diff --git a/lib/commands/block.js b/lib/commands/block.js
index a398359d2..288089a16 100644
--- a/lib/commands/block.js
+++ b/lib/commands/block.js
@@ -112,7 +112,7 @@ var validateAncestorProof = function (Env, proof, _cb) {
                 return void cb("E_MISSING_ANCESTOR");
             }));
         }).nThen(function () {
-            cb(void 0, valid);
+            cb(void 0, pub);
         });
     } catch (err) {
         return void cb(err);
@@ -126,6 +126,7 @@ Block.writeLoginBlock = function (Env, safeKey, msg, _cb) { // FIXME BLOCKS
     var signature = msg[1];
     var block = msg[2];
     var registrationProof = msg[3];
+    var previousKey;
 
     var validatedBlock, parsed, path;
     nThen(function (w) {
@@ -136,13 +137,15 @@ Block.writeLoginBlock = function (Env, safeKey, msg, _cb) { // FIXME BLOCKS
             w.abort();
             return cb("E_RESTRICTED");
         }
-        validateAncestorProof(Env, registrationProof, w(function (err, validated) {
-            if (err || !validated) { // double check that it was validated
+        validateAncestorProof(Env, registrationProof, w(function (err, provenKey) {
+            if (err || !provenKey) { // double check that a key was validated
                 w.abort();
-                // XXX Log
-                return void cb("E_RESTRICTED"); // XXX restricted-registration we can provide more descriptive errors if we check that the client will understand them
+                Env.Log.warn('BLOCK_REJECTED_INVALID_ANCESTOR', {
+                    error: err,
+                });
+                return void cb("E_RESTRICTED");
             }
-            // else fall through to the next block
+            previousKey = provenKey;
         }));
     }).nThen(function (w) {
         validateLoginBlock(Env, publicKey, signature, block, w(function (e, _validatedBlock) {
@@ -183,7 +186,12 @@ Block.writeLoginBlock = function (Env, safeKey, msg, _cb) { // FIXME BLOCKS
         // actually write the block
         Fs.writeFile(path, Buffer.from(validatedBlock), { encoding: "binary", }, function (err) {
             if (err) { return void cb(err); }
-            // XXX log the safeKey to map publicKey <=> block
+            Env.Log.info('BLOCK_WRITE_BY_OWNER', {
+                safeKey: safeKey,
+                blockId: publicKey,
+                isChange: Boolean(registrationProof),
+                previousKey: previousKey,
+            });
             cb();
         });
     });
diff --git a/server.js b/server.js
index 3b49ce4d5..4a107b785 100644
--- a/server.js
+++ b/server.js
@@ -276,7 +276,7 @@ var serveConfig = makeRouteCache(function (host) {
             defaultStorageLimit: Env.defaultStorageLimit,
             maxUploadSize: Env.maxUploadSize,
             premiumUploadSize: Env.premiumUploadSize,
-            restrictRegistration: Env.restrictRegistration, // XXX restricted-registration
+            restrictRegistration: Env.restrictRegistration,
         }, null, '\t'),
         'obj.httpSafeOrigin = ' + (function () {
             if (config.httpSafeOrigin) { return '"' + config.httpSafeOrigin + '"'; }
diff --git a/www/common/outer/login-block.js b/www/common/outer/login-block.js
index e181dbf3f..9950e18af 100644
--- a/www/common/outer/login-block.js
+++ b/www/common/outer/login-block.js
@@ -96,7 +96,7 @@ define([
         // return an array with the sig and the pubkey
             return JSON.stringify([u8_pub, u8_sig].map(Nacl.util.encodeBase64));
         } catch (err) {
-            throw err; // XXX restricted-registration
+            return void console.error(err);
         }
     };