Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re^6: What happened?

by Zen (Deacon)
on Jul 31, 2009 at 15:33 UTC ( #784919=note: print w/replies, xml ) Need Help??

in reply to Re^5: What happened?
in thread What happened?

Great. I'm glad you feel like selling your identity to a group of folks who know better is a good idea. Sane people realize that it was a colossal screw-up, and that when you screw up you need to act responsibly. Part of being responsible here is to realize over 40,000 email/passwords spent two months with clowns before being published. These monks deserve to be notified.

I remain mystified of the opinion of why we should blame the victims, here (a classic mistake). There is some expectation that passwords are indeed secrets. Plaintext passwords are clearly anything but. Even if users had chosen better passwords, or used unique passwords to this site (a lot of us did, including myself), the reality is they are plaintext email/password pairs for 40,000+ addresses. A lot of people, most certainly, can be seriously hurt in real life. I understand from the cb this morning this has already occurred. So lets take this seriously, shall we? No more pooh-poohing hashed passwords. I will also write later a notification proposal.

Replies are listed 'Best First'.
Re^7: What happened?
by leocharre (Priest) on Aug 05, 2009 at 14:47 UTC
    I'm torn.

    I know what it's like working in a place where ten things are asked of you, but you can only do six of those things. You ask the user.. Does project F need to do 'squats'? And they say "no no.. that's not needed, no.. will it be easier without 'squats'? Then don't do them..'

    So you repeat yourself, Are you super duper sure project F will not need squats? I feel it might at some point require squats, and without squats, this is a just a hack of a solution, which is ok.. but if someday project F will require squats.. we might as well do them right now.

    How long has perlmonks been around? How was it created? Who implemented the login system? Was it changed at some point? Did the person in charge get handed this as project B...
    Jack: Let's go live with project B.
    Jill: No way, the login system's not done.
    Jack: Waddya mean? It's working fine!
    Jill: No no.. that's just a hack for development, it's not production grade..
    Jack: Look, let's focus on 'situps' for project X, we can come back to the login for project B later, at this point it's working fine..
    Jill: I dunno, Jack.. I think we need to-
    Jack: Look, we really need to do 'situps' for project X..

    At this point, when someone has the time and space to 'unhack' something, is the tast daunting? Is it overwhelming.. is it.. who knows. It sounds easy enough. But maybe not- It's not really starting a system from scratch anymore.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784919]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (8)
As of 2020-09-30 18:09 GMT
Find Nodes?
    Voting Booth?
    If at first I donít succeed, I Ö

    Results (165 votes). Check out past polls.