http://qs1969.pair.com?node_id=153507

Warning: This post is rated R. Adult language and violence .. lots of it.

It was the evening of the first day of spring and, other than the appearance of jc and his ServerPup on national television, it had been a fairly normal one, too. In the Perl Monks IRC channel, ar0n and tye were working on fixing the homenode image upload problem. Eventually, tye lost his 'patients', and left ar0n with the following words of wisdom:

<tye> &displaytype=hack (: <tye> try that ar0n, on your home node <tye> I'm still away
ar0n was a bit confused:
<ar0n> Where on my home node? * ar0n hits tye
So zdog explained it to him:
<zdog>    http://www.perlmonks.org/index.pl?node=ar0n&displaytype=hack
At first, ar0n got real excited about his new toy:
<ar0n> tye!! <ar0n> Rock! <ar0n> Neat!
But someone had access who shouldn't have:
<zdog>    Ha .. your passwd is 8 chars long.
And someone else was quick to realize:
<japh>    No! Don't look at the source! disable! disable!
Some of us became a little discomforted:
<ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!!
And others began to laugh:
* japh chuckles <zdog> Hahaaha/
Then all hell broke loose:
<ar0n> GOD FUCKING DAMNIT <zdog> Where the fuck is tye?! <ar0n> At least we have a god around who has access to the database +. <zdog> You can look at everyone's passwd! <Kanji> japh | um, but if the password is there... <Kanji> "You can't edit this node (unless you view source first :-) <zdog> Damnit tye!! <ar0n> TYE! <ar0n> Oh god... * zdog goes to check japh's passwd. <ar0n> Talk about security holes... <zdog> =) <zdog> j/k. * booradley sells ar0n's info on the black market <japh> TYE <ar0n> TYE <japh> TYE <ar0n> If I kick him, will he autorejoin? <japh> ar0n: I don't know. <ar0n> WAIT I HAVE HIS CELL PHONE NUMBER IN MY LOGS <ar0n> HOLD ON <japh> ar0n: HURRY <cow> tye <japh> TYE * cow beeps <Masem> stop beeping! <booradley> sweet merciful crap. <ar0n> 20:11 <tye> ########## if you want me to back the patch out * zdog blames tye. <ar0n> IM NOT GETTING A RESPONSE <japh> THE MAFIA GOT HIM! NOOOO * cow fights the urge to beep again. * Kanji remmbers that for next time he loses his password... <zdog> So how do you people like my passwd? =) <ar0n> CALL HIM <ar0n> SOMEBODY CALL HIM <zdog> I don't know his number. <zdog> Call jc! <ar0n> zdog: scroll up <zdog> Oh, okay .. <zdog> why can't you call? <ar0n> I DID. NO ANSWER <zdog> I'll call. * cow quietly squishes ar0n's Caps Lock <ar0n> Oh, sorry. <japh> fucking bad time for tye to be away... * cow watches all the passwords get eaten.
Finally, things settled down:
<japh> Oh good. Internal server error. <cow> Oh. <japh> The quick way to disable that. <zdog> ar0n got him. <japh> k, good
Some of us became a little happy:
* zdog called. <zdog> I feel special. * japh mumbles <zdog> I got to talk to tye. =) <japh> heh.
ar0n summed it up best:
<ar0n> I think I speak for all, when I say "..." <japh> Yes, quite. <cow> amen, brotha. <zdog> ar0n: damn straight.
It was finally over.
<zdog> So now what? <ar0n> Now I change my password.
Some of you may want to do the same. However, tye did go through the logs and made sure that all of the passwords that may have been stolen were changed, but if you're paranoid ...

And what a mess it was. There are several lessons to be learned here: have a test site, pay your admins, don't code faster than the legal speed limit, and always, always blame tye.