January 26th, 2006

  • evan

livejournal cookie stealing

Great summary* of the LiveJournal security situation: "Due to the fact that we cannot clean every external CSS stylesheet linked to every time we generate a journal page, this change is required. [...] With Mozilla deciding to allow the execution of arbitrary JavaScript via CSS, there is no other viable solution than the one we have undertaken."

My takeaway is that it's pretty much impossible to let your users simultaneously (a) create their own personal pages (b) on a site where other users have identities managed by cookies.

This was one of the reasons blogspot could let users have arbitrary JS: it's a totally separate domain, so there's nothing to worry about. ...or is there? [cue ominous music] (To tell the truth, I have no confidence either way.)


* David always trips me out because he's like 12 years old and sorta looks like a big kid but comes across as totally competent in text.
  • evan

youtube download / ubuntu breezy ffmpeg mpeg4 support

To convert from the Flash video format found on sites like YouTube (fetch /get_video?video_id=... to get it), you can use ffmpeg like this:

ffmpeg input.flv -vcodec mpeg4 -acodec mp3 output.avi


Unfortunately, Ubuntu Breezy doesn't have the mpeg4 support compiled into ffmpeg. But it's really easy to do, and the lesson applies more generally. From the comments on this post:

sudo apt-get build-dep ffmpeg
sudo apt-get install liblame-dev libfaad2-dev libfaac-dev libxvidcore4-dev checkinstall fakeroot
DEB_BUILD_OPTIONS=risky fakeroot apt-get source ffmpeg --compile
sudo dpkg -i *.deb


[PS: most jargon-laden subject ever!]