D:

I've been hearing some really disturbing shit about unfunny login(?)/security-type issues at LJ.

I don't think anything I could say would be in the least helpful, except that if you saw stuff that you don't think you ought to have seen, please, report it to Support.

Other people have been reporting that when they leave support requests they are moved private; moving to private was standard practice for security/sensitive/needs-staff/senior support requests when I was in Support, and I see no reason for this to have changed in that time. (Private support categories are standard for that sort of stuff at Dreamwidth too.)

DDDDDDDDDDDDDD:

Sorry, guys. :(

The comments are still on over there. I just can't cope anymore right now.

Very sorry, Ev. We still have IRC? <3

Sorry, guys. :(

The comments are still on over there. I just can't cope anymore right now.

Very sorry, Ev. We still have IRC? <3

This is the official LJ word on that Varnish + privacy thing.

http://lj-maintenance.livejournal.com/131843.html

Site Maintenance
Our apologies for the delay in reporting these details and any inconvenience this has caused. We wanted to make sure we fully analyzed the extent of the situation before publishing details.

The following occurred - while updating the configuration of our internal caching system, Varnish, for a few minutes the system began to issue cached pages from the users who most recently visited the same page, as the system considered this the most relevant source of data. Thus, for 3 minutes, some users may have seen pages which appeared as though they were logged in as another random account, but it was actually just a snapshot of the page of the last visitor. It had no effect on security, as it was not possible to perform any actions on behalf of this other account. When attempting to load another page during these few minutes, another cached page was served in most cases.

This issue primarily affected people in the United States; the Russian-speaking audience was almost completely unaffected because the changes occurred very late at night in Russia. However, we are grateful to those of you who noticed this and quickly brought our attention to the issue, which gave us the opportunity to quickly understand the cause and resolve it.

The changes which were made are intended to improve site security, and reduce malicious activity on the site. It will make it more difficult to steal cookies from public locations, or spoof them for malicious attacks. We're also working on a few other things:

* Better communication with our 3rd party developers

* More thorough testing before rolling out changes

* Finally, better communication with you about our development process


Again, please accept our apologies for any inconvenience.

Edited to add the text of the entry.

47 tweets for 2011-10-27

In the last 24 hours, I posted the following to Twitter:

• Wednesday, 2359: @notlikenormal Oh dear, that does seem fucked. K-
• Wednesday, 2359: RT @SFBayBridge: Take BART to SF! RT @insidebayarea RT @davidcolburn: BART is reopening 12th and 19th street stations to protesters, OPD ...
• Thursday, 0325: @kiyala omg gooooorgeous
• Thursday, 0326: Diwali lights from space: http://www.punjabiportal.com/articles/wp-content/uploads/2010/11/india-diwali-satellite-from-space.jpg (beautiful things make me cry in the good way.)
• Thursday, 0332: @ohshitcircuit Sarcastic as fucking hell :D
( read the other 42 )

Follow me on Twitter.