Log in

No account? Create an account
I think the implied opposition is unintentional... 
18th-May-2016 12:33 pm
teehee, haha
From a training course on discrimination law:

The law protects not only people belonging to traditional organized religions such as Buddhism, Christianity, Hinduism, Islam and Judaism, but also those with sincerely held religious, ethical, or moral beliefs.
20th-May-2016 09:01 pm (UTC)
Does "security by obscurity isn't secure" count as religious if you accidentally go into Unhinged Religious Ranting On The Bus mode when talking about it to a friend (as judged by comments from other bus riders)?
20th-May-2016 09:28 pm (UTC)
I certainly think that those holding the belief that "security through obscurity isn't secure" should constitute a legally protected class, on the grounds of Being Right.
20th-May-2016 09:38 pm (UTC)
Did I ever tell you about the time that an accidental email forward plus accidentally using the forwarded email wrong would give someone full access to your LJ?
20th-May-2016 09:42 pm (UTC)

No, you didn't.
20th-May-2016 09:55 pm (UTC)
So LJ's HTML notifications have included the little form where you can type a reply since like forever. Because of Outlook and the use case where you can get to your email but LJ is maybe not 100% accessible, the form includes sufficient information to post a comment.

Originally, there was the "and also log me in" option when leaving a comment with authentication while logged out.

So every now and then, people would forward HTML comment notifications to their friends, and their friends would have something to say in reply to the comment, and would sort of automatically use the reply form in the email notification ... and would be SUPER SURPRISED when the comment was left as the person for whom the notification was generated.

LiveJournal deliberately left this not-documented, despite repeated alarmed requests for the "please don't forward your HTML notifs, people" to be documented. I was on the docs team when a friend re-discovered this, and I went "!!!" and started writing up the documentation; word came down from above that this was Known, but Never To Be Documented, because in their opinion there were enough forwarded notifs out there that documenting would allow people to start exploiting the comment-as-someone-else thing, and people should just not forward things. Or something. This was, iirc, late 2008 or early 2009 when it came to my attention.

Fast-forward to September 2010. In the middle of all the other clusterfuck of Release 69, the "and also log me in" option was removed from the comment form. All comments left would log you in.

I put grudge & release information together, and quietly tested to see if it would do what I thought it would.

It did. I was so pissed.

I had become estranged from LJ at this point, but I was still actively using the service. I very quietly sent messages to two support admins, and shortly thereafter there was a very quiet patch that made comments posted via the HTML notif comment form leave the comment, but not change your login status.
20th-May-2016 09:56 pm (UTC)
I attribute the fact that no one in dev caught this to a certainty that it was not internally documented either, and thus none of the front-line devs knew about it.
This page was loaded Apr 25th 2019, 4:26 pm GMT.