Denise (![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png)
denise) wrote in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png)
dw_maintenance2022-01-30 05:13 pm
denise) wrote in dw_maintenance2022-01-30 05:13 pm
(no subject)
We've received multiple reports of crossposting to LiveJournal silently failing, and many people have asked us about the problem. Unfortunately, the issue is not one that we can resolve: it happens when someone has automatic crossposting set up and has changed their LiveJournal password, but hasn't updated the password on their Dreamwidth crosspost settings. The number of failed logins trip LiveJournal's "attempted account hacking" detection system and our IP addresses are locked out from the site. This stops all Dreamwidth users from crossposting, whether or not their passwords are correct: we are entirely blocked from accessing LiveJournal at all.
For a decade or so, when this happened, we were able to contact them and have them remove us from the lockout list manually and whitelist our IP address range so that it wouldn't happen again. At some point in the last several years, they switched to telling us that the blocking is automatic, they aren't able to whitelist any IPs manually, and that we were mistaken when we were able to resolve the issue for a decade by emailing them and having them whitelist us manually; by this point, they no longer respond to us at all about the issue. (The delay in our posting about the issue has been, once again, us attempting to contact them unsuccessfully and getting no reply.)
Many users report to us that when they've contacted LiveJournal about the issue, LiveJournal has told them that the problem is on our end and that there are changes we can make to fix the problem. This is not true, and we aren't sure why they're telling you that. There is nothing we can do differently that will make them stop locking us out when people enter incorrect passwords for their crosspost accounts. At most, we could spend months making a massive, extensive, exhaustive effort rewriting the entire crosspost system, in exchange for an infinitesimal chance it would reduce the number of times this problem happens, not prevent it entirely. We aren't willing to spend six full months rewriting the crossposting system from scratch (and introducing all kinds of inevitable new bugs) to slightly lower the chance this problem will happen as frequently as it does, without assurances from LiveJournal that they are unwilling or unable to give us that such a rewrite would solve the issue entirely.
The only long-term, guaranteed fix for the issue is for LiveJournal to whitelist our IP addresses the way they were able to do for a decade and now claim to never have been able to do at all.
I know people are frustrated about the issue: so are we, and we're disappointed that the collegial relationship we enjoyed with LiveJournal for so long appears to have evaporated at some point in the last several years. However, at this point, we must advise you to treat crossposting to LiveJournal as an "as is" service that may or may not work at any given moment, depending entirely on LiveJournal's whims regarding blocking our ability to access the service due to people having entered their crossposting passwords wrong. If problems happen during the process of crossposting, there is nothing we can do to fix it, solve it, or hasten the site's removal from LiveJournal's access blocking system. All we can do is wait until the block expires, and they will neither tell us how long any given block will be active for nor a date/time when it will expire -- as I said, at this point they no longer respond to me when I email them about the issue, and haven't for quite some time.
If you have a crossposting account set up with LiveJournal as the crosspost destination, please check that the username and password are correct: the fewer people with incorrect passwords in their crossposting setup, the less likely this problem will be triggered. However, when it does happen, there is nothing we can do to solve it, and all you can do is wait it out. I'm very sorry. We're just as frustrated as you are.
ETA: I forgot to specify: yes, this includes the importer as well. The importer is more likely to catch a period of being unblocked because of how it functions asynchronously, but it's not a guarantee. If LiveJournal is currently blocking us, no function on Dreamwidth that requires communicating with LiveJournal will work, period.
UPDATE 1 Feb 2022 21:15 EDT: We have posted a further announcement: further investigation has made us realize there are several potential causes of the block other than the "password error" cause I explained in the post above. Until we're able to a) determine the cause of the block and b) determine whether there's any way we can work around it that will not cost us a significant amount of time and effort for potentially no reward, we have temporarily disabled crossposting to LiveJournal site-wide. We deeply regret needing to do this; however, it's clear that even if the situation is fixable, which it may not be, the resolution will take a significant amount of time. Until we have more information, it doesn't make sense for us to attempt crossposts we are aware have no chance of actually succeeding.
If you try to crosspost to LiveJournal, the process will automatically and immediately fail, and you'll receive a failure notice in your inbox directing you to this post. Please accept our utmost apologies for needing to take this step. We'll continue trying to identify the root cause of the difficulty and see if there is any fix we can make to re-enable crossposting that doesn't involve having to redesign the entire crosspost system from the ground up with no hopes of that even helping.
For a decade or so, when this happened, we were able to contact them and have them remove us from the lockout list manually and whitelist our IP address range so that it wouldn't happen again. At some point in the last several years, they switched to telling us that the blocking is automatic, they aren't able to whitelist any IPs manually, and that we were mistaken when we were able to resolve the issue for a decade by emailing them and having them whitelist us manually; by this point, they no longer respond to us at all about the issue. (The delay in our posting about the issue has been, once again, us attempting to contact them unsuccessfully and getting no reply.)
Many users report to us that when they've contacted LiveJournal about the issue, LiveJournal has told them that the problem is on our end and that there are changes we can make to fix the problem. This is not true, and we aren't sure why they're telling you that. There is nothing we can do differently that will make them stop locking us out when people enter incorrect passwords for their crosspost accounts. At most, we could spend months making a massive, extensive, exhaustive effort rewriting the entire crosspost system, in exchange for an infinitesimal chance it would reduce the number of times this problem happens, not prevent it entirely. We aren't willing to spend six full months rewriting the crossposting system from scratch (and introducing all kinds of inevitable new bugs) to slightly lower the chance this problem will happen as frequently as it does, without assurances from LiveJournal that they are unwilling or unable to give us that such a rewrite would solve the issue entirely.
The only long-term, guaranteed fix for the issue is for LiveJournal to whitelist our IP addresses the way they were able to do for a decade and now claim to never have been able to do at all.
I know people are frustrated about the issue: so are we, and we're disappointed that the collegial relationship we enjoyed with LiveJournal for so long appears to have evaporated at some point in the last several years. However, at this point, we must advise you to treat crossposting to LiveJournal as an "as is" service that may or may not work at any given moment, depending entirely on LiveJournal's whims regarding blocking our ability to access the service due to people having entered their crossposting passwords wrong. If problems happen during the process of crossposting, there is nothing we can do to fix it, solve it, or hasten the site's removal from LiveJournal's access blocking system. All we can do is wait until the block expires, and they will neither tell us how long any given block will be active for nor a date/time when it will expire -- as I said, at this point they no longer respond to me when I email them about the issue, and haven't for quite some time.
If you have a crossposting account set up with LiveJournal as the crosspost destination, please check that the username and password are correct: the fewer people with incorrect passwords in their crossposting setup, the less likely this problem will be triggered. However, when it does happen, there is nothing we can do to solve it, and all you can do is wait it out. I'm very sorry. We're just as frustrated as you are.
ETA: I forgot to specify: yes, this includes the importer as well. The importer is more likely to catch a period of being unblocked because of how it functions asynchronously, but it's not a guarantee. If LiveJournal is currently blocking us, no function on Dreamwidth that requires communicating with LiveJournal will work, period.
UPDATE 1 Feb 2022 21:15 EDT: We have posted a further announcement: further investigation has made us realize there are several potential causes of the block other than the "password error" cause I explained in the post above. Until we're able to a) determine the cause of the block and b) determine whether there's any way we can work around it that will not cost us a significant amount of time and effort for potentially no reward, we have temporarily disabled crossposting to LiveJournal site-wide. We deeply regret needing to do this; however, it's clear that even if the situation is fixable, which it may not be, the resolution will take a significant amount of time. Until we have more information, it doesn't make sense for us to attempt crossposts we are aware have no chance of actually succeeding.
If you try to crosspost to LiveJournal, the process will automatically and immediately fail, and you'll receive a failure notice in your inbox directing you to this post. Please accept our utmost apologies for needing to take this step. We'll continue trying to identify the root cause of the difficulty and see if there is any fix we can make to re-enable crossposting that doesn't involve having to redesign the entire crosspost system from the ground up with no hopes of that even helping.
no subject
And as noted in some of my other commenting, we may be doing the Right Thing in a place I hadn't quite wrapped my head around. A codebase that's old enough to drink gets...weird around the edges sometimes. :)
no subject
no subject
Thanks for offering! Here's the thing I'm thinking about, which as I ask I can already see some of the problems with: why not have the user's browser send the crosspost request directly? So the IP is the user's?
And as I ask I am already thinking through some of the problems and answering my own questions, ha!
no subject
1/2) yeah, that's an entire paradigm shift, and would need someone who understands the current stuff well enough to make those changes. We have...not too many active developers right now, and even fewer who grok the codebase at a deep level.
3) I do not trust users to do exponential back off. Do you?
4) LJXMLRPC does not handle password security particularly well. Crossposting to a DW account (which is possible, by the by) is set up to use an API key instead of the password specifically because we are so limited by the existing architecture standard.
no subject
It's looking like it's a moot point, anyway: it's very hard to get accurate information even with machine translation and my rudimentary Russian because they keep changing where they post to, but it's starting to look like, in addition to the usual "you have tripped our spam detection", LJ has simply shut off all third-party client access, period. Trying to confirm that, but if that's the case, it would never work again even if they didn't have a grudge.
no subject
A also told me he is pretty sure my pie-in-the sky idea would run into CORS problems unless we had cooperation from LJ, which is obviously a non-starter; I don't know enough about XMLRPC to be sure one way or t'other but he's probably right.
Yes, this, this, this.
(In further evidence to me of my current rage obsessions, my first thought when I read your comment was "jesus people this is why NFT game artifacts you can bring in to unrelated games are a ridiculous grift pipedream, it's hard even to allocate resources to improve something somewhat related to an application like 'post to a linked outside resource' when you could be improving your own application instead, why on earth would any dev spend a ton of time enabling you to bring in something as broken in conception as an outside game's artifact???" Which I know is a stretch but apparently I'm obssessed rn, heh. But yeah, if there were still a big community of LJers who could be enticed by a crossposter it might be more worth banging heads into brick walls but there isn't.)
no subject
no subject
And yeah. I know there are still people moving over from LJ and people trying to stay in touch with people who won't move, and I really wish we didn't have to make the cost/benefit calculations here -- but it's absolutely a diminishing returns thing at some point and I think we have probably hit that point. :/