August 16th, 2001

un pescado grande

MD5 hashes vs plaintext passwords

Is it possible to create MD5 hashes on a Windows C++ client, example being the LiveJournal client?

If so, would it not make more sense to send the MD5 hash over HTTP POST (to login, etc) instead of the plaintext password? (I'm assuming plaintext; I'm damn sure it's plaintext)

Bad examples being -- someone accesses their LiveJournal on company time. Net admin sees this and forwards it to whoever. They, in turn, delete the person's LiveJournal. I mean, that's an extreme scenario, but it could happen. (Though chances are they'd fire someone before doing that)

I've heard numerous accounts of people saying their boss / company made them delete their LiveJournal. If the company could do it on their own...

Not to mention general security. Packet sniffers are no man's friend. (Well, unless I want your password, but that's a different story, isn't it?)
un pescado grande

(no subject)

Hey, LiveJournal users who are familiar with Visual Basic (and internet crap in it):

What "controls" are available to help me out with an LJ client in VB? (Yeah, I know, I'd use perl / GTK but I'm on Windows mostly)
  • xb95

LJ Setup Trouble.

bash-2.05$ bin/upgrading/

This tool will create your LiveJournal 'system' account and
set its password. Or, if you already have a system user, it'll change
its password to whatever you specify.
Enter password for the 'system' account: <removed>

Creating system account...
Giving 'system' account 'admin' priv on all areas...
Couldn't grant system account admin privs

Whee. Anyone have any suggestions? I've gotten this far without problems... going to see if I can get it up without this step, and/or find an SQL reference to figure out wtf is going on.


(no subject)

I'm cross posting this to lj_biz and lj_dev:

Yesterday convinced the arts, humanities, communications, and computer science departments to use live journal for the journal component of their courses...At this time, there is a solid commitment for upwards of 90-120 student accounts starting the week of August 27th. If it goes well with the test group, then the campus might adopt lj for other projects, and for administration seminars.

So what I am wondering now, is if the journal is going to continue to survive, if my campus should burden the lj system, or if we should try to download the program and install it on site at Heritage… How difficult is it to set up? I have received a bid on helping to set up something for Heritage College, but I don't have asked around about money yet -- kinda putting that off for a bit (asking for money from the College budget). It was kind of difficult to get them to agree to adopting lj as the journal component for my students, much less getting someone to part with "discretionary funds."

I guess what I am thinking, is if this semester goes well, then I will be in a stronger position to ask for funding to either start a campus journal, and/or find more support for lj -- maybe even get lj added as a lab-fee thing , get budget funding to pay for consultants, something like that.

BTW: Has anyone considered writing some sort of grant to get funding for lj?

Completed items

Whoa... people did stuff! :-P

You can now stop sending me patches for the following things:

ljrpc --now -- tons of patches for this one. I used the best parts of 3 patches from abarros, avva and dormando -- cryo hooked us up, but now we need to get status from the guy that's using it.
effective/actual userids -- tons of advice for this one... avva had the best solution. (using su $user -c)
More slave usage -- revjim did a ton already and will presumably keep on cruisin'

For stuff remaining to be done, see this post which I hope to have in the lj_dev todo system sometime.
  • cryo


I have implemented the checkfriends code in the OS X client, but I have some question as to how the philosophy works.

How does it determine that you've read your friends page? Does it require that the user be logged in or it won't work?

Why does it appear to have new=1 then a few minutes later when I checkfriends again new=0 and I haven't read my friends page?

I notice the behavior on the win32 client is similar and seems to require that to reset the flag that you have to launch a browser from the client... What seems to be the best way to handle this?

The docs elude to stop polling after you receive a new=1, but it doesn't offer a clear way of what is necessary to restart the counter.
binary and a cookie to whoever notices
  • xb95

priv_list population for new installations

Okay, here's my first contribution to the LiveJournal server. This is for the livejournal tree (non-ljcom) since it's only really useful to people who are downloading LiveJournal for themselves.

What it is: A script that populates the priv_list table. The .tar.gz file consists of two files, the actual Perl script to do the populating, and the data file.

Why use it: If you're like me, even after following the instructions to the T in the install file, you'll end up with a priv_list table that isn't populated. Since there are no privileges in it, it causes to fail, and you can't give admin privileges to anyone. This is generally a bad thing.

Where to get it: For now, you can download priv_list_setup.tar.gz by clicking on it.

How to use it: Just put it anywhere and run it (make sure LJHOME is set first.) Also make sure both files are in the same directory and mySQL is setup, yadda yadda. :)

Notes: This is my first submission. Let me know if I did something wrong. :p (Brad, incoming e-mail too, with the diff file for a new paragraph on using this as part of the installation process and attached files so they can be added to the CVS if you want.)