Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Warning: This post is rated R. Adult language and violence .. lots of it.

It was the evening of the first day of spring and, other than the appearance of jc and his ServerPup on national television, it had been a fairly normal one, too. In the Perl Monks IRC channel, ar0n and tye were working on fixing the homenode image upload problem. Eventually, tye lost his 'patients', and left ar0n with the following words of wisdom:

<tye> &displaytype=hack (: <tye> try that ar0n, on your home node <tye> I'm still away
ar0n was a bit confused:
<ar0n> Where on my home node? * ar0n hits tye
So zdog explained it to him:
At first, ar0n got real excited about his new toy:
<ar0n> tye!! <ar0n> Rock! <ar0n> Neat!
But someone had access who shouldn't have:
<zdog>    Ha .. your passwd is 8 chars long.
And someone else was quick to realize:
<japh>    No! Don't look at the source! disable! disable!
Some of us became a little discomforted:
<ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!!
And others began to laugh:
* japh chuckles <zdog> Hahaaha/
Then all hell broke loose:
<ar0n> GOD FUCKING DAMNIT <zdog> Where the fuck is tye?! <ar0n> At least we have a god around who has access to the database +. <zdog> You can look at everyone's passwd! <Kanji> japh | um, but if the password is there... <Kanji> "You can't edit this node (unless you view source first :-) <zdog> Damnit tye!! <ar0n> TYE! <ar0n> Oh god... * zdog goes to check japh's passwd. <ar0n> Talk about security holes... <zdog> =) <zdog> j/k. * booradley sells ar0n's info on the black market <japh> TYE <ar0n> TYE <japh> TYE <ar0n> If I kick him, will he autorejoin? <japh> ar0n: I don't know. <ar0n> WAIT I HAVE HIS CELL PHONE NUMBER IN MY LOGS <ar0n> HOLD ON <japh> ar0n: HURRY <cow> tye <japh> TYE * cow beeps <Masem> stop beeping! <booradley> sweet merciful crap. <ar0n> 20:11 <tye> ########## if you want me to back the patch out * zdog blames tye. <ar0n> IM NOT GETTING A RESPONSE <japh> THE MAFIA GOT HIM! NOOOO * cow fights the urge to beep again. * Kanji remmbers that for next time he loses his password... <zdog> So how do you people like my passwd? =) <ar0n> CALL HIM <ar0n> SOMEBODY CALL HIM <zdog> I don't know his number. <zdog> Call jc! <ar0n> zdog: scroll up <zdog> Oh, okay .. <zdog> why can't you call? <ar0n> I DID. NO ANSWER <zdog> I'll call. * cow quietly squishes ar0n's Caps Lock <ar0n> Oh, sorry. <japh> fucking bad time for tye to be away... * cow watches all the passwords get eaten.
Finally, things settled down:
<japh> Oh good. Internal server error. <cow> Oh. <japh> The quick way to disable that. <zdog> ar0n got him. <japh> k, good
Some of us became a little happy:
* zdog called. <zdog> I feel special. * japh mumbles <zdog> I got to talk to tye. =) <japh> heh.
ar0n summed it up best:
<ar0n> I think I speak for all, when I say "..." <japh> Yes, quite. <cow> amen, brotha. <zdog> ar0n: damn straight.
It was finally over.
<zdog> So now what? <ar0n> Now I change my password.
Some of you may want to do the same. However, tye did go through the logs and made sure that all of the passwords that may have been stolen were changed, but if you're paranoid ...

And what a mess it was. There are several lessons to be learned here: have a test site, pay your admins, don't code faster than the legal speed limit, and always, always blame tye.

In reply to We blame tye. by Anonymous Monk

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others avoiding work at the Monastery: (4)
    As of 2019-10-20 08:38 GMT
    Find Nodes?
      Voting Booth?