December 7th, 2005

my avatar
  • casey

password security inconsistency

Is there a reason that the "password is too easy to guess" dialog box only comes up when logging in from clients such as Semagic or Deepest Sender, and not when logging in to the actual website? I know that it pops up if you update with the web client, but why not at login or even every time you post a comment with an insecure password?

And just to stir the pot a bit more, why the "suggestion" and not just requiring users to change? The FAQ states "Your LiveJournal password must adhere to the following guidelines" but then never does anything more than pop-up a box that lots of users get aggravated over and then ignore. It seems like requiring a password change is more secure (and is not unheard of), and even if they complain they will complain, get over it, and everyone can move on. Instead we get people who become "annoyed" with the pop-ups relayed by the clients and, instead of changing their password, stubbornly argue about it over and over.

Sorry if this is a sensitive issue-- I'm not necessarily trying to argue a clear point, just wondering if I missed some sort of previous public policy announcement/discussion about this stuff.
  • mart

break and continue for S2

It's a reasonably common complaint that S2 lacks the break and continue statements, so I've added them. It's pretty simple; there's no support for labelled break to break out of a loop other than the innermost. Better than nothing, though. Support for labels and labelled break could be added later if people want it. Since this patch makes break and continue reserved words, it'll break any calls to global functions with these names that appear at the start of an expression statement.

Side note: It's been a long time since I submitted code like this. The directory on my site containing this patch also contains the first piece of code I ever submitted to LJ back in early 2001, and nothing in between. Crazy.