shush / Shush Extension

Re: @visionsofleo:

Until the author comes back I seriously doubt this script is viable. You may want to try a few things and report back what works with tweaking it... or fork it with this sites forking capabilities with a model that doesn't constantly hit the site. As I don't visit this site I can't tell you why it constantly polls OUJS. I can only guess it is getting triggered while watching a video... but that's just a guess.


You clicked install too many times. This site limits that, try again in a day.
@Marti What do you mean by "constantly hit the site"? It is completely independent after installed. If it constantly hits the site that's an issue with tampermonkey

Re: @shush:

What do you mean by "constantly hit the site"?

This script and a couple of others is a portion of the reason why the 429 is in place on OUJS. As I mentioned in the similar report @noframes, if supported in the .user.js engine, might help... if not a check can achieve the same thing.

It is completely independent after installed. If it constantly hits the site that's an issue with tampermonkey.

There was (still might be) an issue with Tampermonkey which is the other portion of reasoning for the 429 check. The number of raw installs on this script reflects that something on the site is triggering reinstalls. Excluding popularity of this script it has gone up approximately 20 installs (1791262 to 1791281) just in the time that it's taken me to type this up. So something is up... perhaps the site is also refreshing the window constantly which in tandem with a .user.js engine flaw could really be increasing the traffic.

@Marti What do you mean by "raw installs"? The traffic spikes on the weekends. Monday and Tuesday it spikes as well. I'm not sure what @noframes accomplishes as the player already has an iframe breaker and will not work if iframed, thus not using the script ever (it only uses the script on player load) and is completely independent after installation.

Are these requests all from tampermonkey? Because there are many greasemonkey users as well, and if there are no "raw installs" from these users, this should isolate the issue to tampermonkey

Re: @shush:

The traffic spikes on the weekends. Monday and Tuesday it spikes as well.

It spikes constantly every day of the week... the raw installs of this script are the counts up top here on OUJS. Provided @sizzle gets back to me on moving the install stats to once daily per IP based and locally on the VPS all of these numbers would be invalidated... however raw installs shows how many times someone is accessing the .user.js URL portion of any script. We are currently curtailing this with the brute force prevention mentioned by @visionsofleo and some others.

the player already has an iframe breaker

There currently is no reference in this .user.js so if your @match is too wide (inclusive) and multiple iframes/frames exist on the site that too can "inject" the script in multiple locations. In tandem with a .user.js engine flaw (most likely Tampermonkey as the retry routine was incorrectly and badly "borrowed" from usoCheckup and too aggressive). Since derjanb hasn't been communicative lately about his meta check routine I can only presume that he hasn't spent any time on it. I am rarely in Chromium/Chrome so I haven't retested this since that issue report.

this should isolate the issue to tampermonkey

Pointing the finger at that engine might still be the main issue however I still think that your script could use some tender loving care (TLC). I didn't remove it back in April when the fiasco started/continued with Tampermonkey (TM)... but as you may have noticed I put in the @updateURL and version bumped to maintain the integrity of OUJS... otherwise it would have been deleted (not removed) until the situation with TM calmed down a bit. Your script was and still is the number one "raw installed" here on OUJS and it's not just a matter of popularity as some engine somewhere on some client(s) is pulling source every page load/document start (or worse every iframe/frame) load.

My point to you is that you do not have a frame check in this script and most likely there is something that you can do to improve your users experience with it. Personally I would start off with a @noframes and even put the check in for older engines that don't support @noframes in the UserScript metadata block... since you know how your script works better than anyone else with these "certain videos" you can tell if it's still working with the current @match values... or if those keys needs to be refined a bit.

@Marti I will look at @noframes and see what impact that has, however there are no iframes used anywhere and the player simply will not load in an iframe.
Also keep in mind this script has been on here long before the fiasco started (unchanged) and had no issues (as far I'm aware), it should not be pulling the source under any circumstances (unless there's some update issue still), and is completely independent

Re: @shush:

keep in mind this script has been on here long before the fiasco started (unchanged)

TM has had an issue with caching and pulling full script source going back to days from many years before this script was published here. When it was first determined with usoCheckup, and AAU from @sizzle, we added in caching headers at that time to attempt to control it via the browser... some of it is Chromium/Chrome too. So if anyone isn't up to date then there is a higher chance of multiple site hits happening. Adding some simple precautions to a known script that continually hits OUJS would be a wise thing to do. We've blocked brute force attacks for every Userscript as our precaution.

however there are no iframes used anywhere and the player simply will not load in an iframe.

Just wrote an ancillary .user.js and a brief extension to make it load in an iframe and it works well... but natively the player loader script attempts to redirects out of a framed element when possible. The framing also does not have to include the Flash player and your current @match will inject into those frames as well. If the .user.js engine is flawed then your script will be pulled from OUJS x number of frames times.

and is completely independent

If a system/platform has been compromised in any way this is not true... better to be precautious with some simple checks. That's why @noframes exists in the first place besides easing up some common coding. You can't guarantee that your script is the only one running on this @matched site and you can't guarantee that doesn't have some live option that injects framing on the fly.

If you want a more accurate raw install count I would suggest reading this. This will cover up publicly if there is a .user.js engine issue but we'll still be able to track when needed especially with our brute force prevention.

The script is tied to the player. So for example, the player makes a crossdomain flash request to the source, which might fail, resulting in an error for some people. That's what force extension option is for, instead of relying on flashes crossdomain it utilizes the GM_xmlhttpRequest. The extension page is just for instructions (when force extension is enabled) or in other scenarios where it is required, so yes they are the same thing. Some people just don't need it that's why the option is there.
It doesn't "hotlink" anything and runs independent after installation from this site, if that's what you were asking

@Marti Too bad you can't edit here.
Let me try again since this part sounded confusing.

e.g. is the site itself trying to hotlink in this Userscript when enabled ??

When a video requires the extension, a message is displayed in the player (which you probably encountered which is how you ended up on the instruction page).
Some users receive a different error in the player, which directs them to the settings page to enable "force extension", this in turn now shows the first message (that you encountered) and leads them to the installation page. It's the same thing.

If the script was to be removed from this site right now, everyone that has it installed already wouldn't notice anything and it would function exactly the same.
A place was needed to host it where it could be updated without Chrome throwing security errors, so it's here.

Re: @shush:
I can't download this and I can't see anything on shush. I've only clicked install once. Like only once. It just isn't downloading. Repair this now, will you?