Protocol change (24 April 2012) #236

Closed
ghost opened this Issue Apr 25, 2012 · 103 comments

Comments

@ghost

ghost commented Apr 25, 2012

Just got an Error: Protocol incompatible. Please upgrade libpiano. I've got a functioning internet connection, and I'm not behind a proxy or anything, so it looks like Pandora changed the protocol on us again…

@cmdlinegeek

This comment has been minimized.

Show comment
Hide comment
@cmdlinegeek

cmdlinegeek Apr 25, 2012

I second that.

I second that.

@jakerella

This comment has been minimized.

Show comment
Hide comment
@jakerella

jakerella Apr 25, 2012

I have the latest package (2012-04-24) from the main site and I am still seeing the "Error: Protocol incompatible" message. Internet connection is good and no proxies or firewalls. Not sure if Pandora changed the protocol that quick or if I have a bad install (was working yesterday though).

~$ pianobar
Welcome to pianobar (2012.04.24)! Press ? for a list of commands.
(i) Control fifo at /home/jordan/.config/pianobar/ctl opened
(i) Login... Error: Protocol incompatible. Please upgrade libpiano.

I have the latest package (2012-04-24) from the main site and I am still seeing the "Error: Protocol incompatible" message. Internet connection is good and no proxies or firewalls. Not sure if Pandora changed the protocol that quick or if I have a bad install (was working yesterday though).

~$ pianobar
Welcome to pianobar (2012.04.24)! Press ? for a list of commands.
(i) Control fifo at /home/jordan/.config/pianobar/ctl opened
(i) Login... Error: Protocol incompatible. Please upgrade libpiano.
@MTecknology

This comment has been minimized.

Show comment
Hide comment
@MTecknology

MTecknology Apr 25, 2012

Bastards! Why they be changing it!?
Can't wait for you guys to figure out what changed. This little application happens to be what keeps me from beating the life out of one particular co-worker. Many thanks!!

MTecknology commented Apr 25, 2012

Bastards! Why they be changing it!?
Can't wait for you guys to figure out what changed. This little application happens to be what keeps me from beating the life out of one particular co-worker. Many thanks!!

@wizzahd

This comment has been minimized.

Show comment
Hide comment
@wizzahd

wizzahd Apr 25, 2012

also getting this error with the latest package (2012.04.24-dev). thanks!

wizzahd commented Apr 25, 2012

also getting this error with the latest package (2012.04.24-dev). thanks!

@mhajda

This comment has been minimized.

Show comment
Hide comment
@mhajda

mhajda Apr 25, 2012

Same issue today

mhajda commented Apr 25, 2012

Same issue today

@clarkewd

This comment has been minimized.

Show comment
Hide comment
@clarkewd

clarkewd Apr 25, 2012

Just tried installing the latest build to fix it but I'm also getting the error:

Welcome to pianobar (2012.04.24-dev)! Press ? for a list of commands.
(i) Login... Error: Protocol incompatible. Please upgrade libpiano.

Just tried installing the latest build to fix it but I'm also getting the error:

Welcome to pianobar (2012.04.24-dev)! Press ? for a list of commands.
(i) Login... Error: Protocol incompatible. Please upgrade libpiano.
@ok100

This comment has been minimized.

Show comment
Hide comment
@ok100

ok100 Apr 25, 2012

Same issue here.

ok100 commented Apr 25, 2012

Same issue here.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Apr 25, 2012

Not sure if this is at all relevant, but Pandora's official iOS client is still functioning without updates. So is the webOS client, whose source code is easily accessible, being written in Javascript and all.

ghost commented Apr 25, 2012

Not sure if this is at all relevant, but Pandora's official iOS client is still functioning without updates. So is the webOS client, whose source code is easily accessible, being written in Javascript and all.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Apr 25, 2012

Dear Lars-Dominik Braun & other contributors...

You Rock! I too am affected. I lack the skills to help. You have my FULL emotional support.
Thanks for pianobar,

Brad Norman - Vero Beach, Florida

ghost commented Apr 25, 2012

Dear Lars-Dominik Braun & other contributors...

You Rock! I too am affected. I lack the skills to help. You have my FULL emotional support.
Thanks for pianobar,

Brad Norman - Vero Beach, Florida

@romm-zz

This comment has been minimized.

Show comment
Hide comment
@romm-zz

romm-zz Apr 25, 2012

faultStringorg.apache.xmlrpc.XmlRpcException: 000.000.000.000|0|INCOMPATIBLE_VERSION|Pandora does not support your client version.faultCode1

That would be the case...

romm-zz commented Apr 25, 2012

faultStringorg.apache.xmlrpc.XmlRpcException: 000.000.000.000|0|INCOMPATIBLE_VERSION|Pandora does not support your client version.faultCode1

That would be the case...

@romm-zz

This comment has been minimized.

Show comment
Hide comment
@romm-zz

romm-zz Apr 25, 2012

When bumped version to 34, I am getting:

faultStringcom.savagebeast.radio.api.protocol.xmlrpc.RadioXmlRpcException: com.savagebeast.radio.api.internal.xmlrpc.handler.HandlerMisc.sync()faultCode0

when syncing

romm-zz commented Apr 25, 2012

When bumped version to 34, I am getting:

faultStringcom.savagebeast.radio.api.protocol.xmlrpc.RadioXmlRpcException: com.savagebeast.radio.api.internal.xmlrpc.handler.HandlerMisc.sync()faultCode0

when syncing

@PromyLOPh

This comment has been minimized.

Show comment
Hide comment
@PromyLOPh

PromyLOPh Apr 25, 2012

Owner
  1. Version 2012.04.24 does not work. I released it yesterday and a few hours after that Pandora changed the API.
  2. Things don’t look very promising right now, as Pandora rolled out an updated 3rd party client protection. It’s similar to the one described in #214 (and the linked blog post), but they completely block pianobar and others now and they made it very difficult (if not impossible without a debugger) to obtain the client key via injected JavaScript. A few 3rd party client developers are idle’ing in #saver2 at irc.coldfront.net, so if you cracked the code make sure you stop by.
  3. As Pandora won’t talk to me: Make use of their support email address and tell them what you think about this change. And please stay calm and be polite. Thanks.

@theswordfish Can you send me (lars@6xq.net) the webOS source, please?

Owner

PromyLOPh commented Apr 25, 2012

  1. Version 2012.04.24 does not work. I released it yesterday and a few hours after that Pandora changed the API.
  2. Things don’t look very promising right now, as Pandora rolled out an updated 3rd party client protection. It’s similar to the one described in #214 (and the linked blog post), but they completely block pianobar and others now and they made it very difficult (if not impossible without a debugger) to obtain the client key via injected JavaScript. A few 3rd party client developers are idle’ing in #saver2 at irc.coldfront.net, so if you cracked the code make sure you stop by.
  3. As Pandora won’t talk to me: Make use of their support email address and tell them what you think about this change. And please stay calm and be polite. Thanks.

@theswordfish Can you send me (lars@6xq.net) the webOS source, please?

@PlaidShirtPat

This comment has been minimized.

Show comment
Hide comment
@PlaidShirtPat

PlaidShirtPat Apr 25, 2012

Just got the same problem. New-ish Developer here, but love this app! If there is something I can do to help, please point me in the right direction!

Just got the same problem. New-ish Developer here, but love this app! If there is something I can do to help, please point me in the right direction!

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Apr 25, 2012

@PromyLOPh: It's on its way. :)

ghost commented Apr 25, 2012

@PromyLOPh: It's on its way. :)

@wizzahd

This comment has been minimized.

Show comment
Hide comment
@wizzahd

wizzahd Apr 25, 2012

in case anyone is having trouble finding it, here is the link to contact Pandora: https://help.pandora.com/customer/portal/emails/new

wizzahd commented Apr 25, 2012

in case anyone is having trouble finding it, here is the link to contact Pandora: https://help.pandora.com/customer/portal/emails/new

@kettultim

This comment has been minimized.

Show comment
Hide comment
@kettultim

kettultim Apr 25, 2012

Contacted them! If this is an attempt to get us to pay $39 for their app, that's sad but I suppose it makes business sense.

Contacted them! If this is an attempt to get us to pay $39 for their app, that's sad but I suppose it makes business sense.

@dustmoo

This comment has been minimized.

Show comment
Hide comment
@dustmoo

dustmoo Apr 25, 2012

What would it take to get on as an official third party client? There are other official clients that do not show graphic ads and only support their audio ads.

Though many may not agree with me, I like pianobar because of it's low footprint, I have no problem supporting pandora by listening to ads and or upgrading to pandora one if I want uninterrupted music.

Just curious if you have explored this at all PromyLOPh?

dustmoo commented Apr 25, 2012

What would it take to get on as an official third party client? There are other official clients that do not show graphic ads and only support their audio ads.

Though many may not agree with me, I like pianobar because of it's low footprint, I have no problem supporting pandora by listening to ads and or upgrading to pandora one if I want uninterrupted music.

Just curious if you have explored this at all PromyLOPh?

@PromyLOPh

This comment has been minimized.

Show comment
Hide comment
@PromyLOPh

PromyLOPh Apr 25, 2012

Owner

I have, @dustmoo, and their response was “not interested”.

Owner

PromyLOPh commented Apr 25, 2012

I have, @dustmoo, and their response was “not interested”.

@dustmoo

This comment has been minimized.

Show comment
Hide comment
@dustmoo

dustmoo Apr 25, 2012

Well then, happy cracking, I am sure we can find a solution. :)

dustmoo commented Apr 25, 2012

Well then, happy cracking, I am sure we can find a solution. :)

@sodabrew

This comment has been minimized.

Show comment
Hide comment
@sodabrew

sodabrew Apr 25, 2012

Coincidentally, I just got my annual Pandora One renewal notice. Good time to let them know which is my favorite way of listening :)

Coincidentally, I just got my annual Pandora One renewal notice. Good time to let them know which is my favorite way of listening :)

@b-dub

This comment has been minimized.

Show comment
Hide comment
@b-dub

b-dub Apr 25, 2012

In asking to roll back the protocol change, this is the response from pandora:

"Thanks for writing. This is an unauthorized third-party application, and using it is a violation of our Terms of Use.

You can use Pandora for free at http://www.pandora.com
If you have problems with that service, then please let me know.

Best,
Jed
Listener Advocate
PANDORA® internet radio
"

b-dub commented Apr 25, 2012

In asking to roll back the protocol change, this is the response from pandora:

"Thanks for writing. This is an unauthorized third-party application, and using it is a violation of our Terms of Use.

You can use Pandora for free at http://www.pandora.com
If you have problems with that service, then please let me know.

Best,
Jed
Listener Advocate
PANDORA® internet radio
"

@dragos240

This comment has been minimized.

Show comment
Hide comment
@dragos240

dragos240 Apr 25, 2012

I wouldn't worry much about it. PromyLOPh has done a fine job on updating the source promptly after an update. It's a rare occasion when the protocol isn't working, and an even rarer occasion in which it isn't fixed after fetching the latest sources.

As for asking pandora to roll back the changes, I highly doubt they'd be interested. This client does not include adverts, and it includes a feature which allows users from outside the US to use pandora, which is breaking their ToS.

A thank you to PromyLOPh for your work on this application, it is greatly appreciated.

I wouldn't worry much about it. PromyLOPh has done a fine job on updating the source promptly after an update. It's a rare occasion when the protocol isn't working, and an even rarer occasion in which it isn't fixed after fetching the latest sources.

As for asking pandora to roll back the changes, I highly doubt they'd be interested. This client does not include adverts, and it includes a feature which allows users from outside the US to use pandora, which is breaking their ToS.

A thank you to PromyLOPh for your work on this application, it is greatly appreciated.

@jhixson74

This comment has been minimized.

Show comment
Hide comment
@jhixson74

jhixson74 Apr 25, 2012

Similar response here:

Thanks for writing. This is an unauthorized third-party application, and using it is a violation of our Terms of Use.

You can use Pandora for free at http://www.pandora.com, and I would be happy to give you troubleshooting help with that if you like.

If you would like your subscription canceled in the end, just let me know.

Best,
Jed
Listener Advocate
PANDORA® internet radio
Need help? http://help.pandora.com

Similar response here:

Thanks for writing. This is an unauthorized third-party application, and using it is a violation of our Terms of Use.

You can use Pandora for free at http://www.pandora.com, and I would be happy to give you troubleshooting help with that if you like.

If you would like your subscription canceled in the end, just let me know.

Best,
Jed
Listener Advocate
PANDORA® internet radio
Need help? http://help.pandora.com

@ladinu

This comment has been minimized.

Show comment
Hide comment
@ladinu

ladinu Apr 26, 2012

@theswordfish Can you please post the WebOS code so that we all can see?

ladinu commented Apr 26, 2012

@theswordfish Can you please post the WebOS code so that we all can see?

@jnwatts

This comment has been minimized.

Show comment
Hide comment
@jnwatts

jnwatts Apr 26, 2012

Email sent to Pandora specifically pointing out that there are plenty of us who refuse to use Adobe Air and prefer not to keep a web-browser open just for Pandora: And most importantly, are happy to pay for a ad-free account just to use a 3rd-party (ad-free) client. If I get something other than the canned response, will post it here.

jnwatts commented Apr 26, 2012

Email sent to Pandora specifically pointing out that there are plenty of us who refuse to use Adobe Air and prefer not to keep a web-browser open just for Pandora: And most importantly, are happy to pay for a ad-free account just to use a 3rd-party (ad-free) client. If I get something other than the canned response, will post it here.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Apr 26, 2012

@ladinu: Sure thing.

I suspect the relevant code is in app/core/api.js, partly because of the name (duh) and also because the entire thing was obfuscated. I ran it through JSBeautifier and saved the deobfuscated version in the root directory under the name api deobfuscated.js.

http://www.mediafire.com/?5zgrfm61u9e0l6u

Good luck!

Edit: I finally found time to look through the thing, and it's full of crypto code. Hopefully it'll be of some use.

ghost commented Apr 26, 2012

@ladinu: Sure thing.

I suspect the relevant code is in app/core/api.js, partly because of the name (duh) and also because the entire thing was obfuscated. I ran it through JSBeautifier and saved the deobfuscated version in the root directory under the name api deobfuscated.js.

http://www.mediafire.com/?5zgrfm61u9e0l6u

Good luck!

Edit: I finally found time to look through the thing, and it's full of crypto code. Hopefully it'll be of some use.

@dcode

This comment has been minimized.

Show comment
Hide comment
@dcode

dcode Apr 26, 2012

I could only find one set of keys in those files. Beginning on Line 337 in 'api deobfuscated.js'.

However, that function seems to generate keys on the fly give an app 'key' (i.e. password). These 'keys' are found on lines 860-863. Looks like only AppConstants.r and AppConstants.s are used for the keys. Looks like 'r' is the XMLRPC and 's' is for the song urls? (I'd have to dig a bit further here).

The other constants there are the 3rd party partner username/password. :D

I wrote a small python script that extracts the base key into a C array (this is before I figured out how the other keys are generated). You could extend that and reimplement the 'createFromKey' function to generate the other two keys. Not familiar enough with the rest of the API to determine if that's all that is needed.

https://gist.github.com/2495271

dcode commented Apr 26, 2012

I could only find one set of keys in those files. Beginning on Line 337 in 'api deobfuscated.js'.

However, that function seems to generate keys on the fly give an app 'key' (i.e. password). These 'keys' are found on lines 860-863. Looks like only AppConstants.r and AppConstants.s are used for the keys. Looks like 'r' is the XMLRPC and 's' is for the song urls? (I'd have to dig a bit further here).

The other constants there are the 3rd party partner username/password. :D

I wrote a small python script that extracts the base key into a C array (this is before I figured out how the other keys are generated). You could extend that and reimplement the 'createFromKey' function to generate the other two keys. Not familiar enough with the rest of the API to determine if that's all that is needed.

https://gist.github.com/2495271

@romm-zz

This comment has been minimized.

Show comment
Hide comment
@romm-zz

romm-zz Apr 26, 2012

Maybe .r is for XMLRPC interface and .s is for JSON interface?

romm-zz commented Apr 26, 2012

Maybe .r is for XMLRPC interface and .s is for JSON interface?

@MTecknology

This comment has been minimized.

Show comment
Hide comment
@MTecknology

MTecknology Apr 26, 2012

Just a side note... I had been paying for their service and because of this, I'm no longer a paying customer and absolutely support cracking their crap in any way possible. :) I'll be of no help to any of you, though. :(

Just a side note... I had been paying for their service and because of this, I'm no longer a paying customer and absolutely support cracking their crap in any way possible. :) I'll be of no help to any of you, though. :(

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Apr 26, 2012

@MTecknology That's the spirit! :D

ghost commented Apr 26, 2012

@MTecknology That's the spirit! :D

@ladinu

This comment has been minimized.

Show comment
Hide comment
@ladinu

ladinu Apr 26, 2012

@theswordfish Thanks for posting!

ladinu commented Apr 26, 2012

@theswordfish Thanks for posting!

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Apr 26, 2012

No problem!

ghost commented Apr 26, 2012

No problem!

@nperez

This comment has been minimized.

Show comment
Hide comment
@nperez

nperez Apr 26, 2012

Silly question: Have you considered embedding one of the javascript engines that have DOM support? While it would introduce a lot of complexity, it could easily solve the problem of pandora doing ridiculously complex things on the web page. Plus, you could write the key extraction in javascript to avoid recompilation.

nperez commented Apr 26, 2012

Silly question: Have you considered embedding one of the javascript engines that have DOM support? While it would introduce a lot of complexity, it could easily solve the problem of pandora doing ridiculously complex things on the web page. Plus, you could write the key extraction in javascript to avoid recompilation.

@deltaray

This comment has been minimized.

Show comment
Hide comment
@deltaray

deltaray Apr 26, 2012

I actually pay for Pandora service and have contacted them before about protocol changes. All they said to me was that my client wasn't supported and they couldn't help me. What a lousy attitude. Its not like I'm paying for their crappy software, I'm paying for the license for their music. Their web client may look pretty, but its a POS.

I actually pay for Pandora service and have contacted them before about protocol changes. All they said to me was that my client wasn't supported and they couldn't help me. What a lousy attitude. Its not like I'm paying for their crappy software, I'm paying for the license for their music. Their web client may look pretty, but its a POS.

@deltaray

This comment has been minimized.

Show comment
Hide comment
@deltaray

deltaray Apr 26, 2012

I just sent an e-mail to Pandora asking them to forward it to upper management, basically just asking them to try to cooperate better with the Pandora community by communicating protocol changes in advance. I'll let you know if anything comes of it. I'm skeptical though.

I just sent an e-mail to Pandora asking them to forward it to upper management, basically just asking them to try to cooperate better with the Pandora community by communicating protocol changes in advance. I'll let you know if anything comes of it. I'm skeptical though.

@slevine

This comment has been minimized.

Show comment
Hide comment
@slevine

slevine Apr 26, 2012

Pandora is really getting on my nerves. I am a paying P1 customer (for years), but as others stated, hate using their crappy web app. My P1 subscription is actually up for renewal soon - not sure if I am going to sign on for another year. Also, I am a share holder, and it may be time to dump the stock. On a different note, although I haven't touched C since College - going to dig in to try to help out.

slevine commented Apr 26, 2012

Pandora is really getting on my nerves. I am a paying P1 customer (for years), but as others stated, hate using their crappy web app. My P1 subscription is actually up for renewal soon - not sure if I am going to sign on for another year. Also, I am a share holder, and it may be time to dump the stock. On a different note, although I haven't touched C since College - going to dig in to try to help out.

@romm-zz

This comment has been minimized.

Show comment
Hide comment
@romm-zz

romm-zz Apr 26, 2012

Actually saver2 already have a hotfix, however they do not release source code, as it seems.

romm-zz commented Apr 26, 2012

Actually saver2 already have a hotfix, however they do not release source code, as it seems.

@deltaray

This comment has been minimized.

Show comment
Hide comment
@deltaray

deltaray Apr 27, 2012

I second reedloden's skepticism. Any patch from someone not affiliated with the site that connects to some random website is not good. Especially since all it seems to do is get an epoch time a year in the future. How could this not just be put in the code instead? I don't know what wizzahd's intentions are, but that's not the right way to do things in open source land.

I second reedloden's skepticism. Any patch from someone not affiliated with the site that connects to some random website is not good. Especially since all it seems to do is get an epoch time a year in the future. How could this not just be put in the code instead? I don't know what wizzahd's intentions are, but that's not the right way to do things in open source land.

@PromyLOPh

This comment has been minimized.

Show comment
Hide comment
@PromyLOPh

PromyLOPh Apr 27, 2012

Owner

The patch is written by me, the pianobar author, and it obviously
won’t make it into any release of pianobar. The PHP script in provided
by @ZigZagJoe and yes, all it does is compute Pandora’s server time from
a time offset which is updated manually if necessary. I posted the patch
because a) I already created it for the #214 incident and b) because it
works.

I’m currently moving pianobar to a different API, as the web API
requires a full-blown browser with JavaScript and HTML parser to work.

Owner

PromyLOPh commented Apr 27, 2012

The patch is written by me, the pianobar author, and it obviously
won’t make it into any release of pianobar. The PHP script in provided
by @ZigZagJoe and yes, all it does is compute Pandora’s server time from
a time offset which is updated manually if necessary. I posted the patch
because a) I already created it for the #214 incident and b) because it
works.

I’m currently moving pianobar to a different API, as the web API
requires a full-blown browser with JavaScript and HTML parser to work.

@wizzahd

This comment has been minimized.

Show comment
Hide comment
@wizzahd

wizzahd Apr 27, 2012

@deltaray please re-read the thread and examine my commands more closely. you will realize I just posted commands to apply the patch that Lars created for, you know, his own application ;) you seem like a smart cat so I am sure it was just an oversight.

@PromyLOPh thank you for providing the patch, and @ZigZagJoe thanks for the assist! you guys make my ears happy :)

wizzahd commented Apr 27, 2012

@deltaray please re-read the thread and examine my commands more closely. you will realize I just posted commands to apply the patch that Lars created for, you know, his own application ;) you seem like a smart cat so I am sure it was just an oversight.

@PromyLOPh thank you for providing the patch, and @ZigZagJoe thanks for the assist! you guys make my ears happy :)

@deltaray

This comment has been minimized.

Show comment
Hide comment
@deltaray

deltaray Apr 27, 2012

@wizzahd Ok, like I said, I just don't know who you are. I missed the small post where Lars said "Temporary fix", and saw yours with a solution in it and thought that you wrote something that may be malicious. This fix is rather weird and I'm a bit nervous about running code that talks to a third party website. Essentially, this allows whoever runs ridetheclown.com to see when and from where we're running pianobar. The whois data for ridetheclown.com hides its owner and the name and page along with "importing more clowns" on the page make it sound like something malicious is going on. Maybe you don't see that if you're affiliated with the site, but I think its a reasonable impression from a stranger's point of view.

@wizzahd Ok, like I said, I just don't know who you are. I missed the small post where Lars said "Temporary fix", and saw yours with a solution in it and thought that you wrote something that may be malicious. This fix is rather weird and I'm a bit nervous about running code that talks to a third party website. Essentially, this allows whoever runs ridetheclown.com to see when and from where we're running pianobar. The whois data for ridetheclown.com hides its owner and the name and page along with "importing more clowns" on the page make it sound like something malicious is going on. Maybe you don't see that if you're affiliated with the site, but I think its a reasonable impression from a stranger's point of view.

@ZigZagJoe

This comment has been minimized.

Show comment
Hide comment
@ZigZagJoe

ZigZagJoe Apr 27, 2012

blasted github, mailing me...

Anyways, @reedloden, @deltaray: I maintain my own pandora client, as well as having provided keys several times in the past for protocol updates. So not really as random as you think ;) - granted, my domain probably didn't help matters.

As for the PHP script, what promy says covers it. The script is literally (old sync value) + time() - sync modified time. The result is what the misc.sync call provides - or close enough to it that it doesn't matter.

Previously, it was automatically updated by a script running a headless browser, but that method of fetching a sync key was broken and a method that doesn't involve injecting JS before parsing happens hasn't been found yet, so the automatic updating isn't happening. There essentially no drift, but I am watching.

This "fix" is simply buying time for a more resilient change to be devised. I know promy is going for the mobile protocol; I haven't decided as of yet.

blasted github, mailing me...

Anyways, @reedloden, @deltaray: I maintain my own pandora client, as well as having provided keys several times in the past for protocol updates. So not really as random as you think ;) - granted, my domain probably didn't help matters.

As for the PHP script, what promy says covers it. The script is literally (old sync value) + time() - sync modified time. The result is what the misc.sync call provides - or close enough to it that it doesn't matter.

Previously, it was automatically updated by a script running a headless browser, but that method of fetching a sync key was broken and a method that doesn't involve injecting JS before parsing happens hasn't been found yet, so the automatic updating isn't happening. There essentially no drift, but I am watching.

This "fix" is simply buying time for a more resilient change to be devised. I know promy is going for the mobile protocol; I haven't decided as of yet.

@deltaray

This comment has been minimized.

Show comment
Hide comment
@deltaray

deltaray Apr 27, 2012

@PromyLOPh @wizzahd @ZigZagJoe Ok, I'm more inclined to believe you now that I've just written my own quick PHP page that does this and changed the patch to point to my own website.

For others who are interested, you can just put something like this in a PHP page and then change the URL in the patch from ridemyclown.com to your own server. It could even be running on your localhost.

As was mentioned, I guess the reason for doing it this way is so they could change that number for everyone without requiring a new patch. So you'll still need to keep abreast of changes if you do this on your own.

@PromyLOPh @wizzahd @ZigZagJoe Ok, I'm more inclined to believe you now that I've just written my own quick PHP page that does this and changed the patch to point to my own website.

For others who are interested, you can just put something like this in a PHP page and then change the URL in the patch from ridemyclown.com to your own server. It could even be running on your localhost.

As was mentioned, I guess the reason for doing it this way is so they could change that number for everyone without requiring a new patch. So you'll still need to keep abreast of changes if you do this on your own.

@ckcin

This comment has been minimized.

Show comment
Hide comment
@ckcin

ckcin Apr 27, 2012

patched worked great rhel5.7 many thanks

ckcin commented Apr 27, 2012

patched worked great rhel5.7 many thanks

@earthmeLon

This comment has been minimized.

Show comment
Hide comment
@earthmeLon

earthmeLon Apr 27, 2012

I was never interested in paying for Pandora.

And then, I found pianobar. I became interested in paying Pandora for their service.

Then I went to their website and not only was their payment page insecure, but they were displaying a really horrible ad on said page.

http://www.reddit.com/r/netsec/comments/rf04o/pandoras_thoughts_on_user_security/

Thank you for pianobar, and thank those of you helping to keep it running.

I was never interested in paying for Pandora.

And then, I found pianobar. I became interested in paying Pandora for their service.

Then I went to their website and not only was their payment page insecure, but they were displaying a really horrible ad on said page.

http://www.reddit.com/r/netsec/comments/rf04o/pandoras_thoughts_on_user_security/

Thank you for pianobar, and thank those of you helping to keep it running.

@ladinu

This comment has been minimized.

Show comment
Hide comment
@ladinu

ladinu Apr 27, 2012

@PromyLOPh You mentioned moving pianobar to a different API. Are you looking into the Pandora Desktop App?

ladinu commented Apr 27, 2012

@PromyLOPh You mentioned moving pianobar to a different API. Are you looking into the Pandora Desktop App?

@PromyLOPh

This comment has been minimized.

Show comment
Hide comment
@PromyLOPh

PromyLOPh Apr 27, 2012

Owner

@ladinu Yes, as it uses the same JSON API.

btw: I just pushed a proof-of-concept (login, get stations, fetch
playlist) into the “json” branch.

Owner

PromyLOPh commented Apr 27, 2012

@ladinu Yes, as it uses the same JSON API.

btw: I just pushed a proof-of-concept (login, get stations, fetch
playlist) into the “json” branch.

@xarthna

This comment has been minimized.

Show comment
Hide comment
@xarthna

xarthna Apr 28, 2012

Thanks for the patch. Worked great for ubuntu 10.10.
@wizzahd Thanks for the easy instructions.

xarthna commented Apr 28, 2012

Thanks for the patch. Worked great for ubuntu 10.10.
@wizzahd Thanks for the easy instructions.

Sharpie added a commit to Homebrew/legacy-homebrew that referenced this issue Apr 29, 2012

pianobar: Update to 2012.04.24
Also includes a patch to work around PromyLOPh/pianobar#236.

Closes #11900.

Signed-off-by: Charlie Sharpsteen <source@sharpsteen.net>
@rcherveny

This comment has been minimized.

Show comment
Hide comment
@rcherveny

rcherveny Apr 30, 2012

Thanks for the quick work! Back in business on my MBP (Which, fwiw, installed fine via macports).

Thanks for the quick work! Back in business on my MBP (Which, fwiw, installed fine via macports).

@admdrew

This comment has been minimized.

Show comment
Hide comment
@admdrew

admdrew Apr 30, 2012

wizzahd's patch worked for me (#236 (comment)), and (as a paying Pandora customer) I sent off a message to them voicing my support for both their service, and the pianobar client. Here's hoping they listen to all of us!

admdrew commented Apr 30, 2012

wizzahd's patch worked for me (#236 (comment)), and (as a paying Pandora customer) I sent off a message to them voicing my support for both their service, and the pianobar client. Here's hoping they listen to all of us!

@wizzahd

This comment has been minimized.

Show comment
Hide comment
@wizzahd

wizzahd Apr 30, 2012

let me just be clear that this is not my patch :) all credit goes to @PromyLOPh; I only listed the commands to make it easier to apply the patch.

wizzahd commented Apr 30, 2012

let me just be clear that this is not my patch :) all credit goes to @PromyLOPh; I only listed the commands to make it easier to apply the patch.

@admdrew

This comment has been minimized.

Show comment
Hide comment
@admdrew

admdrew Apr 30, 2012

Oops! Ok, well thanks (again!) to @PromyLOPh for the patch, and thanks @wizzahd for allowing noobs like me to continue listening to music.

admdrew commented Apr 30, 2012

Oops! Ok, well thanks (again!) to @PromyLOPh for the patch, and thanks @wizzahd for allowing noobs like me to continue listening to music.

@PromyLOPh PromyLOPh closed this in 63c86dc May 1, 2012

@PromyLOPh

This comment has been minimized.

Show comment
Hide comment
@PromyLOPh

PromyLOPh May 1, 2012

Owner

I merged my json work into master, so this issue is fixed. It should
work out-of-the-box, although there are a few glitches that need a fix,
so give it a try. If you find a bug open a new issue, please.

Thanks to everyone who helped out with reverse-engineering, provided
documentation or gave feedback! Let’s hope this fix lasts longer than a
few hours.

To packagers/distributions: There will be a new version released once I
ironed out all the nasty bugs. Maybe in a week or two.

Before:
-rwxr-xr-x 1 lars lars 118K 1. Mai 12:17 pianobar
After:
-rwxr-xr-x 1 lars lars 85K 1. Mai 12:17 pianobar
In other words:
22 files changed, 1407 insertions(+), 3502 deletions(-)
in one week, two new dependencies, a documentation wiki at
http://pan-do-ra-api.wikia.com/ and a lot of fun with C ;)

Owner

PromyLOPh commented May 1, 2012

I merged my json work into master, so this issue is fixed. It should
work out-of-the-box, although there are a few glitches that need a fix,
so give it a try. If you find a bug open a new issue, please.

Thanks to everyone who helped out with reverse-engineering, provided
documentation or gave feedback! Let’s hope this fix lasts longer than a
few hours.

To packagers/distributions: There will be a new version released once I
ironed out all the nasty bugs. Maybe in a week or two.

Before:
-rwxr-xr-x 1 lars lars 118K 1. Mai 12:17 pianobar
After:
-rwxr-xr-x 1 lars lars 85K 1. Mai 12:17 pianobar
In other words:
22 files changed, 1407 insertions(+), 3502 deletions(-)
in one week, two new dependencies, a documentation wiki at
http://pan-do-ra-api.wikia.com/ and a lot of fun with C ;)

@thedmd

This comment has been minimized.

Show comment
Hide comment
@thedmd

thedmd May 1, 2012

Magnificent!

thedmd commented May 1, 2012

Magnificent!

@kettultim

This comment has been minimized.

Show comment
Hide comment
@kettultim

kettultim May 1, 2012

Excellent! Thank you thank you. Just recompiled and works perfectly.

Excellent! Thank you thank you. Just recompiled and works perfectly.

@b-dub

This comment has been minimized.

Show comment
Hide comment
@b-dub

b-dub May 1, 2012

I'm confused (happens a lot), how do I get the this change?

Thanks

b-dub commented May 1, 2012

I'm confused (happens a lot), how do I get the this change?

Thanks

@perette

This comment has been minimized.

Show comment
Hide comment
@perette

perette May 2, 2012

The compiler bitches a lot about libgcrypt:
/opt/local/include/gcrypt.h:1639: warning: ‘gcry_ac_scheme_t’ is deprecated /opt/local/include/gcrypt.h:1641: warning: ‘gcry_ac_key_t’ is deprecated /opt/local/include/gcrypt.h:1642: warning: ‘gcry_ac_io_t’ is deprecated /opt/local/include/gcrypt.h:1643: warning: ‘gcry_ac_io_t’ is deprecated /opt/local/include/gcrypt.h:1649: warning: ‘gcry_ac_id_t’ is deprecated
(Repeated like 300 times.) But runs fine on my variant despite the compiler's angst.

perette commented May 2, 2012

The compiler bitches a lot about libgcrypt:
/opt/local/include/gcrypt.h:1639: warning: ‘gcry_ac_scheme_t’ is deprecated /opt/local/include/gcrypt.h:1641: warning: ‘gcry_ac_key_t’ is deprecated /opt/local/include/gcrypt.h:1642: warning: ‘gcry_ac_io_t’ is deprecated /opt/local/include/gcrypt.h:1643: warning: ‘gcry_ac_io_t’ is deprecated /opt/local/include/gcrypt.h:1649: warning: ‘gcry_ac_id_t’ is deprecated
(Repeated like 300 times.) But runs fine on my variant despite the compiler's angst.

@nperez

This comment has been minimized.

Show comment
Hide comment
@nperez

nperez May 2, 2012

On Tue, 1 May 2012 03:29:43 -0700
PromyLOPh
reply@reply.github.com
wrote:

I merged my json work into master, so this issue is fixed. It should
work out-of-the-box, although there are a few glitches that need a
fix, so give it a try. If you find a bug open a new issue, please.

Thanks to everyone who helped out with reverse-engineering, provided
documentation or gave feedback! Let’s hope this fix lasts longer than
a few hours.

To packagers/distributions: There will be a new version released once
I ironed out all the nasty bugs. Maybe in a week or two.

Before:
-rwxr-xr-x 1 lars lars 118K 1. Mai 12:17 pianobar
After:
-rwxr-xr-x 1 lars lars 85K 1. Mai 12:17 pianobar
In other words:
22 files changed, 1407 insertions(+), 3502 deletions(-)
in one week, two new dependencies, a documentation wiki at
http://pan-do-ra-api.wikia.com/ and a lot of fun with C ;)


Reply to this email directly or view it on GitHub:
#236 (comment)

Slick. This works without issue for me.

apt-get install libjson0-dev;
make;

PromyLOPh++

Nicholas Perez
XMPP/Email: nick@nickandperla.net
https://metacpan.org/author/NPEREZ
http://github.com/nperez

nperez commented May 2, 2012

On Tue, 1 May 2012 03:29:43 -0700
PromyLOPh
reply@reply.github.com
wrote:

I merged my json work into master, so this issue is fixed. It should
work out-of-the-box, although there are a few glitches that need a
fix, so give it a try. If you find a bug open a new issue, please.

Thanks to everyone who helped out with reverse-engineering, provided
documentation or gave feedback! Let’s hope this fix lasts longer than
a few hours.

To packagers/distributions: There will be a new version released once
I ironed out all the nasty bugs. Maybe in a week or two.

Before:
-rwxr-xr-x 1 lars lars 118K 1. Mai 12:17 pianobar
After:
-rwxr-xr-x 1 lars lars 85K 1. Mai 12:17 pianobar
In other words:
22 files changed, 1407 insertions(+), 3502 deletions(-)
in one week, two new dependencies, a documentation wiki at
http://pan-do-ra-api.wikia.com/ and a lot of fun with C ;)


Reply to this email directly or view it on GitHub:
#236 (comment)

Slick. This works without issue for me.

apt-get install libjson0-dev;
make;

PromyLOPh++

Nicholas Perez
XMPP/Email: nick@nickandperla.net
https://metacpan.org/author/NPEREZ
http://github.com/nperez

@grota

This comment has been minimized.

Show comment
Hide comment
@grota

grota May 2, 2012

❤️

grota commented May 2, 2012

❤️

rohansingh added a commit to rohansingh/homebrew that referenced this issue May 7, 2012

pianobar: Update to 2012.04.24
Also includes a patch to work around PromyLOPh/pianobar#236.

Closes #11900.

Signed-off-by: Charlie Sharpsteen <source@sharpsteen.net>
@TRWulfgar

This comment has been minimized.

Show comment
Hide comment
@TRWulfgar

TRWulfgar May 12, 2012

For those of us who are new and slow... I'd much appreciate if someone could comment in a very basic fashion on how to implement the newest patch.

I just keep telling myself "Everyone was new once".

Thanks much.

For those of us who are new and slow... I'd much appreciate if someone could comment in a very basic fashion on how to implement the newest patch.

I just keep telling myself "Everyone was new once".

Thanks much.

@b-dub

This comment has been minimized.

Show comment
Hide comment
@b-dub

b-dub May 12, 2012

TRWulfgar
What OS/env? My windows xp cygwin build required some tweeking to get it going but the basic steps should be similar on most systems.

//to get the source
git clone git://github.com/PromyLOPh/pianobar.git

// to get libjson-devel (I had to get apt_cyg ~ apt_get???)
apt-cyg install libjson-devel

cd pianobar
make

// I have to do a 'make CC=CC CFLAGS="-std=gnu99 -L /usr/local/lib" ' but that's because I'm special and don't always know what I'm doing, but can usually make it work.

b-dub commented May 12, 2012

TRWulfgar
What OS/env? My windows xp cygwin build required some tweeking to get it going but the basic steps should be similar on most systems.

//to get the source
git clone git://github.com/PromyLOPh/pianobar.git

// to get libjson-devel (I had to get apt_cyg ~ apt_get???)
apt-cyg install libjson-devel

cd pianobar
make

// I have to do a 'make CC=CC CFLAGS="-std=gnu99 -L /usr/local/lib" ' but that's because I'm special and don't always know what I'm doing, but can usually make it work.

@TRWulfgar

This comment has been minimized.

Show comment
Hide comment
@TRWulfgar

TRWulfgar May 12, 2012

Sorry, n00b mistake.

I'm running Ubuntu.

Sorry, n00b mistake.

I'm running Ubuntu.

@dustineichler

This comment has been minimized.

Show comment
Hide comment
@dustineichler

dustineichler May 18, 2012

What directory am I installing this patch?

What directory am I installing this patch?

@PromyLOPh

This comment has been minimized.

Show comment
Hide comment
@PromyLOPh

PromyLOPh May 18, 2012

Owner

The issue has been closed for a while now. Please use the latest
release.

Owner

PromyLOPh commented May 18, 2012

The issue has been closed for a while now. Please use the latest
release.

@dustineichler

This comment has been minimized.

Show comment
Hide comment
@dustineichler

dustineichler May 18, 2012

just a heads up, I'm seeing this error (again), therefore I comment.

just a heads up, I'm seeing this error (again), therefore I comment.

etehtsea pushed a commit to etehtsea/formulary that referenced this issue Jul 22, 2012

pianobar: Update to 2012.04.24
Also includes a patch to work around PromyLOPh/pianobar#236.

Closes #11900.

Signed-off-by: Charlie Sharpsteen <source@sharpsteen.net>

Sharpie added a commit to Sharpie/homebrew that referenced this issue Sep 12, 2012

pianobar: Update to 2012.04.24
Also includes a patch to work around PromyLOPh/pianobar#236.

Closes #11900.

Signed-off-by: Charlie Sharpsteen <source@sharpsteen.net>

snakeyroc3 pushed a commit to snakeyroc3/homebrew that referenced this issue Dec 17, 2012

pianobar: Update to 2012.04.24
Also includes a patch to work around PromyLOPh/pianobar#236.

Closes #11900.

Signed-off-by: Charlie Sharpsteen <source@sharpsteen.net>

rivy added a commit to rivy/xbmc-pandora that referenced this issue Jan 19, 2014

UPDATE: pull & implement upstream changes to pandora.py from pianobar…
… project

NOTE: see PromyLOPh/pianobar#236 (comment)

This is a TEMPORARY fix, written by the author of PianoBar, but using an odd third-party
techinique. PianoBar is currently moving to an alternative API, but it's still a
work-in-progress.

rivy added a commit to rivy/xbmc-pandora that referenced this issue Jan 19, 2014

UPDATE: implement fix (from newatv2user) to remain current with piano…
…bar access scheme

NOTE: see http://forum.xbmc.org/showthread.php?tid=70471&pid=1093964#pid1093964

This is another TEMPORARY fix. This switches to the JSON tree of the Pianobar Project for
pulling keys. It looks like the primary author of Pianobar has fully updated the JSON tree
and merged it into MASTER. A more semi-permanent fix may be forthcoming from that code
update (see PromyLOPh/pianobar#236).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment