August 2nd, 2005

Status of Anonymous and OpenID comments

First to introduce myself. I'm a programmer working on a masters in Entertainment Technology, CS undergrad. In my spare time I work on my gobs and gobs of side programming projects, most of which are php+mysql webapps. So many in fact that I never have enough time to make any of them completely not crappy (well, that and I have no free time). I'm just starting to use livejournal but I've been poking around and I've come up with some questions, suggestions, and bugs about anonymous comments and the new OpenID consumer support.

1. BUG: when a link <a href="">something</a> in an anonymous comment gets expanded the end tag is kept. This becomes something (</a> . I was actually able to find the very simple bug/fix in by browsing the CVS but I'm not sure the procedure for checking it out and submitting a change.

2. I was trying to write a bot that would occasionally post a certain comment to an entry on my journal. Anonymous comments with links triggered a captcha that I can't pass. Removing the links made it work only sometimes. I wrote an OpenID server for my website. That seems to work most of the time without links, but still give the captcha for links. Adding the OpenID identity to my friends list makes it work even with links, but the links still get expanded (see above bug). What is the status on a journal level preference for disabling captcha checking for anonymous/OpenID comments? I know that OpenID is not a trust system, but shouldn't it be trusted enough to post actual links if they're on my friends list?

3. When using export_comments.bml to fetch comments, the usernames for OpenID comments is the internal ext_1191 variety. I suppose that is the user and the actual OpenID identity is just the name but it would make a client fetching this data inconsistent with what is displayed on LJ's comments page. Is there any plans or timeline for better integrating OpenID into this and many other deficient areas?

4. Reading many of the OpenID docs I understand that OpenID itself doesn't not provide for fetching more information (such as name) about the user, but perhaps an OpenID consumer could fetch that information from other metadata (RSS, FOAF, etc) provided by the authenticated URL. Is there anywhere a list of which if any of these extra resources the LJ OpenID consumer currently uses? I noticed that for some OpenID identities it was displayed on LJ as username [identity] and thought that might be due to some file the remote site had that mine doesn't.

tag datastructure?

Okay, I crawled the LJ code for two days before seeing this today:

Also this month we've fixed up a bunch of bugs with tags, and we're now exposing far more tag information to S2 styles -- S2 style authors now have access to information like how many times a tag was used, who can see the tag, and more. Keep an eye out for styles adding this information.

Which is pretty much what I was trying to find: a way to display how many times the tag has been used and in what context in order to customize the list of tags used by a journal.

So...where can I find the details on how to access this via S2?
  • Current Mood
    hyper impatient

protocol endpoint(s) and post-only passwords

My Nokia 6670 died and I'm now reconfiguring my replacement 6630, laboriously entering all my internet and LifeBlog settings.

Two things come to mind:

1) Why do I have to enter ... why not just "" and a) trust the phone adds http, I think it does, b) auto-detect the AtomAPI post, and reroute it to the right handler in mod_perl, and c) make sure our canonicalizer doesn't redirect the AtomAPI post to, because that's just unnecessary for a non-browser.

2) we should have an option to have "post-only" passwords, similar to the post-only PINs we have for phone/email posting. hell, maybe use the same one. But I should be able to tell LifeBlog a "lesser" password that can only do the protocol "postevent" and AtomAPI/Blogger equivalents. This also means when you give a password to Flickr/etc, all they can do is post as you, not login, not delete, not change your password, etc.

I'll be at OSCON all week, but I'll happily accept patches. :-)