eruthros: Aang from Avatar:TLA facepalming (Avatar - facepalming aang)
So LJ has just instituted a new kind of cut-tag-thing - "lj-spoiler" - which theoretically can be used for in-line expansion and in comments and will be all pretty.

There's just one problem: it's so javascript dependent that there's no indication that it's there if you don't allow to run scripts. Like, not, "the in-line expansion doesn't work," but flat-out "can see the spoiler text without even a header or indication that it was under a cut." And it also doesn't show up in (most?) email-notifications at all. And some people have suggested that it does not interact well with screenreaders. So that's fun.

I realized this because otherwise some comment exchanges I was looking at made no sense at all. So here are some screencaps + descriptions of how it looks:

two screencaps under the cut )

So basically, it is an awesome idea and I would love to be able to put spoiler cuts in the comments! But if you use them, when I browse not only will I not see them, I won't even know you meant to use them unless you also say "this is a spoiler!" in the text. Ditto for people who receive text notifications (like me); I don't know what happens when people receive html notifications. But if the point of using spoiler text is to avoid spoiling the person you're commenting to, it may or may not work, depending on how they read/respond to comments.
eruthros: Aang from Avatar:TLA facepalming (Avatar - facepalming aang)
I know a lot of y'all don't use lj, but in case you do, there seems to be a bug that caused (is causing?) a security/privacy breach: multiple people have reported that when they try to edit their own entries/profile/inbox, they are taken to another random user's edit entries/profile/inbox page, and can see all of that user's flocked and private entries. Basically, the system seems to think that they're logged in as another user. Here are some of the early bug reports from last night:

cocanuts reports the logged-in-as-another-user bug
itsaserket reports the logged-in-as-another-user bug
rachelmanija reports the same bug (and also reports that it stopped happening to her) (ETA: she expanded on what the bug looked like in comments here)
nix_this reports the same bug (with other details in nix_this's lj)
kazzisato reports the same bug

... but there are a ton of comments on the lj releases post now; those are just the first reports of the problem that I saw. LJ staff have not yet commented to my knowledge, so all that there is so far is a series of bug reports - nobody seems to know the extent or scale of the problem, whether it was a temporary glitch that has already been fixed or whether it's ongoing, or basically any other details. I haven't seen any bug reports from users who noticed unauthorized access of their journals - just from people who noticed being logged in as someone else.

There's also an overview post about this lj bug at unfunnybusiness. There don't seem to be any suggestions for fixes yet, but the lj release entry for their recent code release has 800+ comments and is growing, and I haven't looked at everything. I haven't seen any reports on why it's happening, but some folks are suggesting that it might be related to an (unannounced) change in handling cookies that has also affected plugins like LJ Login and dreamwidth's comment importing.

Unfortunately, while you can tell pretty easily if you have access to the wrong journal (click edit entries, see what happens, if something goes wrong log out and log back in), so far there's no way to tell if anyone else has access to yours. Will ETA if I learn more.

ETA1: I haven't seen any bug reports from people who experienced the bug after mid-morning today UTC (but I could have just missed them) - if you know of any, please let me know and I'll ETA again. Now I've seen some more recent reports, so it hasn't stopped happening. I have also seen people reporting that it's no longer happening to them, though - [personal profile] rachelmanija, linked above, and [personal profile] wendelah1 in comments here.

ETA2: [ profile] fallacy_angel took a screencap of the journal they were temporarily logged into; see also their comment at lj releases.

ETA3: Strike ETA1; I think [ profile] dapperdinosaur is reporting the bug shortly after it happened to them, which makes a bug report from about 4:00 am UTC on the 27th.

ETA4: [personal profile] lorax experienced the bug at about 3:15 pm UTC on the 26th, and wrote up an detailed report of what the bug looked like plus some notes about lj's response.

ETA5: In the comments here, [personal profile] silveraspen describes the response to their pm to a site staffer (at 2:46 pm UTC on the 27th) which suggested that info was going to go up at [ profile] lj_maintenance soonish.

ETA6: There's a new lj maintenance post that describes the problem: they're saying that it didn't allow people to edit other users' pages, just view them, so it wasn't a security risk. (This is one of the times when I facepalm about lj's communication - site security vs security of people's info would maybe have been a good thing to mention there.) They also describe it as a bug that lasted for only three minutes - while it's true that most of the bug reports I saw were clustered around the same time period, I've also seen a couple more recent reports, so that seems ... unlikely.

ETA7: Make that a really recent one - here's [ profile] snailbones's report of the problem happening after that lj maintenance post was made.

ETA8: This is the first instance I've seen of someone saying that they actually did something with the account they were logged into (I think - it's somewhat confusingly worded, so definitely grain of salt here), plus some discussion of how long the problem was happening: [ profile] misstiajournal's comment at the lj maintenance post.

ETA9: [ profile] moropus also reports that they accidentally commented as another user when they experienced the bug (note that the comment also has anti-Russian sentiment)

ETA10: [personal profile] siljamus talks about things to do to minimize the risk of this happening to your journal, which mostly involve logging out of all of your livejournal login sessions, and then not logging back in at all (which includes not crossposting from dw).

ETA11: I haven't seen a live report of the bug since [personal profile] snailbones's, linked above, at 9:38 pm UTC on the 27th. Anyone else seen anything? Yup, other people have seen something - see ETA14.

ETA12: LJ mentioned the problem in passing in their most recent lj news update; many of the comments are angry about the in-passing remark, wording, challenge the details, etc.

ETA13: [personal profile] rachelmanija describes what the bug looked like (what she could see, how long it lasted).

ETA14: strike ETA11; [personal profile] majoline reports seeing the bug (or a different bug?) at about 3:30 pm UTC on 10/29. This bug report is different, though - they were taken to the edit entries page of a journal entry they clicked on, not to a random journal. No word on whether they could do anything on that page. [personal profile] majoline commented to say that the buttons were grayed out and couldn't be clicked on.

ETA15: It turns out that anyone can see anyone else's edit-entry page for a public post by putting in their username and the number of the entry; it only works for public posts, and it grays out the boxes and nothing can be clicked on. So a misdirected link could send someone there, and so could I if I manually entered it, and etc. [personal profile] darkspirited1 and [personal profile] xenotaku have been figuring out the parameters of how this works in a comment thread. The existence of this weird UI is irritating, because it means that the cache error(?) bug and this thing might be described in the same way by a user. The important differences seem to be that in the cache error, someone appeared to be logged in as someone else, so the edit entry page would appear normally but with someone else's data (buttons appeared pushable, someone else's username and icon, etc), whereas in this edit entry page looks weird and unusuable (buttons and text greyed out, at the top it looks like you're trying to edit a post in a community: [yourusername] in community [otherjournalname]).

ETA16 I just saw another new bug report on lj maintenance of something weird that looks a bit like the original bug circa 4:53 pm UTC 10/29. Their comment with screencaps got marked suspicious, but since the comment was emailed to me I saw the screencap, and they said I could link it here: screencap of the post entries page as [ profile] snowsoftsong. It looks like the post entries page as if someone else was viewing it - there was no "in community..." or anything and the entry page wasn't greyed out - except that the username was [ profile] snowsoftsong, and the original poster of that post was alwaystheheart in a different comm. So: WEIRD.

(Almost) everything I've linked to in this post is a single user's bug report or description of their issues - I have no way of checking the veracity of anyone's comments.
eruthros: A panel from a 1950s educational comic book showing a communist deflating -- I mean, blowing up, the Washington Monument (Communists!)
1. Are you, too, frustrated by the new lj facebook and twitter connect buttons under your comments? Fear not, for not one but two people have made magical solutions! Do not mess with tab order or people shall make greasemonkey scripts, lj. These solutions only fix your view of the page and your tab-order; other people in your journal will still see the facebook/twitter options, and will be able to crosspost their comments.

Option one: daluci wrote a greasemonkey script that takes away all the facebook/twitter connect buttons. Yay! It only works on the quick-comment page, though, not on the full reply page. ETA: Now it works for all comment pages! People are awesome.

Option two: [personal profile] chagrined describes a partial solution using stylish here. This is useful for: people who use stylish (me!), people who have javascript turned off on lj (also me!) because the above greasemonkey script only works on the java-enabled quick comment boxes. Sadly, however, it still leaves "settings" the first tab select after the comment box. Me: tab-enter ... oh damn. NARGH.

2. While I am linking to greasemonkey scripts for livejournal, I also really love daluci's bannering script. It turns the lj header back into a beautiful quiet blue bar. Against which I can read the text. Sometimes it gets a little wonky over on the right, depending on what lj has done with the custom header, but I just adblock the second lj logo and call it done.

3. Yesterday [personal profile] sineala linked to some macros that [personal profile] astolat made in like 2007 that I haven't seen mentioned elsewhere, so I thought I would signal boost them. It's a set of fanfiction conversion macros for Microsoft Word; they turn a story or post written in Word into pretty html or plain text, surrounding italicized text by html tags and stuff like that. (I can't tell from the post itself whether they also fix inappropriate characters like smart quotes and em dashes, but they might.) ETA: [personal profile] sineala confirms in comments that the macros fix em dashes and smart quotes and other special characters.
eruthros: Battlestar Galactica 1978 promo picture, captioned "first fandom" (BSG - first fandom Starbuck Apollo)
So apparently LJ is like, hey guys, you know what would be awesome? If we deleted journals that haven't been logged into in more than two years, even if they have content! And ditto communities that haven't been posted in for two years! Wouldn't that be awesome?
    One of the benefits of the work we've done to purge suspended accounts is that we will now be able to purge inactive journals and communities too--something you've been requesting for years! A journal is defined as inactive if it has not been logged into for 24 consecutive months. A community is defined as inactive if has not been updated for 24 consecutive months. Once an account is eligible to be purged for inactivity, the owner will be sent an email to alert them of the inactive status. The owner will then have two weeks to log into the journal or post to their community to prevent it from being deleted. [...] Again, you can read technical details about suspended and inactive account purges in this post. We'll be sure to let you know when these purged usernames become available.
From the news post. And when I followed the link to the technical details, I discovered that:
    The new modifications will actually allow us to purge not only deleted and suspended accounts, but inactive accounts as well, as announced in today's news post. This was not the only change put into the worker scripts; we also had to add logic that removed comments and community entries posted by accounts being purged.
From the lj maintenance post about purging accounts.

Like, that might be poor phrasing in the lj maintenance post, referring only to posts/comments by suspended users and not by purged-inactive users, I guess. But the way I read it, it seems to be saying that inactive journals include journals that have content, and that the comments left by those ljers on my posts, and the posts by those ljers to communities, are going to vanish. (Please tell me I'm reading that wrong.)

I am just ... like, I think 90% of everything I've tagged on delicious in the last five years is on lj. And, just, poof! And poof go people's comments in my journal, and poof go giant RPing comms like Nocturne Alley, and poof go community posts, and poof goes everything by everyone who was using lj as an archive four years ago before they moved to facebook. I kind of can't even wrap my brain around it. I just went to my old lj profile, and counted offhand seven comms that would be deleted under this policy, and those are just the ones I'm still subscribed to, not things I've tagged.

ETA: Someone has just edited the news post to say "A journal is defined as inactive if it has not been logged into for 24 consecutive months and has only one post (i.e., the welcome post). A community is defined as inactive if has not been updated for 24 consecutive months and has only one entry and no comments." So it would still be grabbing the journals of RPers and people who have journals only to post to communities, and their posts to communities/comments would vanish, I think, but at least it would leave journals that have some entries. Probably.
eruthros: Martha Jones smiling! (DW - Martha Jones is awesome)
1. I have been doing experiments with a cookie recipe that I quite like, trying to get as near as possible to a power bar without giving up what I like about the taste of cookies. I'm nearly there! So far I'm at 3.8 g of protein per cookie, which is pretty awesome. I have recently discovered that applesauce covers the taste of soy protein powder better than butter -- who knew! Anyway, \o/ for moderate successes with baking! And for eating cookies for snacks without going all sugar-rushy! When I make them successfully again, I'll post the recipe here.

2. I turned off javascript on lj a while back -- not just sharethis, which I've never had enabled, but -- and was pleased by the faster loading times. It meant no more quick reply comment boxes, but I could live with that!

Then today I learned that the update page doesn't show the icon or the preview buttons without javascript. So I'll have to turn it back on if I post to communities. *is cross*

3. Speaking of, did you know there's a limit on the number of PMs you can send from an lj account? I didn't. And now I know that there is one, but not what it is, or how often it rolls over, because I can't find anything about it in the FAQ. *continues cross*

4. I hit the pm limit because I'm sending out little heads-up [community profile] kink_bingo deadline reminders to folks who haven't posted yet according to my spreadsheet. I'm doing it kinda automatically, so if I pmed you even though I should have known you knew the deadline, uh, sorry. I just go click-paste click-paste.

5. Today is my dw-versary! I'm still in a space of squishy hugs for dreamwidth, gotta say. Here are some things I like about being here:
- the community!
- the standing-by-their-principles stuff
- hierarchical tags (♥)
- split access/subscribe list
- the little stuff! I love that /calendar now redirects to /archive, because I used to type the url wrong every time, and I love being able to leave a reason for editing a comment, and I love that I can rename icon keywords and fix my typos.
- did I say the community already? Because y'all are awesome.

ETA 6. We just had a sudden cat! We left the back door open today because it's finally nice here. I was just sitting here on the sofa puttering around on the internet, and then I looked up and there was a cat sitting in the living room doorway giving me the Disdainful Cat look. I went "aah!" at the sudden cat, and the cat went bounding away, and I think I startled [personal profile] thingswithwings rather a lot. But seriously, I can't be expected to not startle at sudden disdainful cat.
eruthros: llamas! (llamas)
If I don't post things, then they just build up and build up in semagic until it seems insurmountable. Today I have decided to say "fuck that" to that problem, so here are ... a bunch of misc and unrelated things, some of which have been in semagic for months.

1. We made lots of awesome food for American Thanksgiving which was like three weeks ago now, but this text has been sitting here for most of those weeks so I'm posting it anyway. I might forget how to make these tasty brussels sprouts by next fall! More details about the recipes under the cut to spare you guys )

2. I'm currently going to PT threeish days a week for hand and wrist and knee and ankle and etc joint pain, and I still have partly immobilized hands. It makes me cranky and anxious, especially because nobody seems to know what's wrong, and why this problem is worse than the previous ones. Blather about doctors )

3. Some things I forgot about when I was doing yuletide nominations, so now I'm putting them here for next year )

3a. It is a sad state of affairs when your yuletide story notes are long enough to be posted to the archive. *pokes at file* Now, if only I had a story...

4. Some random things I have learned from kink_bingo )

4a. This isn't a random thing that I learned from [community profile] kink_bingo, it's a true story from planning last year that I've always meant to post so I won't someday forget it )

5. I want a firefox extension, and I can't find it! Here's what bugs me )

THERE. Now I have a completely blank update field. And I'll add some stuff from today to make sure it stays that way:

6. This Penny Arcade strip pretty much explains the way I feel when people say things like "you're just watching it to hate it."

7. Oh my god, lj, seriously? You're seriously going to make gender a mandatory field and make male and female the only options within that field? Seriously? I just. Fuck that shit. I can't put words to my RAGE.

Wait, what?

Dec. 2nd, 2007 10:16 pm
eruthros: Delenn from Babylon 5 with a startled expression and the text "omg!" (BtVS Tara avatar avatar)
Wait, WHAT? SixApart just announced that they've sold LJ to SUP International whosits.

I'm just gonna hang out here until someone figures out what this means. (As I only know SUP from posts on [ profile] no_lj_ads, in which people talk a lot about privacy issues and poor coding issues. The whole list is tagged here.)
eruthros: Delenn from Babylon 5 with a startled expression and the text "omg!" (Default)
Okay y'all: I love all of you.

I love the people who are getting called "hysterical" -- and getting pissed off at being called hysterical, when we're a community of (mostly) women and hey, look, that phrase has been used to keep women down for more'n a hundred years.

I love the people making animated macros.

I love the people responding from their RP journals. In character. Oh, Neville!

And the people realizing that this is bringing HP fandom back together - must be the apocalypse.

I love the people with with plans and the people critiquing the plans.

I love the people quoting "Hoist the Colors" at length -- all eleventy-billion of you, in all the fonts you're using, no matter how much I'm like "wtf? what does that have to do with anything?"

Also I love the people making Les Miserable references, and asking if MooCards are like cake, and filking, and happily doing what they do with pop culture. And doing what they do with words and parsing statements to the press to figure out what people are really saying. I love the close readings.

I love the people posting and commenting on the news post, so much that I can't even keep up with the notifications by skimming. (Even if some of you are kinda trolling and making me wince.) I love the people making friends in the middle of the storm of comments.

For serious, you guys. Fandom = kinda awesome. 4,200 plus comments on that news post. People phoning and yelling and shouting and talking to the press and defending their friends and defending people they don't even know and making icons.
eruthros: Delenn from Babylon 5 with a startled expression and the text "omg!" (B5 - Delenn OMG)
"Our decision here was not based on pure legal issues," countered Six Apart's Berkowitz. "It was based on what community we want to build and what we think is appropriate within that community and what's not. We have an awful broad range of discussions and topics and other things going on in LiveJournal, and we encourage other broad-ranging conversations on all sorts of topics. This was a specific case where we felt there was not a reason (for these journals to stay online)."

Berkowitz said the company would "obviously apologize" to anyone whose journal was deleted in error but added: "That's going to be a very small minority of the sites. I would be shocked if it's more than a dozen."

From a cnet article here. They ain't gonna talk to their users, but they've got plenty of time to talk to cnet.

What he is saying is: these journals are not illegal, but we don't care, we don't want them on lj. We're taking away the welcome mat, fandom. It doesn't matter what you have in your interests, or what you have in your profile, or what you post: if we don't think it's appropriate, it's out. We didn't do this accidentally, and we aren't going to apologize.


May. 29th, 2007 09:37 pm
eruthros: Delenn from Babylon 5 with a startled expression and the text "omg!" (BtVS Tara avatar avatar)
I've got the same username all over. I'm here on greatestjournal, here on Vox (also, note, owned by sixapart), and nowhere on journalfen 'cause you have to pay or con someone into inviting you. This is easy, because my lj username is actually the atypical spelling of "erythros," and thus not a popular username. Also, it's in the masculine form.

BUT. If everybody decides to go elsewhere for their fannish needs -- which I'm not saying will happen -- let me know. Because it took me, like, six years to find fandom again after y'all left mailing lists for blogs -- I'm still finding people on lj and going "omg! I remember her from prospect_l! I think! I wonder if it's her!"

For context, the fannishly interested can check out lolaraincoat's list of suspended communities and journals and liz marc's discussion about Warriors for Innocence, which is the goup that may be reporting these things to lj abuse. Also, you can see an example suspension letter at jamoche's journal. Also on fandomwank, here, but note that the servers are particularly robust tonight. (ctrl-shift-r may bring pages up if standard refresh doesn't).


eruthros: Delenn from Babylon 5 with a startled expression and the text "omg!" (Default)

May 2017

2829 3031   


RSS Atom

Expand Cut Tags

No cut tags
Page generated Oct. 19th, 2017 12:37 pm
Powered by Dreamwidth Studios