?

Log in

No account? Create an account
Funny and unfunny - Many a mickle maks a muckle

> Recent Entries
> Archive
> Friends
> Profile

March 6th, 2005


Previous Entry Share Next Entry
01:12 am - Funny and unfunny
1) I went to see comedian Tim Vine at the Arc in Stockton tonight! He was on his Current Pun tour, which goes some way to illustrating the quickfire style of his comedy. He hasn't changed much since when I went to see him in June 2003; I was worried that this show might contain lots of material I'd heard before, because that show certainly featured a lot of familiar Tim gags. Happily not; well over 90% of the material felt fresh to me. To pick just a couple of the gags, there were good reactions for "If you've got an Islamic dog with you, Muslim" and, in the closest Tim came to a local joke, "I'm looking to buy some music to play in my car for when I drive from London to Newcastle." "Bjork?" "No, by Durham."

I reckon Tim made me laugh to some degree quite literally at least 150 times, maybe 200, and many of the gags could have made me laugh for far longer had Tim's style not conditioned the audience to stop laughing quickly so you can recover and prepare for the next onslaught. Some of the parts that got the biggest laughs came in the encore where Tim let drunken people in the audience make prats of themselves and he didn't need to do anything himself. I give the show 9½/10 at least and recommend it to any fan of wordplay, puns or silliness. (On the downside, the support act was rubbish not-to-my-taste magician John Archer again, but I just chose not to go into the theatre to watch him. Ha!)

2) Giving people your LJ password not only compromises the integrity of your non-public entries, it compromises the integrity of anyone who chooses to share their non-public entries with you, especially if you view these non-public entries through your Friends list. The only person I ever told my LJ password to was heidi8, once, but then I changed it. Changing your LJ password frequently is a good thing.

Giving people your LJ password means that, if they want to, they can do any or all of: delete all your entries to date, retrospectively post entries in your name, post comments in your name, spread mistruths and - not to put too fine a point on it - commit crimes (such as ones pertaining to copyright infringements and/or illegal pornography) in your name. Most people wouldn't do that if they got your password. Some might, though, and asking for my password tends to make me assume the worst about you.

Making people's non-public entries public is reprehensible. On the other hand, there are very many tools to do so already, without there needing to be hysteria over any particular new tool which might happen to make this technique particularly easy. Part of the reason why the LJsphere is so wonderful is the openness and extensibility that LJ offers; I wouldn't want to restrict that openness and extensibility just because some of the applications that take advantage of it happen to be malicious. The challenge is to derive benign applications from malicious concepts. (If anything, it's surprising and heartening that there aren't famous trash-someone's-LJ-if-you-know-their-password scripts for the kiddies already.)

Besides, it's not as if the rules of etiquette aren't bent a little at times without any especial tools already, when the stakes are sufficiently high and/or the target is a sufficiently juicy and/or tempting one, or the etiquette-bender simply doesn't care about their reputation...

3) Are there ever discussions about (optionally) beefing up LJ security so that an attacker who knows your password cannot trash your LJ? I'm no security expert - in fact, it'll probably be immediately obvious that I don't know what I'm on about here - but I'm thinking idly about some sort of password-and-one-time-pad challenge-and-response series operation here. At one level, hey, it's only LJ, but, you know, LJ is non-specifically important.

4) Idea for an lj_nifty tool: LJKibo. Enter a term, and LJKibo generates a feed of all public posts to LJ mentioning the specified term. This should actually be easy to write, though I fear computationally very expensive to run - just filter the latest posts feed for the search term of your choice. I wouldn't be surprised if a version of this tool is being used already on a certain ten-letter name that I have no wish to mention in my post.
Current Mood: thoughtfulthoughtful

(7 comments | Leave a comment)

Comments:


[User Picture]
From:rialtus
Date:March 5th, 2005 05:21 pm (UTC)
(Link)
LJKibo... I wonder how many people would actually catch that reference.
From:mr_babbage
Date:March 5th, 2005 05:51 pm (UTC)
(Link)
I wondered if he was thinking of KWYJIBO, but Chris isn't a Simpsons fan
[User Picture]
From:bateleur
Date:March 6th, 2005 01:06 am (UTC)
(Link)
There's already a workaround of sorts for LJ deletion. Up to 30 days after the event you can bring it back.

Of course, if the attacker changes both the password and email address for the account then you can't recover. But then any system will have the weakness that something ultimately defines you as the owner of the account.

I suppose it would be possible to have an irreversible setting that said "never let me change my email address again". That seems like it would be bad more often than it would be good, though.

A better solution is just to keep your password secure !
[User Picture]
From:imc
Date:March 9th, 2005 03:56 pm (UTC)
(Link)
There's already a workaround of sorts for LJ deletion. Up to 30 days after the event you can bring it back.

Not if they deleted your posts individually.

Of course, if the attacker changes both the password and email address for the account then you can't recover.

Yes you can — type the email address that you were previously using (and had validated) into the lost password form, revalidate your email address and remove the intruder's email address. It's all covered in the FAQ, of course.
[User Picture]
From:ewx
Date:March 6th, 2005 04:24 am (UTC)

so that an attacker who knows your password cannot trash your LJ

(Link)

Take backups that can't themselves be modified merely by having access to your LJ password. Then you can recover from both attacks and from disasters as well.


(I should actually do this sometime.)


From:quidditchmaster
Date:March 6th, 2005 04:50 am (UTC)
(Link)
Did some event inspire you to writw #2?
[User Picture]
From:brigbother
Date:March 6th, 2005 07:41 am (UTC)
(Link)
Having just covnerted my 2003 UK Fort Boyard to DVd, I'm afraid the Tim Vine celeb special isn't amongst them, so it doesn't look like I'll be able to send you a copy yet. Sorry!

> Go to Top
LiveJournal.com