Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Warning: This post is rated R. Adult language and violence .. lots of it.

It was the evening of the first day of spring and, other than the appearance of jc and his ServerPup on national television, it had been a fairly normal one, too. In the Perl Monks IRC channel, ar0n and tye were working on fixing the homenode image upload problem. Eventually, tye lost his 'patients', and left ar0n with the following words of wisdom:

<tye> &displaytype=hack (: <tye> try that ar0n, on your home node <tye> I'm still away
ar0n was a bit confused:
<ar0n> Where on my home node? * ar0n hits tye
So zdog explained it to him:
At first, ar0n got real excited about his new toy:
<ar0n> tye!! <ar0n> Rock! <ar0n> Neat!
But someone had access who shouldn't have:
<zdog>    Ha .. your passwd is 8 chars long.
And someone else was quick to realize:
<japh>    No! Don't look at the source! disable! disable!
Some of us became a little discomforted:
<ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!!
And others began to laugh:
* japh chuckles <zdog> Hahaaha/
Then all hell broke loose:
<ar0n> GOD FUCKING DAMNIT <zdog> Where the fuck is tye?! <ar0n> At least we have a god around who has access to the database +. <zdog> You can look at everyone's passwd! <Kanji> japh | um, but if the password is there... <Kanji> "You can't edit this node (unless you view source first :-) <zdog> Damnit tye!! <ar0n> TYE! <ar0n> Oh god... * zdog goes to check japh's passwd. <ar0n> Talk about security holes... <zdog> =) <zdog> j/k. * booradley sells ar0n's info on the black market <japh> TYE <ar0n> TYE <japh> TYE <ar0n> If I kick him, will he autorejoin? <japh> ar0n: I don't know. <ar0n> WAIT I HAVE HIS CELL PHONE NUMBER IN MY LOGS <ar0n> HOLD ON <japh> ar0n: HURRY <cow> tye <japh> TYE * cow beeps <Masem> stop beeping! <booradley> sweet merciful crap. <ar0n> 20:11 <tye> ########## if you want me to back the patch out * zdog blames tye. <ar0n> IM NOT GETTING A RESPONSE <japh> THE MAFIA GOT HIM! NOOOO * cow fights the urge to beep again. * Kanji remmbers that for next time he loses his password... <zdog> So how do you people like my passwd? =) <ar0n> CALL HIM <ar0n> SOMEBODY CALL HIM <zdog> I don't know his number. <zdog> Call jc! <ar0n> zdog: scroll up <zdog> Oh, okay .. <zdog> why can't you call? <ar0n> I DID. NO ANSWER <zdog> I'll call. * cow quietly squishes ar0n's Caps Lock <ar0n> Oh, sorry. <japh> fucking bad time for tye to be away... * cow watches all the passwords get eaten.
Finally, things settled down:
<japh> Oh good. Internal server error. <cow> Oh. <japh> The quick way to disable that. <zdog> ar0n got him. <japh> k, good
Some of us became a little happy:
* zdog called. <zdog> I feel special. * japh mumbles <zdog> I got to talk to tye. =) <japh> heh.
ar0n summed it up best:
<ar0n> I think I speak for all, when I say "..." <japh> Yes, quite. <cow> amen, brotha. <zdog> ar0n: damn straight.
It was finally over.
<zdog> So now what? <ar0n> Now I change my password.
Some of you may want to do the same. However, tye did go through the logs and made sure that all of the passwords that may have been stolen were changed, but if you're paranoid ...

And what a mess it was. There are several lessons to be learned here: have a test site, pay your admins, don't code faster than the legal speed limit, and always, always blame tye.

In reply to We blame tye. by Anonymous Monk

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (1)
As of 2023-09-26 13:39 GMT
Find Nodes?
    Voting Booth?

    No recent polls found