HTTPS support on blogs.perl.org, announced last month, has now undergone some additional small improvements to prevent the previously still theoretically possible exposure of session cookies in unencrypted requests.
As such, now is a good time to update your blogs.perl.org password to ensure you are not using credentials which may have previously been passively collected on an open network or the like.
Note: this recommendation is not a response to any known breach of blogs.perl.org. It is a response to the fact that security on blogs.perl.org has finally reached the level necessary to make this precautionary measure useful.
The site is now served over HTTPS.
The blogs.perl.org site will be unavailable for a few hours during the night of February 16th to 17th 2017. The site will stop responding at approximately 21:00 UTC on the 16th, and is expected to be back by 05:00 UTC on the 17th.
The reason for this downtime is that the data centre where the site hardware is hosted is being closed, so our hosting company is transporting all servers in that data centre to a new location.
We apologise for any inconvenience caused.
We regret to announce that blogs.perl.org was recently the subject of a data
breach.
An attacker gained access to the database that runs the site, and was able
to take a copy of all users’ hashed passwords. We’ve therefore cleared all
users’ passwords as a precaution.
If you have an account on the site, you should have received an email
telling you how to reset your password.
If you haven’t received it soon, please let us know.
Even though the passwords were stored in a hashed form, rather than as
plaintext, the blogging software we use (Movable Type) uses a relatively
weak hashing algorithm, so the attacker may be able to determine your old
password.
It is therefore very important that, if you used the same password on any
system other than blogs.perl.org, you change the password you use there,
too.
We apologise sincerely for the inconvenience this has caused our users, and
for failing to live up to the trust that the Perl community has placed in
us.
Good news, everyone!
As authors on this site, you no longer need to be diligent about breaking your posts out among the misleadingly-named “body” and “extended” tabs of the new-entry screen. From now on, the front page will automatically truncate posts at a certain length, whether or not you thought to designate a section to place above the jump.
As readers, some of you have complained of unwittingly uncooperative authors in the past. You can now rest easy – this irritation is forever banished to history, and the front page will henceforth always be easily scannable.
Either way, you can now relax and enjoy your stay a little better.
PS.: the logic places the threshold at 225 words, but the exact cut-off point depends on your markup.
Waxing philosophical