Release 86, Earthquake relief, Halloween events, Tim Daly interview

[news]

October 27th, 2011 - Happy Halloween and welcome to the official newsletter for all things LiveJournal! Bringing you information about system updates, community events, LJ social outreach, and other newsworthy nuggets from the world of LiveJournal. A quick note before we jump in: we've posted an update at lj_maintenance outlining a service issue that sprung up

Comments

[wetdryvac]

Here, let me help.

Site Maintenance

Carved logo
[info]theljstaff wrote in [info]lj_maintenance
October 27th, 12:45

Our apologies for the delay in reporting these details and any inconvenience this has caused. We wanted to make sure we fully analyzed the extent of the situation before publishing details.

The following occurred - while updating the configuration of our internal caching system, Varnish, for a few minutes the system began to issue cached pages from the users who most recently visited the same page, as the system considered this the most relevant source of data. Thus, for 3 minutes, some users may have seen pages which appeared as though they were logged in as another random account, but it was actually just a snapshot of the page of the last visitor. It had no effect on security, as it was not possible to perform any actions on behalf of this other account. When attempting to load another page during these few minutes, another cached page was served in most cases.

This issue primarily affected people in the United States; the Russian-speaking audience was almost completely unaffected because the changes occurred very late at night in Russia. However, we are grateful to those of you who noticed this and quickly brought our attention to the issue, which gave us the opportunity to quickly understand the cause and resolve it.

The changes which were made are intended to improve site security, and reduce malicious activity on the site. It will make it more difficult to steal cookies from public locations, or spoof them for malicious attacks. We're also working on a few other things:

Better communication with our 3rd party developers
More thorough testing before rolling out changes
Finally, better communication with you about our development process

Again, please accept our apologies for any inconvenience.

[glowing_dragon]

Yeah, but it lasted a lot longer than 3 minutes!

[wetdryvac]

It most certainly did. The post I copy/pasted is here: http://lj-maintenance.livejournal.com/131843.html

And the comment thread to that post pretty clearly demonstrates that the problem exceeded three minutes for a number of people.

[glowing_dragon]

Definitely so, then! LJ seems like they're just being dismissive. Is that how business is done in Russia?!

[glowing_dragon]

Apparently!

[chamekke]

This issue primarily affected people in the United States; the Russian-speaking audience was almost completely unaffected because the changes occurred very late at night in Russia.

Gotta love how the LJ customers living outside the United States and Russia don't even rate a mention.

Were we "almost completely unaffected" too, or was our privacy compromised? A little? A lot?

Are we considered even more insignificant than the American customer base? Hard to imagine, but I'm beginning to think anything's possible with LJ.

*boils*

[m03m]

Wait... There are other countries beside the US and Russia? What is this madness?!

[zimtkeks]

I think it rather sounds as if they have no clue who was affected and who wasn't; they just guessed from the time of day. But since it seems to have gone on for about 24 hours, everybody in the world may have had the same risk.

[aiki]

Gotta love how the LJ customers living outside the United States and Russia don't even rate a mention.

That was EXACTLY my thought when I read this.