Back to: I had a blog entry for you, but it eated me | Forward to: Lorem Ipsum

Brief outage

Just upgrading the blogging software to address a security issue. Commenting may be difficult for a while. Nothing to see here, move along please: everything should be back to normal tomorrow.

24 Comments

1:

... And posting comments appears to work again, although auto-login javascript may be a bit flaky. (I'm working on it.)

2:

Cookie test

3:

The javascript that mediates auto-sign-in has changed and something is broken in the (custom) comment form template. I will attempt to track it down tomorrow. (Calling it a day for now ...)

4:

I must be getting dyslexic in my advancing years.

I initially read the heading as "Brief Outrage". Which could mean any number of (weird) things.

5:

Me too. I was thinking "what could be both outrageous and brief?"

6:

No, no, no. 'Brief' as in 'pair of briefs'.

Clearly the security problem was rather alarming.

7:

Testing

8:

Ross actually is a US citizen; what you call "briefs" he calls "underwear",

9:

Outrageous underwear?
VERY interesting.
I though it was being WITHOUT underwear that was uposed to be outrageous (in pube-lic at any rate) ??

10:

Pictures/avatars seem to have evaporated, otherwise working ....

11:

Sign-in seems to be broken for me.

You may need to refresh your browser cache (I had to brainwash MT into re-installing a javascript file).

Let me know if you have a problem/success automatically signing in?

12:

test

13:

test

14:

Everything seems as normal except avatar pics.

IE8 on XP. I've also had NT4 and Win 7, Office 2010 and IE6 inflicted on me here.

Yes I did vote to put Microsoft in R101 on Sunday there!

15:

So my login problems are probably just me ...

(Groan. This MT installation started out on 3.1x and is now running 5.13 -- incrementally upgraded over 5-6 years. I guess it's getting a bit crufty!)

16:

I should note that the borked sign-in system isn't unexpected. The sudden update to Movable Type is a security bug-fix to prevent cross-site scripting attacks and a code injection attack, via the comment system. In order to prevent these attacks, they modified the javascript side of the comment form login process, and the form templates ... and because this blog runs on a customized, tweaked version of those forms and templates, it's not a turnkey update: I had a chunk of editing work to do.

17:

My comment was sent to limbo. It had the words "is_lam", "all_ah" and "jih_ad" in it (without _s). I think it triggered some anti-nutjob filter.

18:

A Comment on this thread, or another? (It's not showing up in the moderated comments list -- one of the other mods may already have rescued it).

19:

Yep, it's already rescued.

20:

Signing in gives me the endless navel gazing icon. (Trying to sign in with google id).

yes, I did refresh the firefox browser cache.

21:

Sorry, should have read comment #16

(but remember, although usually dense, I am intentionally dense if it means I get stuff happens that does not require thought on my part).

22:

avatars sill borked, otherwise all seems ok here

23:

Now guess why I am not on FriendFace or whatever it's called, under this name, or any of my others!

24:

testing ...

Specials

Merchandise

About this Entry

This page contains a single entry by Charlie Stross published on February 28, 2012 9:25 PM.

I had a blog entry for you, but it eated me was the previous entry in this blog.

Lorem Ipsum is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Search this blog

Propaganda