I checked the Tidings and there is nothing (yet) regarding the latest change. PerlMonks has apparently installed 302 redirects and therefore disabled access via unencrypted HTTP protocol.
Has the domino chip fallen, is this the final decision?
I joined PM with the understanding that this is a community firmly based on pursuit of enlightenment, sharing of knowledge, and furthering the open discourse and exchange of ideas in all matters related to programming, and perl in particular. All of my notes were published in the good faith, and with the implicit intent that they be distributed with no restrictions, freely, no strings attached, to the benefit of anyone seeking education.
Lately, I've been more of a lurker but still contribute where I may. It saddens me to see yet another site fall... I shall be considering if it possible for me to contribute any longer. It seems the entire future of PM has become clouded on this very day.
It's 2018 and this site still stores clear text passwords (truncated to 8 characters, apparently), sends those passwords via clear text email, and uses clear text HTTP by default.
There has already been a breach, almost a decade ago, where passwords got stolen (including mine), and TLS certificates have been free through Let's Encrypt for 2 years now. I find the continued use of clear text HTTP and passwords very irresponsible and wonder what's keeping the dear admins from implementing modern security measures.
As of now, https://www.perlmonks.org/ is giving an error that it has an invalid SSL certificate, since the cert is for *.pairsite.com. So it's giving SSL certificate errors in every major browser, naturally.
It was working for me a few days ago without the invalid certificate error so something must have changed since then.
I've been traveling down memory lane the past few days. Been a long time since I'd visited PM. Checked out various discussions voted some, then revisited some of my old posts, when I ran across this thread: Is PM more active or less active than X years ago?
I am on an insecure and nosy (not noisy, nosy) connection and have realised that my password was just POSTed cleartext over to the Monastery. Understandably (firefox warns about that). I changed it using the https://perlmonks.org link. Though Jesus knows all the passwords. Obviously.
However, I am wondering...
I realise the increased computational burden of SSL on the Monastery's bit-pushing apparatus. And I am quite pragmatic as to what who gains my password can do with it ... Nothing really apart from flaggellating a fellow Monk or posting inefficient and buggy codes ...
So, what's the norm?
Personally, I would be comfortable with a middle way where the login form is send over SSL and then once successfully logged in it downgrades back to http. After that all sessions, posts etc are over http. Now what good that be? They can steal your cookie (I read in a past node). Yes sure, but still they do not have the password (**which one may share across many sites** - always pragmatically speaking) and the computational burden on the Monastery servers is kept low.
Please notice that downgrading back to http (after logging in via https) has to be done manually (as far as I can see), i.e. change browser's url to http a mano. So it is an incovenience on the digital fastlane.
So, question is: should I use https over all my perlmonks.org transactions after I log in and forget about manual changing https to http? Or log in via https and then manually go to http for reading/posting (accepting the risks associated with it but who cares)? However, logging in via http is not going to happen for me anymore. I hate gloating script kids.
Edit: what about changing perlmonks' login form's names for username and password to something like a and b. And the login url to something less revealing? Just a thought.
I have just observed that my reply to a comment has appeared twice: the first time with my username and then second time as "Anonymous Monk" (the node is Override printing to STDOUT/ERR).
What I suspect I did was
2) write the comment
3) preview comment
4) clear cookies (via browser clear history, not logout)
5) clicked create.
Most likely this is a false alarm and I am trying to reproduce it here. It could well be that I have posted while cookies were valid, then cleared the cookies and then reloaded the page and somehow posted exactly the same as anon.
Have the maintainers of Perlmonks ever considered becoming a verified publisher for Brave browser? Its my primary web browser and allows donations through BAT. Probably wouldn't be much, but I know some of my monthly BAT would go to the site. Just a suggestion.
FullPage Chat is no longer refreshing for me in my Debian Jessie Firefox-esr 52.5.2. I'm still trying to find the problem, but it is slow going. Maybe you all can give me some ideas of where to look to fix this?
No matter how hysterical I get, my problems are not time sensitive. So, relax, have a cookie, and a very nice day!
I ask this purely out of curiosity;
it has no bearing on any particular node being included in, or excluded from,
Best Nodes of the Day.
[All figures shown below were correct at the time of writing.
There's a good chance they'll be different by the time you read this.]
Best Nodes of the Day normally shows the top 10 nodes (ordered by Rep); occasionally there's less than 10.
Just now there's only 6.
Newest Nodes shows 19 posts in the last day (2 Questions; 17 Notes);
Worst Nodes of the Day shows 0 nodes.
There's also zero Nodes to consider;
although, that's possibly entirely irrelevant.
The Reps for the Best Nodes of the Day currently range from 17 to 8.
I wondered if the lowest ("8") was based on $NORM
(from Voting/Experience System);
however, the value of $NORM is currently 13.8398,
so that doesn't appear to be related.
My next thought was that there was some minimum Rep for inclusion in Best Nodes of the Day;
hence the title of this post.
And, if there isn't a minimum Rep; what is the criterion for inclusion?
Of late I have observed that my https connections to perlmonks.org and www.perlmonks.org are providing me with the titled 'not secure' notice.
It appears to switch between both host names... https://perlmonks.org will be ok and https://www.perlmonks.org will not, and then other times the reverse is true. Knowing this, I can switch my URL domain name and not get the message, but this is incompatible with any bookmark I define. Sometimes it is secure, sometimes it is not. I change my bookmark and get similar results.
I'm not complaining, as I have a quick fix every time I see it. However, it could be confusing users relying on search engine links into the sites if they happen to use the more frequently mandated 'https' protocol.
I do not confess to fully understand why permission denied ... tough beans is out there, and of course, given who I am, it might be just-me. But I see posts out there – today, for instance – which have no replies and which (I) cannot reply to. Is this mechanism actually working as intended? Or is there some kind of bug here?