On 5/8/07, Tim Starling tstarling@wikimedia.org wrote:
Who are you calling unprofessional? The people who quickly, competently and comprehensively fixed the problem on the server side, or the people who jumped up and down on the lists and wikis about the need for everyone to change their passwords? I think you should make that clear.
I think he's talking about the fact that it was so easy to mass crack passwords in the first place.
On April 26, Brion announced that an attacker was "mass-abusing accounts with weak passwords" Then, on or about May 6, an admin account is cracked. Doesn't seem like a quick, competent, and comprehensive fix to me.
I'm not sure any individual in particular is to blame. I suppose Brion is supposed to be the one in charge of such things, but in my opinion he doesn't have the staff or budget to do it. Maybe he's the one who has chosen to so much money on hardware and so little on staff, but I suspect that's more a board thing.
I've suggested before that a lease of servers would make a lot more sense than all those capital expenditures, and this is a good example of why that's true.
Anthony