Katrin (
ex_sunshiny116) wrote in
lj_refugees2010-10-05 11:12 pm
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png)
(no subject)
So now that LJ has removed the option of cross-posting from protected entries (see here), are you guys staying at DW? I am. This resolution came too little too late for me and I just feel uncomfortable there, in spite of this improvement. What do you guys think?
no subject
My unease at having someone think that having officially validated links to locked content was a good idea in the first place remains, as does my unease that a news post could get posted without someone double-checking to make sure that the statement about accounts to be deleted for inactivity did not have content in them was actually correct, and my unease that code enforcing male/female only could make it as far as being checked in and getting posted to changelog.
All of these are slips that would be perfectly normal if they were internal only.
So someone proposes that people be able to link offsite to everything they post, ever. Great. But someone should have asked, "But what about locked stuff?"; it seems to me that since the checkbox was unchecked on locked stuff, that the question was asked, and the answer was "Only if they decide it's a good idea on that specific thing", rather than "If it's not their own entry, no way", just as Share This was never on locked entries.
Someone should have asked, "But wait, does this mean that if someone goes to Costa Rica for 27 months, that their whole journal will be gone? Are you sure this is what's intended?" before that news post went up. (This is not an arbitrary example: there is a long-time, much-beloved volunteer who went to Costa Rica with the Peace Corp, and is the Support Volunteers' default example for the case of seemingly-abandoned accounts which are actually not abandoned.) Only after there was the barrage of questions was there the sudden research and the clarification that no, it was only to be content-free accounts.
The developer who created the force-gender-selection code should have been clear before developing that it was intended to be, enforce that the user pick one of the three options (male, female, other/not-disclosed) rather than enforcing that the user pick one of two, male or female.
The fact that all of these things happened says to me that there are, at minimum, bad communication problems somewhere, with results that I'm very much not comfortable with. And then there was the crown jewel, the Lord King Bad security bug that arose from the unintentional intersection of two amazingly bad ideas.
Bad idea #1: this is an old one, and a thorn in my side from the first day I met it. To make things less painful for people using email clients instead of webmail, HTML email notifications (the "rich" ones, with the icons and the little reply window) allow you to reply to that comment as the user who was sent the notification, whether or not you are logged in. This does mean that if you forward a LiveJournal HTML notification to someone else, that someone else can reply to that comment as you. So, really guys, don't do that. (This is not an issue on Dreamwidth. Which does make life harder for people using email clients.)
Bad idea #2: I have no idea precisely why they did it, and I certainly hope that there is a very well-supported development reason that they did it, but they removed the "Log me in?" checkbox from the option to comment as a different account. The result of this was that after you commented, you were always and inevitably logged in as the account you had just commented with.
When Bad Idea #2 dawned on me, I had a sudden horrible thought, and rushed to test it. I found that I was correct. At that time, this meant that if you commented via the HTML email form, you were logged in as the account who had gotten the notification. Even if you were logged in as a different account before that. Which meant that if you were in possession of an HTML comment notification from someone else's account, you could gain access to that account. You wouldn't have the password, but you could be able to see everything they could see from within the account, just like having unrestricted access to a computer they were logged in on. (Which is how I lost a friend, once upon a time, as he abused his access to my computer in a hugely dramatastic way.) Naturally I reported this to Support directly, both through email and in person to one of the admins who is my friend. She was suitably appalled and tested. I was soon notified that it had been confirmed and was passed along to developers.
The security hole has since been fixed. Possession of an HTML comment email no longer means that your account is open wide to someone. It still scares the fuck out of me that this happened at all, and that if I had not checked for it and reported it, that it might have gone unnoticed until it was too late. This, more than any other thing that has happened at LJ, terrifies me.
I don't expect that everyone will share my horror, but it struck too close to home for me, and shattered my resolve that I would stay with LiveJournal forever no matter what. I still have friends who have no intent to leave, and at least for now I will maintain an account and keep following them, and I certainly hope that LiveJournal the company stays around a good long time, as they have all that rich history of cross-linked lovely content. But that security bug broke my heart.
no subject
... I actually FELT my heart speed up for a second there. Holyyyyy green winged fishies, that could have been severely disastrous. Glad they fixed it, but WOW.
no subject
no subject
no subject
no subject
no subject
no subject
no subject
no subject
no subject
I get the email HTML notifications from LJ. Thank God I never forwarded one to anyone else - though I trust my friends (the ones that I would forward such a thing to!) not to do anything stupid.
That is amazingly scary. Thank God you saw it, reported it and it's been fixed. The consequences if it han't been just don't bear thinking about!
no subject
I wonder what their next major security fail is going to be.