SKALE Network are persistent SEO spammers

Someone keeps registering and posting articles with links to the “skale.space” domain despite the fact that I keep deleting them, so I thought I should reward them for their effort.

They are some kind of blockchain shop (yeah, shady activities, how uncharacteristic, right?), so I don’t know that my usual note that you might want to know that if you do business with them is all that relevant, but, there you go.

PSA: Changing your b.p.o password is recommended

HTTPS support on blogs.perl.org, announced last month, has now undergone some additional small improvements to prevent the previously still theoretically possible exposure of session cookies in unencrypted requests.

As such, now is a good time to update your blogs.perl.org password to ensure you are not using credentials which may have previously been passively collected on an open network or the like.

Note: this recommendation is not a response to any known breach of blogs.perl.org. It is a response to the fact that security on blogs.perl.org has finally reached the level necessary to make this precautionary measure useful.

New feature: HTTPS support

The site is now served over HTTPS.

Forthcoming site downtime

The blogs.perl.org site will be unavailable for a few hours during the night of February 16th to 17th 2017. The site will stop responding at approximately 21:00 UTC on the 16th, and is expected to be back by 05:00 UTC on the 17th.

The reason for this downtime is that the data centre where the site hardware is hosted is being closed, so our hosting company is transporting all servers in that data centre to a new location.

We apologise for any inconvenience caused.

blogs.perl.org security breach

We regret to announce that blogs.perl.org was recently the subject of a data breach.

An attacker gained access to the database that runs the site, and was able to take a copy of all users’ hashed passwords. We’ve therefore cleared all users’ passwords as a precaution.

If you have an account on the site, you should have received an email telling you how to reset your password. If you haven’t received it soon, please let us know.

Even though the passwords were stored in a hashed form, rather than as plaintext, the blogging software we use (Movable Type) uses a relatively weak hashing algorithm, so the attacker may be able to determine your old password.

It is therefore very important that, if you used the same password on any system other than blogs.perl.org, you change the password you use there, too.

We apologise sincerely for the inconvenience this has caused our users, and for failing to live up to the trust that the Perl community has placed in us.