sophie, skype, weemee

SOPA/PIPA Blackout

[this is a public post]

Today, I've blacked out my journal over at Dreamwidth for 24 hours in order to raise awareness of SOPA/PIPA, alongside many other websites, including Wikipedia.

Please note: SOPA is still a threat, despite the news reports recently that it was shelved indefinitely. (Lamar Smith plans to resume SOPA's markup in February.)

I'm only doing this on DW, for two reasons:

a) DW is now my primary home. Most people are watching me there, as far as I know, and keeping LJ up allows me to make posts like this one (which I'll repost to DW after the blackout);
b) LJ doesn't have any way to specify *why* a journal was 'deleted'. This would mean that people might worry about me.

Why am I doing this, even though I'm located in the UK and the bill is a US one? Because most of the sites I use on the Internet are based in the US.

Collapse )

(TL;DR: A "site dedicated to theft of US property" is one located in the US and where the owner(s) have taken 'deliberate actions' to avoid confirming 'a high probability' of copyright infringement. The 'deliberate actions' are left undefined, as is what 'a high probability' means, and this is what makes the bill so dangerous.)

So what happens to a 'site dedicated to theft of US property'? Namely, a complete cutoff from anything that could provide financial support to that site - payment merchants such as PayPal or 2Checkout would be forced to deny payments to the site from its members/subscribers, and advertising networks would be forced to deny the site any ads.

Combine the unspecific nature of the bill with the financial cutoff penalty, and you have a perfect recipe for governmental censorship. And no, of course the government wouldn't use it to shut down YouTube, but they wouldn't need to. Services like YouTube simply cannot afford to fall foul of a law like this, and if the bill passed, it would give the government a *reason* to shut YouTube down. That's all they need, because with the threat of that hanging in the air, they could ask YouTube to do damn well anything and they'd have to comply. Blackmail, in other words.

I'll probably write more on this topic later, but for now, I hope I've given a good explanation of why this would be bad for the Internet as a whole, and why I've chosen to black out my journal for the day.

[edit 9:49pm GMT: For people in the UK, here's a petition on direct.gov calling on the UK government to condemn SOPA and PIPA: https://submissions.epetitions.direct.gov.uk/petitions/26143 ]
sophie, skype, weemee

LJ comment preview Greasemonkey script

[this is a public post on LJ]

I don't tend to do new stuff explicitly for LiveJournal nowadays, since I'm on Dreamwidth, but LJ came out with an interesting claim recently regarding the lack of a Preview button on the new commenting form:
Since a Preview button isn't easily/quickly possible with the new form, we have made the ability to edit comments available to all account types.
I was honestly a bit baffled by this, because it's actually really easy to add a Preview button. In fact, I knocked up a Greasemonkey script to add one in less than half an hour, and I've never previously touched the new commenting code. (Download here. Greasemonkey script has been tested on Firefox and Chrome; if anybody else knows if it works on other browsers, let me know! To run it on Firefox, you'll need the Greasemonkey add-on. Chrome users don't need any separate addon!)

But at the same time, I don't think LJ are deliberately and shamefacedly lying, because allowing all users to edit comments is going to put a dent in their bottom line. Lots of people find the ability to edit comments incredibly useful, and there's now one less reason for people to have paid accounts.

Rather, I suspect the reason they're not introducing the Preview button on the new form is because the Preview page includes a subject line field, and they seem to be doing their best to want to get rid of subject lines. (Don't ask me why, I have no clue.)

Anyway, I mainly made this post to get this Greasemonkey script out there, because as much as I'd love people to come to Dreamwidth, there are some people who aren't going to want to do so, and being able to preview comments is kind of important. That said, if you do read this, do consider giving Dreamwidth a try. You don't even need an invite code if you sign up before the end of the year, because DW have opened up the create flow for a limited period of time. So come on over and give it a try. :)

[edit (Dec 23rd): I updated the code as there were some cases when the code would pop up a "No can do." message box - if the page wasn't using the new commenting scheme. Please download the new version.]

[edit (Dec 24th): I've learned that stuntpilot99 has made a Stylish style that makes LJ a bit easier to read by replacing the fonts with the fonts used before, slightly widens some margins, and other things. It also puts a soft grey background on everything, but as I don't like that myself, in the version I've got installed I edited it and replaced every instance of "#f7f7f7" with "#ffffff", which makes it white. In any case, go check it out. :)]

This entry was originally posted on Dreamwidth, at http://sophie.dreamwidth.org/48927.html. You can comment either here or there.
sophie, skype, weemee

Dreamwidth: No code required this week!

[this post is public on LJ]

I meant to post about this before this week, but there's still a few days left, so.

This week, from February 21st to February 28th, you don't need an invite code to create an account on Dreamwidth, at all. So if you've been thinking of creating an account but didn't want to ask anybody for a code, go ahead and create an account! I'm [personal profile] sophie over there if you want to add me to your reading and/or access lists. :)

This entry was originally posted on Dreamwidth, at http://sophie.dreamwidth.org/37627.html. You can comment either here or there.
sophie, skype, weemee

Regarding the recent news on user purging

If you've seen the recent LJ news post, please be aware that it was written from the wrong spec. While I (soph, the original author of this post), am not staff, this has been confirmed officially by staff and the news post has been rewritten accordingly.

Only accounts that have no entries, or have only the initial welcome entry, will be purged.

A new news post is not being made because of the issue with News posts and notifications; the backend would likely crash if two News posts were made so close to each other.

Please repost this! There is a 'Repost this' button at the bottom of this entry.

Collapse )

sophie, skype, weemee

The Iran election?

[this is a public post on LJ]

Yesterday marked one year since the disputed, possibly rigged Iranian election in which Mahmoud Ahmedinejad was pronounced the winner, while Mir-Hossein Mousavi, who was projected to be winning, got apparently little support.

Does anyone know any more about it, one year on? My Twitter is still set to "Tehran, Iran" since I haven't heard anything about it finishing.

[edit: By "it", of course, I mean the things that came after the election - the protests, etc. Also, making public on LJ.]

This entry was originally posted on Dreamwidth, at http://sophie.dreamwidth.org/25722.html. You can comment either here or there.
sophie, skype, weemee

PS3 owners take note

[this is a public entry]

A heads-up to anybody who is running an alternative operating system on a Playstation 3 - Sony will be releasing an update tomorrow that will prevent you from doing this.

As I don't have a PS3 myself, I'm not sure whether you can just choose not to install the update or not, but one assumes that at the very least you'd be able to stop it from getting it in the first place.

[ETA: From the article:
Sony has said the update is optional, but those people that do not install it will no longer have access to features, such as its online games network and the ability to playback certain games or Blu-ray DVDs that require the most up-to-date firmware.

A Sony spokesperson said that gamers would have to "accept" the update before it begins to install.
]

This entry was originally posted on Dreamwidth, at http://sophie.dreamwidth.org/21585.html. You can comment either here or there.
sophie, skype, weemee

Windows data loss?

[this is a public post on LJ]

I've just read of data loss *possibly* caused by a recent Windows update, and has so far been experienced by varying people on Windows XP, Vista and 7. Please read the article about it at Vitalsecurity.org, and this follow-up post.

If you have any information about it, or it's happened to you, please post about it on there; the more information that can be gained about it, the better.

[edit: I just made a comment on the first post with a transcript of the graphic they link to at the ending paragraph. It needs to go through moderation, but should appear soon. It just annoys me so much that a potential solution is linked to as a graphic. Come ON, people, accessibility isn't that hard. Heck, it was probably harder to screenshot than it would have been just to copy and paste...

Here's the transcript of the graphic, in case it doesn't make it through:

In my case Windows 7 did not delete the files, but for some reason moved them into a hidden system folder.
Enable hidden files and folder and then go to your D: drive (or whatever drive you originally stored the files on before the update) and look for a folder called $INPLACE.~TR . This is a hidden file that on my machine contained all of the files from this drive. I too thought all of my stuff was gone, but inside this folder you will find the structure like so: $INPLACE.~TR-> Machine-> DATA-> Your Files .
Hope this helps.
]

This entry was originally posted on Dreamwidth, at http://sophie.dreamwidth.org/16552.html. You can comment either here or there.
sophie, skype, weemee

Holiday promotions

[this is a public post on LJ]

So, the new LJ "promotion" is going on, and it's not really that great. Each Paid+ user gets 10 coupons for $10 off a new Paid account that they can send to others. It doesn't work for renewing a Paid acccount, doesn't work for userpics, can only be used to pay for a one-year account, and the coupon expires in the middle of January if not used.

Essentially, this is hardly a gift at all because all you can do with it is encourage people to spend money that they're not already spending. It's a blatant call for new people to take income from by SUP.

So rather than insult my friends by selecting who might want them and saying "Here, spend some of your money!", I'll offer them here. If anybody was going to upgrade to a Paid account anyway on LJ, let me know and I can send you one of these coupons to make it so you don't have to pay the full amount. If you reply on DW, let me know your LJ username so I can send it to the right place. This offer is open to anybody, not just friends of mine.

If you're enticed by the idea of having a one-year Paid account for $15 and weren't going to upgrade anyway, I can send you a coupon too - just ask - but I'd like to recommend that you try Dreamwidth instead of giving more money to LJ. Let me know if you'd like this and I can gift you an invite code to create a 2-month Paid account at DW, so you can see what it's like. You can crosspost to LJ, too.

This entry was originally posted on Dreamwidth, at http://sophie.dreamwidth.org/15335.html. You can comment either here or there.
sophie, skype, weemee

The Iran election - reposted from others

[this is a public post]

A photo of protesters in Iran, taken from above. The crowd protesting goes back as far as the eyes can see.


If you are reading this right now, you have more luxury than someone in Iran could ever hope for right now. If you are watching TV or a video on youtube, updating your status on Facebook, Tweeting, or even texting your friend, you are lucky. If you are safe in your home, and were able to sleep last night without the sounds of screaming from the rooftops, you need to know and understand what is happening to people just like you in Iran right now.

Another photo of protesters in Iran, this photo having been taken from the ground. People dressed in green, waving green flags, and wearing green headbands, make their voices heard.


They are not the enemy. They are a people whose election has been stolen. For the first time in a long time, a voice for change struck the youth of Iran, just as it did for many people in the United States only seven months ago. Hossein Mousavi gained the support of millions of people in Iran as a Presidential candidate. He stands for progressiveness. He supports good relations with the West, and the rest of the world. He is supported with ferver as he challenges the oppressive regime of Mahmoud Amedinejad.


On Friday, millions of people waited for hours in line to vote in Iran's Presidential election. Later that night, as votes came in, Mousavi was alerted that he was winning by a two-thirds margin. Then there was a change. Suddenly, it was Ahmedinejad who had 68% of the vote - in areas which have been firmly against his political party, he overwhelmingly won. Within three hours, millions of votes were supposedly counted - the victor was Ahmedinejad. Immediately fraud was suspected - there was no way he could have won by this great a margin with such oppposition. Since then, reports have been coming in of burned ballots, or in some cases numbers being given without any being counted at all. None of this is confirmed, but what happened next seems to do the trick.

The people of Iran took the streets and rooftops. They shout "Death to the dictator" and "Allah o akbar." They join together to protest. Peacefully. The police attack some, but they stay strong. Riots happen, and the shouting continues all night. Text messaging was disabled, as was satellite; websites which can spread information such as Twitter, Facebook, Youtube, and the BBC are blocked in the country. At five in the morning, Arabic speaking soldiers (the people of Iran speak Farsi) stormed a university in the capital city of Tehran. While sleeping in their dormitories, five students were killed. Others were wounded. These soldiers are thought to have been brought in by Ahmedinejad from Lebanon. Today, 192 of the university's faculty have resigned in protest.

A young Iranian woman holds her fist high, shouting in a street.

Mousavi requested that they government allow a peaceful rally to occur this morning - the request was denied. Many thought that it would not happen. Nevertheless, first a few thousand people showed up in the streets of Tehran. At this point, it is estimated that 1 to 2 million people were there. (Note: There have been reports that it might have been 3 million-- but nothing is confirmed at this point). Mousavi spoke on the top of a car. The police stood by. For a few hours, everything was peaceful. Right now, the same cannot be said. Reports of injuries, shootings, and killings are flooding the internet. Twitter has been an invaluable source - those in Iran who still know how to access it are updating regularly with picture evidence. Women are being brutally beat.

Tonight will be another night without rest for so many in Iran, no older than I. Tonight there is a Green Revolution.

For more information:

PICTURES:
Here - from Boston.com
Here - on Flickr

NEW INFORMATION:
Andrew Sullivan's Daily Dish - near constant updates
ONTD_political live post - Collated information, pictures & etc in the comments

ON TWITTER:
@StopAhmadi
@ProtesterHelp
@IranElection09
@IranRiggedElect
@Change_For_Iran <-- no tweets for a while, which is worrying :(
@NextRevolution <-- absolutely heartbreaking

Also: SIGN THE GLOBAL PETITION! 25,000 signatures and growing! http://www.gopetition.com/petitions/protest-against-the-june-2009-coup-detat-in-iran.html


v6u8hw
دنیارابگوییدچطورآنهاانتخاباتمان دزدیده اند
Tell the world how they have stolen our election




(original post by one_hoopy_frood here, slightly modified by Sophie to add more links and add ALT attributes to photos.)
sophie, skype, weemee

Secret Questions, and why they're a problem

[this is a public post]

I'm seeing a lot of misinformation going around LJ regarding the security of LiveJournal accounts, so I want to take this opportunity to correct these.



Myth: Setting a secret question will make your account more secure.

This is false. Secret questions are not intended to make your account more secure; they're intended to give you, the owner, an additional means of getting access to your account in case you forget your password and no longer have access to either your current email or any previously validated email address on your account. Because of this, setting a secret question actually makes your account less secure, by design.

The way secret questions work is that if someone goes to the Lost Information page, LJ will send a password reset email to either the current email on your account, or an email address that was previously validated on the account if you specify one. It will not send email to any other destination, for security. This email does not require the use of a secret question if one is set, so if anyone has access to one of these email addresses, they do not need to know the answer to your secret question to hijack your account.

Once the email has been sent, if the account is not logged into for 5 days, the attacker can return to the Lost Information page, enter the username again, and this time they will be asked for the answer to their secret question. Once this answer is given, the password can be reset.

Thus, if you use a secret question to which the answer is easy to find out (even from, for example, the posts on your journal itself), and do not regularly log in to your account (or even just go on vacation for a week with no Internet access), your account is subject to hijacking. For this reason, any secret question set should not have an answer that is easy to figure out. The best answer to a secret question is one which has absolutely nothing to do with the question.

Please note that logging in means just that - logging in from the login page. Simply using the site does not count as logging in for the purposes of the secret question, so if you get a password reset request you didn't make, you should log out and then back in again to cancel the request.

It should also be noted that the Lost Information request can be sent to any previously validated address on your account, not just to the current address. Therefore, if you set a secret question, you must check your previously-validated addresses regularly in case a hijacker sends a Lost Information request to one of them. (Although if you log into your account within those 5 days, even if by accident, you would cancel the request.) This could be a problem if you are on vacation with only email access, as you could be at risk if you have previously-validated addresses on your account and a secret question set.

Alternatively, you can delete your previously validated addresses - and I'll talk more about that in a moment.

However, the best account security can be achieved by not having a secret question at all, and if you use an email address provided by a free email service online that recycles old usernames, this is the best course of action to take. (examples of these include Hotmail and Yahoo, I believe.) If you already have a secret question, don't worry - you can delete your secret question by simply going to the Secret Question page, entering your password, and clicking the Delete button.



Myth: Setting a secret question can protect you in case your account is hijacked.

This is also false. The owner of an account (read: anybody who has access to the account and who knows the account password) can change or delete the secret question at any time, and even if this wasn't the case, there is still the built-in 5-day waiting period during which the hijacker can simply log in to stop you from getting to use the secret question. As stated above, the point of the secret question is to allow an extra avenue into your account in case it's needed, not to provide extra security.



Myth: Deleting addresses that are previously validated will always increase your account security.

This is only sometimes true. A hijacker will be able to send the Lost Information request to any previously validated address on your account simply by specifying the old email address. In normal circumstances, this doesn't matter since the hijacker would not have control over the address. However, if you have set a secret question, you are still vulnerable to a secret question hijack if you do not check your previously-validated addresses, even if you control the address in question. This is especially true if you do not login regularly. This is true because, as described above, the secret question method will become usable 5 days after it has sent the email, and is cancelled by any login to the account. If you do not see the email that's sent because it's sent to an address you don't check, it's possible that you might not log in in that time.

If you no longer have control over your previously validated addresses, you should always delete them when possible. This will prevent a hijacker from taking over one of these addresses and using it to access your account.

However, if you do not have a secret question set, or you are absolutely sure that the answer to your secret question is secure, then you should only delete those email addresses that are no longer under your control, and no others. The reason for this is that if your account *is* hijacked in some way, these email addresses can be used to help you regain access to your account, and they may be the only such methods of doing so, if the hijacker also took control of your current email account (which is quite possible).

However, with the advent of the ability to delete old email addresses as long as your currently validated one has been in use for more than 6 months, it is possible that an account hijacker could delete your previously validated email addresses quite easily, too. The optimum security, therefore, is gained by having two email addresses that you control and having one of those (a secondary email address) listed as the first validated address on the account. Every 6 months, check whether you can still access this address. If you can, you should delete this address from the 'validated' list, change your LJ email address to that address and validate it, and then after validation switch back to your normal one, which will render the first email address undeletable again. Do not do this unless you have verified that you can still access that address. If you do not have access, you should instead delete that address and find another address to use.

By doing the above, you will ensure that your backup address will never be deletable by account hijackers (and thus will remain usable as a backup address to send Lost Information mails to in case your primary email account is also hijacked) until hopefully a couple of months after the hijack itself, which should give you enough time to regain control of the account and make it secure again.




Feel free to link this post elsewhere; it's public and will remain so.