Phooey

[firstfrost]

The new username.livejournal.com paradigm has broken my little "what comment numbers have changed since I last looked" script and I can't figure out how to fix it. :( I think it has to do with the web server being sneakier now and normal web browsers happily falling for the trick and my little perl script not being bright enough to do. And cookies. Cookies are different somehow. But darned if I actually understand cookies at all.

Comments

phooey, indeed!

[mijven.livejournal.com]

Those pesky tricksters!

[navrins]

It breaks my habit of being able to look at a specific person's LJ by highlighting off the end of whatever URL is in my browser and typing the name of the person I want.

As for cookies... I suspect if I direct you to this slide from the class I just TA'd, and the ones following it, you'll be able to figure out what you need to know, despite the general suckiness of that lecture's slides.

[chenoameg.livejournal.com]

Ooh, when you get that script working again I want it.

[eichin.livejournal.com]

assuming bin/friendtracker is the script you're talking about... I don't think your problem is cookies. If you go to login.bml and "view source", you should see two things: (1) a bunch of %lt;input type='hidden'> fields -- you need to include those in your form post; (2) some javascript to md5sum the challenge and password together and send that instead - and *not* send your real password in the clear, even without https. Presumably the second part is optional (because they support browsers without javascript, I assume) but it's easy enough to do in perl that it might be worth doing anyway. The big thing is that you have to GET the login page first, parse the hidden challenge out of it, and post that back...

I spent 20 minutes playing with this in python (mostly because it had some similarity to a blogs.mit.edu comment-killer I wrote last week, and because it sounded like an interesting approach -- though I think I really want an rss feed of the comments, that's a lot more work), see /mit/eichin/ljcomments.py -- if the above explanation wasn't enough, hopefully I've commented it well enough to give you some more hints. Unfortunately, the cookie handling needs python 2.4, and I only see 2.3 on the dialups...

[firstfrost.livejournal.com]

oooh! cool. :)
("Learn how to use md5 stuff" has been on my list of things to do for a while, but I've been slow to actually do it).

I realize I jumped to the conclusion that it was all about cookies because the announcement of the change was something like "We changed how this works, to fix a cookies security problem". I'm happy that it's something closer to things I understand.