Technoogy news reader.
9 stories

DonateWC is Working to Send People to WordCamps

1 Share

Though WordCamp organizers try to keep events as inclusive as possible, the truth of the matter is, not everyone can afford to travel to attend one. Unless you have one right in your city, you’re looking at paying for travel, food, and accommodations. For a freelancer or small business owner, this can be a lot to ask. That’s why Happiness Engineer at Automattic, Ines van Essen created DonateWC. The initiative looks to utilize the most important part of WordPress, the community, to send those who can’t afford such an event to a WordCamp.

According to the website, “All donations will go into a global fund. From that fund, we create sponsorships that are tailored to the recipient’s situation.” The fund will pay for travel, accommodations, Wifi, and food for the weekend.

We talked with van Essen about how the initiative came to be, and where it will go in the future.

Who can be sponsored

Applicants will be reviewed on a case by case basis, however, there are a few prerequisites. A chosen applicant must either be volunteering or speaking at the WordCamp they wish to attend, they cannot work for a company that has sponsored attendees in the past, and they must be active participants in the community. This ensures that the sponsorship brings value to the community as a whole.

All applications will be reviewed and one will be chosen.

“I’m working on putting together a diverse team of people who will function as an application committee. We will review future sponsorship applications together, ensuring that the awarding of these grants remain fair,” van Essen said.

As of writing this article, the team has received donations from 40 people adding up to $1405.68.

DonateWC origin

The idea came to van Essen when she had to spend “an arm and a leg” to get to the Community Summit. “That bugged me; if someone from a First World Country (I’m from The Netherlands) finds a trip like this expensive, how impossible is it for someone from a Third (or even a Second) World Country? It was a thought that kind of simmered in the back of my head for two years – I could maybe do something about it, but how?” she said.

The idea took about two years to come to fruition, but it finally has.

When she finally wrote the About page to the initiative, donations began pouring in. “I think that says something about how sorely this is needed, and how willing the community is to participate,” she said.

WordCamps are a way to connect with people you’ve met online and get your name and brand out there. If you can’t do this, you may be at a disadvantage.

Looking forward

Ideally, the initiative would like to fund 20 people in 2018. “My hope is that as the foundation grows, we get to help out more people and really make a difference. I’m already talking to some of the WordCamp organizers to see if we can collaborate,” van Essen said.

While that’s a lofty goal, van Essen is optimistic and is even hoping to send someone to WordCamp US this year.

“It’s a privileged and idealistic thought that everyone has a WordPress community close at hand,” van Essen said. “Even if your local WordCamp is ‘only’ a few hours away, you still need to travel there and most likely stay overnight. If you are living paycheck to paycheck, are currently unemployed, or live in a country that has very low minimum wages, how are you going to afford such a trip? Some people have mentioned that going to WordCamp US would cost them upwards of $5000 – something they’re not able to afford in a lifetime.”

DonateWC is looking to bring new points of view to WordCamps around the world.

“When people are not able to add their voice to a WordCamp in their area due to lack of financial means, we’re potentially missing out on a huge talent pool. WordCamp tickets are kept at a low fee for precisely this reason: to keep the events accessible regardless of financial status,” van Essen said. “If we can crowdsource the money it takes to set up something like WordCamp US, we should be able to source help for people who are in need.”

Donate at

Emily Schiola

Emily Schiola is the Editor of Torque. She loves good beer, bad movies, and cats.

The post DonateWC is Working to Send People to WordCamps appeared first on Torque.

Read the whole story
266 days ago
Toronto, Ontario,Canada
Share this story

Snopes Says it Needs to Raise $500k to Stay in Business

1 Comment and 2 Shares, one of the internet's first and most famous fact-checking websites, said Monday that a previous website hosting vendor continues to "hold the web site hostage," and the site is in danger of shutting down if it doesn't raise $500,000.

Snopes has started a GoFundMe campaign and has raised just under $55,000 by just over 2,000 people in 4 hours.

According to the letter on GoFundMe titled "Please help save!" and on the new website, the contract between Snopes and Proper Media, a private company that manages the web property, ended earlier this year. But Proper Media won't release the site back to Snopes, Snopes wrote. As a result, Snopes can't put advertising on its site. Because advertising is Snopes's only revenue stream, the site is now in danger of shutting down, the company said.

This campaign is a part of a legal dispute that's been happening all year. In May, Proper Media filed a complaint against Snopes owner David Mikkelson and corporate co-owner of Snopes, Bardav, Inc., alleging breach of contract and civil conspiracy.

"This case involves unlawful jockeying for ownership and control of the fact-checking website," the complaint reads. "But while Snopes is built entirely around the concepts of transparency and truth, its founder, Defendant David Mikkelson, has engaged in a lengthy scheme of concealment and subterfuge to gain control of the company and to drain its profits."

Bardav filed a cross-complaint against Proper Media in June also alleging breach of contract.

"Proper Media failed to perform its contractual and legal obligations and Bardav eventually terminated the contract in accordance with its terms," the cross-complaint reads. "Proper Media is now wrongfully withholding money owed to Bardav and effectively holding the website hostage by preventing Bardav from moving the website, advertising and other back-end functions to another service provider."

According to the original complaint, Proper Media acquired 50 percent of Snopes after a "contentious" divorce between David and Barbara Mikkelson in July 2016. After divorce proceedings resolved, Ms. Mikkelson sold her equity in Snopes to Proper Media.

I contacted Proper Media and corresponded with Karl Kronenberger via email. He's the attorney for Proper Media who filed the complaint against David Mikkelson and Bardav.

Kronenberger rejects the version of events described in the "Please help save!" GoFundMe letter. He pointed out that Proper Media is a 50% co-owner of Bardav, and that David Mikkelson faces pending lawsuit alleging "gross financial, technical, and corporate mismanagement."

"It is the height of irony that in today's post, Mr. Mikkelson attempts to rewrite history by saying Snopes 'began as a small one-person effort in 1994'—erasing his co-founder, former partner, and wife of many years, Barbara Mikkelson, who owned 50 percent of Bardav before selling her interest to Proper Media in 2016," Kronenberger said.

I also contacted David Mikkelson, but he did not return my request for comment in time for publication. I will update this story if I hear back. I also contacted every Snopes staff member with a public Facebook page, but the two who responded—Alex Kasprak and Brooke Binkowski—were not able to make public comments about the campaign.

In any event, Snopes users are donating and flocking to social media to express their support for the fact-checking site, which has gained new prominence since the popularization of the term "fake news." In fact, "Fake News" and "Donald Trump" are among the Top Tags listed in the header of the Snopes website.

Read the whole story
357 days ago
Toronto, Ontario,Canada
Share this story
1 public comment
357 days ago
Buh-bye, Snopes hasn't been trustworthy for ages.
Space City, USA

Watch the Trailer for Spielberg's VR Blockbuster 'Ready Player One'


The year is 2045, and Columbus, Ohio is the fastest growing city in the world—if you can even call the fragile-looking iron frames with trailer homes stacked up top of one another a city. Overpopulated and polluted, the world is in an energy crisis, and no one goes anywhere because "there's nowhere left go to."

This is the future depicted in the new trailer for Ready Player One, Steven Spielberg's foray into a dystopian future where everyone is addicted to virtual reality.

Ready Player One's teens and young adults, known as the "missing millions," spend their days jacked into the "Oasis," a virtual reality wonderland where people race down virtual representations of Manhattan streets while wrecking balls attempt to smash them, blast Freddy Krueger to smithereens with hand cannons, and hobnob with the Iron Giant.

It's not all fun and games, though. The billionaire creator of the Oasis plans to leave his entire fortune to whoever can find an Easter egg he hid in the system, and the tale kicks off after protagonist Wade Watts (played by Tye Sheridan) finds one of the keys pointing the way.

If you don't want to wait until the March 30, 2018 release date, you can pick up a copy of Ernest Cline's 2011 science fiction novel of the same name.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.

Read the whole story
358 days ago
Toronto, Ontario,Canada
Share this story

Why it takes so long

1 Comment and 2 Shares

Read the whole story
506 days ago
Other things just come up, or there really is a procedure. Or it just takes that long to get done.
Toronto, Ontario,Canada
Share this story

Phone Numbers

7 Comments and 19 Shares
Texting should work. Unless the message is too long, in which case it gets converted to voicemails, and I think I'm locked out of my voicemail.
Read the whole story
539 days ago
Toronto, Ontario,Canada
Share this story
6 public comments
538 days ago
me IRL
539 days ago
#4 is for whenever I have to enter a number and think I'll be bombarded with robocalls, unless the call starts with a magic package, in which case it's forwarded to my laptop to wake it up.
539 days ago
What about #2?
Moses Lake, WA
538 days ago
It's the Google voice number
539 days ago
this in a nutshell
San Francisco, CA
539 days ago
voicemail is terrible.
539 days ago
Texting should work. Unless the message is too long, in which case it gets converted to voicemails, and I think I'm locked out of my voicemail.
539 days ago
You're my new favorite bot.
539 days ago
@adam8797 Author here. Glad you like it! I forgot it was still running ! You probably don't need it anymore since on mobile you can long press images to see the alt text now.
538 days ago
Heh, this is a great bot. Keep it!
537 days ago
@samuel I have no intention to stop it for now, it just runs itself :-)

The Democratization of Censorship

2 Comments and 9 Shares

John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” This notion undoubtedly rings true for those who see national governments as the principal threats to free speech.

However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent powerful cyber weapons with transnational reach.


More than 20 years after Gilmore first coined that turn of phrase, his most notable quotable has effectively been inverted — “Censorship can in fact route around the Internet.” The Internet can’t route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the “The Democratization of Censorship.”

Allow me to explain how I arrived at this unsettling conclusion. As many of you know, my site was taken offline for the better part of this week. The outage came in the wake of a historically large distributed denial-of-service (DDoS) attack which hurled so much junk traffic at that my DDoS protection provider Akamai chose to unmoor my site from its protective harbor.

Let me be clear: I do not fault Akamai for their decision. I was a pro bono customer from the start, and Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company’s paying customers, they explained that the choice to let my site go was a business decision, pure and simple.

Nevertheless, Akamai rather abruptly informed me I had until 6 p.m. that very same day — roughly two hours later — to make arrangements for migrating off their network. My main concern at the time was making sure my hosting provider wasn’t going to bear the brunt of the attack when the shields fell. To ensure that absolutely would not happen, I asked Akamai to redirect my site to — effectively relegating all traffic destined for into a giant black hole.

Today, I am happy to report that the site is back up — this time under Project Shield, a free program run by Google to help protect journalists from online censorship. And make no mistake, DDoS attacks — particularly those the size of the assault that hit my site this week — are uniquely effective weapons for stomping on free speech, for reasons I’ll explore in this post.

Google's Project Shield is now protecting

Google’s Project Shield is now protecting

Why do I speak of DDoS attacks as a form of censorship? Quite simply because the economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists.

In an interview with The Boston Globe, Akamai executives said the attack — if sustained — likely would have cost the company millions of dollars. In the hours and days following my site going offline, I spoke with multiple DDoS mitigation firms. One offered to host KrebsOnSecurity for two weeks at no charge, but after that they said the same kind of protection I had under Akamai would cost between $150,000 and $200,000 per year.

Ask yourself how many independent journalists could possibly afford that kind of protection money? A number of other providers offered to help, but it was clear that they did not have the muscle to be able to withstand such massive attacks.

I’ve been toying with the idea of forming a 501(c)3 non-profit organization — ‘The Center for the Defense of Internet Journalism’, if you will — to assist Internet journalists with obtaining the kind of protection they may need when they become the targets of attacks like the one that hit my site.  Maybe a Kickstarter campaign, along with donations from well-known charitable organizations, could get the ball rolling.  It’s food for thought.


Earlier this month, noted cryptologist and security blogger Bruce Schneier penned an unusually alarmist column titled, “Someone Is Learning How to Take Down the Internet.” Citing unnamed sources, Schneier warned that there was strong evidence indicating that nation-state actors were actively and aggressively probing the Internet for weak spots that could allow them to bring the entire Web to a virtual standstill.

“Someone is extensively testing the core dcore defensive capabilities of the companies that provide critical Internet services,” Schneier wrote. “Who would do this? It doesn’t seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It’s not normal for companies to do that.”

Schneier continued:

“Furthermore, the size and scale of these probes — and especially their persistence — points to state actors. It feels like a nation’s military cyber command trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.”

Whether Schneier’s sources were accurate in their assessment of the actors referenced in his blog post is unknown. But as my friend and mentor Roland Dobbins at Arbor Networks eloquently put it, “When it comes to DDoS attacks, nation-states are just another player.”

“Today’s reality is that DDoS attacks have become the Great Equalizer between private actors & nation-states,” Dobbins quipped.


What exactly was it that generated the record-smashing DDoS of 620 Gbps against my site this week? Was it a space-based weapon of mass disruption built and tested by a rogue nation-state, or an arch villain like SPECTRE from the James Bond series of novels and films? If only the enemy here was that black-and-white.

No, as I reported in the last blog post before my site was unplugged, the enemy in this case was far less sexy. There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords. Most of these devices are available for sale on retail store shelves for less than $100, or — in the case of routers — are shipped by ISPs to their customers.

Some readers on Twitter have asked why the attackers would have “burned” so many compromised systems with such an overwhelming force against my little site. After all, they reasoned, the attackers showed their hand in this assault, exposing the Internet addresses of a huge number of compromised devices that might otherwise be used for actual money-making cybercriminal activities, such as hosting malware or relaying spam. Surely, network providers would take that list of hacked devices and begin blocking them from launching attacks going forward, the thinking goes.

As KrebsOnSecurity reader Rob Wright commented on Twitter, “the DDoS attack on @briankrebs feels like testing the Death Star on the Millennium Falcon instead of Alderaan.” I replied that this maybe wasn’t the most apt analogy. The reality is that there are currently millions — if not tens of millions — of insecure or poorly secured IoT devices that are ripe for being enlisted in these attacks at any given time. And we’re adding millions more each year.

I suggested to Mr. Wright perhaps a better comparison was that ne’er-do-wells now have a virtually limitless supply of Stormtrooper clones that can be conscripted into an attack at a moment’s notice.

A scene from the 1978 movie Star Wars, which the Death Star tests its firepower by blowing up a planet.

A scene from the 1977 movie Star Wars, in which the Death Star tests its firepower by blowing up a planet.


The problem of DDoS conscripts goes well beyond the millions of IoT devices that are shipped insecure by default: Countless hosting providers and ISPs do nothing to prevent devices on their networks from being used by miscreants to “spoof” the source of DDoS attacks.

As I noted in a November 2015 story, The Lingering Mess from Default Insecurity, one basic step that many ISPs can but are not taking to blunt these attacks involves a network security standard that was developed and released more than a dozen years ago. Known as BCP38, its use prevents insecure resources on an ISPs network (hacked servers, computers, routers, DVRs, etc.) from being leveraged in such powerful denial-of-service attacks.

Using a technique called traffic amplification and reflection, the attacker can reflect his traffic from one or more third-party machines toward the intended target. In this type of assault, the attacker sends a message to a third party, while spoofing the Internet address of the victim. When the third party replies to the message, the reply is sent to the victim — and the reply is much larger than the original message, thereby amplifying the size of the attack.

BCP38 is designed to filter such spoofed traffic, so that it never even traverses the network of an ISP that’s adopted the anti-spoofing measures. However, there are non-trivial economic reasons that many ISPs fail to adopt this best practice. This blog post from the Internet Society does a good job of explaining why many ISPs ultimately decide not to implement BCP38.

Fortunately, there are efforts afoot to gather information about which networks and ISPs have neglected to filter out spoofed traffic leaving their networks. The idea is that by “naming and shaming” the providers who aren’t doing said filtering, the Internet community might pressure some of these actors into doing the right thing (or perhaps even offer preferential treatment to those providers who do conduct this basic network hygiene).

A research experiment by the Center for Applied Internet Data Analysis (CAIDA) called the “Spoofer Project” is slowly collecting this data, but it relies on users voluntarily running CAIDA’s software client to gather that intel. Unfortunately, a huge percentage of the networks that allow spoofing are hosting providers that offer extremely low-cost, virtual private servers (VPS). And these companies will never voluntarily run CAIDA’s spoof-testing tools.

CAIDA's Spoofer Project page.

CAIDA’s Spoofer Project page.

As a result, the biggest offenders will continue to fly under the radar of public attention unless and until more pressure is applied by hardware and software makers, as well as ISPs that are doing the right thing.

How might we gain a more complete picture of which network providers aren’t blocking spoofed traffic — without relying solely on voluntary reporting? That would likely require a concerted effort by a coalition of major hardware makers, operating system manufacturers and cloud providers, including Amazon, Apple, Google, Microsoft and entities which maintain the major Web server products (Apache, Nginx, e.g.), as well as the major Linux and Unix operating systems.

The coalition could decide that they will unilaterally build such instrumentation into their products. At that point, it would become difficult for hosting providers or their myriad resellers to hide the fact that they’re allowing systems on their networks to be leveraged in large-scale DDoS attacks.

To address the threat from the mass-proliferation of hardware devices such as Internet routers, DVRs and IP cameras that ship with default-insecure settings, we probably need an industry security association, with published standards that all members adhere to and are audited against periodically.

The wholesalers and retailers of these devices might then be encouraged to shift their focus toward buying and promoting connected devices which have this industry security association seal of approval. Consumers also would need to be educated to look for that seal of approval. Something like Underwriters Laboratories (UL), but for the Internet, perhaps.


As much as I believe such efforts could help dramatically limit the firepower available to today’s attackers, I’m not holding my breath that such a coalition will materialize anytime soon. But it’s probably worth mentioning that there are several precedents for this type of cross-industry collaboration to fight global cyber threats.

In 2008, the United States Computer Emergency Readiness Team (CERT) announced that researcher Dan Kaminsky had discovered a fundamental flaw in DNS that could allow anyone to intercept and manipulate most Internet-based communications, including email and e-commerce applications. A diverse community of software and hardware makers came together to fix the vulnerability and to coordinate the disclosure and patching of the design flaw.

deathtoddosIn 2009, Microsoft heralded the formation of an industry group to collaboratively counter Conficker, a malware threat that infected tens of millions of Windows PCs and held the threat of allowing cybercriminals to amass a stupendous army of botted systems virtually overnight. A group of software and security firms, dubbed the Conficker Cabal, hashed out and executed a plan for corralling infected systems and halting the spread of Conficker.

In 2011, a diverse group of industry players and law enforcement organizations came together to eradicate the threat from the DNS Changer Trojan, a malware strain that infected millions of Microsoft Windows systems and enslaved them in a botnet that was used for large-scale cyber fraud schemes.

These examples provide useful templates for a solution to the DDoS problem going forward. What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale.

That’s probably because at least for now, the criminals at the helm of these huge DDoS crime machines are content to use them to launch petty yet costly attacks against targets that suit their interests or whims.

For example, the massive 620 Gbps attack that hit my site this week was an apparent retaliation for a story I wrote exposing two Israeli men who were arrested shortly after that story ran for allegedly operating vDOS — until recently the most popular DDoS-for-hire network. The traffic hurled at my site in that massive attack included the text string “freeapplej4ck,” a reference to the hacker nickname used by one of vDOS’s alleged co-founders.

Most of the time, ne’er-do-wells like Applej4ck and others are content to use their huge DDoS armies to attack gaming sites and services. But the crooks maintaining these large crime machines haven’t just been targeting gaming sites. OVH, a major Web hosting provider based in France, said in a post on Twitter this week that it was recently the victim of an even more massive attack than hit my site. According to a Tweet from OVH founder Octave Klaba, that attack was launched by a botnet consisting of more than 145,000 compromised IP cameras and DVRs.

I don’t know what it will take to wake the larger Internet community out of its slumber to address this growing threat to free speech and ecommerce. My guess is it will take an attack that endangers human lives, shuts down critical national infrastructure systems, or disrupts national elections.

But what we’re allowing by our inaction is for individual actors to build the instrumentality of tyranny. And to be clear, these weapons can be wielded by anyone — with any motivation — who’s willing to expend a modicum of time and effort to learn the most basic principles of its operation.

The sad truth these days is that it’s a lot easier to censor the digital media on the Internet than it is to censor printed books and newspapers in the physical world. On the Internet, anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor.

I sincerely hope we can address this problem before it’s too late. And I’m deeply grateful for the overwhelming outpouring of support and solidarity that I’ve seen and heard from so many readers over the past few days. Thank you.

Read the whole story
659 days ago
Brian is back up after be forced down.
Toronto, Ontario,Canada
Share this story
1 public comment
658 days ago
Google stronger than Akamai or reasonabler than Akamai? In internet vs business.
658 days ago
Google has more money
Next Page of Stories