?

Log in

No account? Create an account
Semiformalishmaybe

LJ-Blunder

It turns out that the sleek from taja21 is closer to authentic sleek - it does not use spinach. So, as much as I would've liked to like it more, Med Grill's sleek is better. Oh well.

I was a little bit bothered to see a major bug with livejournal - the lj_latest RSS feed does not only sample public entries. As I may have mentioned, I use jwz's xscreensaver with the bundled script to use that feed for all text (meaning random livejournal stuff is always flowing by on my TV), and I've modified it to log everything that goes by because more than once I've spotted something interesting I'd like to read at my leisure and wanted to know which journal it came from. Today I noticed that one of these posts was on a journal that when I visited it with a browser, all it had visible was one of those "I have everything friends-only" posts, posted several months ago. A little bit more prodding around showed that this situation isn't super rare (so it can't be chalked up to them posting something and then realising that "oh, it isn't hidden like every other entry" and locking it after my screensaver snagged it from the feed). In theory, some really interested third party could sample the latest posts feed at great frequency (maybe through tor or some other similar service) to .. hmm. Maybe it's not possible to exploit easily, but it's still a bug. There are a few other bugs you might notice about LJ - if someone has you friended but has some posts restricted to a group that doesn't include you, you can see that the posts exist (even if you can't get any more information about said posts) by looking at a calendar view for their journal.... and.. so on. If you're sufficiently clever in the right way, you'll find a few more interesting bugs :)

Comments

bugs

1. Eek! I hope you've reported the bug you found today!

2. I believe they actually fixed the calendar post-count bug recently, at long last.