I've just encountered a transient error with respect to timezones.
While logged in I viewed a thread to which I had contributed and noticed that the time on one of my posts was incorrect (because I was asleep at the reported time). It was around 4 hours out. Looking at the responses to my post the timestamps there were also out by the same sort of amount. I then up-voted a couple of nodes on the thread and on doing so the reloaded page showed the correct times (or rather the times in the correct zone) again. My user's timezone is Europe/London and the reported incorrect times appear to have been 4 hours behind this (ie. UTC-3).
Obviously this does not constitute a major problem in and of itself. But just in case it is a symptom of something much more serious I thought it worth reporting.
If it helps trace it, the page with the incorrect timezones was Re^2: The Future of Perl 5 and was loaded at 2018-08-22 08:04 GMT, according to the Other Users nodelet.
even clicking on "I've checked all of these" on RAT view can redirect me to Monastery Gates
this seems to be related to https redirection. I followed old links and saw a http version of the forms (actually the http:// part was hidden), but after posting I was redirected to the https:// version of the start page.
Not sure if this should be just redirected to the Janitors or if anyone even cares ... but:
The form at the bottom of the CPAN nodelet is aimed at 'http://search.cpan.org/search' which still gets one to the MCPAN site due to the external re-direct (as I understand it). However, there is constantly a warning in browsers like Google Chrome and Chromium about an insecure site being targeted from the secure site. Not a huge deal I guess, but I was wondering if it would be worth it to simply change that form to point to MCPAN directly. Again, not a huge deal, and I understand that it might be pretty low priority...
Addendum and Thanks!This item has been taken care of... Thanks much to the folk that maintain this site!
...the majority is always wrong, and always the last to know about it...
A solution is nothing more than a clearly stated problem...
In the eye of the public (that is, not-logged-in visitors), the apparent quality of the site can be significantly dragged down by answers (or other replies) which are esteemed by the voting population to be notoriously poor.
Within threaded views of discussions, hide from Anonymous Monk any replies with a sufficiently low negative reputation.
In the threaded view of a post within a section such as SoPW, and within the threaded outlines displayed by RAT, any reply with a reputation below a given threshold will not be displayed. (This has the effect of hiding the entire sub-thread rooted at such reply as well.) This feature would only affect Anonymous Monk. Proposed threshold: -7.
This would not affect any node being viewed "directly", only replies under it -- regardless of that node's type or reputation. It also would not affect root posts being shown in RAT.
Q. I want to see every reply, even low-rep ones. Does this affect me?
Q. Ok, then are these "very bad" replies completely inaccessible to me?
A. No; you can still get to them via other normal means, such as Search and Super Search, and direct links.
Q. What about in Newest Nodes? Will these "very bad" replies be hidden there as well?
A. Not under the current plan. That's a more "raw" interface, and isn't particularly useful for visitors trying to get a view of a "question" along with its "answers".
Q. I think a node would have to be much worse than -7 to merit this kind of treatment.
A. That's not a question. Here's a question: What threshold value would you suggest?
Q. This sounds like reaping but without the process. Why don't we just let the reaping process handle this problem?
A. The criteria for reaping are fairly strict. Simply having abominable technical merit (for example) is not sufficient grounds for reaping. Yet these are not strangers to our land it may still be desirable to shield the eyes of innocent visitors from such content. That's all we're trying to do here. Once you've signed in at the front gate and picked up your meal chit, all content is laid bare, just as always, no matter how bad.
Other thoughts on this idea? Alternative proposals?
Our host, Pair.com , will be moving the machines from *BSD to Ubuntu. The move will happen in stages and should take only 20 minutes per machine.
There will be at least a downtime of 20 minutes when the database machine will be offline. We don't foresee other downtimes, but as we move to a new environment, there might be some unforeseen interactions that take longer to resolve.
UPDATE: DOH! kcott cleared it up. I did not realize the ordering is "Best first" when logged out. I assumed chronological ordering, just like when one is logged in. The post of shmem stayed at the bottom because it was a response to sundialsvc4. All newer post simply were in front of sundialsvc4 because they had a better rating.
The barrier to entry at PerlMonks has risen too high for me to continue to spend time clicking to indicate I'm willing to ignore the security risks. I can live with the passwords being stored in clear text, and with all the other warts, but I am done with the certificate issue. Even with monk pictures turned off, as has been recommended in another thread as a user-initiated solution to the server's shortcoming, I get the message.
And... I get the message.
I had hoped that this would get fixed by now. But nothing has changed in some time. So the message to me is that making the site usable so that people can continue to use it to contribute to the Perl community is not deemed a worthwhile effort. So my message is that I have understood this, and won't be contributing here going forward until the certificates are fixed.
I checked the Tidings and there is nothing (yet) regarding the latest change. PerlMonks has apparently installed 302 redirects and therefore disabled access via unencrypted HTTP protocol.
Has the domino chip fallen, is this the final decision?
I joined PM with the understanding that this is a community firmly based on pursuit of enlightenment, sharing of knowledge, and furthering the open discourse and exchange of ideas in all matters related to programming, and perl in particular. All of my notes were published in the good faith, and with the implicit intent that they be distributed with no restrictions, freely, no strings attached, to the benefit of anyone seeking education.
Lately, I've been more of a lurker but still contribute where I may. It saddens me to see yet another site fall... I shall be considering if it possible for me to contribute any longer. It seems the entire future of PM has become clouded on this very day.
It's 2018 and this site still stores clear text passwords (truncated to 8 characters, apparently), sends those passwords via clear text email, and uses clear text HTTP by default.
There has already been a breach, almost a decade ago, where passwords got stolen (including mine), and TLS certificates have been free through Let's Encrypt for 2 years now. I find the continued use of clear text HTTP and passwords very irresponsible and wonder what's keeping the dear admins from implementing modern security measures.
As of now, https://www.perlmonks.org/ is giving an error that it has an invalid SSL certificate, since the cert is for *.pairsite.com. So it's giving SSL certificate errors in every major browser, naturally.
It was working for me a few days ago without the invalid certificate error so something must have changed since then.