?

Log in

No account? Create an account
Defending my integrity - brad's life [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Defending my integrity [Oct. 27th, 2007|04:59 pm]
Brad Fitzpatrick
[Tags|]

I was a little offended by my ex's accusation that I used my database access at LiveJournal to find her "emo rants", implying I found her "secret" journal or read her "private" posts.

On the contrary:

1) I searched for usernames matching "culver". And I found her not-so-secret blog: leahculver. It's her name. I could've found the same with any search engine: [Leah Culver site:livejournal.com]. I used the database because I had it open.

2) She has no emo rants. She has two public posts. I used my web browser to see them. Neither interesting.

3) The text in the LJ database isn't even plaintext, so even if she did have private posts, a query couldn't get to them... you'd need to use a web tool with an admin tool which does ACLs and logging. (Logging! Any administrative view-private-stuff on LJ is logged forever, and any admin can review who's doing what privileged actions and why....)

So yeah... not like Facebook at all.
LinkReply

Comments:
From: evan
2007-10-28 12:38 am (UTC)
I was really surprised to see how cavalier commenters on digg were about the whole database-digging thing, but I guess LJ and Google (where you also have to go through a bunch of trouble and logging to have access to any user data) are exceptions, not the rule.
(Reply) (Thread)
[User Picture]From: lisa
2007-10-28 07:12 pm (UTC)
Perhaps due to the inherent personal nature of content and the emphasis on user controlled privacy, I think there is more of an expectation that LJ users own their content, including who has access to it.
(Reply) (Parent) (Thread)
[User Picture]From: octal
2007-10-28 12:42 am (UTC)
Yeah, I saw that and it seemed unlikely. It's kind of cool that there's a good process to access private/friends-only posts with logging.

What's the point of non-plaintext in the db? Making backups/etc. safer? Preventing people with db query access from doing bad things? Just extra paranoia?

If she's now an ex, guess your RAID is safer now too.
(Reply) (Thread)
[User Picture]From: dakus
2007-10-28 01:35 am (UTC)
hahaha...

sorry bro.
(Reply) (Parent) (Thread)
[User Picture]From: burr86
2007-10-28 01:51 am (UTC)
Non-plaintext in the db because it's compressed, afaik. :)
(Reply) (Parent) (Thread)
From: seeds_of_peace
2007-10-28 12:47 am (UTC)
I'm pretty impressed that you log all admin actions.. that's a good precedent.

But c'mon Brad.. we all know as a root admin you could just copy the database to another location and browse all you like with no traces, or edit the log ;)

Good taste though! Surfer geek chicks = hotness.
(Reply) (Thread)
[User Picture]From: supersat
2007-10-28 01:15 am (UTC)
... or alter the logs, or do whatever LJ does to get it into plaintext (decompress?), etc. I don't see you doing anything like that, though. :P
(Reply) (Parent) (Thread)
[User Picture]From: jwz
2007-10-28 12:52 am (UTC)
Nonsense about Brad shows up on Valleywag! I am shocked, shocked I say.
(Reply) (Thread)
[User Picture]From: supersat
2007-10-28 01:18 am (UTC)
Of course, the biggest damning evidence is the post count on her profile page, which AFAIK includes all entries, public and private. It says there's only two entries, and two comments received.
(Reply) (Thread)
(Deleted comment)
[User Picture]From: brad
2007-10-28 01:23 am (UTC)
The point of it all was that it'd be too much of a pain in the ass, so it'd be easier to use the web tool. And with the sharding all over, it's so indirect to go find which physical machine actual hosts which piece of data.
(Reply) (Parent) (Thread)
[User Picture]From: bsdguru
2007-10-28 01:05 pm (UTC)
A part from it being a PITA, you're actually way too busy coding to have time to figure out which shards contain which data, etc.
(Reply) (Parent) (Thread)
[User Picture]From: moonwick
2007-10-28 02:18 am (UTC)
The real lesson here - most chicks are crazy, yo.
(Reply) (Thread)
[User Picture]From: scsi
2007-10-28 05:25 am (UTC)
wtf? Lame.
(Reply) (Thread)
[User Picture]From: foobarbazbax
2007-10-28 07:13 am (UTC)
Wesabe goes even further, apparently they can't join rows of user data to the user without the user's password. http://blog.wesabe.com/2007/05/14/super-ninja-privacy-techniques-in-insecure-magazine/
(Reply) (Thread)
[User Picture]From: jojobear99
2007-10-28 07:23 am (UTC)
hmm, that's interesting about facebook, I hadn't seen that article.

Especially interesting since I'm just starting to look for a job up here in the sf-bay, and that their name was one of the many that comes up on the list of companies that are recruiting for software engineers. Its so hard to know which companies are on the ethical/integrity up and up, and that's really important in my list of priorties of where I work.
(Reply) (Thread)
[User Picture]From: mdl
2007-10-28 08:53 am (UTC)
Your ex is dumber than a sack of bricks and a giant attention whore. Good job on dumping a complete phony.

I like how she has the nerve to post about how getting a CS degree is worthwhile. Makes for great proof of just how much undergrad CS has been dumbed down, I suppose.
(Reply) (Thread)
[User Picture]From: altamira16
2007-10-28 01:20 pm (UTC)
Aren't you glad that your wife is sane?
(Reply) (Thread)
[User Picture]From: bigjimsjazz
2007-10-28 03:11 pm (UTC)

No real need to defend your honor bro.'

Those of us who have been around here longer than 5 minutes realize that you are a man of integrity.

I think this kind of accusation always happens when someone is upset and is looking for someone to blame.

The Blame Game.

Hope the rest of your weekend is better.
(Reply) (Thread)
[User Picture]From: beckyzoole
2007-10-28 09:31 pm (UTC)
Technically, she didn't say you saw her emo rants, just that she thought your motivation for finding her journal was to read her emo rants -- but to the casual reader, it looks like you could read all her private posts. Niiiiiice. A carefully-ambiguous public accusation of wrongdoing, that gives her publicity too.

I'd break it off with her, if I were you. Wait -- oh yeah!
(Reply) (Thread)
[User Picture]From: ladylynx
2007-10-29 07:13 am (UTC)
She's probably still in love with you. lol
(Reply) (Thread)
[User Picture]From: leahculver
2007-10-30 05:58 pm (UTC)

Sorry!

I didn't mean to criticize LJ security - in fact I think LJ is one of the more ethical websites. I was a bit creeped out that Brad queried the database for any journals of mine, although he is correct that anyone could have found the same thing through the website.
(Reply) (Thread)
[User Picture]From: grumpy_sysadmin
2007-10-31 01:21 am (UTC)

Oh, RIGHT!

THAT's why I don't date in the industry!

I was on the verge of forgetting...
(Reply) (Thread)