Author: Harold

Security, privacy & accessibility

The latest DDOS of LiveJournal has once again brought out cries of “Fix the security of the site!!!” I’ve made this analogy a few times, in a few different ways, and I think I finally have it nailed down.

Imagine LJ as a whole is an apartment building. Each person has an apartment (your journal) and the building has common areas like lobbies, meeting rooms and the gym (communities) & infrastructure like elevators, central heating, and plumbing (FAQs, the login system, various directories, etc…)

Now, this isn’t a perfect analogy because you do want your friends to be able to access your journal to see friends-only posts, and you want people, even anonymous people, to be able to read your public posts, but it’s good enough.

So a security breach would be like the superintendent leaving the front door to your apartment unlocked, or even worse, wide open. Anyone would be able to walk in, rifle through your stuff, take things, and even trash the place. In terms of LJ, this would be something like password failures, or someone breaking into the server directly instead of through the website.

A privacy breach would be like if the superintendent left your bedroom curtains open while he was fixing something. Anyone in the right place could look into your apartment, but they can’t steal or damage anything. In LJ terms this would be like the privacy failure of October 2011, where LJ briefly showed cached pages to people who shouldn’t have seen them.

A DDOS would be like if someone changed all the streetsigns in the city to direct every tourist to your building. They can’t get into the building because the doorman is keeping them out, but unfortunately you can’t get into the building either because the huge crowds are keeping you away from the door as well.

If This Then That

I discovered If This Then That a few days ago and I’m really impressed by the concept. The basic idea is that the ifttt service has channels that it can monitor and broadcast on. You select a trigger (the this) and an action (the that) and the system monitors every fifteen minutes to see if it should take action. A good example of how this works is “If (temperature drops under 55 degrees) then (send me an e-mail)” or “If (I upload a photo to Flickr) then (send a tweet linking to the picture)”.

Unfortunately they don’t have an LJ channel yet (I asked, and they said they’re looking into it), so I’ve been trying to hack something together using RSS feeds and e-mail posting. The way the e-mail channel works on ifttt is that you register, they send a PIN to that e-mail and then you type in the PIN to verify that you control that address. So you’d expect that all I would have to do is try to verify the post by e-mail address and I’d be golden. But no.
I can get it to post to my journal, and I can get it to post to my test journal (), but I can’t get it to post to the community I want it to post to (). I’ve tried a few things, and I think that the posting address for that last community is too long for ifttt to handle (fiddlingfrog+PIN@post.livejournal.com vs. fiddlingfrog.hjhtesting+PIN@post.livejournal.com vs. fiddlingfrog.ruljautonews+PIN@post.livejournal.com). According to the e-mail gateway log whenever I try to verify that last address nothing even shows up.

On another note, I’ve been thinking about what ifttt would need to do in order to create an LJ channel. To use LJ as an action channel (the that) all they would need is a username and PIN. Since post by e-mail is governed by authorized sender addresses, no password will be required.

To active the LJ channel, a user of ifttt would give them his LJ username and PIN. Ifttt would then post an activation code to the user’s journal, and he would input it on the ifttt website to prove that he does control the journal. That’s it, the channel is activated and he’s done.
When creating an action the user could then specify community to post to, tags, userpic, mood, music, and even disable comments if they wished.

Rene Marie

I worked the Rene Marie concert at Mercyhurst this past weekend. It was a simple show – most jazz bands have something odd in the tech rider, but Rene’s didn’t even mention lights and hardly mentioned sound. It helped that the entire band, Rene included, were really nice people. She had a fantastic voice and it’s hard to believe, watching her up on the stage, that she’s only been singing for 14 years or so.
After the concert Sunday we packed up some of the sound system, and at 7 in the morning on Monday we drove down to the Community Shelter. Apparently, Rene does a concert at a shelter wherever she goes, having been homeless once when she was a kid.
I’m still favoring my left arm a bit, still wrapping the elbow when I’ve got any lifting to do.

Friday Five: Video Games

Courtesy of

1. Do you prefer to play games on a console or PC?
Tough call. I have a Wii, and I immensely enjoy the few games I do have for it, but I probably spend more gaming time on the computer.

2. What is your all-time favourite game? (No answer too embarrassing)
The Secret of Monkey Island. Hands down.

3. Which game has been the most disappointing?
Donkey Kong Barrel Blast

4. Are there any upcoming games that you’re excited to try?
Doctor Who: Worlds in Time

5. If you could design a computer game, what kind would it be (platform, racing, shoot-out, etc.) and what would it be about?
I’ve had an idea for an educational puzzle-based MMO that I think has potential.

Inefficiencies in the federal government

Despite the seriousness of the title, this is mostly me ranting.

So apparently, earlier in the year, the Department of Education decided to transition handling Direct Loans (that’s federal student loans) directly from their website to a new site set up especially for the purpose. Now, I set up Autopay from my checking account as soon as my deferral period was over and the only communication I’ve received from the DoE in all that time as an annual form for my taxes.

So what do I get in today’s mail, which I don’t see until 8pm? A bill for my October loan repayment. Dated the 14th, mailed the 24th, and arrived the 28th. WTF?! Scanning the notice I see that I’m being directed to a new website, www.myedaccount.com/. Since this is different than the previous website I’m a bit suspicious, so I go looking around online. And I find this, and this, and this. It turns out that yes, the federal government really did move websites. Yes, they really did make a mess of the transition. And yes, all auto-pay information was supposed to transfer over but lots of people are reporting it didn’t.

Now, I get the idea of streamlining your web services, and keeping a huge part like loans away from the rest of the site to keep things separate, but for cripes sake you’ve got to do a better job of it. My Auto-pay info didn’t transfer over, I had to re-enter my credit union info. And now I’ve got to hope that I can actually get through to a human being to see if I’ve been reported as late or not.

Current Mood: 😡annoyed

I made a userhead (mostly)

Oh this is cool. I became aware a couple weeks ago of the new community and finally decided to enter (apparently it’s a contest, but I’m not sure because it seems mostly aimed at the Russian userbase) with the scuba diver head I made last year on a whim. (That image is hosted on new ScrapBook, so I fully expect it to break at some point in the near future.)
When I got home from Mercyhurst a bit ago I had two notifications waiting for me – 1) I won, and 2) I got my userhead as a gift. They altered the shirt back to standard LJ-head blue, but that’s alright. It’s a bit blurry too, but there’s already a patch to fix the width of the userheads.

Current Mood: 🙂pleased