igpayatinlay | (no subject)

UGH, LJ. I'm not even there but for one music community really, but they modified something in their code so that LJ-Login (and all derivatives) no longer works with their site, w/o letting the coder or anyone else know, and will now not release what it is they changed so that he can fix his add-on.

Squeaky, PLEASE don't follow suit. :( I left you a little love in ~announcements in hopes that you won't, and because this site is generally great and my interwebs RP home.

EDIT: After

thebodypolitic commented, I thought I'd PSA this -- the most recent push also introduced a bug that is logging people into the wrong account at random. She found herself logged into an account she's never owned, able to see all of their private entries and bio information. Since she's not evil, she promptly logged out, but then has been left wondering: if she wound up in someone else's journal, who wound up in hers? Longstoryshort, if you have any identifying personal info in any livejournal accounts (name, location, credit card info from payment pages, etc.) even if it's set to be private, should someone accidentally wind up in your account, they're viewing it. For more info, check out Unfunny Business on journalfen.

Flat | Top-Level Comments Only

They also introduced a bug where people are randomly being logged on to journals not their own, and able to view locked/privated entries and edit other people's journals. That just happened to me, so I can verify that you can definitely see locked shit from other people's journals, and it looked like I had the option to edit.

People are saying you can also see other people's account info/personal info/payment history/etc when it happens, too, but I logged right the hell out when I realized, so I didn't see that to verify. So if you have any location info or anything in your profile, even privated, pull it out. :(

----- wow

:OOOOOOOOO

:O Wow... I mean - - here comes another mass exodus, and for really good reason too, if they're that bad with security breeches.

Yeah, I was kind of freaked because if I'M in someone else's journal, who got dumped into MINE?

There's also a post up about it at unfunnybusiness on journalfen, with some more links and things.

I'm not on journalfen, but that is totally insane. I don't even want to think about what kind of access that gives to random people.

Thanks for the reference; I'll be looking into that later! I commented to someone on the post being like "LOLWAT I HAVE NOT HEARD OF THIS, SOMEONE EXPLAIN PLS" but that journalfen post sounds like exactly what I need.

Yeah, sorry for the no exact linkage, I'm on my phone. There isn't any comprehensive link spam I've seen go up so far, but unfunny has the gist of it, and the rest you have to parse through lj_release(s?) for in the comments. It's been reported by a bunch of people in there, amidst a LOT of vitriol about them breaking ljlogin and such, but it's buried, and there's no official response that I've seen about the actual, very real privacy issue.

I found it through a quick googling anyway (though couldn't access it thx to workplace filters, herp derp), so np!

And yes, exactly: when I saw mention of it in the comments, the very first thing I did was comb ~lj_releases and ~news for any details... but nothing, zip, nada. Which is extremely worrying. 8|

The only official word I saw was "report it to support", and that's IT, though there was ample response to the lj-login breakage, at least in early comments. And the support notice I put in about it was set from public to private, but not addressed yet. It is fucked up.

I edited my main post to include this, which is way more srsbidniz than LJ-Login of course, and put a link in. ♥ Thanks for the heads up, bb!

Most welcome! I've been working on a write up of it over on LJ because it threw me off so hard, so I wanted to spread the word.

I'm annoyed, too, but haha oh my lordy the vitriol on that lj_releases thread about LJlogin!!! I just cannot deal.

That said, it just makes me relieved that all of my RP happens on IJ and that I'm barely tuned in to LJ anymore. I'm trying to get back into the swing of blogging there, but it's sure hard when everything is so slow and unreliable and argh.

People are mad! People are always mad; they get mad here when the site goes down for like, 8 hours. But that's v. temporary, and LJ-login is not, and holy crap if there are people randomly able to log into someone else's account... DODGY to say the least.

Nerdrage is the most ridiculous overblown kind of rage. Like. I think the privacy/security issues are far far more worth complaint, rather than the tirade of profanity directed to the LJlogin issue. But then again, I am the eternal polite flower 8(

Right? I posted this just be like, blerg, broken thing. I'm not all "FUCK YOU, MARK, I HOPE YOU WATCH YOUR MOTHER DIAF, YOU HAVE RUUUUUINED MY WHOLE LIFE WITH THIS CODE PUSH." Nerdrage gets scary.

Ughhhhh exactly. And the anonymity of the internet just makes things worse, making it so easy for flamers to forget that there are real people on the other end. Like: Yes, sir, I get that you're upset, but there are ways to express that disappointment in a constructive manner rather than resorting to calling everyone "fuckasses". 8|

JFC, LJ. X_X

Until it's addressed publicly - it still hasn't been, two days later - I'm assuming it's still a problem.