PSA: Changing your b.p.o password is recommended
HTTPS support on blogs.perl.org, announced last month, has now undergone some additional small improvements to prevent the previously still theoretically possible exposure of session cookies in unencrypted requests.
As such, now is a good time to update your blogs.perl.org password to ensure you are not using credentials which may have previously been passively collected on an open network or the like.
Note: this recommendation is not a response to any known breach of blogs.perl.org. It is a response to the fact that security on blogs.perl.org has finally reached the level necessary to make this precautionary measure useful.
Waxing philosophical
Done. Thanks.
Note that I had no luck using the "Edit Profile" page accessible from the initial log-in. I hit "Post", (which required a second login with the same password), and then had no trouble.
Good point. That had been reported three separate times over the years. Unfortunately those all came in during the era when learned helplessness was the attitude toward MovableType, and the fact that there was a workaround (the one which you found on your own) didn’t help.
I’ve taken the time now to track down and fix that problem.
There is a variety of issues caused by the fact that there are three layers to the MT install – core MT itself, the commercial pack, and then the community pack – and a variety of things are re-implemented separately from each other in some of the layers (primarily core MT vs the community pack). The two different logins and therefore two ways of editing one’s profile is an example of that.