Tuesday, January 29, 2013

State of synchtube

This is just a notice that while synchtube is still being maintained, active feature development is largely held off for now and has been so for the past year. There are no plans to continue to grow the synchtube framework or expand it over other devices. Perhaps if we have more time later, but for now there is nothing on the roadmap.

I just wanted to write this post if some people are wondering why e-mails are rarely replied to.


Security fixes, additional features.

1/29: This is an OLD post that never not published. The fixes were made almost 2 months ago but I wanted to publish it so you know where to e-mail JS requests.

Bug Fixes:
- Fixed the exploit that allowed injections through media titles.
- Fixed other various XSS javascript exploits.

- Added the ability for ALL rooms to have a custom CSS file.
- Added the ability for SOME rooms to have a JS file.

Check your "My Rooms" page to see these fields.

The JS file is "invite only, and you must ask us to turn it on for you. To request enablement, write an e-mail to:

synchtube {at} gmail {dot} com
Subject: JS Enablement Request
Body: Write a brief description what you plan to do with the enablement.

The community is tight knit enough and generally police each other, so if you are caught abusing JS or doing evil things with it, you will be blacklisted, no exceptions, ZERO tolerance policy. Report abusers to the e-mail above as well. Please include a snippet of malicious code, which we can then verify, then blacklist.

If you see Lucid give him a giant thanks for taking the initiative to patch the security vulnerability and for making synchtube a safer place.


Thursday, July 26, 2012

Removal of JavaScript

Hi folks. Chess here.

I just wanted to let you know that embedded JavaScript had to be removed.

We initially left it open as users were creating some really cool things -- themes, custom icons, the whole lot, but it was brought to our attention today that people have been using it to steal passwords, and do other malicious things.

Obviously this cannot be tolerated, so this "feature" had to go.

On a sidenote, as many of you already realized, active feature development of synchtube has been halted due to resource and time constraints, and we currently have no plans to re-implement a safe way to allow advanced customizations.

I'm sorry it had to come down to this. I love synchtube, I love all of our users, I love what the scripts were doing to the community, but all it takes is a few bad apples to ruin the batch and user security always comes first.


Monday, September 26, 2011

In regards to troubled connections

We've been getting a lot of voiced frustration in the blog comments about not being able to connect to synchtube.

The unfortunate reality is that only a small subset of individuals cannot connect, and it is really difficult to figure out why. There are so many factors to consider -- possible slow internet connections, browser compatibility, bad wi-fi signal, firewalls (both home and office), possible drops in wi-fi signal... and so on

Let me tell you that we are looking into it, but it is terribly difficult to debug and fix the issue for everyone. People tell me things like "it is Firefox 6" yet on all instances of my Firefox 6 in different configurations, it seems to run fine, and let me tell you I must have tried at least 50 browser and connection combinations. That is only one example of the combinations that I run. For those attacking the new client -- it has nothing to do with the client as the connections are all issued by the server, which has not changed.

I've tried to recreate as many combinations as possible, but it still seems I am missing a few. The only thing I can say is that hopefully this issue resolves itself as time goes on, browsers start to be compatible with our tech other, and the libraries we are using upgrade themselves.

I do indeed apologize for those who cannot connect to synchtube. If you can give me details about your connection, browsers, and OS, I can drill into it further and attempt to figure it out, but without those details I'm pretty helpless to try to resolve it. Here is a sample list you can send me:

1. Browser & Version
2. Connection (home/office)
3. Antivirus?
4. Firewall?
5. OS?

You can e-mail the info to synchtube@gmail.com. I try to look at all configurations sent. Once again please note that you aren't being ignored, it's just that we have started to run short ideas on how to fix the remaining connectivity issues.

Thanks all.


EDIT: 12/11/2011 One thing for sure at this point is that AVG, Avast, and Bitdefender ALL block synchtube. So don't use these if you plan to use synchtube well.

Tuesday, September 20, 2011

Testing Room Specific Karma

A push occurred today that enables you to vote on the video playing, and acquire karma.

Eventually there will be two types of karma, "room specific" and "sitewide".

Room specific is just your karma you've collected in that specific room.

Sitewide is just a total amount of karma you've collected from all the rooms (to be implemented later)

We aren't sure what else to do with karma yet, but it will be nice to have if that day ever comes. If you can think of anything let us know. Regardless of karma, it is nice to have the indicators if the video is liked or not.


Thursday, September 8, 2011

18+ rooms and foul language

Hi all.

EDIT 9/10:  A simple warning should suffice like any other website. Thanks for the feedback.

We've been getting a lot of complaints about the foul content and language that is occurring in some of the bigger rooms.

Due to these complaints and other legal issues, soon we will be labeling these rooms as 18+ rooms. If your room gets flagged as 18+, users will need to confirm their age to enter the rooms, and the room will not be listed on the front page.

Other than that the rooms won't be changed in any way. They'll just have that pre-viewing warning on them like any other site that has 18+ content.



Wednesday, August 31, 2011

@ tab completion hack

EDIT: 9/13/11 Tab completion hack now works anywhere in your sentence, as well as with the /kick and /ban commands. eg. /kick @mrchess

Synchtube now has tab completion for chat names when you prefix with an @ symbol.

For example, if I wanted to write a message to "mrchess",  instead of typing the full name I could type:

@m then hit [TAB] and it will automatically write @mrchess

Hitting TAB repeatedly will cycle through all the names that began with your initial value, meaning if there was a second person named Mary in my room, by repeatedly pressing tab it will cycle through "mrchess" and "Mary" values.

Give it a shot in the chat!