PerlMonks forms used to specify a maximum password length of 8 characters while it was possible to give yourself a 10-character password by bypassing these forms. Now the forms specify a maximum password length of 10 characters.
I must have missed something. It must be so. I don't want to believe that it took three f***ing years to increase the password length by just two characters and call that "case closed". I don't want to believe that after 7.5 years, perlmonks still stores passwords unhashed, unsalted in plain text.
But still, there is a link to What's my password? on the login form, it still requires just a username or a mail address, and it sends me my password in plain text in an unencrypted mail, together with my username!
You or someone else has requested a password for your username or e-mail
Before you freak out, take a few deep breaths and remember that it's YOU
and not THEM who is getting this password.
Here's your info:
human name: Alexander Foken
love, the management
WHAT THE F**K?!
Yes, I took a deep breath. Several. I slowly counted to 100. Several times.
ARE YOU KIDDING ME?!
7.5 years and nothing relevant has changed. Perlmonks passwords are obviously still stored in plain text, or in a form that can be decrypted on the server, which is as bad as plain text.
That's a login system that would make the worst amateurs blush.
People have been told for years to avoid MD5 hashes because they are insecure. People have been told for years to salt hashes with long, random salts, and to use really expensive hash functions, like bcrypt or PBKDF2.
Yet, perlmonks still uses plain text passwords, 7.5 years after many, if not all, passwords have been copied by some script kiddies? And to add insult to injury, perlmonks happily sends out login name and password in plain text. No traces of a time-limited one-time link for setting a new password. No trace of even the simplest way, sending out one mail with the username, and a second one with the password.
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
Why is this post (or indeed, any of these:______) which asks a generic question in the title, and only provides the specific information to what that question relates, inside the body of the post, deemed completely acceptable;
Whilst this entirely similar post requires godly intervention, involving implications of stupidity, laziness and more besides, in a sustained attack?
Not to mention drawing the inevitable attentions of the bandwagon joiners.
(I mean something, other than the originator of the latter post.)
For ancillary demerits I'll also ask the question: Does anyone look for old answers to their questions by doing a title-only search? You know, rather than a Super Search or Site specific google search.
(If you follow that last link please note that this post is not found!)
With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
When the "created" page appeared, I followed the link to the start of the thread: "how to improve: use MODULE VERSION LIST" (id://1179107).
This appeared but, when I scrolled down, my post was nowhere to be seen.
I went to Newest Nodes and a post by me was at the top of the Notes list.
I followed that link "Reaped: Re^3: how to improve: use MODULE VERSION LIST (id://1179154) but found an orphaned page
(i.e. no "in reply to" or "in thread" links at the top).
The page also had no content.
It did have what appeared to be the correct title ("Re^3: how to improve: use MODULE VERSION LIST"): small consolation.
I went back to the tab where I'd created my response.
I hit the back button and the content of my response was there
BUT it said "by 1nickt"
followed by "on Jan 08, 2017 at 09:00 AEDT ( #1179146=note: print w/replies, xml )".
Note, that ID (1179146) is different from the one in Newest Nodes (1179154).
I followed that link:
it was an earlier reply by 1nickt to a different node in the same thread.
Hitting the back button again (on the tab where I'd created my response)
took me back to my final edit prior to posting.
I've saved the content:
I can post it again when the problem's fixed.
2<code> and <c>, used for displaying code/data, are not true HTML tags, but are interpreted by the PerlMonks engine. They inhibit the normal interpretation of enclosed HTML special characters like <, >, &, [, and ]. Any newlines in the enclosed code will be rendered such that long lines wrap....
However, this is not always the case. Looking at the recent thread Regex string trimming help, I noticed that the display was significantly wider than my (wide!) monitor, because the first block of code in the OP was not wrapping (whereas the same code in tybalt89’s reply was wrapping as expected). As a janitor I was able to fix this by putting the opening and closing <code> tags in the first code block of the OP onto separate lines. So the description in Perl Monks Approved HTML tags is not true for inline code.
Is this a bug, or the intended behaviour? I suspect it’s the latter. In which case, should the explanation in Perl Monks Approved HTML tags (and perhaps also in Markup in the Monastery) be changed to reflect the fact that line wrapping occurs only when the code tags are separated from the enclosed text by line breaks, but not when they are inlined?
Although the problem of over-wide nodes arising from <code>-tagged lines that don’t wrap is not overly common, I do think it arises often enough to make this an issue worth addressing.
Have the monastery keepers ever considered adding a filter link or something in Seekers that would show any nodes that have not received a reply? Whenever I come on the site I have a look for things that I might be able to answer that others have not, and such a link would help do this without clicking through nodes 10 at a time.
Update 2016-12-14: See this reply: Although the site is back up at the moment, the document has also been mirrored here on PerlMonks, at Short, Self-Contained, Correct Example. It can be linked to via [id://1177642], and [SSCCE] will also direct the user to the correct page via a "faqstring" node (thanks to jdporter for setting this up).
I just read [Perl6] [+] on a list... with a Junction, and saw the Consideration for it to be re-titled as OT: "Perl6" from [+] on a list... with a Junction, and wondered if this is something that needs standardization. There are going to be more posts that deal specifically with Perl 6 -- and it would be nice to use the title differentiate these posts in some way. This would serve readers, as well as future archivists.
For this post, how about Perl 6: [+] on a list... with a Junction?
Is there a reason why the entry page to the site - The Monastery Gates -- reverted from having posts in maybe 6 or 7 NOV, to where the newest post was from OCT31? (Or is that somehow stuck in my cache? But reloading the page from my browser did not help.)
I've noticed that the node reputation required
to make it into
Selected Best Nodes ("50 of the top 2000 nodes of all time!") is around 99 to 100 votes.
And yet, for the past five years,
there have been no centurian nodes
at all. None.
For the past five years, therefore, many delightful
nodes disappeared from view forever
once they expired from Best Nodes.
That makes me feel sad.
So I went through the meditations
of the past five years and hand-picked some of the
highest rated nodes from that period.
Apologies if I missed some classics --
I cannot super-search by node rep,
so may have overlooked some gems.
Please feel free to respond with
classic nodes from the past five years
that you feel are worthy of a wider audience.
Accessing PerlMonks has been very slow for me today, and my first attempt at posting a reply to amazon sns subscription resulted in the empty node Reaped: Re: amazon sns subscription, which also didn't end up as a child of that node, but in RAT it shows up in the "Notes" section. Not sure what's going on, but I did notice that yesterday's node Re^4: wide scrollbars also ended up in the "Notes" section.
Update 2: I'm assuming someone saw my post, since now, a few minutes after posting, the site's speed seems to be picking up a little bit - still not fast, but better. Thanks!
Thanks, -- Hauke D
Update: Clarification: first attempt was unsuccessful, second attempt was successful
(aka "What's New at PerlMonks" in the Information Nodelet
and "What's New" in the block of links at the top of each page)
is updated infrequently: there have been just nine additions in the last two years: 4 in 2016 and 5 in 2015.
It is far from obvious when changes occur.
I would like to propose that some prominent notification of changes to this node be implemented.