Tuesday, January 29, 2013

State of synchtube

This is just a notice that while synchtube is still being maintained, active feature development is largely held off for now and has been so for the past year. There are no plans to continue to grow the synchtube framework or expand it over other devices. Perhaps if we have more time later, but for now there is nothing on the roadmap.

I just wanted to write this post if some people are wondering why e-mails are rarely replied to.


Security fixes, additional features.

1/29: This is an OLD post that never not published. The fixes were made almost 2 months ago but I wanted to publish it so you know where to e-mail JS requests.

Bug Fixes:
- Fixed the exploit that allowed injections through media titles.
- Fixed other various XSS javascript exploits.

- Added the ability for ALL rooms to have a custom CSS file.
- Added the ability for SOME rooms to have a JS file.

Check your "My Rooms" page to see these fields.

The JS file is "invite only, and you must ask us to turn it on for you. To request enablement, write an e-mail to:

synchtube {at} gmail {dot} com
Subject: JS Enablement Request
Body: Write a brief description what you plan to do with the enablement.

The community is tight knit enough and generally police each other, so if you are caught abusing JS or doing evil things with it, you will be blacklisted, no exceptions, ZERO tolerance policy. Report abusers to the e-mail above as well. Please include a snippet of malicious code, which we can then verify, then blacklist.

If you see Lucid give him a giant thanks for taking the initiative to patch the security vulnerability and for making synchtube a safer place.