|Don't ask to ask, just ask|
Re^2: Status of Recent User Information Leakby Anonymous Monk
|on Aug 02, 2009 at 04:49 UTC||Need Help??|
This only approaches the root of the problem in my mind.
This place was the core of the Perl community. If the community core could not mold Perl into the best choice for web development than I have to decide that no one can. The technology may be suited to the task, but there is no guidance on how to get there. As someone who regularly recommends technology my faith in the the Perl community has been more than shattered. A lot of smart people in one room who still can't make it work. In short, it makes Perl seem like a fruitless endeavor.
I also feel that the response to this incident was very poor. A placeholder for perlmonks.org notifying users of the situation would have been appropriate, within 10 minutes of realisation of the hack. All user data should have been locked down immediately, and announced as such until further notice - futher notice being when everything was guaranteed secure and the hack completely understood. Instead, for some bizarre reason the site continued to operate with clear confusion and indecision dominating the chatterbox for hours. Stern advice to immediately change passwords despite persisting ignorance surrounding the circumstances was paramount idiocy. Why give away one perfectly good password, when you could give away two?
To add insult to injury, after a painfully long waiting period of inaction, some monk with appropriate access decided that a leet-speak banner on the front page would be the best way to announce the site being compromised, followed by a joking reference to The Hitchhikers GTTG. Really? I failed to see the humour in it and found it to be one of the most publicly unprofessional acts I have ever witnessed.
To be sure, I laughed all day long as I removed Perlmonks from all my browsers bookmarks on all my computers. I continued laughing as I re-visited every site I've been to since 2002 checking to see if the password I used there was the same as perlmonks. Then I laughed as I checked all my personal accounts, my servers, and any other place I use a password to make sure it wasn't that one I favored long ago when I setup my perlmonks account. It was hilarious. Wasting the time of 50,000 people in addition to compromising their personal details is FUNNY.
I commend the few monks with any amount of public facing professionalism, such as tye. Conversely I vehemently censure the others who lean on the crutch of mediocrity waving slogans like, "it's a forum, not a bank", and "no site is secure". Before you posture as The Oracle, you need to be the oracle.
So now, to me, there is no trusted community core for Perl. That is the elephant in my room.