Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^4: What happened?

by Zen (Deacon)
on Jul 30, 2009 at 12:48 UTC ( [id://784591]=note: print w/replies, xml ) Need Help??


in reply to Re^3: What happened?
in thread What happened?

That's not the issue. Read it again. The issue is that this site has everyone's email, so why not notify them there was a password leak? That's very relevant.

Replies are listed 'Best First'.
Re^5: What happened?
by leocharre (Priest) on Jul 30, 2009 at 15:40 UTC
    (Update; sanitized )

    I think we should wait and see what the janitors say.

    I would not think perlmonks.org- a free site that helps me all the time- owes me to keep my retarded password safe- and oh how fwokring dare they not do x y and z -- - So.. I don't care.

    What I've learned from asking people online saved me a college education and the debt that comes with it.

      Great. I'm glad you feel like selling your identity to a group of folks who know better is a good idea. Sane people realize that it was a colossal screw-up, and that when you screw up you need to act responsibly. Part of being responsible here is to realize over 40,000 email/passwords spent two months with clowns before being published. These monks deserve to be notified.

      I remain mystified of the opinion of why we should blame the victims, here (a classic mistake). There is some expectation that passwords are indeed secrets. Plaintext passwords are clearly anything but. Even if users had chosen better passwords, or used unique passwords to this site (a lot of us did, including myself), the reality is they are plaintext email/password pairs for 40,000+ addresses. A lot of people, most certainly, can be seriously hurt in real life. I understand from the cb this morning this has already occurred. So lets take this seriously, shall we? No more pooh-poohing hashed passwords. I will also write later a notification proposal.
        I'm torn.

        I know what it's like working in a place where ten things are asked of you, but you can only do six of those things. You ask the user.. Does project F need to do 'squats'? And they say "no no.. that's not needed, no.. will it be easier without 'squats'? Then don't do them..'

        So you repeat yourself, Are you super duper sure project F will not need squats? I feel it might at some point require squats, and without squats, this is a just a hack of a solution, which is ok.. but if someday project F will require squats.. we might as well do them right now.

        How long has perlmonks been around? How was it created? Who implemented the login system? Was it changed at some point? Did the person in charge get handed this as project B...
        Jack: Let's go live with project B.
        Jill: No way, the login system's not done.
        Jack: Waddya mean? It's working fine!
        Jill: No no.. that's just a hack for development, it's not production grade..
        Jack: Look, let's focus on 'situps' for project X, we can come back to the login for project B later, at this point it's working fine..
        Jill: I dunno, Jack.. I think we need to-
        Jack: Look, we really need to do 'situps' for project X..

        At this point, when someone has the time and space to 'unhack' something, is the tast daunting? Is it overwhelming.. is it.. who knows. It sounds easy enough. But maybe not- It's not really starting a system from scratch anymore.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://784591]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (5)
As of 2024-03-29 12:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found