?

Log in

No account? Create an account

Previous Entry | Next Entry

Error Reporting Suggestion

Someone recently wrote about bad password warnings from LiveJournal that get reported in iJournal via a sheet.

What can be done about this - aside from the obvious act of me changing my password?

Password checkers aren't perfect and if someone wants to dedicate all their time to brute-forcing my password, enjoy, I could restore my journal from backups in about an hour. Plus, this would be a fairly detectable process: You'd see a lot of similar login hits from the same IP. Due to bandwidth shortages, it would be in the best interest of the LiveJournal folks to detect something like this and block the attacking IP. Thus, I do not desire to change my password.

This brings up another point: We need a different way of routing messages and errors in iJournal. The Console or a log file are two obvious places to send these messages. I find sheets reporting errors like this password warning very annoying and I would love to be able to turn them off (or better, reroute them to a move appropriate place.) Simply reporting "Error: See log file for details." in the status bar at the bottom of the main iJournal window and putting the full text of the error elsewhere could be an optional feature in the Preferences.

Comments

( 9 comments — Leave a comment )
(Deleted comment)
extraneous
Jul. 22nd, 2002 05:24 am (UTC)
I'm not for removing the warning, just making the option available to move it to a more appropriate place. I too use a combination of letters and numbers (none of which are words), they just happen to be grouped in a way whatever bad password detection system they're using doesn't like.

But let no man say I'm not for real passwords! Here!

v_lKTz4Ed{fy,:xIe7TG9w(r>J|i&QcB
+nz09;:zt>Xk_1tMgDFVTE/fzY_=6<uW
Ar]XkRQ4Fq#=J2Fe%84*=V2j$PsTu:r{
9c{{B=]Y=<Zdp$44ywA*3txQGyI=|s=_
xtN{U18#@V5Wd6<La/gu*iV`DYbg/]pG
^`EJ,?JkxgKV8##TzEFY>eBaE)2px9Fv
8B7,/Bet+i*pDLdgwZcVhVai-koPHu.7
mq6GV}p^f3[U7PY+Enpa%)+PSfWvkU*,
4Y?3#-5dJ4*tl2x@G@CpnuE|bT)Qf}(>
oTSabrQZ4<XDX`h|9/1%&C>4N0fG3&K!
yxbmUC`5$VgJu`u[bDN:oR!z*7G<VCF*
rB|/9vc<hsu]u&v8[!u.4;t`I7xA#$x@
<m3#;xZp7*MmytUv7SnfGa66[5zsvLw-
Grxt2t76)[6#DC8zPEw[@&@A)j&z7S[O
E-ZB^}Vql){/WVugEMYY;@_X|l$l2y^m
_@;C0SYw4Ej#/X^TCQc?G*W.N0AB/PnZ

Not that I would trust my passwords if I were you. ;) It's just the output of pwgen -1 -s 32 16

Michael

etrepum
Jul. 22nd, 2002 07:32 am (UTC)
If you're going to use a 32 character password you might as well leave it to hex ([0-9a-f]).. the md5 hash of your password, which is sufficient to login and do most things (anything that iJournal can do) on lj is only 16 bytes long.

Of course, a worst case brute force of a md5 hash is still going to take 2^(8*16) tries... which would take something like the age of the universe to brute force over today's internet.
trinityinfinity
Jul. 22nd, 2002 06:57 am (UTC)
I mean, it's my LiveJournal account, not my root password

That's exactly what I was thinking when I wrote the original post about the password warning.

Ah well, I caved and changed it anyway, just to be rid of the warning. Bah, humbug!
ibrad
Jul. 22nd, 2002 09:00 am (UTC)
Most of us don't have that many errors, and that isn't a very intuitive solution for managing them; most people wouldn't understand. Sheets are good, sheets are dialogs. Plus, if you're suggesting that there is a dialog/sheet that tells you to refer somewhere else... what purpose would that serve but adding another step to what you already say is somehow annoying? If you want to minimize the number of dialogs you receive, enable the “Quiet” option in the iJournal prefs.

As far as the security stuff, go complain at bradfitz/lj_dev. I don't want to see iJournal ignoring important server/security-related things like this just for the sake of a picky few (no offense).
extraneous
Jul. 22nd, 2002 01:21 pm (UTC)
I think a log file is a very intuitive solution, as they're rather common. I'm not suggesting that there be a dialog informing you of the error reported elsewhere, but that if the feature is turned on an error report appears beside the progress bar at the bottom of the main iJournal window, with the full details logged in some permanent fashion. This would interfere with little.

Again, if you'd actually read what I wrote, I'm talking about optional features probably for "power users". I'd appreciate it if, rather than calling me picky, you'd comment only on the aspect of the software you think is important, since that's what we're here for, not to call me picky. (Writing "no offense" is frequently a gurarantee for one.)

Although, I dunno, some sort of flame war does have little appeal. ;) We don't really have the numbers here to make it interesting.

Michael
zebe
Jul. 22nd, 2002 09:37 pm (UTC)
backups
I could restore my journal from backups in about an hour.

Out of curiosity, what do you use to backup your journal? Is it automated, or do you just paste the text into a text file as you update or something?
extraneous
Jul. 22nd, 2002 11:06 pm (UTC)
Re: backups
Check out http://www.livejournal.com/export.bml

The export as XML looks tempting, but it's not proper XML as any HTML you used in the body of your posts doesn't have properly encoded entities (last time I chedk anyway.)
zebe
Jul. 22nd, 2002 11:09 pm (UTC)
Re: backups
Neat stuff, thanks. Now, of course, the question is - where is import.bml? :)
( 9 comments — Leave a comment )

Profile

ijournal
iJournal: Official LiveJournal Client for Mac OS X
iJournal Home

Latest Month

June 2011
S M T W T F S
   1234
567891011
12131415161718
19202122232425
2627282930  
Powered by LiveJournal.com
Designed by Lilia Ahner