Just Journal Developer Blog

A script kiddie named "taylor" has been creating hundreds of accounts for no particular reason today.  I've reluctantly added a Captcha to the new account page to deter the attacks a bit.  I've avoided them as they hurt blind users from using websites. 

Taylor has come from two different IPs meaning he is either impersonating them or has access to two different systems via various means.  Here are his IPs (from my convenient firewall rules) 

00400       51        2576 deny ip from 74.197.12.164 to any in
00400        6         288 deny ip from 68.199.178.14 to any in

The first one is from a cable modem in texas (best i can tell) and the other traceroute'd to New York.  You can see he's an active asshole. 

Frankly I find his attack pointless and stupid.  He's polluting the name poll, but there isn't much point to attacking this site.  It is not that popular to gain accounts on for obvious purposes.  I bet he's a little kid with a cute program. 

Taylor I challenge you to attack 127.0.0.1. 

There was a few minutes of downtime while we updated the webserver software. The new version fixes some problems with HTTP header parsing which may stop the random "garbage" at the top of pages on the site.

I had to move the site to another IP address. This will cause an interruption for some users.

On the upside, Just Journal will be on it's own IP address which should help with some issues we've had with technorati and a few other sites indexing justjournal.com.

I'm working on several problems that have developed as a result of some new features I added to the site.

I've removed the floating window for subscriptions to RSS feeds. I've got another idea in mind that should minimize the space required but use less javascript. This should make journal pages load faster.

I'm currently experimenting with the login page to make it load quicker. Logins are tremendously slow due to the JJ changes feature. I will probably back that out.

The site has been very slow in general lately. Part of this was a change with the size of the buffers used on the site. I've made the buffers much smaller which should fix the outlining problems with the servlets.

There are still two critical issues that need to be addressed. Primarily, the bug with Apple's safari browser where headers are randomly displayed to the client. I have not seen this behavior with any other website. I have been unable to track down the cause. I can even run just journal on a Mac that is older than the server and it is significantly faster and no headers are shown. I believe it is related to apache 2.2.x and the mod_proxy_ajp connector, although it could also be another problem. The other issue I will hold off on discussing.

The site might be up and down a few times today as I work on it.

There is a network outage with my ISP. I do not know how long it will last. Just Journal is down until the connection comes back up.

Just Journal hit 200 users today. In a week or so, I should have much more time to update the website. I have a large feature list made up. I also have a bug fix list. If there is anything bothering you about JJ, please comment here.

I have an experimental new theme on the site.  The modern right black theme places the menus on the right as many other blog packages do.  There are still several rendering problems I'm working out.  I'm hoping to create right aligned themes for all of the existing themes.  I also want to create some new styles over the next two months. 

If you have suggestions for new styles, please comment on this post. 

I've been looking at problems viewing this website in various browsers.  I've had good experiences with Firefox 2 and Internet Explorer 7.  Safari 2 and 3 on the Mac seem to have problems rendering pages.  At times weird text (HTTP headers) is shown in the request.  User pics and other elements do not display.  When this happens, clearing the browser cache on the file menu seems to fix the problem.  I'm trying to figure out what triggers this bug in Safari.  This will be an issue with the upcoming iPhone. 

The site is usable in Opera 9 for FreeBSD.  It does not render well on my cell phone.  (Sanyo) 

I plan on looking at the themes for the blogs first and then working back out to other pages. 

I attempted (unsuccessfully) to upgrade Apache Tomcat tonight. I'm still researching the issue. The site is running on the old version again and should be fully functional.

I've added a new feature. Google and Technorati get pinged whenever a new blog post is added if your blog is public. WebLogs has been pinged for some time. This will make blogs searchable using Google's nifty blog search (http://blogsearch.google.com) Only public posts will show up of course.

A friend of mine is looking at the subscribe javascript code which isn't lining up correctly. I'm working on the login page. The new information will be useful eventually. If you have friends posts, it will show the most recent entries. Its also showing jjsite blog entries now. This needs more work. It takes up too much space and only needs to show the last 3 or so.

Someone signed up a JJ account and asked why it doesn't support Chinese.  I have not yet implemented true internationalization support in Just Journal.  Pages are tagged as English.  I am using UTF-8 for most fields, however.  That means English and most Western European languages should work.  In the future, I plan to add a feature to allow the user to pick their native language which would also tag pages in that associated language.  I will attempt to add support for asian languages using either native character sets or UTF-16 at that time.

Here is a document describing support for i18n in Java.  This would only be interesting to programmers who might wish to work on JJ.  http://java.sun.com/javase/technologies/core/basic/intl/faq.jsp

There was brief downtime to upgrade justjournal.com. In addition to upgrading our database software, we added some new features.

The pictures page now includes a special RSS link. Using this link in Apple's iPhoto will allow you to view subscribe to blog pictures. You can also use the feed with Google's feed service. It does not seem to work in Firefox or Safari just yet. Dates are not included yet.

In addition to the pictures RSS, I've added ATOM support. Just append /atom to the address for your blog... for instance http://www.justjournal.com/users/jjsite/atom to use this format. Only ATOM feed support is implemented and the date format is incorrect.

I fixed the HTML on the login page.

Just Journal's server software was updated today. RSS feeds were broken for a few hours, but should be restored. The bug was related to work in progress to allow feeds to expose images.

When logging in, users are now presented with the date and time of last login. This feature will allow users to verify they are the only ones logging into their accounts.

The create account successful page was changed with additonal information about preferences. Users can change their journal style or make private journals in preferences.

Some women bloggers have received threats online.

http://www.washingtonpost.com/wp-dyn/content/article/2007/04/29/AR2007042901555_pf.html

I do not know of any just journal related incidents, but this might be a good reason to keep private blogs.

I just released some new features. 

Security

The security enhancements have to deal with Private Journals.  If you set your journal private, it is no longer listed in the member list.  Profiles are now blank for members with private blogs.  You could in theory validate there is a user but you would not know any personal information beyond their username.  I also disabled links for the RSS feeds if you login to a private journal.  Those features only work for public journals.  Who would want to consume a public rss feed of private data?  There are a few areas where security could be improved.  I suggest anyone using the private journal feature also post each entry with private security.  In the event there is a bug with private journal somewhere, private security should block public display of the data.  private security is tested much more vigoriously.  These changes are a result of the number of recent signups using the private feature. I'm hoping to make more improvements later.  If you notice any problems with your private blog, let me know so I can create a test blog and see if i can reproduce it.

PDF and RTF

While this is a work in progress, I've added links to the PDF and RTF versions to each blog.  Currently, it only displays the last 15 public journal entries.  This will be changed to include ALL blog entries for users logged in and on their own blog, and ALL PUBLIC entries for everyone else.  I probably won't implement friends security on this one as it would be time consuming.  The reasoning behind this feature is so that users can get a snapshot of their blog at any time.  If the site were to close tomorrow, someone could still have a copy of all their journal entries.  Google also does good PDF indexing so if someone has search engine searching on, it will make it more likely to come up down the road.  I look at this as an extra backup feature.  The original just journal specification used XML for all blog entries, and I planned to use Apache FOP to translate into PDF at the time.  After the XML plans fell apart due to some issues with the XSLT libraries available at the time, I just gave up on the whole idea.  I'm using a library called iText which is under MPL and LGPL.  It works very well so far.  The work in progress relates mostly to formatting.  I'm still working out the formatting I want to use for the documents.  Expect the format to change a few times.  I also must add a new method to the database code for entries to gather all entries and not just a subset.  If there is demand, I will also try to provide a "backup" format in XML.  Remember, if you have a lot of entries, it may time out generating the PDF.  Eventually I'll add a progress feature with a refresh (hopefully).  I also noticed a few problems with IE 7 in initial testing.  I think I've got this resolved. 

For people interested in the technical details, most of the new code is in the horrid users servlet.  (com.justjournal.Users) 

Other Changes

Other changes to JJ include modifications to the base servlet to set a buffer and to include the content length.  That should improve HTTP standards compliance and also fix some minor bugs with IE.  I'm also testing changes to the avatar fetch and photo fetch code which may fix problems I've noticed with safari.  Images are corrupted in the cache and sometimes fail to download in safari.  I notice this more often with avatars. 

Our user count has been growing.  I just did a full backup of the database.  It never hurts to have a backup. :) 

The changes to the file upload code seem to be stable so far.  I've very happy with that. 

You can now delete pictures using the new remove pictures preference. I updated mysql-connector-j to 5.0.5 and Apache Commons File Upload to the latest version. This seemed to speed up transmitting pictures a bit.

Just Journal is still using the old File Upload interface. I should be able to switch over to the "new way" when I get more time.

I also added a Search via Technorati feature. Eventually you should be able to search public blog entries with that. It lets you search blogs all over the Internet as well. I do plan on adding my own search function eventually. In order to get private journal entries, it will take some careful planning.

Finally, I changed the WebError class to display two types of error messages. Severe and mild are now distict errors. A severe error is red whereas a mild error is in orange. Currently all errors now use red, but that will change.

I just commited about a month's worth of work to cvs. This includes the new picture code which still needs work. There is a memory leak in the apache file upload library that is triggered on large pictures. This is an obvious problem.

I'm about halfway through adding the new pictures feature.  There is a new menu option called pictures.  You can view any pictures on that page associated with a specific journal.

To add pictures, go into preferences and click add pictures near the bottom.

A few caveats:

1. I haven't finalized the maximum picture size.  Anything 1MB or smaller should work.  Consider that large resolutions will not display that well though.

2. I have not finished the delete option.  You can not yet delete pictures after you add them.  Eventually I'll get this working.  I've run out of time today.

3. You can not change the title on a picture after you upload it.

4. Every once in awhile an error displays even though the picture uploaded ok.  I'm still working on this.  Make sure the image did not upload before you try again.  If it keeps failing, make sure the picture is not too big.

5. There appears to be a possible memory leak in the apache commons FileUpload component.  A new version claims to fix this but it will involve several code changes.  I'll be upgrading that when I get time. 

6. Currently images are sorted alphabetically.  I'm planning on adding photo albums (think categories).  You will be able to sort pictures into different albums and give them titles.  For now a lot of pictures becomes increasing hard to read.  It is also a good idea to name photos from similar events the same at the beginning to keep them together.  You have up to 150 characters for the title so use them.

7.  You can not associate an image with a journal entry yet.  If you want to link to an image, first upload it and then put the full link in your journal entry.  I want to  make this easier in the future.

I also plan on adding tags, comments, and possibly an RSS feed of the pictures at some point.  I've been promising pictures for years and so I don't want to set any time frame on these enhancements. 

An xss flaw was fixed in Just Journal today.  There maybe others, and I'm auditing the code.  Entries by design allow HTML optionally but other items like subjects should not.  I may have to disallow all javascript in the near future.