[RDD] Spinitron RLM

Max Goldstein, Operations Director ops at wmfo.org
Wed Nov 21 12:09:46 EST 2012


Reviving a month-old thread with relevant information: a new known-good
version of the RLM has been pushed to
Github<https://github.com/WMFO/Rivendell-Spinitron-Update>
.

This new version logs the cart number in Spinitron's notes field, although
there's a single Boolean opt-out flag. We've seen Spinitron fill in the
"format" field as Rivendell on the web interface (it's hard-coded into the
RLM), so this should provide a definitive answer as to whether the song was
from Rivendell or not. The cart number may also be useful for scripts.

A new flag ensures curl times out instead of causing RDAirplay to hang.
This version has been thoroughly tested.

While the Makefile adjusts permissions to lock down the credentials file,
exhaustive testing shows that even when the RLM is executable by all, it
still will not load - read permissions are required, it seems. Therefore,
the installed RLM has universal read and executable access. Any user who
has access to your system and knows where the file is can run the strings
command to find the Spinitron credentials. This security hole has been
present in all versions of the RLM.

Even if you read the credentials in at runtime, the RLM would have to have
read access to the credentials file, which I doubt it would if only root
had read access (but I'm not positive). So this way is actually safer, in
that the file called credentials is locked down. I'm also not disclosing
this on Github (why tell the world?). BUT: you're probably not exposing
your RIvendell system to people you don't already trust, most of whom
aren't tech-savy. So in practice this shouldn't be a big deal (it hasn't
been for us). But that's full disclosure for you.

The new version has tag 2.1. Enjoy.

Max Goldstein
Operations Director
WMFO Tufts Freeform Radio


On Wed, Oct 17, 2012 at 3:02 PM, Andy Sayler <andy at wmfo.org> wrote:

> On Github, the Downloads section is just for separate files outside of the
> source control tree (i.e. binary installers, etc). We don't have any of
> those.
>
> To download a copy of the source code, either use the "ZIP" button near
> the upper left of the repo page (this will download that latest unstable
> copy of the code), or click the "Tags" tab to download a zip file of any of
> the stable code snapshots (currently there just one).
>
> You can also browse and view the code on Github directly by clicking on
> any of the files or directories in the repo tree.
>
> -Andy
>
>
> On Wed, Oct 17, 2012 at 12:54 PM, Rob Landry <41001140 at interpring.com>wrote:
>
>>
>> I can't find a download link for this. Clicking on "Downloads" gets me
>> "No matching files."
>>
>>
>> Rob
>>
>>
>>
>> On Mon, 15 Oct 2012, Max Goldstein, Operations Director wrote:
>>
>>  I know for a fact that the latest commit is no good (doesn't log,
>>> period),
>>> but commit ID **c88d7926b7fb4083f5a3db4efe688b**04cc5ab838 works. I'll
>>> be
>>> looking into that code over the next week or two and working out the
>>> bugs.
>>> I'll also keep the latest known good commit ID in the README.
>>> Max Goldstein
>>> WMFO Operations Director.
>>>
>>> On Mon, Oct 15, 2012 at 3:55 PM, Andy Sayler <andy at wmfo.org> wrote:
>>>       We use the RLM interface with Rivendell 2. As I recall, there
>>>       are a few minor interface changes in 2, but the basic principle
>>>       in the same.
>>> See: https://github.com/WMFO/**Rivendell-Spinitron-Update<https://github.com/WMFO/Rivendell-Spinitron-Update>
>>>  (**note, this
>>> code is under development and the most recent revision may not be
>>> stable).
>>>
>>> -Andy
>>> www.wmfo.org
>>>
>>> On Mon, Oct 15, 2012 at 1:49 PM, Rob Landry <41001140 at interpring.com>
>>> wrote:
>>>
>>>       Does anyone know if the rlm_spinitron module runs on
>>>       Rivendel 2.x? The
>>>       documentation says it was written for RD 1.5.
>>>
>>>
>>>       Rob
>>>
>>>       ______________________________**_________________
>>>       Rivendell-dev mailing list
>>>       Rivendell-dev at lists.**rivendellaudio.org<Rivendell-dev at lists.rivendellaudio.org>
>>>       http://lists.rivendellaudio.**org/mailman/listinfo/**rivendell-dev<http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev>
>>>
>>>
>>>
>>> ______________________________**_________________
>>> Rivendell-dev mailing list
>>> Rivendell-dev at lists.**rivendellaudio.org<Rivendell-dev at lists.rivendellaudio.org>
>>> http://lists.rivendellaudio.**org/mailman/listinfo/**rivendell-dev<http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev>
>>>
>>>
>>>
>>>
>> _______________________________________________
>> Rivendell-dev mailing list
>> Rivendell-dev at lists.rivendellaudio.org
>> http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
>>
>>
>
> _______________________________________________
> Rivendell-dev mailing list
> Rivendell-dev at lists.rivendellaudio.org
> http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rivendellaudio.org/pipermail/rivendell-dev/attachments/20121121/2e00a152/attachment.htm 


More information about the Rivendell-dev mailing list