October 27th, 2011 - Happy Halloween and welcome to the official newsletter for all things LiveJournal! Bringing you information about system updates, community events, LJ social outreach, and other newsworthy nuggets from the world of LiveJournal. A quick note before we jump in: we've posted
an update at
lj_maintenance outlining a service issue that sprung up
(
Read more... )
Site Maintenance
Carved logo
[info]theljstaff wrote in [info]lj_maintenance
October 27th, 12:45
Our apologies for the delay in reporting these details and any inconvenience this has caused. We wanted to make sure we fully analyzed the extent of the situation before publishing details.
The following occurred - while updating the configuration of our internal caching system, Varnish, for a few minutes the system began to issue cached pages from the users who most recently visited the same page, as the system considered this the most relevant source of data. Thus, for 3 minutes, some users may have seen pages which appeared as though they were logged in as another random account, but it was actually just a snapshot of the page of the last visitor. It had no effect on security, as it was not possible to perform any actions on behalf of this other account. When attempting to load another page during these few minutes, another cached page was served in most cases.
This issue primarily affected people in the United States; the Russian-speaking audience was almost completely unaffected because the changes occurred very late at night in Russia. However, we are grateful to those of you who noticed this and quickly brought our attention to the issue, which gave us the opportunity to quickly understand the cause and resolve it.
The changes which were made are intended to improve site security, and reduce malicious activity on the site. It will make it more difficult to steal cookies from public locations, or spoof them for malicious attacks. We're also working on a few other things:
Better communication with our 3rd party developers
More thorough testing before rolling out changes
Finally, better communication with you about our development process
Again, please accept our apologies for any inconvenience.
Reply
Reply
And the comment thread to that post pretty clearly demonstrates that the problem exceeded three minutes for a number of people.
Reply
Reply
(The comment has been removed)
Reply
Gotta love how the LJ customers living outside the United States and Russia don't even rate a mention.
Were we "almost completely unaffected" too, or was our privacy compromised? A little? A lot?
Are we considered even more insignificant than the American customer base? Hard to imagine, but I'm beginning to think anything's possible with LJ.
*boils*
Reply
Reply
Reply
That was EXACTLY my thought when I read this.
Reply
Leave a comment