livejournal

dw_news | PSA: Likely LiveJournal password compromise
Passwords used on LiveJournal around 2014 have probably been compromised. Dreamwidth noticed because accounts where people had common passwords on both sites got hacked on DW. Use a password manager, people.
(tags: livejournal fail security password dreamwidth)
Books in Which No Bad Things Happen | Tor.com
A list, including contributions from commenters.
(tags: books science-fiction)
Walks south of Cambridge
I did one, it was nice. Bookmarking to try others.
(tags: walking hiking cambridge)
bigH/git-fuzzy: interactive `git` with the help of `fzf`
A CLI interface to git that relies heavily on fzf (version 0.21.0 or higher).
(tags: git productivity fzf)

I’ve been tidying up my website a bit, and I’ve put everything which used to be on LiveJournal on Dreamwidth, with a view to closing LJ (or replacing all the stuff there with redirects) and using DW as a bit of diary/venting place now LJ’s looking increasingly dodgy. It’s odd to type stuff into a LJ-clone, feels a bit retro, but in a nice way, like a comfy old jumper. Twitter’s a cesspool and neither it nor Facebook are good for more than a few sentences of text.

I’ve also spruced up things on the proper blog a bit, adding a funky new style. I got Journalpress going to post stuff from the proper blog to Dreamwidth, and did my very first GitHub pull request to add a feature to it. This started me off on a “add all my things to GitHub” kick, currently there’s just my LJ New Comments script, but there’s a bunch of other bits I want to keep somewhere sensible rather than on my laptop.

Twust

On the subject of cesspools, has anyone done a thing for Twitter which only shows you replies from people followed by you or the people you follow? Someone really should layer a web-of-trust over the top of it, but I hear their API is designed to stop you doing interesting things with it, because you run into rate limiting. It’s so bad TwitRSSme apparently does stuff by screen-scraping instead, which is icky but possibly unavoidable.

I’ve updated the little script I wrote to keep track of which comments are new on LJ and Dreamwidth (LJ now does this automatically in its default style, DW doesn’t, by the looks of it). Thanks to various people for telling me it was broken for HTTPS sites, which LJ and DW both default to these days.

Userscripts.org is long dead, so I’m now hosting it on my site.

I’m mostly writing this down so I remember it, but maybe it’ll also come in useful to other people. This is how I converted from LJ to WordPress.

Getting data out of LJ

WordPress’s LiveJournal importer is buggy and doesn’t do a bunch of stuff I want (such as re-writing links to my own posts so that they now point to the new blog). Luckily, jwz has been here before, and wrote a Perl script to download a journal and output WordPress’s XML import/export format. This does better, but needed a bit of hacking to suit my obsessive need to avoid information loss in the transfer to WP. I’ve stuck my own version here: the comment at the top describes what I changed. You’ll need LJ::GetCookieSession. Like all Perl scripts, this one is configured by global variables near the top, so you’ll need to change those too. You then say
ljgrabber.pl -v --wordpress --comments > wordpress.xml
and then upload wordpress.xml to the WordPress importer (Tools, Import on the WordPress dashboard).

Note that I haven’t used any of the other advertised options (to re-write bits of your LJ so they point to the new blog) in my modified version of the script, so damned if I know whether they work, crash, or delete your journal. Probably best to try it on a spare journal first, I’d’ve thought.

Installing

I ran through WordPress’s famous 5 minute install having stuck the untarred WP download in the right place on my site. Excitingly, this left wp-config.php (which has stuff like the database password in it) with both public read and public write permissions (assuming it was the installer and I wasn’t immediately pwned by something before anyone had seen the blog). So, you might want to watch for that.

Plugins you will want

  • Akismet: WordPress blogs attract a lot of spam comments. Akismet kills them all. Possibly there’s something I can do about this to make my blog less obviously a WordPress one, but I haven’t worked out what they’re using to identify it yet.
  • Avalicious will grab user pictures from LJ if your commenters specify a LiveJournal as their website URL. Since jwz’s Perl script produces such comments, installing this gets you the familiar looking icons for everyone. Note that you will want to apply jwz’s patch or it’ll kill your performance on pages containing comments from people who deleted their journals.
  • Live Comment Preview: cos it’s handy.
  • Subscribe to Comments: nearest thing I’ve found to LJ’s email functionality. I’m not sure whether it’s actually emailing you replies to your comment or just any new comments. Probably should check that.
  • LiveJournal Crossposter: does what it says on the tin. Note that if you go back and edit imported posts, it seems to want to post them again (presumably because the imported posts don’t have whatever magic it uses to tell that they’re already posted to LJ), but for posts which it has cross-posted for you, it’s clever enough to apply subsequent edits back to LJ, too. Note that there’s a setting which controls whether it just posts excerpts or the whole entry. For now, I’ve set it to the whole thing, even if it does mean the Russian mafia are getting advertising revenue from my writing.
  • Updraft Plus Backup/Restore: backs up the database and files to Google Drive, which I wasn’t using for anything else.
  • WP Super Cache: Crimefighting Jesus told me to, and he runs the hosting company, so he should know.

I expect I’ll tart it up a bit at some point but the default theme seems reasonable enough for now. Any other top tips welcome, I guess.

Stöwer TitanicSo, I’ve been looking into ways of running a “proper” blog, and I’ve come down to PyBlosxom or WordPress. In either case, I’ll get my own hosting for it.

Advantages of PyBlosxom over WordPress:

  • Keeps entries in text files. I fear databases.
  • Seems to have a better security record than WordPress.
  • In Python, so hackable and I’d feel I’d have some hope of understanding what it’s doing (WordPress is in PHP).

Advantages of WordPress over PyBlosxom:

  • Very active developer community, so lots of nice plugins. (PyBlosxom isn’t abandoned but doesn’t have so many people working on it).
  • More themes, some of which are pretty (PyBlosxom has a few themes in their repository, none of which are that pretty).

Anyone who’s used either of those care to comment?

A thing I found while investigating how to get journal backups going again in the wake of LJ’s most recent debacle:

A while back, geeks kept saying that LiveJournal should be Usenet news, that is, instead of mucking about with all the tedious web forum stuff, it’d be nice to have a program which let you read comments and entries, kept track of threading and which comments you’d already read, and so on (remembering what you’ve read on LJ was the motivation for my LJ New Comments script, but that doesn’t avoid LJ’s clunky interface).

This was tricky as there was no obvious way to get all the comments from an entry. There was the old comment export thing, but that only works on your own journal. You could “screen scrape” with a program that tried to pull the comments from the human-readable versions of LJ’s pages, but that’s considered rude because of the load it’d put on LJ’s server, and it’s fragile as it might break if LJ changes the human-readable output.

Luckily, LJ added a bunch of new stuff to its existing interface for “clients” (programs which access LJ, like Semagic). This includes the getcomments method, which allows you to get all the comments on any entry you can see.

Add this to the existing machine-readable stuff (Atom feeds, getfriendspage) and you could probably write either a client specific for LJ (the iPhone client is the reason LJ added the getcomments method, by the looks of it) or a proxy to turn the whole thing into NNTP and let you use conventional Usenet clients. Who’s first?

(Personally, I still plan to be off once I can actually back up this journal, including the comments of my esteemed readers. But I won’t stop reading, so this would be a nifty toy even for me.)

Edit: another thing this allows is third parties offering comment feeds of your journal: someone could write a thing which turned the comments from an LJ entry into an Atom feed. Real blogs have these, so LJ could too.

The latest code release onto LiveJournal has introduced a problem where people are randomly getting logged into the wrong journals. This exposes friends locked and filtered entries belonging to those journals to those random people. There’s no indication that this used to read the locked entries of a specific, targeted user, but there’s no analysis of the problem available, so we don’t know that it can’t be, either. Edit: It looks like this was a problem with caching. If that’s true, it’s unlikely that it could have been used to read posts from a specific user. More here from cahwyguy.

More information is available here.

This has been going on since at least yesterday morning, yet LJ still hasn’t responded officially to reports of the problem or warned users that their private data is at risk. Edit: LJ has posted about the problem, however, they don’t seem to have some details right. For instance, they’re claiming it was only a problem for a few minutes, when people were noticing it all day on Thursday.

This is the second time that LJ has dealt with a major security incident with staggering incompetence. It illustrates that they apparently don’t have a test server, i.e. they’re a bunch of coyboys. My vague plans to move this blog just got a lot less vague.

New Statesman – Faith no more

"Earlier this year, Andrew Zak Williams asked public figures why they believe in God. Now it’s the turn of the atheists – from A C Grayling to P Z Myers – to explain why they don’t "
(tags: atheism richard-dawkins philip-pullman daniel-dennett sam-harris)

Pompous Theist

You've seen Advice Dog and Courage Wolf, now enjoy Pompous Theist. Well observed stuff: I've seen quite a few of these "arguments" in my time.
(tags: atheism meme funny humour theism religion)

“Shut Up, Rich Boy”: The Problem With “Privilege.” | No, Seriously, What About Teh Menz?

"I’m a feminist writer, but I don’t like to use the word “privilege” in my writing. Here’s why not:"
(tags: feminism privilege)

Why Have Hackers Hit Russia’s Most Popular Blogging Service? – TIME

Where LJ has been the past week or so. For once, it's not their fault.
(tags: internet security livejournal politics ddos)