November 12th, 2002

look right
  • dennyd

RDF update instead of repost - desirable behaviour?

I notice when an RDF is changed after being read (editing an article title for instance) that a new entry is generated rather than modifying the existing entry for that URL. I might look at how difficult it would be to code it to update instead of post a new link each time, if that was a desirable behaviour?

(copied across from a post I made in syn_promo earlier today)
  • Current Mood
    curious curious

Safer Cookies

Microsoft recently added a feature to IE6 SP1 whereby cookies can be flagged with an "HttpOnly" attribute which disables their availability to client-side scripts.

I made the LiveJournal "ljsession" cookie set that attribute.

If you use IE6 SP1 (go get it from Windows Update if you use a different IE), then logout, and log back in to get the more secure cookie.

There's an RFE to get this added to Mozilla also:

Go vote for it if you have a Bugzilla account.
binary and a cookie to whoever notices
  • xb95

customview.cgi: Free vs. Paid Accounts

An interesting question was brought up in supportlounge at this link.

Basically, if you don't want to read it, there exists the ability for a free user to "hide" their friends page through overrides (see the above link for details). This ability does not exist for a paid user. There isn't a way to hide your friends page, since any user can use customview.cgi with the nooverrides command to view someone's friends page.

(In case you want to say, "just telnet to the server and download the page raw, meta refresh tags don't work if you're not viewing it in a browser", note that LJ apparently interprets a meta refresh header to return a HTTP 302 response with the new URL. You can't telnet in and get the page.)

This behavior is more than likely accidental, and perhaps something should be done. There are several options I can think of:

  1. Make paid users able to use customview.cgi on all accounts, not just other paid users. This has the advantage of being really easy, the disadvantage of introducing the possibility of a bunch of people sharing a paid account's access to use customview.cgi to make their free journal look pretty.

  2. Make a new userprop that allows your friends page to be private. This could make the list of Friends on your userinfo page private and would return a sort of error message when someone other than you tries to view your friends page. On the positive side, this is a more "clean" alternative and has been requested several times in suggestions, but on the other hand, it's been shot down there just as many times as it's been brought up.

  3. Remove the ability for free users to do this. This would require filtering for meta refresh tags within the overrides. Advantage of being effective without introducing any other bogies, but it's just putting water on the fire, so to speak.

Those are the three options I can think of. There are probably others. Anyway, I can implement any of these, if they sound good. This really isn't a horribly bad issue or anything, but it should be addressed.

Brad, Alan, anybody else, comments?
  • alanj

New Zilla maintainer

Mark Smith (xb95) is the new Zilla maintainer. He has a Zilla dev server and can write, test, and review patches to the LJ Zilla setup. He also has lots of permissions on LJ Zilla and can update and tweak things in appropriate ways.

He is the Lizard King - he can do anything.

Thanks for volunteering, Mark. And thanks to Karl (supersat) for maintaining Zilla for the last few months.