and media-bandwagon assumptions" - ask him anything. Submit your questions to this thread and we'll ask him the top 10 as of Tuesday, Sept. 29th at noon Pacific.

Thursday, September 24, 2009

reddit interviews Dirty Jobs' Mike Rowe

Ask Mike Anything. Click HERE.

Mike Rowe host of the Discovery Channel's Dirty Jobs, has graciously agreed to answer your top 10 questions.

As the creator and executive producer of Dirty Jobs With Mike Rowe, Mike has spent years traveling the country, working as an apprentice on more than 200 jobs that most people would go out of their way to avoid. From coal mining to roustabouting, maggot farming to sheep castrating, Mike has worked in just about every industry and filmed the show in almost every state, celebrating the hard-working Americans who make civilized life possible for the rest of us.

Check out EverythingMike.com, Mike's Q&A on the Dirty Jobs site and Mike's talk at the EG conference where he discusses lamb castration, PETA, and American Labor.

You can also follow Mike on the twitters @mikeroweworks.

Ask and vote on your questions HERE. Mike will answer the top 10 questions as of 9/29 at 12pm ET. Questions in this blog's comments will NOT be considered. Look for Mike's video interview on Monday October 5th.

Thursday, September 17, 2009

A Reddit Soapier Soap How To

Guest blogging by reddit's Fantastic Voyagers. Follow their journey on their reddit. Subscribe today!

Hey guys and gals, it's Draynen from Reddit's Fantastic Voyage.

Well, sort of anyway. While we were in Tampa, Jake and I stopped by Soapier, makers of the Reddit Alien soap and got a crash course in soap making. It might not seem like it just from looking at the bars themselves, but each Reddit soap is painstakingly hand crafted before heading out the door. It's not easy. We screwed up.

A lot.

Wednesday, September 16, 2009

Please stand by...

You may notice some slowness on reddit today, which can also lead to timeouts. Every time one of our application servers tries to exchange information with our database, Kanye West interrupts the TCP stream. (Okay, I apologize, that meme is so two days ago.)

The people who run the network reddit uses have this to say: "We have identified a problematic transit route. We have modified our Internet routing topology to avoid the problematic path."

So bear with us, please.

Friday, September 11, 2009

Gone but not forgotten

Guest blogging by reddit's Fantastic Voyagers. Follow their journey on their reddit. Subscribe today!

Well, we're officially on Day 4 of the grand Reddit Adventure, and we've already had 2 casualties.

Both Gnarly and the traveling reddit alien have suffered massive trauma during our travels here in New York.

Gnarly went to the great beyond in my backpack, his horn ripped mercilessly from his head. My only hope is that it went quickly for him, and without much pain. I hate to think how long he might have suffered, screaming in his native Narwhalian tongue, me, unable to hear him over the roar of the subway platform. Regardless, he died alone in the quiet solitude of my pack, nestled in between a Cliff bar and my Nintendo DS. For that I may never be able to forgive myself.

The poor Reddit alien came to a much more abrupt and visible demise. While rearranging our packs at the apartment of one of 77or88's friends, the bottom hatch of his Cardboardium space pod suffered a catastrophic failure, ejecting him from his hibernation chamber at a speed equal to or greater than the standard pull of Earth's gravity. He was cracked asunder, and died a horrible death screaming on the floor; my warm tears rolling across his face would be the last comfort he would ever know.

We salute you, the mighty fallen. Out of all the souls I have ever encountered in my travels, theirs were the most... human.

tl;dr send crazy glue.





Thursday, September 10, 2009

Just for you, reddit addicts: Track your karma (and reddit mail) in real-time!

So, you use reddit a lot, eh? Take your karma score pretty seriously? Get a warm and fuzzy feeling every time you see the orangered envelope?

You'd better download the redditAddict Lite app. Yes, it's free.

Not unlike our recent relaunch of Socialite (written by chromakode), we're adding another free app to the reddit apps portfolio. You might recognize the developer of this app from such websites as reddit.TV and redditall.com; it's Tritelife!

This lightweight AdobeAir app works across OSs (yes, even Linux) and is sure to keep you more in touch with your reddit account than ever before. Watch how your karma trends with every submission and comment, or just listen; we've included a few sound packs, including one graciously donated by a UK redditor, MimiK, you may recognize from some of our t-shirt ads. When she's not working on her PhD in video games, she's doing excellent voiceover work (see "Union Jill" sound pack - tho we considered calling it "Union Jane").

As always, let us know what you think. Do let us know if there are any features you'd like to see included in the non-lite version (it just sounds wrong to call it the 'heavy' version).

The Adventure Begins

Guest blogging by reddit's Fantastic Voyagers. Follow their journey on their reddit. Subscribe today!

Hey guys and gals, it's Draynen from Reddit's Fantastic Voyage.

First of all, I want to say thanks once again to everyone who has been donating their money, time and homes in order to make this whole crazy trip possible. It's truly an experience of a lifetime, and Jake and I are working hard to make sure we share as much of it with you as possible.

For the most up to minute information, I suggest our twitter feed. Yes, I know not everyone is a fan, but even after two days, we're already starting to figure out just how hard it is to keep all our devices powered and connected to the interblag.

Outside of that, there's a whole host of other ways to follow us along our journey:

  • Both Jake and myself are keeping blogs on FoodProof about all the interesting meals we eat while we're traveling around. Yesterday, Jake tricked me into eating brains. Pay no attention to the rising threat of the zombie apocalypse.
  • We have a (somewhat neglected now that we're traveling) YouTube channel. Our video chronicling our trip to the Reddit HQ, along with a small side project, should be available any minute now, actually...
  • Associated Content is sponsoring us to write the occasional blog for them over the coming weeks. Jake claims to be all over that first post, but the last time I looked over at his screen, he was googling for naked pictures of Velma from the Scooby Doo cartoon.
  • I just got the flickr collection up and running, and hopefully should be able to update this every day or two.
  • This can all be kind of confusing, and perhaps a little overwhelming, and it sure would be great if there were some place to aggregate all of this content into one place, and then maybe even vote on its quality, so that the most interesting things were featured more prominently. It's really too bad nothing like that exists.
All right, that's it for now. From Jake, myself, and of course, Gnarly the Narwhal, don't stop believing, streetlight people.


Wednesday, September 09, 2009

Congressman Ron Paul Answers Your Questions

Ron Paul, the Republican Congressman from Texas, answers reddit's top ten questions from his office in Clute. TX. Watch the full 35min interview here:



Dr. Paul's newest book End The Fed comes out on September 16th, you can pre-order it at amazon.

Tuesday, September 08, 2009

You asked, Hans Rosling answered

We polled the reddit community for the top 10 questions to ask stats guru Hans Rosling last week.

Our partners at TED have just uploaded Hans' answers. As usual, he's in top form in this video and we're grateful for his reply.

Ask Randall Munroe (xkcd) anything - hear him answer on Sept 21st in SF at an EFF fundraiser

Can't make it to SF on the 21st to meet Randall? How about New York (9-19) or Silicon Valley (9-22)?

[Read the xkcd announcement.]

You've probably seen him around reddit, but now's your chance to submit and vote on the best 10 questions to ask Randall on Monday, Sept 21st, at 111 Minna in SF (and if you can't make it, Justin.TV will be live broadcasting the event). We'll take the top 10 questions as of Sept 18th at noon Pacific. The event will be an EFF fundraiser - here's the skinny on how to attend:
Order tickets here. Starts at 7 p.m. at 111 Minna Gallery in San Francisco. Admission is $30, and attendees must be 21+.

A pre-reading VIP reception will take place beginning at 6 p.m. Admission includes wine, cheese, a free copy of XKCD: The Book courtesy of Breadpig, and the chance to meet, mingle with, and have your book signed by Randall! Admission is $100.
This will be one of the stops on the tour for his upcoming book, xkcd: volume 0. The other locations scheduled presently are in New York and Silicon Valley, but will be devoid of reddit-powered Q&A. They will, however, also be fundraisers -- benefiting Room to Read in an effort to build an 'xkcd school' is Laos.

Presumably, their shelves won't be filled exclusively with copies of the above book.

Saturday, September 05, 2009

Nintendo called it unhackable. C'mon reddit, let's show them a thing or two.

There was recently some discussion on the gaming reddit about an old NES game called Treasure Master. By most accounts*, it wasn't a particularly notable game, except for a contest that it was designed around.

As advertised on the box (and in Nintendo Power), players had several months after the 1991 release to practice playing it. Then, in a live and much-anticipated MTV event, a secret password was revealed. Entering this password opened up a bonus level at the end of the game, and at the end of the level was another secret code that was worth thousands of dollars in cash and prizes: You had twelve hours to race through the game, reach and beat the never-before-seen final level, and call into a special 1-900 number. If you were the first to do it, they'd send your family to the Superbowl. If you were one of the next 250 people, you'd get the brand-new, just-released Super Nintendo. But you only had until midnight to claim it!

Anyway, that's kinda where the story ends. Shockingly, there's almost nothing on the Internet documenting who won, whether the company actually delivered, what the code at the end was, or how it might have been possible for someone to cheat, bypass all the rules, and totally steal the contest. Nintendo claimed the security system was proven unbreakable by MIT and the CIA (really), but we have our doubts. It's quite a story, and yet very few people know anything about it.

Well, we here at reddit thought this should be rectified. And so, we're organizing the Great 2009 Treasure Master Hack-a-Thon. We're sure that with the combined efforts of /r/gaming, /r/programming, /r/netsec, and the rest of the reddit world, it'll crack like a nut.

When the reddit community puts their mind to something, great things happen. Follow along in /r/TreasureMaster. And spread the word.

*A really terrific (but completely profane) review can be found on YouTube. The reviewer is like Lewis Black, but angrier.

Tuesday, September 01, 2009

reddit + TED interview Hans Rosling, the stats guru who brought sexy back to stats

Ask Hans anything. Click here.

We had such a great time interviewing Sir Ken Robinson with our partners TED that we thought we ought to keep it going. Take a moment to read Sir Ken's answers if you haven't already.

Hans Rosling is already a bit of a rock star on reddit and we're thrilled to have him as our next interviewee (if you're already jumping out of your seat, click here to submit your questions in the reddit thread). If you haven't seen Hans' TED talks, we'll let it slide, but you owe it to yourself to take the time to watch. He presents data in a way that is as compelling as it is beautiful.

Furthermore, he's made his tools available to the public via Gapminder.org with the hope that we can all live in a slightly more fact based world view. Give it a try, and while you're creating your best Hans Rosling impression, think of a question you'd like to ask him. We'll ask the top 10 questions as of 5pm Pacific on Thursday, September 3rd.

Below is his most recently published TED Talk (and also the 500th TED talk - a tremendous achievement).