cellio | LJ -> DW? (poll)

From:

calico-pye.livejournal.com

I too, am having problems with LJ - specifically the LJ cut facility. I am hoping that LJ will sort its Gremlins out or I will transfer everything over to my DW account too.

From:

shewhomust.livejournal.com

I opened a DW account, mainly to enable comment on another blog which I used to read on LJ but which has moved there. I keep meaning to learn how to use it as backup. So in a sense I am already there, but this continues to matter!

I'm sorry LJ are being so inconsiderate about accessibility; I don't regard this as trivial.

From:

kayre

I'm on DW so that's not a problem.. except I sometimes post only to LJ, and I wonder if you'd still be reading there?

From:

cellio

Since not everybody I read on LJ would be on DW, I'd still need to come here to read those journals. So you'd go onto that list. But anybody I can read at DW I already do read there. :-)

From:

spiritdancer

The last I checked, you could read any LJ as an RSS feed (it was something I spotted in the FAQ). So, at least in theory, you could set up the LJ reading you want over on DW. Then again, you don't see the LJ comments when you are reading the feed.

I haven't yet resorted to reading my LJ-only friends that way, but I have thought about it. Those who cross post get read on DW (I take them off my default view for my LJ reading page). Now, I generally have a page or less of LJ reading each day. At peak, with filters, it ran 3-4 pages; I couldn't keep up with the "no filters" view.

From:

cellio

That works for the public entries, but some people I read here post under locks (ranging from "occasionally" to "exclusively") and I can't make that work through RSS. :-(

From:

talvinm.livejournal.com

As you may know: I now have a DW account because LJ's comment function has suddenly (after years of working properly) become very incompatible with the tech used by Blind people. And I will not make my home in a place where my wife is not welcomed.

By all means: come to the Dark Side.

From:

cellio

In fact I am already reading you there. I've subscribed to everybody I know about.

From:

cahwyguy.livejournal.com

I'm over there (as cahwyguy); I post to my blog, which posts to DW, which posts to LJ. I read all three, although I'm more likely to comment on LJ simply because there's less solely DW activity.

From:

unique_name_123

I am sadly missing the traffic that used to occur here, and if you and some others move to DW, I would be tempted to check it out too although I am not thrilled about yet another forum. I already don't read Google+.

From:

cellio

I used to make sweeps through LJ a couple times a day. Now I make a sweep through DW followed by a sweep through LJ (just scrolling past duplicates, as I haven't culled the cross-posters yet). It takes about the same amount of time, what with the reduced traffic here.

G+ is very much a "when I get around to it" thing and I know I miss lots of stuff. That really is a new thing in my mind, while DW I model more as "LJ done right".

Edited Date: 2013-03-17 02:00 am (UTC)

From:

http://users.livejournal.com/merle_/

I'm on DW just for the namespace. I choose not to crosspost. Commenting elsewhere? I'm game, just haven't had the need yet. The only people I know who moved from LJ to DW either crosspost or left in order to hide.

It matters not to me if you choose to give DW your LJ password. I trust you, if you trust them, it is sufficiently transitive. One trusts friends to be, well, trustworthy, to within their trust level.

One also assumes anything not kept locked in your head may eventually be seen. That said, I can google on my chosen and given names and am still almost hidden from myself. Such is the level of my paranoia.

In short: if you crosspost I will probably act just the same towards you.

From:

thnidu.livejournal.com

I'm already on DW (same ID) and auto-crosspost here. There are two situations in which I post here and may or may not post on DW as well:

Pix. DW doesn't let you upload pictures from your computer into a blog post: you have to supply a URL. I assume the reason is that they don't want the cost & trouble of hosting an ever-growing number of user graphics. So if there's a graphic I want to post, I post to LJ, then copy that code or at least the LJ graphic URL into a DW post.
Mobile. There's an Android app called Eljay thru which you can post. It's supposed to support posting to DW as well as LJ, but I was never able to make that work, like many features of other Android apps. (It was also so f***ed-up in other ways, like ignoring all your newlines, that I've uninstalled it.)

From:

cellio

Good points. I've stopped using LJ for photo hosting (though I haven't cleaned out what's already there) because I'd rather not be any more locked in there than I already am. I tried a recent experiment using Picasa/G+ and that seemed ok. I don't post a lot of photos, so I'll figure that out eventually.

I experimented with an Android app (I think that one but not sure) but wasn't too happy with it, so when I read LJ on my phone I currently just use the browser interface.

From:

cjsherwood.livejournal.com

FWIW, I know Denise, one of the founders of Dreamwidth personally... as in we went to college together, she was the volunteer head of the abuse team at LJ at the time (and then hired to do it) and got me into this online journal thing.

I can assure you that your password is completely safe with them, as much as such a thing is possible. And she is, quite frankly, an amazing woman.

And, further, they are working VERY hard on keeping things accessible but also VERY open to "Hi, I have this problem and I'm hoping you can help re accessibility" and working out solutions whenever possible. The only changes I've heard about re accessibility are things that make the site more accessible, not less. YMMV, of course.

From:

siderea

Speaking as someone who has known two of the folks in the core dev team personally, and who thinks they're fine upstanding folks...

I am heartily sick unto death of people saying, "Oh, they're nice people so you can trust them with your passwords." The issue of whether you want to store your password in somebody else's server is not a goddamned referendum on whether or not they are nice people.

From:

cjsherwood.livejournal.com

Agreed, but in this case, they are also trustworthy people! the nice is a bonus.

:-)

From:

siderea

Do you just not get why that is not only entirely irrelevant but incredibly inappropriate to even bring up? Do you not understand how nasty what you are doing is?

From:

cjsherwood.livejournal.com

Forgive me, but I'm afraid I guess I don't.

How is a rec based on personal knowledge of a person's goodness or kindness or honesty different than, say, discouraging someone from shopping at Wal-Mart (a corporation that is, after all, a person according to the US Supreme Court) because it's a bad corporate citizen? Or Whole Foods because of what the CEO has espoused re health care and the like?

We make decisions all the time on whether or not we "like" some person or some entity or some color, e.g. I might say, "This company is dedicated to re-investing its profits into the community so I like them and choose to spend my money with them" or "This person who is running this company is trampling on their workers' rights so I don't like them and choose not to spend my money with them".

How is that different than my saying "I know the people behind Dreamwidth and they are good and honest and kind and nice and supportive of what they believe in so I choose to support them?"

My apologies to

cellio for continuing this discussion, but I'm genuinely seeking clarity as well as trying to understand where your vehemence might be coming from.

Edited Date: 2013-03-19 12:17 pm (UTC)

From:

siderea

I'm glad you ask!

What you did above was precisely not encouraging people to "support" a business because you approve of their business practices, and is not at all analogous to the cases you bring up.

Let us recap. The OP raises the issue of security for her collaterals of using a feature that spreads risk beyond herself. Your response is, "I can assure you that your password is completely safe with them, as much as such a thing is possible", which is:

1) False. It is an unsolved technological problem, how to store passwords securely with a third party. I have no idea if you have the technical chops to follow that discussion, but the upshot is that the way encryption works, the party ultimately authenticated against (in the case of the DW->LJ crossposter, LJ) can be secure in a way no third party (i.e. DW) you store your password with can ever be. The character of the people involves is immaterial in the face of the math of hard-to-factor numbers: until there is a technological solution it will always be less secure to provide your LJ password to DW. Your LJ password cannot be stolen from LJ; if you use the DW crossposter, your LJ password can be stolen from DW.

2) Misleading, which I assume is because you didn't understand the previous and were sharing from your ignorance. You assumed the risk in the crossposter is one thing, and it's actually something else. You assumed the risk was of the people running the crossposter being bad people who do nefarious things. While that is a risk, it's not only not the only one, it's not even a primary one.

3) Shuts down a discussion about security concerns. Let's get back to your proposed analogies. You wrote:

I might say, "This company is dedicated to re-investing its profits into the community so I like them and choose to spend my money with them"

That's a statement about a thing that the company does or has done. Behavior. Deeds. Your other examples are also about things companies and highly placed company reps do, but instead of commendations, they are criticisms. In all cases, your proposed analogs are, "Here are some facts to factor into your decision how/whether to do business with this business, and this is the conclusion I encourage you to consider."

Well, (A) nobody was discussing whether to do business with DW. It was a discussion whether to use a specific feature of their software with problematic security ramifications. "The founders are great people" may be an argument for doing business with a company, but it is an appallingly misleading response to the question of whether to use a feature with negative security ramifications.

And (B) you made it about character, not actions. Oh, you raised actions too, in the next paragraph, but none of them had anything to do with their conduct around security. If you had written, instead, "I think the founders are fabulous people with great integrity because they instituted the following security practices around storing passwords: [list]", I would still have plenty to argue with you about, but that would at least have some integrity of its own.

What you did -- telling someone not to be concerned about the security implications to collaterals of using a known problematic software affordance, because in your personal opinion the authors are great folks -- is a hair's breadth from emotional blackmail: "What's wrong, don't you like my friends?"

[continued]

From:

siderea

[continued]

I gotta tell you, my first and most visceral reaction to your comments is to want to write you a nice, public screed about what terrible people Denise and Mark are -- "Oh, you think they're trustworthy, do you? Well, have I got news for you...." -- since you made expressing calm rational concerns about security ramifications of one fleeping feature of their software a public referendum on whether people like them, like some kind of loyalty test. But that would be incorrect; that's not how I feel about Denise and Mark. I think they've made a number of ethically problematic choices, but I hardly think they're terrible or criminal human beings.

But that is the kind of response your comment invites. It degrades a rational discussion of whether or not to use a software feature into a discussion of Denise and Mark's characters. There's nowhere good that can possibly go.

And for your information, one of those ethically problematic choices is the crossposter, which they have heard from me -- indeed, heard from me when they discussed the issue way back on the dev list before DW ever went live. Well before DW was announced, I'd been looking into the technical problems that underly the crossposter, so I participated in that discussion, and set out what I had figured out, and explained, Look, I don't see any way to do this that isn't at least slightly evil. And, long story short, they did it anyway.

I understand why they did it -- DW couldn't have survived without the crossposter. Those ethical problems remain.

One of those ethical problems is that, even if DW is utterly perfect in all ways -- even if it had perfect rectitude of all its staff and volunteers and perfectly hard security (which is actually impossible as per above, but grant it anyway) -- the end users, such as yourself, have no way on the outside to tell the difference between such a perfect company as DW and other, imperfect, companies. And thus, by offering the crossposter, they're legitimizing and normalizing a user behavior that's actually very dangerous to users.

I'm sure that you've heard companies -- whether banks or employers or other high-security applications -- say things like, "We will never ask you for your password over the phone; if someone claims to be us and asks for your password, it's not us." If you've been around the net long enough, perhaps you've encountered services for which sharing your password is a ToS violation.

This is that.

There are tons of web apps which request your login credentials to other services (e.g. LinkedIn). And this is increasingly recognized as a huge social problem. There is an entire movement to encourage implementation of OAuth and OpenID as ways to attempt to address this problem (I make no comment as to whether I think that's a great way to go about it).

DW is participating in this problem. It is doing the exact opposite of being the change we want to see in the world.

P.S. And, and, and. I haven't even touched on how infuriating it is that the discussion you attempted to shut down was one which was about informing other parties so they can make informed decisions for themselves about what risks they want to run and how an ethical problem of the crossposter is that the risk isn't just to the person who elects to take it (as they are perfectly entitled to do) but to everyone who has friended them, which likely includes people who aren't active on LJ any more and have sensitive materials still here. And I'm sure other things. I'm just stopping here for lack of time.

P.P.S No, one more thing. As I alluded in my comment above, I am beyond tired of the fact I keep having to have this discussion. I am not really impressed with the cult mentality growing up around DW that so many of its users cannot tolerate any discussion of any fault with DW without feeling like their personal friends are being dissed. There are apparently a lot of people who think DW is above reproach. Ironically, I don't think either Denise or Mark can't handle criticism, whether of themselves or their business. But the fanboys and fangirls....

Edited Date: 2013-03-19 08:00 pm (UTC)

From:

cellio

Denise strikes me as a good person, from what I've seen on DW. But that doesn't really matter; this is about trusting everyone who has access to DW's database, including future employees and breachers of security, and that goes beyond Denise.

And yeah, DW does way better on accessibility and seems to care about doing that well. I'd already have migrated there if it weren't for my "installed base" at LJ.

From:

tidesong.livejournal.com

I use DW (same name, add if you'd like) and cross-post to LJ. I don't use one more than the other for reading/commenting. I'm only just now getting back into posting and being active on DW/LJ though.

From:

tangerinpenguin.livejournal.com

I too have a DW account as contingency, but don't tend to use it. Not that I spend that much time writing on LJ rather than lurking the folks still here.

From:

siderea

I am happy to read you there; I read there as regularly as I do LJ, and follow an ever growing list of people.

I would prefer on principle you don't expose me, but I'll only remove you from one filter I haven't posted to in something like five years, and is due for retirement anyways.

I have a vague intention to move there someday myself; I owe them some code.

From:

eub.livejournal.com

I'm happy to click over to comment on public Dreamwidth posts, but I have had bad luck with locked posts, even when I'm supposed to have access.

Your point about dropping you from some filters if you release your password to Dreamwidth is valid, I just don't happen to have any high-security filters that I use currently.

From:

dglenn.livejournal.com

I would probably comment slightly more often, but I can't say whether it'd be enough more to notice.

I haven't been posting anything locked -- i think I've only made two locked entries since I joined LJ -- but if I did so you'd be more likely to see it on DW than on LJ.

I clicked 'doesn't matter' because it doesn't matter much (not enough to really matter) but for the record I'd be a smidgen happier reading you on DW than on LJ, if most comments were there. (If you maintain two comment streams, I'll have to read you in both places -- but it would still mean I'd see your entries even when I only have time to peek at my DW reading page.)

So in practical terms the effect on me doesn't matter much. In absolute terms I'd be happy to say "Welcome to DW" if you shift there.

From:

cellio

You know, it occurs to me that you are already (apparently) solving the multi-post-without-giving-up-a-password problem. Could you tell me more about the client you wrote? Platform requirements? Could it be easily modified to do what I want, which is:

- Post the full text on both sites (that's what you're not doing now)

- Include the DW link in the LJ post (you're doing that, so I assume you have a way to post to DW, get the post URL, and then make the LJ post)

- Enable comments on both sides (looks like I'll need that; you already do this) and add some boilerplate "prefer DW but comment either place" text

(I am willing to pay money for a secure multi-post solution.)

From:

dglenn.livejournal.com

What I'm using now for ordinary posts is a set of scripts with a manual step in the middle, that really ought to be one command except that I got distracted before I finished writing it. The quote of the day cron script is fully automatic and closely related. It's all running on BSD but ought to work on pretty much any Unix/Linux, maybe even under Cygwin (not sure about that one but it seems likely).

First step: I was already using Clive (http://sourceforge.net/projects/ljclive/), a command-line LJ client. I haven't gotten around to hacking a command-line switch into it to specify the destination site, so I've got separate copies compiled for each LJ-like site ... 'ljclive', 'ijclive', 'dwclive', etc. The cron-able version has a C program in the middle that forks each of those excelpt ljclive with a "retry, waiting longer before each attempt" loop in case a site is down -- after waiting long enough that most of the clives should have finished, it snarfs URLs from each clive's stdout and formats them (plus the fake-cut text it grepped out of the original QotD entry) into an LJ entry, the strips out most HTML and posts the stripped version to Facebook.

The ordinary-post version is only as complicated as it is in order to gather all the other-site entry URLs to put into the LJ entry, and have different text there. For you it'll be easier, especially if you're only using two sites. The core of what I do is use my favourite editor to create the body of my entry in a file named all.in, then (in tcsh) do this:

rm all.out ; touch all.out
foreach foo ( `echo $CLIVES | sed -e s/ljclive//` )
$foo -p -u dglenn -w mypassword -i iconname -s "subject-for-this-entry" < all.in | tee -a all.out &
end

(That's my 'all.script' script. The manual step is running 'lj.prep' to halfassedly snarf the URLs from all.out, tweak lj.in, and run a script very similar to the above but without any looping, called 'lj.script'. I should finish knitting the pieces together one of these months now...)

So for you it'd just be something along the lines of (I haven't tested this):

cp inputfile ljtmp.tmp
echo '
(Please comment at ' >> ljtmp.tmp
dwclive -p -u cellio -w yourpassword -i icon -s "subject" < input-file | grep http | sed -e 's/.*$http[^ ]*$ .*/\1/' -e 's#$http://[^.]*\.$$[^.]*$$\..*$#\2 (\1\2\3)#' >> ljtmp.tmp
echo 'if you can, but comment here if you cannot there.)' >> ljtmp.tmp
ljclive -p -u cellio -w yourpassword -i icon -s "subject" < ljtmp.tmp

(The sed recipe is copied out of my cron script ... I hope I grabbed the right chunk. It's only just now registering how cryptic that code looks.)

Better would be if I ever get around to hacking crossposting directly into Clive -- I meant to a couple of years ago but haven't done it yet (I'll probably do better at that than at figuring out the LJ API ... every time they change that I have to bother Clive's official maintainers for a patch). But in the meantime, you could do a script like the above and have the passwords passed in as command-line args. Also, I think Clive will prompt for a password if you don't give it one with -w but I'm not sure.

If your-favourite-editor-plus-a-shell-script is a reasonable workflow for you, I can look up my diffs for making the DW version of Clive. For me the reason I did this with Clive was that I'd already been using it when the only site I posted to was LJ, because vi-plus-tcsh is the most comfortable way for me to post.

Sorry for ... well, for the way I've been doing things for myself turning out to be so untidy. I've got to clean up my personal tools so I won't be embarrassed when somebody wants to see them. One of these months ...

From:

dglenn.livejournal.com

Argh! No 'preview' button on the comment page any more, at least w/ JS turned off, so I didn't catch whatever caused the spurious linefeeds after the first 'echo'. Sorry. And ... oh crud, the sed recipe got mangled. *sigh*

Let's see whether this works:

sed -e 's/.*$http[^ ]*$ .*/\1/' -e 's#$http://[^.]*\.$$[^.]*$$\..*$#<a href="\1\2\3">\2</a>#'

Edited Date: 2013-03-17 07:37 am (UTC)

From:

cellio

Thanks for the explanation! I followed most of that, I think. I'm using a Mac (10.6), which means there's some flavor of Unix under there. I'm not afraid of a command line, though I admit to some scarring from sed in a past life. :-)

So, serious question: are you available for hire to make this into a neat little bundle for me (I type one command line and it goes off and does its thing)? I only care about DW and LJ, I already write my HTML by hand (in an external editor unless it's short), and I'm only looking at human-initiated posting (not cron jobs). If you're too busy or you don't want to do business with a friend or anything like that I'll totally understand, but you have the skills already and I would have to learn, and I am totally willing to exchange money for (my) time.

From:

dglenn.livejournal.com

I need the money, but I've got a lot on my plate right now. I think I can knock this off fairly quickly once I have a chance to bang on it, but I'm not sure when. How much of a hurry are you in? I think I can manage it sometime in the next couple of weeks, if kin don't throw any surprises at me.

From:

cellio

Understood, and if there is anything here that makes you uncomfortable, ranging from "taking advantage of a friend" to doing business with friends to general awkwardness about money, then please bail and no harm done.

If that's not the case, though, I can certainly wait a couple weeks, especially with Pesach coming up to distract me. LJ doesn't seem to do major updates more than about once a month, and anyway I have some setting up to do at DW.

Please send me email when you're ready to talk about details and money and stuff. Thanks!

From:

sambeth.livejournal.com

I've got a dw account (maybe you've already added me there?) and keep meaning to make that my main place for posting and cross post here for all the people who are left. But in fact what happens is that I read my friends page here and not there, and end up posting here, not there, because I've got LJ posting apps on my phone and iPad and so on.

I don't have any fancy security settings, so that wouldn't make any difference to me.

Edited Date: 2013-03-16 08:33 am (UTC)

From:

dr-zrfq.livejournal.com

I won't use the cross-poster myself. I'm still pondering the security implications *to me* of DW knowing the LJ password of one of my friends (though not my own password).

I do have a DW account, but I check in there even more rarely than I do here, and the handles aren't the same. (Mostly because I was able to get my preferred handle on DW but it had already been taken on LJ.)

From:

cellio

If you start using DW, please let me know your handle there so I can subscribe. Thanks.

From:

alienor.livejournal.com

If you moved to DW, and gave them your LJ password I'd remove you from my filters here. I'd follow your DW account probably through RSS, so I wouldn't see your filtered posts and would be less likely to comment because I'm worse at commenting on stuff in my RSS reader for some reason.

From:

cellio

If I gave them my password it would be to enable the cross-poster, which means you would be able to follow my posts here on LJ instead of having to use RSS. (But I'm looking for a secure alternative.)

From:

zhelana.livejournal.com

If you move to DW, add me, I have the same name there. :)

From:

cellio

I'm already reading you there. :-)

From:

zhelana.livejournal.com

oh goodness. This whole people moving from one to the other thing confuses me. lol.

From:

chaos-wrangler.livejournal.com

I keep seeing friends move to DW (some cross posting and some not) and I've been wondering what's involved in setting up a DW account. I don't really want to have yet another thing to check, which is what's kept me LJ only so far, but each time they mess with something here and make it less user-friendly and less friend-friendly... *sigh*

From:

cellio

DW started out with a copy of the LJ source code (about two years ago IIRC), so the interface will be very familiar. DW, unlike LJ, separates the notion of "reading list" from "access list", so you can finally read people without giving them access to their locked posts (or give people access without reading them, if that's a use case for you). In my limited experience they respond helpfully and promptly to questions and problems. The only reason I haven't moved is that I have both readers and people I want to read here (and I don't care for the cross-poster they offer, for security reasons). But I'm probably going to move anyway, either cross-posting by hands or finding another solution.

From:

magid.livejournal.com

I realized that while I do cross-post (er, more infrequently these days than in the past...), I have a variety of filters set up on LJ that I haven't ported to DW (laziness, mostly), so in the rare cases it's more than all-friends, I'll limit here on LJ and have it private on DW. (Probably because I still read on LJ...) Perhaps it's time to update that.

Expand Cut Tags