
OSNews Suffered a Data Breach Last Month; Seeks Financial Help to Survive - jsondiv
https://www.osnews.com/story/128924/what-happened-here/
======
jonhohle
OSNews was one of my favorite sites when Eugenia Loli was managing editor. My
perception at the time was she had a true interest in all aspects of computing
and posted stories without over-editorializing making it a great resource for
all of the upstart OSes at the time - ReactOS, Linux, BSDs, Darwin, QNX, BeOS,
Maemo, SkyOS, MorphOS, Plan 9, etc. There seemed to be multiple stories a day,
singularly focused on OS topics, and not general software as it later
transitioned to.

I tried to stick around when Thom took over, but the stories became much more
opinionated, the content less diverse, and the community more hostile to ideas
not shared by the most vocal of commenters.

I've only visited a few times a year since then, but I'm always glad it's
there, though it has never captured the spirit of all those years ago.

~~~
adrianlmm
>but the stories became much more opinionated

same here, OSNews become Thom's personal blog, and I left the site permanetly
after he went full SJW in the gamergate days.

~~~
agumonkey
strange how things change, not many websites stay the same, even arstechnica
which was one of the best became more and more mainstream and spammy

------
akerl_
> your password will be encrypted using a modern secure algorithm, which is
> currently PHP’s password_hash function, which uses Blowfish or Extended DES
> and can change over time so we don’t repeat any past mistakes.

Not sure if the OSNews folks are reading this, but I'd definitely not consider
either Blowfish or DES to be secure password storage methods. Surely there's
some library that'll do bcrypt/scrypt/etc in PHP?

Also, it seems pretty bold to push users with a call-to-action around
volunteering / sponsoring in the same post as they alert users to a breach.

~~~
mattzito
> Also, it seems pretty bold to push users with a call-to-action around
> volunteering / sponsoring in the same post as they alert users to a breach.

I understand your point, but I think tone and context matters - they're owning
up to the fact that like, "Look, we screwed up, we didn't do a good job here,
and hey, we realized that we don't have the resources to do a good job at the
moment, so we want to fix that".

It would be different/inappropriate coming from a purely commercial service,
but a site that uses a lot of volunteeer/community effort should be able to
acknowledge mistakes while asking for help.

