I’m a paying YouTube premium subscriber. Last weekend, I wanted to download something so I can watch it on my way in the train. The app got stuck at “waiting for download..” on my iPad. Same on iPhone. Restart did not work. I gave up after an hour (30 mins hands on trying stuff, 30 mins waiting for it to fix itself). Downloaded the video using yt-dlp, transferred it to my USB c flash drive, and watched it from that.
Awaiting their “premium cannot be shared with people outside household” policy so I can finally cancel. Family members make good use of ad-free.
I'm also a premium subscriber, and have struggled with the same issues on the iPad app. I try to keep some shows downloaded for my toddler, and the download feature never seems to work on the first try.
I finally got so fed up, I bought a Samsung Galaxy Tab A7 off ebay for $50 and flashed it with LineageOS. I can now load whatever media I want onto the 1 TB sdcard I've installed in it. The 5 year old hardware plays videos just fine with the VLC app. And, as a bonus, I discovered that NewPipe, an alternative YouTube client I installed through the F-Droid store, is actually much more reliable at downloading videos than the official client. I was planning on using yt-dlp to load up the sdcard, but now I don't even need to do that.
i use this for things i repost on IG with commentary. i would rather not have a huge folder of downloads of random stuff i'm not even sure i want to revisit. (and i'm bad about clearing out space on my phone.)
Don't car play and android auto rely on proprietary libraries? I doubt it will come to Linux phones unless they take off or something like microg reimplements the proprietary parts.
The TIDAL app is absolute trash, it has this same issue all the time; not just that, but also, if a download fails it just hangs there and does not download the rest of the album/playlist.
Also, why would you want to download things in the first place? To watch them offline, right? Well, guess what happens when you open the app w/o an internet connection ... it asks you to login, so you cannot even access your music. 900k/year TOC genius work there.
The only reason why I haven't canceled is because I'm too lazy to reset my password in order to login and cancel, lol. Might do it soon, though.
When I try it for a month, the worst part.. your entire download queue fails forever unless you manually remove hundreds of items one by one
There is no way to remove the stuck item if it's been pull from streaming library or you in country that -- such traveling etc -- does not have r ights to it. You simply cannot open the track to undownload it
I also pay for YouTube Premium, but I still use ReVanced on my smartphone just to disable auto-translation. It’s absolute madness that users can’t configure this in the official app.
I was talking to "my friend" about how I'm annoyed my calendar duplicates holidays because it imports from multiple calendars and he asked me "what value" would be provided if this was solved. Confused I said it pushes things off so I can't read events. He clarified he meant monetary value...
We're both programmers so we're both know we're talking about a one line regex...
I know quite a number of people like this and they're in high positions at big tech companies... doesn't take a genius to figure out why everything has such shitty user experiences and why all the software is so poorly written. No one even seems to care about the actual product they'll only correct you to tell you the product is the stock and the customer is the shareholder, not the user.
I mean these numbers are just made up anyways, so why are engineers concerned with them? The idea of engineers needing to justify monetary value is just... ill conceived. They should be concerned with engineering problems. Let the engineering manager worry about the imaginary money numbers.
> User retention is a thing.
Problem is no one needs to care about the product's quality if the product has the market cornered... Even less of a concern if the users don't know how to pick good products from bad products. Tech illiteracy directly leads to Lemon Markets
> I mean these numbers are just made up anyways, so why are engineers concerned with them?
That's what they're directly or indirectly being graded on. Even if they don't have to show how their work impacted the company's bottom line, their managers or their managers' managers have to, and poop just rolls downhill.
> The idea of engineers needing to justify monetary value is just... ill conceived. They should be concerned with engineering problems. Let the engineering manager worry about the imaginary money numbers.
If this was only possible in this industry. If you're in a small company, you're wearing multiple hats anyway. If you're in a big corp, well, my wife hates that I see this in everything, but - hidden inflation is a thing. As roles are eliminated (er, "streamlined"), everyone is forced to be responsible for things they're not really supposed to care about (my favorite example is filing expense reports).
What did you tell him was the monetary value? Let's say there are like 5 holidays per year that result in days where some people have holidays but others do not, so business meetings happen that day that get missed. Let's say you have a 100 million people using this calendar software. Let's say 0.5 percent of those are in the executive class. Furthermore, let's say 10% of them miss a meeting due to this UI issue. That's 50,000 missed meetings. If we handwave that each of those meetings could have resulted in $10 million deals for their company, this UI bug is costing customers half a trillion dollars!
So, after estimating the number of ping pong balls that fit on a 747, the thing to do is to go write the regexp and put that on your promo packet. Half a trillion dollars!
Sorry, let me clarify better (but it leads to similar issues)
On my iPhone[0] calendar I imported my Microsoft (work) and Google (personal) calendars, also having the iPhone calendar. If we take last Labor day as an example, if I don't disable the Holiday calendars in Microsoft and Google, I have 3 entries for Labor Day. Holidays sit at the top of the day so if I'm on my phone I basically won't see any other events. If I'm on my macbook and my Calendar is using 60% of my vertical space I see "Labor Day +3 more". Full screen I can see 4 maybe 5 entries....
So I can save a large chunk of real estate by doing a simple fucking 1 line regex. At the same time I can effectively merge the calendars, so I get to see the holidays that are in one but not the others.
Effectively, I can ACTUALLY SEE WHAT I HAVE SCHEDULED FOR THE DAY[1]
This, of course, also affects other things. Sometimes Google will add an event because I got an email later. Fuck, now I have dupes... Same thing happens with birthdays... Or you can hit that fun bug where you have for some god damn reason duplicate contacts with the same name, phone number, and birthday, you get triplicate calendar entries and merging[2] and results in quadruple entries!
I have missed so many fucking things because I didn't see it on my calendar[3]. And someone has the audacity to ask how much money would be saved? We've spent longer discussing the problem than it would take to fix it! These aren't junior people I'm talking to (who ask dumb things like "but I can't control or merge the other calendars" not recognizing it's a display issue), but like a L6 at Amazon.[4]
> So, after estimating the number of ping pong balls that fit on a 747, the thing to do is to go write the regexp and put that on your promo packet.
I swear, the problem is no one realizes the point of leetcode questions was never to get the answers right, but to just have some problem for an interviewee work on and see how they go about solving it. I'd rather an engineer get the wrong answer with a good thought process than get the right answer with shitty code that was obviously memorized. It's much harder to teach people how to think than it is to teach them some specific thing to remember.
[0] I've almost immediately regretted this decision...
[1] General frustration yelling, not yelling at you
[2] No, the "find duplicate contacts" option does not in fact find duplicate contacts (what fucking data are they looking for? Because it sure as hell isn't identical names. Why isn't it even trying to do similar names?!)
[3] I've also missed so many fucking things because that little scroll wheel wasn't completely finished with its animation and so saved the wrong day or switched AM to PM. I've missed so many things because I have so little control over notifications and they disappear not if I dismiss them, but if I just unlock my god damn phone. So not just that one liner needs to be done, but it would do a lot and these other one-liners would also greatly help.
[4] Dude was complaining about candidates using GPT to do leetcode problems and how he had a hard time figuring out if they were cheating or not. One of my many suggestions was "why not do in person interviews?" which was answered with how expensive plane tickets were (his interviewees were local) and contradicted his prior and later statements about how costly it is to hire/interview someone. I'm sorry, what percentage of 6 engineer's salaries to do 6 interviews for an hour is a single round trip ticket for a domestic flight? Or to have someone... drive in...
The auto-dub feature is madness. I noticed it first a couple of days ago, I'm crossing my fingers that few authors choose to enable it, and that YouTube makes it easy to disable as a default in settings (not currently possible, you have to do it as you watch, every time).
I'm in a Spanish speaking country, but I want to watch English videos in English.
Auto-generated subtitles for other languages are ok, but I want to listen to the original voices!
It is enabled by default. One creator of English language content had their video misclassified as Spanish and people were getting a machine English dub on an English video. Support to fix it appears to be a nightmare.
Wait, do you mean it's enabled by default but the author can disable it?
If not, I wonder why I can still watch most videos in their original language (even though I'm in a Spanish-speaking country), and I only encountered this once so far.
This “feature” amazes me. It is badly done and a bad idea. I haver never watched a dubbed video so why show me a translated title? It’s also surprising, Google has plenty ESL employees on staff.
There has to be some KPI tied to how often the AI model is used in production for providing translations on YouTube etc. Someone's promotion hangs on the translation feature being used as often as possible on YouTube.
Comments are quite good at pointing out when the creator has accidentally left it on (it is of course enabled by default and authors have to actively disable it).
I wonder who got the idea at Youtube that forced auto-dub was a good idea. This shows how dysfunctional the management is. It's one thing to have assholes in your team, it's a different thing to not look at what they are doing.
Even more hilariously, if you upload to YouTube then try to download from your creator dashboard thing (e.g. because you were live-streaming and didn’t think to save a local copy or it impacts your machine too much) you get some shitty 720p render while ytdlp will get you the best quality available to clients.
Oh, that reminds me of a similar experience with Facebook video. Did a live DJ stream a few years ago but only recorded the audio locally at max quality.
Back then, I think I already had to use the browser debugger to inspect the url for the 720p version of the video.
When they recently insisted by email I download any videos before they sunset the feature, their option only gave me the SD version (and it took a while to perform the data export).
Canceled mine after ad-free stopped working on YouTube Kids of all things (on ShieldTV). Was probably a bug, but with practically no customer service options, no real solutions besides cancel.
I was also a holdover from a paying Play Music subscriber, and this was shortly after the pita music switchover to youtube, so it was a last straw.
So long as they are broadcasting media to the public without an explicit login system, so as to take advantage of public access for exposure, it will remain perfectly legitimate and ethical to access the content through whatever browser or software you want.
After they blitzed me with ads and started arbitrarily changing features and degrading the experience, I stopped paying them and went for the free and adblocking clients and experience.
I may get rid of phones from my life entirely if they follow through with blocking third party apps and locking things down.
the problem is, you cannot be sure what Google does if they catch you violating their ToS. They have killed off entire google accounts for YT copyright strikes with no recourse.
Google doesn't capriciously deprecate things in a short amount of time. When they sunset features, there's plenty of warning. They'll tell you that there's a hammer, that it's going to drop on you in 6 months, which is plenty of time for you to get out from under it. Which, I mean, I'd rather there not be a hammer, but it's not like they're gonna announce on a Friday that they're shutting down Google Keep on Monday and I need to wreck my whole weekend in order to save all my notes.
Yeah, same. I still have a gmail account that just forwards emails, and I update the email on services as they come on. Being on your own domain for email is just better.Though, I use a service provider to handle the mail server itself
I’m another Premium user in the same position. I use uBlock Origin and Sponsorblock on desktop and SmartTube on my TV. I pay for Premium to be able to share ad-free experience with my less technical family members, and to use their native iOS apps.
If they really tighten the rules on Premium family sharing, I’ll drop the subscription in an instant.
I’m a Premium user and primarily watch on AppleTV. A little while ago they added a feature where if I press the button to skip ahead on the remote when a sponsor section starts, it skips over the whole thing. It skips over “commonly skipped” sections.
While it doesn’t totally remove it, it lets me choose if I want to watch or not, and gets me past it in a single button press. All using the native app. I was surprised the first time this happened. I assume the creators hate it.
I'm constantly baffled by how bad the implementation of YouTube Premium downloads is. Videos will buffer to 100% in a matter of seconds but get endlessly stuck when I hit the download button. Why? All the bytes are literally on my device already.
The whole YouTube app is weird. Sometimes it lets you do 1.0x-2.0x. Sometimes it lets you range from .25x-4x. Sometimes it pops up a text selection box with every .05x option from .1 to 4.0. Sometimes it has a nicer UI with shortcut selections for common choices and a sliding bar for speed. It recently picked up a bug where if you're listening to a downloaded video, but turn the screen off and on again, the video playback seems to crash. A few months ago it became very, very slow at casting, all manipulations could take 30 seconds to propagate to the cast video (pause, changing videos, etc)... but they didn't usually get lost. (It would be less weird if they did just get lost sometimes.) You aggressively can't cast a short to a TV, in a way that clearly shows this is policy for some incomprehensible reason, but if you use the YouTube app directly on your set top box it'll happily play a short on your TV. Despite its claims in small text that downloads are good for a month without being rechecked, periodically it just loses track of all the downloads and has to redownload them. It also is clearly trying to reauthorize downloads I made just 30 minutes ago sometimes when I'm in a no-Internet zone, defeating the entire purpose. When downloads are about 1/4th done it displays the text "ready to watch on the download screen" but if you try to watch it it'll fail with "not yet fully downloaded".
Feels like the app has passed the complexity threshold of what the team responsible for it can handle. Or possibly, too much AI code and not enough review and testing. And those don't have to be exclusive possibilities.
They flop back and forth at a high frequency though. I can hit all three cases in five minutes and it's been like that for months.
Also there is never a sensible reason to offer video speeds as a combo-box popup of all options from .05x to 4.00x. It's like three times the vertical size of my screen.
All that testing and they've never thought to offer a one-tap way to get back into speed control once I've adjusted the speed one or more times on the same video.
Don’t get me started on the “highest quality” account setting absolutely never selecting 4K options when available. They simply have to try to save the bandwidth money by nesting quality options a couple taps away. (A userscript fixes this on desktop and even in Safari iOS/iPadOS, but I don’t deserve the quality I’m paying for if I use their native app.) [Privileged rant over!]
Also a paying YT Premium subscriber. I live in a rural part of CA where there isn't much 5G reception. For extremely long drives in my minivan, I allow my toddler to watch Ms. Rachel on the screen via an HDMI port input from my iPhone. Youtube Premium videos have DRM that disallow downloads to play over HDMI, so I had to do what you did and add them as files locally to VLC and play them from there.
I have 2 homes. Every time I "go up north" I have to switch my Netflix household and then back again when I return. This sounds like that won't even be possible.
I also have YouTube premium and watch mostly on my iPad and TV. YouTube constantly logs me out at least once per day. I notice because I’ll randomly start seeing ads again (I open videos from my rss reader, never their site). This never happened when I wasn’t on premium. I don’t get what they’re doing, but my impression after almost a year is that it’s only slightly less annoying than getting ads. At this point, I might as well not renew and just use ad block.
I run into that download issue all the time. I need to pause downloading each video. Force close the youtube app. Then unpause the downloads to get them downloading again. It has been happening for years and is still unfixed.
I'll admit to using yt-dlp to get copies of videos I wish to have a local copy of, which can't be taken away from me by somebody else, but I pay for premium because that pays for content I watch. If you don't pay for content, where's it going to come from? Patreon only works for super dedicated stars with a huge following.
Why not use a non-chromium browser and help prevent Google from having larger control over the Internet?
We still need competition in the browser space or Google gets to have a disproportionate say in how the Internet is structured. I promise you, Firefox and Safari aren't that bad. Maybe Firefox is a little different but I doubt it's meaningfully different for most people [0]. So at least get your non techie family and friends onto them and install an ad blocker while you're at it.
[0] the fact that you're an individual may mean you're not like most people. You being different doesn't invalidate the claim.
Firefox is in decline and Brave will soon overtake it. Brave blocks ads natively. There is a lot of advantage in that but we also may eventually have a new model that funds the internet. And I don't see Firefox or Safari disrupting advertising.
The point is that if everyone is using a single browser (not just Chrome/Chromium) then that actor gets disproportionate control over the internet. That's not good for anyone.
The specific gripe to Chromium is that _Google_ gets that say, and I think they are less trustworthy than other actors. I'm not asking anyone to trust Mozilla, but anyone suggesting Mozilla is less trustworthy than Google probably has a bridge to sell you. Remember that being Chromium still means that Brave is reliant upon Google. That leads to things like this[0,1]. Remember, the chromium source code is quite large, which is why things like [0] aren't so easily found. I also want to quote a quote from [0.1]
This is interesting because it is a clear violation of the idea that browser vendors should not give preference to their websites over anyone elses.
That wouldn't be the first time people have found Google preferencing their browser and it is pretty known this happens with YouTube. Do we really want ANY company having such control over the internet? Do we really want Google to?
I'm not sure what you're trying to tell me here. That Brave has 64% of the number of users as Firefox? That Brave users really like Gemini, Coinbase, and Uphold? That Brave users are linking their Brave account to sites like Twitter, YouTube, Reddit, GitHub, Vimeo, and Twitch? That Brave Ads is tracking via the state level? Honestly I have more questions looking at the Brave "transparency" report, as it seems to have more information about users than Firefox...
If you're extra concerned about privacy and that's your reason for Brave, then may I suggest the Mullvad browser[2]? It is a fork of Firefox and they work with Tor to minimize tracking and fingerprinting. You get your security, privacy, and out from under the boot of Google.
Browser extensions are not meant for the technical crowd, they're meant to be installed by all users of the browser. If someone is not bright enough to figure out how to install a browser extension, or change a lightbulb, or refill the ice tray, tech worker or not I don't need them in my startup.
FYI for next time you're buying, you can install Firefox on Android, although this is perhaps threatened by Google's planned changes to user's ability to install software.
This is excellent for some of my usages. I want to have my AI agents "fork" their context in some ways, this could be useful for that instead of juggling a tree of dictionaries.
Heh, now I wonder how much JavaScript it actually interprets and given that it’s < 1000 lines, whether it could be used towards an introductory course in compilers.
Over time they probably will require that. I believe YT still allows most of these things because of "legacy" apps, which they have been killing off bit by bit. I'm not sure if anyone is cataloging the oldest supported app, but most things like using YT from a slightly older game console don't work anymore.
Basically any publicly known method that can sip video content with doing the least work and authentication will be a common point of attack for this.
I wonder how long until it gets split off into its own project. For the time being, it could do with a lot more documentation. At least they've got some tests for it!
Aside from the fact that the point of the announcement is that they're dropping it entirely, this "interpreter" is a hack that definitely is nowhere near capable of interpreting arbitrary JS. For example, the only use of `new` it handles is for Date objects, which it does by balancing parens to deduce the arguments for the call, then treating the entire group of arguments as a string and applying regexes to that.
When I first got with my wife I seemed a bit crazier than I am because I am a media hoarder for 30+ years. I don't have any VHS, DVDs, etc. laying around because I only keep digital copies, but I have pretty decent archives. Nothing important really, just normal stuff and some rare or obscure stuff that disappears over time.
My wife was interested in the idea that I was running "Netfix from home" and enjoyed the lack of ads or BS when we watched any content. I never really thought I would be an "example" or anything like that - I fully expected everyone else to embrace streaming for the rest of time because I didn't think those companies would make so many mistakes. I've been telling people for the last decade "That's awesome I watch using my own thing, what shows are your favorites I want to make sure I have them"
In the last 2 years more family members and friends have requested access to my Jellyfin and asked me to setup a similar setup with less storage underneath their TV in the living room or in a closet.
Recently-ish we have expanded our Jellyfin to have some YouTube content on it. Each channel just gets a directory and gets this command ran:
It actually fails to do what I want here and download h264 content so I have it re-encoded since I keep my media library in h264 until the majority of my devices support h265, etc. None of that really matters because these YouTube videos come in AV1 and none of my smart TVs support that yet AFAIK.
First I ran a simple script, now I use ytdltt [1] to allow my mother via telegram bot to download YT videos (in her case its more like audiobooks) and sort them in directories so she can access/download it via jellyfin. Shes at around 1.2TB audiobooks in like 3 years.
I recently discovered Pinchflat [1], which seems like an *arr-inspired web alternative, and works great for me - I just need to add the videos I want downloaded to a playlist and it picks them up. Also uses yt-dlp under the hood.
Tried this: "yt-dlp -f 'bestvideo*[ext=mp4]+bestaudio[ext=m4a]/best[ext=mp4]/best' -S vcodec:h264 -other_options …" ? I'm still getting proper h264 with that (my Raspberry PI 3 only wants a proper codec too… none of that mushy new-era codec stuff. ;) )
Days of just getting data off the web are coming to an end as everything requires a full browser running thousands of lines of obfuscated js code now. So instead of a website giving me that 1kb json that could be cached now I start a full browser stack and transmit 10 megabytes through 100 requests, messing up your analytics and security profile and everyone's a loser. Yay.
On the bright side, that opens an opportunity for 10,000 companies whose only activity is scraping 10MB worth of garbage and providing a sane API for it.
Luckily all that is becoming a non-issue, as most content on these websites isn't worth scraping anymore.
fortunately it is now easier than ever to do small-scale scraping, the kind yt-dlp does.
I can literally just go write a script that uses headless firefox + mitmproxy in about an hour or two of fiddling, and as long as I then don't go try to run it from 100 VPS's and scrape their entire website in a huge blast, I can typically archive whatever content I actually care about. Basically no matter what protection mechanisms they have in place. Cloudflare won't detect a headless firefox at low (and by "low" I mean basically anything you could do off your laptop from your home IP) rates, modern browser scripting is extremely easy, so you can often scrape things with mild single-person effort even if the site is an SPA with tons of dynamic JS. And obviously at low scale you can just solve captchas yourself.
I recently wrote a scraper script that just sent me a discord ping whenever it ran into a captcha, and i'd just go look at my laptop and fix it, and then let it keep scraping. I was archiving a comic I paid for but was in a walled-garden app that obviously didn't want you to even THINK of controlling the data you paid for.
It's an arms race. Websites have become stupidly/unnecessarily/hostilely complicated, but AI/LLMs have made it possible (though more expensive) to get whatever useful information exists out of them.
Soon, LLMs will be able to complete any Captcha a human can within reasonable time. When that happens, the "analog hole" may be open permanently. If you can point a camera and a microphone at it, the AI will be able to make better sense of it than a person.
Please remember that an LLM accessing any website isn't the problem here. It's the scraping bots that saturate the server bandwidth (a DoS attack of sorts) to collect data to train the LLMs with. An LLM solving a captcha or an Anubis style proof of work problem isn't a big concern here, because the worst they're going to do with the collected data is to cache them for later analysis and reporting. Unlike the crawlers, LLMs don't have any incentives in sucking up huge amounts of data like a giant vacuum cleaner.
This 1kb os json still sounds like a modern thing, where you need to download many MB of JavaScript code to execute and display the 1kb json data.
What you want is to just download the 10-20kb html file, maybe a corresponding css file, and any images referenced by the html. Then if you want the video you just get the video file direct.
Simple and effective, unless you have something to sell.
The main reason for doing video through JS in the first place, other than obfuscation, is variable bitrate support. Oddly enough some TVs will support variable bitrate HLS directly, and I believe Apple devices, but not regular browsers. See https://github.com/video-dev/hls.js/
> unless you have something to sell
Video hosting and its moderation is not cheap, sadly. Which is why we don't see many competitors.
I think this is just another indication of how the web is a fragile equilibrium in a very adversarial ecosystem. And to some extent, things like yt-dlp and adblocking only work if they're "underground". Once they become popular - or there's a commercial incentive, like AI training - there ends up being a response.
> Days of just getting data off the web are coming to an end
All thanks to great ideas like downloading the whole internet and feeding it into slop-producing machines fueling global warming in an attempt to make said internet obsolete and prop up an industry bubble.
The future of the internet is, at best, bleak. Forget about openness. Paywalls, authwalls, captchas and verification cans are here to stay.
To how many content creators have you written to request them share their content on PeerTube or BitTorrent? How did they respond? How will they monetize?
2. N/A, but enough content creators on YT are very much aware of the kind of prison it is, especially in the years after the Adpocalypse.
3. Obviously, nobody should be able to monetize the copying of content. If it is released, it is publicly released. But they can use LibrePay/Patreon/Buy me a coffee, they can sell merch or signed copies of things, they can do live appearances, etc.
Accelerationism is a dead-end theory with major holes in its core. Or I should say, "their" core, because there's a million distant and mutually-incompatible varieties. Everyone likes to say "gosh, things are awful, it MUST end in collapse, and after the collapse everyone will see things MY way." They can't all be right. And yet, all of them with their varied ideas still think it'll be a good idea to actively push to make things worse in order to bring on the collapse more quickly.
It doesn't work. There aren't any collapses like that to be had. Big change happens incrementally, a bit of refactoring and a few band-aids at a time, and pushing to make things worse doesn't help.
The year is 2003. Svn and cvs are proving to be way too clunky and slow for booming open source development.
As an ethical accelerationist, you gain commit access to the repos for svn and cvs and make them slower and less reliable to accelerate progress toward better version control.
Lo and behold, you still have to wait until 2025 for git to be released. Because git wasn't written to replace svn or cvs-- it was written as the result of internal kernel politics wrt access to a closed-source source management program Bitkeeper. And since svn and cvs were already bad enough that kernel devs didn't choose them, you making them worse wouldn't have affected their choice.
Also, keep in mind that popularity of git was spurred by tools that converted from svn to git. So by making svn worse, you'd have made adoption of git harder by making it harder on open source devs to write reliable conversion tools.
To me, this philosophy looks worse than simply doing nothing at all. And this is in a specific domain where you could at least make a plausible, constrained argument for accelerationism. Your comment instead seems to apply to accelerationism applied to software in general-- there, the odds of you being right are so infinitesimal as to be fatuous.
In short, you'd do better playing the lottery because at least nothing bad happens to anyone else when you lose.
As I said, there aren't any collapses like that to be had. Heaven and Earth will be moved to make the smallest change necessary to keep things flowing as they were. Banks aren't allowed to fail. Companies, despite lengthy strings of missteps and billions burned on dead ends, still remain on top.
You can step away from the world (right now, no waiting required). But the world can remain irrational longer than you can wait for it to step away from you, and pushing for more irrationality won't make a dent in that.
Oh I think the world will push me away at the next Android update. If I can't root/firewall/adblock/syncthing/koreader, the mobile phone will simply become a phone again.
If you showed me the current state of YouTube 8 years ago - multiple unskippable ads before each video, 5 midrolls for a 10 minute video, comments overran with bots, video dislikes hidden, the shorts hell, the dysfunctional algorithm, .... - I would've definitely told you "Yep, that will be enough to kill it!"
At this point I don't know - I still have the feeling that "they just need to make it 50% worse again and we'll get a competitor," but I've seen too many of these platforms get 50% worse too many times, and the network effect wins out every time.
Nsig/sig - Special tokens which must be passed to API calls, generated by code in base.js (player code). This is what has broken for yt-dlp and other third party clients. Instead of extracting the code that generates those tokens (eg using regular expressions) like we used to, we now need to run the whole base.js player code to get these tokens because the code is spread out all over the player code.
PoToken - Proof of origin token which Google has lately been enforcing for all clients, or video requests will fail with a 403. On android it uses DroidGuard, for IOS, it uses built in app integrity apis. For the web it requires that you run a snippet of javascript code (the challenge) in the browser to prove that you are not a bot. Previously, you needed an external tool to generate these PoTokens but with the Deno change yt-dlp should be capable of producing these tokens by itself in the near future.
SABR - Server side adaptive bitrate streaming, used alongside Google's UMP protocol to allow the server to have more control over buffering, given data from the client about the current playback position, buffered ranges, and more. This technology is also used to do server-side ad injection. Work is still being done to make 3rd party clients work with this technology (sometimes works, sometimes doesn't).
>If you ever wondered why the likes of Google and Cloudflare want to restrict the web
I disagree with the framing of "us vs them".
It's actually "us vs us". It's not just us plebians vs FAANG giants. The small-time independent publishers and creators also want to restrict the web because they don't want their content "stolen". They want to interact with real humans instead of bots. The following are manifestations of the same fear:
- small-time websites adding Anubis proof-of-work
- owners of popular Discord channels turning on the setting for phone # verification as a requirement for joining
- web blogs wanting to put a "toll gate" (maybe utilize Cloudflare or other service) to somehow make OpenAI and others pay for the content
We're long past the days of colleagues and peers of ARPANET and NFSNET sharing info for free on university computers. Now everybody on the globe wants to try to make a dollar, and likewise, they feel dollars are being stolen from them.
But this, too, skips over some nuance. There are a few types of actors here:
- small content creators who want to make their content accessible to individuals
- companies that want to gobble up public data and resell it in a way that destroys revenue streams for content creators
- gatekeepers like Cloudflare who want to ostensibly stop this but will also become rent-extractors in the process
- users who should have the right to use personal tools like yt-dlp to customize their viewing experience, and do not wish to profit at the expense of the creators
We should be cautious both that the gatekeepers stand to profit from their gatekeeping, and that their work inhibits users as well.
If creators feel this type of user (often a dedicated fan and would-be promoter) is a necessary sacrifice to defend against predatory data extractors… then that’s absolutely the creator’s choice, but you can’t say there’s a unified “us” here.
Those were already public. The issue is AI bot ddos-ing the server. Not everyone has infinite bandwith.
> owners of popular Discord channels turning on the setting for phone # verification as a requirement for joining
I still think that Discord is a weird channel for community stuff. There's a lot of different format for communication, but people are defaulting to chat.
> web blogs wanting to put a "toll gate" (maybe utilize Cloudflare or other service) to somehow make OpenAI and others pay for the content
Paid contents are good (Coursera, O'Reilly, Udemy,...). But a lot of these services wants to have free powered by ads (for audience?).
---
The fact is, we have two main bad actors: AI companies hammering servers and companies that want to centralize content (that they do not create) by adding gatekeeping extension to standard protocols.
I don’t feel like dollars are stolen from me. It’s more of companies abusing my goodwill to publish information online. From higher bills as a result of aggressive crawling, to copying my work and removing all copyright/licensing from the code. Sure, fair use and all, but when they return the same exact code it just makes me wonder.
Nowadays, producing anything feels like being the cows udder.
> Now everybody on the globe wants to try to make a dollar, and likewise, they feel dollars are being stolen from them.
I'm not in it for the dollar. I just want the licenses I put on my content/code to be respected, that's all. IOW, I don't what I put out there to be free forever (as in speech and beer) to be twisted and monetized by the people who re in this for the dollar.
i want my content borrowed/shared, and I still need to be engaged in this stuff because the poorly behaved distributed bots that have arisen in the past year are trying to take boundless resources from my site(s), that I cannot afford.
It’s like we are living in an affordability crisis and people are tired of 400 wealthy billionaires profiting from peoples largess in the form of free data/tooling.
> The small-time independent publishers and creators also want to restrict the web because they don't want their content "stolen".
I'm sure some music creators may have, years ago, been against CD recorders, or platforms like Napster or even IRC-based file transfer for sharing music. Hell, maybe they were even against VCRs back in the day. But they were misguided at best.
People who want to prevent computer users from freely copying data are, in this context at least, part of "them" rather than "us".
>The small-time independent publishers and creators also want to restrict the web
Oh really? Does Linus's Floatplane go to this extent to prevent users from downloading stuff? Does Nebula? Does whatever that gun youtuber's version of video site do this?
> The small-time independent publishers and creators also want to restrict the web because they don't want their content "stolen"
... or just keep their site on the Internet. There hasn't been any major progress on sanctioning bad actors - be it people running vulnerable IoT crap that ends up being taken over by a botnet, cybercriminals and bulletproof hosters, or nation state actors. As long as you don't attack targets from your own geopolitical class (i.e. Russians don't attack Russians, a lot of malware will just quit if it spots Russian locale), you can do whatever the fuck you want.
And that is how we end up with darknet services where you can trivially order a DDoS taking down a website you don't like or, if you manage to get your opponent's IP leaked during an online game, their residential IP address. Pay with whatever shitcoin you have, and no one is any wiser who the perpetrator is.
When Nixon slammed the gold window shut so Congress could keep writing blank checks for Vietnam and the Great Society, it wasn't just some monetary technicality. It was the moment America broke its word to the world and broke something fundamental in us too. Suddenly money wasn't something you earned through sweat or innovation anymore. It became something politicians and bankers could conjure from thin air whenever they wanted another war, another corporate bailout, another vote-buying scheme.
Fast forward fifty years and smell the rot. That same fiscal recklessness Congress spending like drunken sailors while pretending deficits don't matter has bled into every pore of society. Why wouldn't it? When BlackRock scoops up entire neighborhoods with Fed-printed cash while your kid can't afford a studio apartment, people notice. When Tyson jacks up chicken prices to record profits while diners can't afford bacon, people feel it. And when some indie blogger slaps a paywall on their life's work because OpenAI vacuumed their words to train ChatGPT? That's the same disease wearing digital clothes.
We're all living in Nixon's hangover. The "us vs us" chaos you see Discord servers demanding your phone number, small sites gatekeeping against bots, everyone scrambling to monetize scraps that's what happens when trust evaporates. Just like the dollar became Monopoly money after '71, everything feels devalued now. Your labor? Worth less each year. Your creativity? Someone's AI training fuel. Your neighborhood? A BlackRock asset on a spreadsheet.
And Washington's still at it! Printing trillions to "save the economy" while inflation eats your paycheck alive. Passing trillion-dollar "infrastructure bills" that somehow leave bridges crumbling but defense contractors swimming in cash. It's the same old shell game: socialize the losses, privatize the gains. The factory worker paying $8 for eggs understands this. The nurse getting lectured about "wage spirals" while hospital CEOs pocket millions understands this. The teenager locking down their Discord because bots keep spamming scams? They understand this.
Weimar happened when money became meaningless. 1971 happened when promises became meaningless. What you're seeing now the suspicion, the barriers, the every-man-for-himself hustle is what bubbles up when people realize the whole system's running on fumes. The diner owner charging $18 for a burger isn't greedy. The blogger blocking AI scrapers isn't a Luddite. They're just building levees against a flood Washington started with a printing press half a century ago.
The tragedy is that we're all knee-deep in the same muddy water, throwing sandbags at each other while the real architects of this mess the political grifters, the Fed bankers, the extraction-engine capitalists watch dry-eyed from their high ground. Until we stop accepting their counterfeit money and their counterfeit promises, we'll keep drowning in this rigged game. The gold window didn't just close in '71. The whole damn social contract rusted shut.
Wow. That was eloquent, and coherent, and depressing. I'd be grateful for someone to counter with something less dismal. Good things are still happening in the world. A positive future remains possible -- but we have to be able to imagine it to bring it into being.
Lately I've had to resort to buying avocados from Costco in those little plastic cups because whole avocados in many supermarkets in my region have started to spoil too quickly. Sad.
until people learn money, the concept, nothing will change. and that in turn will hardly happen while the bad guys own childhood (compulsory schooling).
Duh. I've known this for decades. The biggest advocates for DRM I've known are small-time content creators: authors, video producers, musicians. They've been saying the same thing since the 90s: without things like DRM, their stuff would be pirated, and they'd like to earn a living doing what they love instead of grinding at a day job to support themselves while everybody benefits from their creative output. In addition, major publishers and record labels won't touch stuff that's been online because of the piracy risk. They don't want to make an investment in smaller creators without a return in the form of sales of copies. That last bit is less true of music now than it used to be because of streaming and stuff, but the principle still applies.
This is why the DMCA will never be repealed, DRM will never go away, and there is no future for general purpose computing. People want access digital content, but the creators of that content wouldn't release it at all if they knew that it could be copied endlessly by whomever receives it.
I don't know, it's really hard to blame them. In a way, the next couple of years are going to be a battle to balance easy access to info with compensation for content creators.
The web as we knew it before ChatGPT was built around the idea that humans have to scavenge for information, and while they're doing that, you can show them ads. In that world, content didn't need to be too protected because you were making up for it in eyeballs anyway.
With AI, that model is breaking down. We're seeing a shift towards bot traffic rather than human traffic, and information can be accessed far more effectively and, most importantly, without ad impressions. So, it makes total sense for them to be more protective about who has access to their content and to make sure people are actually paying for it, be it with ad views or some other form of agreement.
Ads are coming to AI. The big AI push next will be context, your context all the time. Your phone will “help” and get all your data to OpenAI…
“It looks like you went for a run today? Good job, you deserve a treat! Studies show a little ice cream after a long run is effectively free calories! It just so happens the nearest Dairy Queen is running a promotion just for the next 30 minutes. I’m getting you directions now.”
It would not be that much of a problem if ads promoted healthy and tasty food but they will probably promote an ice-cream made from a powder and chemicals emulating taste of berries rather than from milk and fresh-picked berries.
It still would be. Loss of agency. Ads are text and images you see. Native advertising in a chatbot conversation is a third party bidding their way into your conversation. Machine showing you an ad versus injecting intention into your context are very different things.
At least for YouTube, viewbotting is very much a thing, which undermines trust in the platform. Even if we were to remove Google ads from the equation, there’s nothing preventing someone from crafting a channel with millions of bot-generated views and comments, in order to paid sponsor placements, etc.
The reasons are similar for Cloudflare, but their stances are a bit too DRMish for my tastes. I guess someone could draw the lines differently.
If any of this was done to combat viewbotting, then any disruption to token calculation would prevent views from being registered - not videos from being downloaded.
From my perspective both problems are effectively the same. I want to count unique users by checking for asset downloads and correlating unique session IDs. People can request the static assets directly, leading to view booting and waste of egress bandwidth.
The solution: have clients prove they are a legitimate client by running some computationally intensive JS that interacts with DOM APIs, etc. (which is not in any way unique to big tech, see Anubis/CreepJS etc.)
The impact on the hobbyist use case is, to them, just collateral damage.
No, the difference is: if I'm fighting viewbots, I want zero cues to be emitted to the client. The client should NEVER know whether its view is being counted or not, or why.
Having no reliable feedback makes it so much harder for a viewbotter to find a workaround.
If there's a visible block on video downloads? They're not fighting viewbots with that.
Youtube has already accounted for this by using a separate endpoint to count watch stats. See the recent articles about view counts being down attributed to people using adblockers.
Even if they hadn't done that, you can craft millions of bot-sponsored views using a legitimate browser and some automation and the current update doesn't change that.
So I'd say Occam's razor applies and Youtube simply wants to be in control of how people view their videos so they can serve ads, show additional content nearby to keep them on the platform longer, track what parts of the video are most watched, and so on.
Like another comment mentioned: that's a problem for YouTube to solve.
They pay a lot of money to many smart people who can implement sophisticated bot detection systems, without impacting most legitimate human users. But when their business model depends on extracting value from their users' data, tracking their behavior and profiling them across their services so that they can better serve them ads, it goes against their bottom line for anyone to access their service via any other interface than their official ones.
This is what these changes are primarily about. Preventing abuse is just a side benefit they can use as an excuse.
Weird people talking about small time creators wanting DRM I've never seen that... Usually they'd be hounding for any attention? I don't know why multiple accounts are seemingly independently bringing this up, but maybe it is trying to muddy the waters? This concept?
Everything trends towards centralization on a long enough period.
I laugh at people who think ActivityPub or Mastodon or BlueSky will save us. We already had that, it was called e-mail, look what happened once everyone started using it.
If we couldn't stop the centralization effects that occurred on e-mail, any attempt to stop centralization in general is honestly a utopian fool's errand. Regulation is easier.
I am a big supporter of AT Protocol, and I contribute some money to a fund to build on it. Why laugh at running experiments? Nothing will "save us," it is a constant effort as long as humans desire to use these systems to connect. Email exists today, and is very usable still as a platform that cannot be captured. The consolidation occurred because people do not want to run their own servers, so we should build for that! Bluesky and AT Protocol are experiments in building something different, with different use cases and capabilities, that also cannot be captured. Just like email. You can run your own PDS. You can run your own stack from PDS to users "end to end" if you so choose. You can pay to do both of these tasks. No one can buy this or take it away from you, if it is built on protocols instead of a platform someone can own and control.
Regulation would be great. The EU does it well. It is lacking in the US, and will be for some time. And so we have to downgrade to technical mitigations against centralization until regulation can meet the burden.
There could be valid reasons for fighting downloaders, for example:
- AI companies scraping YT without paying YT let alone creators for training data. Imagine how many data YT has.
- YT competitors in other countries scraping YT to copy videos, especially in countries where YT is blocked. Some such companies have a function "move all my videos from YT" to promote bloggers migration.
> Like Google has been doing to the entire internet, including people’s movement, conversations, and habits… for decades?
Yes, but if you allowed to index your site (companies even spent money to make site better indexable), Google used to bring customers and AI companies bring back nothing. They are just freeloaders.
Music labels publish the music on YT in exchange for ad revenue, they won't be happy if someone would download their music for free, and making music is expensive, google how much just a single drum mic costs and you need lot of them.
YT shares income from subscriptions with music labels? I didn't hear about this, and even if they shared the download must be paid much higher than a view because after downloading a person could potentially listen for a track hundred times in a row.
Why is this being downvoted? Are people really gonna shoot the messenger and fail to why a company may be willing to protect their competitive position?
Good question! Indeed you can run the challenge code using headless Chromium and it will function [1]. They are constantly updating the challenge however, and may add additional checks in the future. I suppose Google wants to make it more expensive overall to scrape Youtube to deter the most egregious bots.
I agree, in some cases and depending on LLM endpoint, some money may need to be spent to enable ripping. But is it cheaper than paying Youtube/Google? That is the question.
Once JavaScript is running, it can perform complex fingerprinting operations that are difficult to circumvent effectively.
I have a little experience with Selenium headless on Facebook. Facebook tests fonts, SVG rendering, CSS support, screen resolution, clock and geographical settings, and hundreds of other things that give it a very good idea of whether it's a normal client or Selenium headless. Since it picks a certain number of checks more or less at random and they can modify the JS each time it loads, it is very, very complicated to simulate.
Facebook and Instagram know this and allow it below a certain limit because it is more about bot protection than content protection.
This is the case when you have a real web browser running in the background. Here we are talking about standalone software written in Python.
Because the expected values are not fixed, it is possible to measure response times and errors to check whether something is in the cache or not, etc.
There are a whole host of tricks relating to rendering and positioning at the edge of the display window and canvas rather than the window, which allow you to detect execution without rendering.
To simulate all this correctly, you end up with a standard browser, standard execution times, full rendering in the background, etc. No one wants to download their YouTube video at 1x speed and wait for the adverts to finish.
And barely a few days after google did it the fix is in.
Amazing how they simply couldn't win - you deliver content to client, the content goes to the client. Could be the largest corporation of the world and we still have yt-dlp.
That's why all of them wanted proprietary walled gardens where they would be able to control the client too - so you get to watch the ads or pay up.
More specifically, yt-dlp uses legacy API features supported for older smart TVs which don't receive software updates. Eventually once that traffic drops to near zero those features will go away.
That conspiracy theory never even made sense to me. Why would anyone think that a payment and ad-supported content platform secretly wants their content to be leaked through ad and payment free means?
Mainly the theory that, if you can’t use downloaders to download videos, then people will no longer see YT as the go-to platform for any video hosting and will consider alternatives.
And I call that a theory for a reason. Creators can still download their videos from YT Studio, I'm not sure how much importance there is on being able to download any video ever (and worst case scenario people could screen recording videos)
i'd argue that 95%+ of users (creators and viewers) couldn't care less about downloading videos. creators use youtube because it's where the viewers and money are, viewers use youtube because it's where all the content is. none of them are going to jump ship if yt-dlp dies.
also, one could assume that the remaining 5% are either watching with vlc/mpv/etc or running an adblocker. so it's not like google is going to lose ad revenue by breaking downloaders like yt-dlp. grandparent comment (legacy smart TV support) is the much more likely explanation
It's not the 95% you're concerned about, it's the 1%, or 0.0001%, who are top content creators, who both archive their own production and use YT as a research tool themselves (whether simple "reply videos" or something more substantive). Ultimately Google will kill the goose and lose the eggs.
Those creators are what drive the the bulk of viewers to the platform.
Though, come to think of it, as YT's become increasingly obnoxious to use (the native Web client is utterly intolerable, front-ends such as Invidious are increasingly fragile/broken, yt-dlp is as TFA notes becoming bogged down in greater dependencies) I simply find myself watching (or as my preference generally is, listening) to far less from the platform.
I may be well ahead of the pack, but others may reach similar conclusions in 5--10 years. Or when a less-annoying alternative clearly presents itself.
> How on earth can it be that terrible [>20 minutes] compared to Deno?
QuickJS uses a bytecode interpreter (like Python, famously slow), and is optimised for simplicity and correctness. Whereas Deno uses a JIT compiler (like Java, .NET and WASM). Deno uses the same JIT compiler as Chrome, one of the most heavily-optimised in the world.
That doesn't normally lead to such a large factor in time difference, but it explains most of it, and depending on the type of code being run, it could explain all of it in this case.
QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
My concern is either that QuickJS is something like 100x slower, or that even when using Deno, the download experience will be insanely slow.
In my mind, an acceptable time for users might be 30 seconds (somewhat similar to watching an ad). If QuickJS is taking >20 minutes, then it is some 40x slower? Seems very high?
> QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
Interesting, not come across it before. Running C code seems like an insane workaround from a security perspective.
It's almost funny, not to mention sad, that their player/page has been changed, filling it with tons of JS that makes less powerful machines lag.
For a while now, I've been forced to change "watch?v=" to "/embed/" to watch something in 480p on an i3 Gen 4, where the same video, when downloaded, uses ~3% of the CPU.
However, unfortunately, it doesn't always work anymore.
Many performance problems on YouTube are because they now force everyone to use the latest heavy codecs, even when your hardware does not have acceleration for it. I have a laptop that is plenty powerful for everything else and plays 4K h264 no problem. 720p on YouTube on the other hand turns it into a hot slate after a minute and grinds everything to a halt.
There are browser extensions like h264ify that block newer codecs but WHY??? Is nobody at YouTube caring about the user experience? It’s easier and more reliable to just download the videos.
You are not alone. In Q1 2025 I was forced to adopt the embed player. In Q3 2025, google intentionally broke the embed player. Now the only youtube access I have is via yt-dlp. Long live yt-dlp and its developers
The writing is on the wall for easy ripping. If there's any YT content you expect you'll want to preserve for a long time, I suggest spinning up https://www.tubearchivist.com/ or something similar and archiving it now while you still can.
I agree and feel that the time is now to archive all of the truly valuable cultural and educational content that YT acquired through monopolistic means.
This solution looks interesting, but I am technical enough to know that this looks like a PITA to setup and maintain. It also seems like it is focused on downloading everything from a subbed channel.
As it is now, with a folder of downloaded videos, I just need a local web server that can interpret the video names and create an organized page with links. Is there anything like this that is very lightweight with a next next finish install?
It would break many millions of old consumer devices that no longer receive updates, like old smart TVs. They are waiting for that old device traffic to drop low enough before they can force more robust measures.
It's not really a matter of just turning it on when it comes to the kind of scale that YouTube has on their catalogue. It's practically impossible to retranscode the whole catalogue, so you're more or less stuck with only doing it for newly ingested content, and even there the tradeoffs are quite large when it comes to actually having DRM.
I think we can safely assume that the only content under DRM at YouTube today is the content where it's absolutely legally necessary.
YT probably HAD to put the DRM on in order to get the license deal with the studios. Nobody is twisting their arm as much so other interests (wider audience, less server side resources, not getting around to it) can prevail.
I was surprised they went with Deno instead of Node, but since Deno has a readily available single-exe distribution that removes a lot of potential pain. This was pretty much just a matter of time, though; the original interpreter in Python was a brilliant hack but limited in capability. It was discussed a few years ago for the YouTube-dl project here https://news.ycombinator.com/item?id=32793061
Scripts use V8 isolation, identical to Chrome.
What comes to rest, we can only trust or review by ourself, but it is certainly better than nothing in this context.
Identical to Chrome except the part where Chrome uses os-level sandboxing on top. V8 exploits are common, Deno sandboxing by itself is not a good idea if you are executing arbitrary code.
We are comparing to situation where the alternative is nothing. Maybe we just should remove locks from the doors because someone has lockpicked door somewhere.
I never said it was a poor choice in this specific context but propagating the idea that Deno's sandboxing is safe and "basically the same security as chrome" is wrong and can easily do damage the next time someone that has read this thread needs a way to execute untrusted JS.
Someone who understands what V8 isolation means, knows that it means process-level memory and garbage collectors. I didn't claim that it includes Chrome's OS sandbox features too.
But the usage of V8 means that Deno must explicitly provide the access (for V8) for networking and filesystem - the foundations for sandboxing are there.
The sandboxing features of Deno also seem to have played a role in that choice. I wouldn't overly trust that as a security layer but it's better than nothing.
This is the first time I've heard of Deno so I'm only going by their Security & Permissions doc page [1], but it looks like the doc page at the very end recommends using system-level sandboxing as a defense in depth. This suggests that Deno doesn't use system sandboxing itself.
To me this is a bit alarming as IIRC most app runtime libraries that also have this in-runtime-only sandboxing approach are moving away from that idea precisely because it is not resistant to attackers exploiting vulnerabilities in the runtime itself, pushing platform developers instead toward process-level system kernel-enforced sandboxing (Docker containers or other Linux cgroups, Windows AppContainer, macOS sandboxing, etc.).
So for example, .NET dropped its Code Access Security and AppDomain features in recent versions, and Java has now done the same with its SecurityManager. Perl still has taint mode but I wonder if it too will eventually go away.
Deno is a V8 wrapper, the same JS engine as Chrome. Vulnerabilities are very common there, not necessarily because it's poorly designed but more because there's massive financial incentives in findings them.
This plus what you mentioned is why I would never trust it to run arbitrary code.
Now in the context of yt-dlp it might fine, google isn't going to target them with exploits. I would still prefer if they didn't continue to propagate "DeNo iS SaFe BeCauSe It HaS sAnDbOxInG" because I've seen projets that were actually executing arbitrary JS rely on it thinking it was safe.
It doesn’t have granularity in terms of what parts of the code have what permission - everything in the same process has the same permission, but aside from that I’m not sure what you mean about it being paper thin. Certainly WASM is a great option, and I think it can facilitate a more nuanced capabilities model, but for cases like this AFAIK Deno should be secure (to the extent that V8 is secure, which Chrome’s security depends on).
It being a checkbox feature is a weird way to frame it too, because that typically implies you’re just adding a feature to match your competitors, but their main competitors don’t have that feature.
In what ways does it fall short? If there are major gaps, I’d like to know because I’ve been relying on it (for personal projects only myself, but I’ve recommended it to others for commercial projects).
Chrome does not rely exclusively on V8's security or else it would routinely get exploited (See v8 CVEs if you don't believe me). The hard part of browser exploitation today is escaping from the os-level sandbox put on the processes that run each of your tabs.
Trusting Deno's sandboxing by itself isn't a great idea. An attacker only has to wait for the next V8 exploit to drop, probably a question of a few months at worse.
Now like I mentioned above it's probably ok in yt-dlp context, Google isn't going to target it with an exploit. It's still important that folks reading this don't takeaway "deno sandbox safe" and use it the next time they need to run user-supplied JS.
Last I looked it was just very basic pattern matching allow/deny with no real isolation, and there have been multiple real escapes already. It's better than nothing, and probably good enough for bush league security, but I wouldn't pitch it to my milspec customers.
Keep in mind that yt-dlp doesn't just support YouTube, which-- notwithstanding the claims of "all DRM is malware" etc.-- probably won't download actively harmful code to your computer: it also supports a huge number of video streaming sites, including some fairly obscure and sketchy ones. Sandboxing in the interpreter that's at least as good as what you'd get in a browser is a must, because by design this is doing untrusted code execution.
This is very related to a talk I did last year [1]. "Part 2: youtube-dl" starts at 18:21. It dips toes into an analysis about software that fundamentally depends on ongoing human labor to maintain (as compared to, e.g. zlib, which is effectively "done" for all intents and purposes).
More concretely, the additional Deno dependency is quite problematic for my music player, especially after I did all that work to get a static, embeddable CPython built [2].
Ideally for me, yt-dlp would be packaged into something trivially embeddable and sandboxable, such as WebAssembly, calling into external APIs for things like networking[3]. This would reduce the value delivered by the yt-dlp project into pure DRM-defeating computation, leaving concerns such as CLI/GUI to a separate group of maintainers. A different project could choose to fulfill those dependencies with Deno, or Rust, or as in my case, built directly into a music player in Zig.
Of course I don't expect the yt-dlp maintainers to do that. They're doing something for fun, for free, for pride, for self-respect... in any case their goals aren't exactly perfectly aligned with mine, so if I want to benefit from their much appreciated labor, I have to provide the computational environment that they depend on (CPython[4] and Deno).
But yeah, that's now going to be a huge pain in the ass because now I either have to drop support for yt-dlp in my music player, or additionally embed deno, as well as introduce Rust as a build dependency... neither of which I find acceptable. And don't even get me started on Docker.
I used to work on video generation models and was shocked at how hard it was to find any videos online that were not hosted on YouTube, and YouTube has made it impossibly hard to download more than a few videos at a time.
> YouTube has made it impossibly hard to download more than a few videos at a time
I wonder why. Perhaps because people use bots to mass-crawl contents from youtube to train their AI. And Youtube prioritizes normal users who only watch a few videos at most at the same time, over those crawling bots.
I wonder how Google built their empire. Who knows? I’m sure they didn’t scrape every page and piece of media on the internet and train models on it.
My point was that the large players have monopoly hold on large swaths of the internet and are using it to further advantage themselves over the competition. See Veo 3 as an example, YouTube creators didn’t upload their work to help Google train a model to compete with them but Google did it anyways, and creators didn’t have a choice because all eye balls are on YouTube.
By scraping every page and directing the traffic back to the site owners. That was how Google built their empire.
Are they abusing the empire's power now? In multiple ways, such as the AI overview stuff. But don't pretend that crawling Youtube and training video generation models is the same as what Google (once) brought to the internet. And it's ridiculous to expect Youtube to make it easy for crawlers.
you have to feed it multiple arguments with rate limiting and long wait times. i am not sure if there have been recent updates other than the js interpreter but ive had to spin up a docker instance of a browser to feed it session cookies as well.
Can anyone explain specifically what the YT code does that the existing python interpreter is unusable and apparently quickjs takes 20 minutes to run it?
Is it just a lot of CPU-bound code and the modern JIT runtimes are simply that much faster, or is it doing some trickery that deno optimizes well?
> Currently, a new style of player JS is beginning to be sent where the challenge code is no longer modular but is hooked into other code throughout the player JS.
So it's no longer a standalone script that can be interpreted but it depends on all the other code on the site? Which could still be interpreted maybe but is a lot more complex and might need DOM etc?
Just guessing here, if anyone knows the details would love to hear more.
Sounds like a really silly way to engineer things, but then again Google has the workforce to do lots of silly things and the cash to burn, so they can afford it.
Could something like tree-shaking be used to reduce the player code to just the token generating bit? Or does the whole player js change for each video?
I mean, running some unknown highly obfuscated CPU-demanding JS code on your machine - and using its results to decide whether to permit or deny video downloads.
The enshittification will continue until user morale improves.
This will be interesting to see how it affects the numerous Android apps on F-Droid that are essentially wrappers around yt-dlp to create a YouTube Music clone.
Google is making it harder to download from Youtube. Your first thought is correct! Every other website that yt-dlp supports doesn't require this change. Additionally, yt-dlp is still written in python, it has not moved to deno. They are only adding a deno dependency for the javascript challenges added by youtube.
That makes it seem like yt-dlp itself was rewritten from Python to JavaScript (for those who even know it’s Python) or that it used to use Node and now uses Deno.
I think you only need something like `jsdom` to have the core API available. The DOM itself is just a tree structure with special nodes. Most APIs are optional and you can provide stubs if you're targeting a specific websites. It's not POSIX level.
I was thinking the same walking into this thread. I figured DOM/CSS/HTML would be part of the black box magic, but I suppose from the perspective of JS all of that can be faked appropriately.
The YouTube RPM (revenue per mille) strongly depends on the location of the audience and the topic of the video. It could be anywhere from $0.5 to $20. That 10x figure could very well be true for that YouTuber, but it's also true that other YouTubers already earn more than a penny per view.
According to [1], the downloaded video is AES-encrypted. Decryption key is stored locally in an IndexDB. I tried building a Python script using plyvel [2], a Python module for reading IndexDB/LevelDB, some time ago but IIRC, it had trouble reading the Chrome DB.
Maybe Google's dfindexeddb [3] works. I didn't try it, however.
The length Youtube have gone to make it impossible to download videos. At the same time, Tiktok allows anyone to download a video with just right click
On the other hand, I can navigate, search, and watch any video on YouTube without an account. With TikTok, I can’t even scroll the page without tricks.
With the recent forced buy of TikTok with Rupert, Larry and co, I doubt that's going to be a thing for much longer; they will want to make money some how.
Yes, Spidermonkey can be ran standalone and would probably be much more secure than Deno would be because it does not have all the server-related APIs.
"Other JS runtimes (node/bun) could potentially be supported in the future, the issue is that they do not provide the same security features and sandboxing that deno has. You would be running untrusted code on your machine with full system access.
At this point, support for other JS runtimes is still TBD, but we are looking in to it."
While deno has sandboxing, it also has potential access to hundreds of dangerous functions, it might be better just to write a tiny wrapper around JS engine that adds only the function to write to stdout.
Noteworthy to me: deno is MIT licensed, but PyPI distributions (at least the ones I checked) include neither license nor source code. It's normal for pre-built distributions ("wheels") to contain only the Python code (which for a project like this is just a small bootstrap used to find the compiled executable — it doesn't appear to be providing any Python API), but they should normally still have a LICENSE file.
It's also common to have the non-Python (here, Rust) source in source distributions ("sdists"), but this project's sdist is only a few kilobytes and basically functions as a meta-package (and also includes no license info). It "builds" Deno by detecting the platform, downloading a corresponding zip from the GitHub releases page, extracting the standalone Rust executable, and then letting Hatchling (a popular build tool in the Python ecosystem) repackage that in a wheel.
Update: It turns out that the Python package is published by a third party, so I submitted an issue (https://github.com/manzt/denop/issues/1) to ask about the licensing.
What I found much more annoying, and so far have not been able to work around, is that yt-dlp requires you to have a YouTube account, something that I have not had for a decade or so, and am unwilling to create again.
What tool can I use to simply store what my browser receives anyway, in a single video file?
I think for me it has been this way for a year or so. Maybe it is because I am on a VPN. I also cannot view YouTube videos on YouTube any longer, because it always wants me to log in, to "prove I am not a bot". So I have switched to only using invidious instances, and if they don't work, then I just cannot watch the video.
I wish content creators would think of their own good more, and start publishing on multiple platforms. Are there any terms that YouTube has for them, that reduce revenue, if they publish elsewhere as well? Or is it mostly just them being unaware?
That's bad enough for normal VPN users who use VPN for privacy reasons. But a lot of countries have heavily censored web, and not using a VPN is simply not an option there.
Good on Google for kicking people while they're down.
The folks at deno have really done a fantastic job at pushing a JS runtime forward in a way that's more easily plug and play for the community. I've used `denoland/deno_core` and `denoland/rusty_v8` quite a bit in embedded projects where I need full JS support but I can't assume users have node/bun/etc installed locally.
Not surprised to see yt-dlp make a similar choice.
I would pay for YouTube if Google created the best possible search engine they could for it. I'm talking inverted and semantic indexing of every word of every video with speaker tagging and second level timestamping. I want to be able to runs queries like "Give me the timestamps of every time Veritasium said math while wearing a blue shirt."
The whole point of YouTube (now) is it’s a market for human attention and behavior. Eyeballs, engagements, tracking and analytics. They will go to great lengths to protect and increase the value of this market.
Surprisingly, Deno was chosen as the first JavaScript runtime due to its security features. I thought it was almost dead, as Bun is growing very quickly among developers.
Why won’t they use my browser for downloads, for example through TestCafe? That would also allow downloading premium quality (for subscribers) and so on.
I would be really interested in hearing what Mike Hearn has to say about this. AFAIK he was responsible for something very similar that was used at Google for other products that had some overlap.
Great ad for deno. I hit a similar one the other day from pydantic. They make a MCP server for running sandboxed python code and the they did that… Python to WASM, and wasm running in deno.
What you say is true for most companies/software, but YouTube can play a nasty game for a very long time before it withers into irrelevance (if at all). They have enormous moat, one would need enormous resources to take on YouTube, I don't think anyone has that kind of patience or resources to even attempt. Like it or not, we are stuck with YT for a while.
I have learned so much from YouTube - I wish it was more open and friendly to its creators and users :(
In the meantime, all we can do is support smaller alternatives like https://nebula.tv/
Looks like this runtime is written in Rust. Really does seem like Rust is rapidly swallowing all kinds of common tools and libraries. In this case a single compiled binary for multiple architectures is quite convenient for something like yt-dlp.
I doubt it'd be difficult for Google to detect if the client is a browser or not. They already need to check for signals of abnormal use to detect things like clickfarms and ad scams.
> Up until now, yt-dlp has been able to use its built-in JavaScript "interpreter" [1]
Wow, this is equal parts fascinating and horrifying.
Edit, after looking into it a bit: It seems like a self-contained build of deno weighs in at around 40 MB (why?), so I can see why they tried to avoid that and appreciate the effort.
At some point we’re going to need a better place to put videos than YouTube. The lack of any democratization of bulk storage is beginning to be a real problem on the internet.
Yes, we have archive.org. We need more than that, though.
I’m sure there’s some distributed solution like IPFS but I haven’t seen any serious attempt to make this accessible to every day people.
> The lack of any democratization of bulk storage is beginning to be a real problem on the internet.
There are many thousands of paid hosting services, feel free to pick one. It turns out hosting TB of data for free is a pretty tricky business model to nail down.
There have been plenty of free distributed hosting services for the web that worked perfectly (popcorn time, etc, etc). It's just that every time they become popular they are attacked legally and shut down. The problem is not technical, or even resource based, the problem is legal. Only a mega-corp can withstand the legal attacks.
And even if the legal attacks could be mitigated most people would still use youtube because they're there for the money (or for people who are there for the money). They are not there for a video host. Youtube enables distribution of money and there's no way that any government would let any free system distribute money without even more intense legal, and indeed physically violent, attacks.
If you want to compete with YT you need to basically build AWS S3 in your own data centers. You'd have to find a way to make your service run cheaper than google can if you wanted to survive. You'd have to get very scrappy and risky. I'd start with questions like: how many 9s of durability do we actually need here? Could we risk it until the model is proven? What are the consequences for losing cat videos and any% speed runs of mario64? That first robotic tape library would be a big stepwise capex event. You'd want to make sure the whole thing makes sense before you call IBM or whoever for a quote.
Games Done Quick has raised 10s of millions for charity. I suspect they could raise a few thousand for a few dozen TB of nvme storage if they wanted to host a speedrun archive.
> If you want to compete with YT you need to basically build AWS S3 in your own data centers. You'd have to find a way to make your service run cheaper than google can if you wanted to survive.
YouTube's economy of scale goes way beyond having their own datacenters, they have edge caches installed inside most ISP networks which soak up YT traffic before it even reaches a Google DC. It would take a staggering amount of investment to compete with them on cost.
I don’t think network effect matters much if you’re not trying to advertise the content. Organizations can just link to it from their site.
I admit I haven’t looked into peertube, and I didn’t think that rumble was any better than YouTube. I don’t recognize the others. Thank you; I’ll resurvey.
The problem with bulk storage is that it will be abused at large scale.
CSAM peddlers, intellectual property violators, unconsensual sexual material ("revenge porn"), malware authors looking for places to exfiltrate stolen data, propagandists and terrorists, the list of abusers is as long as it is dire.
And for some of these abuser classes, the risk for any storage service is high. Various jurisdictions require extremely fast and thorough responses for a service provider to not be held liable, sometimes with turnaround times of 24 hours or less (EU anti terrorism legislation), sometimes with extremely steep fines including prison time for responsible persons. Hell, TOR exit node providers have had their homes raided and themselves held in police arrest or, worse, facing criminal prosecution and prison time particularly for CSAM charges - and these are transit providers, not persistent storage.
And all of that's before looking on the infrastructure provider side. Some will just cut you off when you're facing a DDoS attack, some will bring in extortionate fees (looking at you, AWS/GCE/Azure) for traffic that may leave you in personal bankruptcy. And if you are willing to take that risk, you'll still run the challenge of paying for the hardware itself - storage isn't cheap, 20TB of storage will be around 200€ and you want some redundancy and backups, so the actual cost will rather be 60-100€/TB plus the ongoing cost of electricity and connectivity.
That's why you're not seeing much in terms of democratization.
That seems a lot of dev work, why not just run in browser then? There are extensions that work pretty well, like Tubly downloader, Video DownloadHelper.
It's incredible how much work goes into these open source projects for downloading youtube videos, especially since youtube keeps breaking them. There are nearly 1500 contributors
I did download YouTube videos a few years ago, I did value that YouTube could keep your place.
But it’s a real mess it keeps crashing, something I might too humbly put down to me having too many files, but passive aggressively put it down to YouTube on iPad not having a limited amount of storage space.
On the other hand there’s a number of amazing videos I’ve downloaded to watch which have been remotely wiped. Grrr
jdownloader2 is one of those weirdly licensed things, it claims to be "open source" but you actually can't find the entire source anywhere. Worse than proprietary, tbh.
Fortunately the community is not alone in this fight, because many AI companies need to be able to download YT videos. But they should sponsor yt-dlp more directly..
Youtube is the real monopoly. Creators are also slaves, as they cant monetize elsewhere, and also they cant let their users download their own content. And the icing on the cake is youtube is unbearable without an ad-blocker, and even with that youtube has started throttling ad-block users.
Its such a shithole, with no real replacement, sad state of affairs.
> Here's the problem (and it's not insurmountable): right now, there's no easy path towards sustainable content production when the audience for the content is 100x smaller, and the number of patrons/sponsors remains proportionally the same.
Some do, and those who are able to make the move to patronage or subscriber monetization seem much happier for it. But that's most viable for creators who have already built up a viable customer base, which usually started on YouTube. It's much harder if you start out somewhere else.
And if the audiences got larger on a site, governments around the world would decide together to drag them into court and keep them there until they closed down or sold to Ellison's kid.
more dependency bloat just to deobfuscate some randomly generated bs that's increasingly complex for no reason and has no value existing in the first place, much like its creators
Ugh... Deno. After they started to extort the JS community for money to fund their PR stunt against Oracle and the resulting "last chance" trademark dispute, I stay as far away from it as I can.
Good to see the mice are still winning the cat-and-mouse game. Selfishly, I kind of want the cat to start to win, to satisfy my curiosity. I predict that if YouTube ever actually blocked downloading, a YouTube competitor that supports downloading would start to immediately gain popularity. I want to know if I'm right about that, and there's no way to test unless Google actually starts to win. Go, Google, go! I believe in you!
I suspect that if youtube ever fully blocks video downloads you will start to see a lot of piracy groups and file sharing communities providing youtube content.
Those who download videos are a minority and targeting minorities will never give you exponential growth. Furthermore, the same minority probably abuses ad blockers so it would be difficult to squeeze a single cent from these freeloaders.
My brother sent me a long talk on YouTube and pleaded with me to listen to it. Watching was pointless the video was just talking heads sitting in chairs. However you can’t just play a video and turn off your phone while listening to the audio on headphones. The mobile browser sleeps and the audio stops. So I used yt-dlp to rip the audio and dropped it into my Plex server to listen to with Prologue. It wasn’t even about the ads, I just wanted to do some gardening and listen to something on headphones while I worked, without my phone screen on.
on iphone, if you use youtube in the browser in stead of the app (as you should), then you can do background listening if you play the video, lock the phone, unlock the phone, play th video again, lock the phone, unlock the phone, resume play with the media controls, lock the phone.
I'm watching not youtube but video creators. There is no even worse alternative if person you want to watch doesn't publish video on other site.
Maybe, for watching "recommended" stream without any subscriptions there are alternatives (which? I cannot name good ones, anyway), but if you watch your subscription you are bound to platform which contain this subscription. And no, content creators are not interchangeable.
A friend of mine recorded a YouTube video using OBS. She had to do some minor edits on it and could not use her system during the recording, but it worked. I told her to stop it, as that is infringing on the creator's copyright and is an assault on the nation's digital economy. She hasn't recorded a video since, at least not that I know about. I feel good about making sure YouTube can reasonably profit off of creators' content since they give away the storage and access for free.
Instructions on Vine-glo grape concentrate during prohibition:
"Do not place the liquid in this jug and put it away in the cupboard for twenty-one days, because then it would turn into wine."
I had another friend that simply recorded YouTube videos from their smartphone. As a zealous law abiding citizen, I immediately smacked the phone out of his hand and lectured on how copyright law is the foundation of the Information Age, which is the future, and disregarding it is an affront to modern life and civilization. I made him delete all his videos, and even made him hand write letters of apologies to the YouTube creators. These creators don't reveal their home addresses, but I'm sure they appreciated the emails containing the scan of the handwritten letters.
We have an old SCSI scanner, so it took about as long to scan it as it did to write it.
I’m a paying YouTube premium subscriber. Last weekend, I wanted to download something so I can watch it on my way in the train. The app got stuck at “waiting for download..” on my iPad. Same on iPhone. Restart did not work. I gave up after an hour (30 mins hands on trying stuff, 30 mins waiting for it to fix itself). Downloaded the video using yt-dlp, transferred it to my USB c flash drive, and watched it from that.
Awaiting their “premium cannot be shared with people outside household” policy so I can finally cancel. Family members make good use of ad-free.
I'm also a premium subscriber, and have struggled with the same issues on the iPad app. I try to keep some shows downloaded for my toddler, and the download feature never seems to work on the first try.
I finally got so fed up, I bought a Samsung Galaxy Tab A7 off ebay for $50 and flashed it with LineageOS. I can now load whatever media I want onto the 1 TB sdcard I've installed in it. The 5 year old hardware plays videos just fine with the VLC app. And, as a bonus, I discovered that NewPipe, an alternative YouTube client I installed through the F-Droid store, is actually much more reliable at downloading videos than the official client. I was planning on using yt-dlp to load up the sdcard, but now I don't even need to do that.
I use yt-dlp inside of a-shell on iOS, then play files using VLC.
i use this for things i repost on IG with commentary. i would rather not have a huge folder of downloads of random stuff i'm not even sure i want to revisit. (and i'm bad about clearing out space on my phone.)
Doesn’t solve VLCs suckiness on iOS. No PiP support when it’s been in iOS for years now…
When your PR is ready, you can submit it here:
https://github.com/videolan/vlc-ios/pulls
Nice trick I'll have to try this. Thanks!
NewPipe is incredible. If Google ever stops signing apps like that, I'll be switching to a Linux phone.
I use another app from F-Droid called Skytube for occasional downloads. I like it.
https://f-droid.org/en/packages/free.rm.skytube.oss/
https://f-droid.org/en/packages/free.rm.skytube.legacy.oss/
as soon as they have a map app that works with car play i'm switching to linux phone.
Don't car play and android auto rely on proprietary libraries? I doubt it will come to Linux phones unless they take off or something like microg reimplements the proprietary parts.
GNOME Maps is good enough for me. I don't know what Carplay is and at this point I'd rather not ask.
Framework for using your cars infotainment system as your screen/input device. Android has something similar called Android Auto.
Tangential.
The TIDAL app is absolute trash, it has this same issue all the time; not just that, but also, if a download fails it just hangs there and does not download the rest of the album/playlist.
Also, why would you want to download things in the first place? To watch them offline, right? Well, guess what happens when you open the app w/o an internet connection ... it asks you to login, so you cannot even access your music. 900k/year TOC genius work there.
The only reason why I haven't canceled is because I'm too lazy to reset my password in order to login and cancel, lol. Might do it soon, though.
When I try it for a month, the worst part.. your entire download queue fails forever unless you manually remove hundreds of items one by one
There is no way to remove the stuck item if it's been pull from streaming library or you in country that -- such traveling etc -- does not have r ights to it. You simply cannot open the track to undownload it
One thing I like about Tidal though: you can download everything, DRM-free, using tidal-ng.
I also pay for YouTube Premium, but I still use ReVanced on my smartphone just to disable auto-translation. It’s absolute madness that users can’t configure this in the official app.
It’ll be fixed when some product manager can offer it as a promotion project
I was talking to "my friend" about how I'm annoyed my calendar duplicates holidays because it imports from multiple calendars and he asked me "what value" would be provided if this was solved. Confused I said it pushes things off so I can't read events. He clarified he meant monetary value...
We're both programmers so we're both know we're talking about a one line regex...
I know quite a number of people like this and they're in high positions at big tech companies... doesn't take a genius to figure out why everything has such shitty user experiences and why all the software is so poorly written. No one even seems to care about the actual product they'll only correct you to tell you the product is the stock and the customer is the shareholder, not the user.
We fucked up...
Hmm. If the annual subscription is $100 then the value of fixing this is $100.
If it is free, then, what's the profile worth for a year... there's the value.
User retention is a thing.
I mean these numbers are just made up anyways, so why are engineers concerned with them? The idea of engineers needing to justify monetary value is just... ill conceived. They should be concerned with engineering problems. Let the engineering manager worry about the imaginary money numbers.
Problem is no one needs to care about the product's quality if the product has the market cornered... Even less of a concern if the users don't know how to pick good products from bad products. Tech illiteracy directly leads to Lemon Markets> I mean these numbers are just made up anyways, so why are engineers concerned with them?
That's what they're directly or indirectly being graded on. Even if they don't have to show how their work impacted the company's bottom line, their managers or their managers' managers have to, and poop just rolls downhill.
> The idea of engineers needing to justify monetary value is just... ill conceived. They should be concerned with engineering problems. Let the engineering manager worry about the imaginary money numbers.
If this was only possible in this industry. If you're in a small company, you're wearing multiple hats anyway. If you're in a big corp, well, my wife hates that I see this in everything, but - hidden inflation is a thing. As roles are eliminated (er, "streamlined"), everyone is forced to be responsible for things they're not really supposed to care about (my favorite example is filing expense reports).
As you aptly put it upthread: we fucked up...
User retention is not much of a thing anymore thanks to the stickiness afforded by integrated services and network effects.
You can't just switch calendar/video streaming when everything else is integrated with it/everyone is exclusively posting on this network.
> We're both programmers so we're both know we're talking about a one line regex...
As a big tech programmer, it's almost never that simple...
Small edges cases not covered by a one line regex can mean big issues at scale, especially when we're talking about removing things from a calendar.
What did you tell him was the monetary value? Let's say there are like 5 holidays per year that result in days where some people have holidays but others do not, so business meetings happen that day that get missed. Let's say you have a 100 million people using this calendar software. Let's say 0.5 percent of those are in the executive class. Furthermore, let's say 10% of them miss a meeting due to this UI issue. That's 50,000 missed meetings. If we handwave that each of those meetings could have resulted in $10 million deals for their company, this UI bug is costing customers half a trillion dollars!
So, after estimating the number of ping pong balls that fit on a 747, the thing to do is to go write the regexp and put that on your promo packet. Half a trillion dollars!
Obviously they meant monetary value for the software company. How much more revenue will they make if they implement it?
Sorry, let me clarify better (but it leads to similar issues)
On my iPhone[0] calendar I imported my Microsoft (work) and Google (personal) calendars, also having the iPhone calendar. If we take last Labor day as an example, if I don't disable the Holiday calendars in Microsoft and Google, I have 3 entries for Labor Day. Holidays sit at the top of the day so if I'm on my phone I basically won't see any other events. If I'm on my macbook and my Calendar is using 60% of my vertical space I see "Labor Day +3 more". Full screen I can see 4 maybe 5 entries....
So I can save a large chunk of real estate by doing a simple fucking 1 line regex. At the same time I can effectively merge the calendars, so I get to see the holidays that are in one but not the others.
Effectively, I can ACTUALLY SEE WHAT I HAVE SCHEDULED FOR THE DAY[1]
This, of course, also affects other things. Sometimes Google will add an event because I got an email later. Fuck, now I have dupes... Same thing happens with birthdays... Or you can hit that fun bug where you have for some god damn reason duplicate contacts with the same name, phone number, and birthday, you get triplicate calendar entries and merging[2] and results in quadruple entries!
I have missed so many fucking things because I didn't see it on my calendar[3]. And someone has the audacity to ask how much money would be saved? We've spent longer discussing the problem than it would take to fix it! These aren't junior people I'm talking to (who ask dumb things like "but I can't control or merge the other calendars" not recognizing it's a display issue), but like a L6 at Amazon.[4]
I swear, the problem is no one realizes the point of leetcode questions was never to get the answers right, but to just have some problem for an interviewee work on and see how they go about solving it. I'd rather an engineer get the wrong answer with a good thought process than get the right answer with shitty code that was obviously memorized. It's much harder to teach people how to think than it is to teach them some specific thing to remember.[0] I've almost immediately regretted this decision...
[1] General frustration yelling, not yelling at you
[2] No, the "find duplicate contacts" option does not in fact find duplicate contacts (what fucking data are they looking for? Because it sure as hell isn't identical names. Why isn't it even trying to do similar names?!)
[3] I've also missed so many fucking things because that little scroll wheel wasn't completely finished with its animation and so saved the wrong day or switched AM to PM. I've missed so many things because I have so little control over notifications and they disappear not if I dismiss them, but if I just unlock my god damn phone. So not just that one liner needs to be done, but it would do a lot and these other one-liners would also greatly help.
[4] Dude was complaining about candidates using GPT to do leetcode problems and how he had a hard time figuring out if they were cheating or not. One of my many suggestions was "why not do in person interviews?" which was answered with how expensive plane tickets were (his interviewees were local) and contradicted his prior and later statements about how costly it is to hire/interview someone. I'm sorry, what percentage of 6 engineer's salaries to do 6 interviews for an hour is a single round trip ticket for a domestic flight? Or to have someone... drive in...
and removed when that person who is promoted doesn't work on it again
The auto-dub feature is madness. I noticed it first a couple of days ago, I'm crossing my fingers that few authors choose to enable it, and that YouTube makes it easy to disable as a default in settings (not currently possible, you have to do it as you watch, every time).
I'm in a Spanish speaking country, but I want to watch English videos in English.
Auto-generated subtitles for other languages are ok, but I want to listen to the original voices!
It is enabled by default. One creator of English language content had their video misclassified as Spanish and people were getting a machine English dub on an English video. Support to fix it appears to be a nightmare.
Wait, do you mean it's enabled by default but the author can disable it?
If not, I wonder why I can still watch most videos in their original language (even though I'm in a Spanish-speaking country), and I only encountered this once so far.
There is supposed to be a procedure to manually remove each language dub but it was broken (at least as of last year).
What about the auto translated titles? It also happens for chapters in the video...
Sames languages as you. It drives me nuts because the translations are almost always wrong.
This “feature” amazes me. It is badly done and a bad idea. I haver never watched a dubbed video so why show me a translated title? It’s also surprising, Google has plenty ESL employees on staff.
There has to be some KPI tied to how often the AI model is used in production for providing translations on YouTube etc. Someone's promotion hangs on the translation feature being used as often as possible on YouTube.
I don't want it dubbed whether I speak the language or not.
Yes, this is what I mean. I NEVER want it dubbed.
I'd rather use auto-generated subtitles (even if flawed), but I want to hear the original voices!
> Auto-generated subtitles for other languages are ok, but I want to listen to the original voices!
The first time I saw this feature, it was on a cover of some pop song in a foreign language. Why on Earth... ?
Comments are quite good at pointing out when the creator has accidentally left it on (it is of course enabled by default and authors have to actively disable it).
I wonder who got the idea at Youtube that forced auto-dub was a good idea. This shows how dysfunctional the management is. It's one thing to have assholes in your team, it's a different thing to not look at what they are doing.
Thanks for the recommendation.
I was using the browser feature that disables the mobile mode on smartphones.
The autodub feature should be disabled asap. Or at least have a way to disable globally on all my devices.
Even more hilariously, if you upload to YouTube then try to download from your creator dashboard thing (e.g. because you were live-streaming and didn’t think to save a local copy or it impacts your machine too much) you get some shitty 720p render while ytdlp will get you the best quality available to clients.
Oh, that reminds me of a similar experience with Facebook video. Did a live DJ stream a few years ago but only recorded the audio locally at max quality. Back then, I think I already had to use the browser debugger to inspect the url for the 720p version of the video.
When they recently insisted by email I download any videos before they sunset the feature, their option only gave me the SD version (and it took a while to perform the data export).
Canceled mine after ad-free stopped working on YouTube Kids of all things (on ShieldTV). Was probably a bug, but with practically no customer service options, no real solutions besides cancel.
I was also a holdover from a paying Play Music subscriber, and this was shortly after the pita music switchover to youtube, so it was a last straw.
>Awaiting their “premium cannot be shared with people outside household” policy so I can finally cancel.
Then I have good news for you! https://lifehacker.com/tech/youtube-family-premium-crackdown
In fact, I've got an email from them about this already. My YT is still ad-free though, so not sure when it's going to kick in for real.
Ya I got this message when I was on vacation for a week. Seems a little messy on their part.
ReVanced and other alternatives exist.
So long as they are broadcasting media to the public without an explicit login system, so as to take advantage of public access for exposure, it will remain perfectly legitimate and ethical to access the content through whatever browser or software you want.
After they blitzed me with ads and started arbitrarily changing features and degrading the experience, I stopped paying them and went for the free and adblocking clients and experience.
I may get rid of phones from my life entirely if they follow through with blocking third party apps and locking things down.
> ReVanced and other alternatives exist.
For now. I suspect this is the real reason Google is going to require a developer cert even for sideloaded apps: https://www.techradar.com/phones/android/google-will-soon-st...
the problem is, you cannot be sure what Google does if they catch you violating their ToS. They have killed off entire google accounts for YT copyright strikes with no recourse.
That's why I'm not using Google accounts for anything important, I left gmail in 2014 and I really advise everybody to do the same.
You never know when the hammer can drop.
This. I simply don't understand why some people rely on Google given the risk level, impact and their no-recourse-except-maybe-public-shaming policy.
Google doesn't capriciously deprecate things in a short amount of time. When they sunset features, there's plenty of warning. They'll tell you that there's a hammer, that it's going to drop on you in 6 months, which is plenty of time for you to get out from under it. Which, I mean, I'd rather there not be a hammer, but it's not like they're gonna announce on a Friday that they're shutting down Google Keep on Monday and I need to wreck my whole weekend in order to save all my notes.
The hammer isn't shutting down a service, it refers to your Google account getting banned for a violation or whatever reason they feel like.
I'm not afraid of them deprecating Gmail, I'm afraid thar I wake up one day and the account is banned without recourse.
Yeah, same. I still have a gmail account that just forwards emails, and I update the email on services as they come on. Being on your own domain for email is just better.Though, I use a service provider to handle the mail server itself
I’m another Premium user in the same position. I use uBlock Origin and Sponsorblock on desktop and SmartTube on my TV. I pay for Premium to be able to share ad-free experience with my less technical family members, and to use their native iOS apps. If they really tighten the rules on Premium family sharing, I’ll drop the subscription in an instant.
I’m a Premium user and primarily watch on AppleTV. A little while ago they added a feature where if I press the button to skip ahead on the remote when a sponsor section starts, it skips over the whole thing. It skips over “commonly skipped” sections.
While it doesn’t totally remove it, it lets me choose if I want to watch or not, and gets me past it in a single button press. All using the native app. I was surprised the first time this happened. I assume the creators hate it.
YouTube premium "download" is also just completely fake. Downloaded where? What file can I copy?
I had a similar experience on YouTube Music. I discovered the message was misleading and I just had to enable downloads when not on WiFi
I'm constantly baffled by how bad the implementation of YouTube Premium downloads is. Videos will buffer to 100% in a matter of seconds but get endlessly stuck when I hit the download button. Why? All the bytes are literally on my device already.
Because they want to control the bytes on your devices.
Giving you the bytes would be easy, the hard part is preventing the free flow of information. And those bugs are the side effects.
The whole YouTube app is weird. Sometimes it lets you do 1.0x-2.0x. Sometimes it lets you range from .25x-4x. Sometimes it pops up a text selection box with every .05x option from .1 to 4.0. Sometimes it has a nicer UI with shortcut selections for common choices and a sliding bar for speed. It recently picked up a bug where if you're listening to a downloaded video, but turn the screen off and on again, the video playback seems to crash. A few months ago it became very, very slow at casting, all manipulations could take 30 seconds to propagate to the cast video (pause, changing videos, etc)... but they didn't usually get lost. (It would be less weird if they did just get lost sometimes.) You aggressively can't cast a short to a TV, in a way that clearly shows this is policy for some incomprehensible reason, but if you use the YouTube app directly on your set top box it'll happily play a short on your TV. Despite its claims in small text that downloads are good for a month without being rechecked, periodically it just loses track of all the downloads and has to redownload them. It also is clearly trying to reauthorize downloads I made just 30 minutes ago sometimes when I'm in a no-Internet zone, defeating the entire purpose. When downloads are about 1/4th done it displays the text "ready to watch on the download screen" but if you try to watch it it'll fail with "not yet fully downloaded".
Feels like the app has passed the complexity threshold of what the team responsible for it can handle. Or possibly, too much AI code and not enough review and testing. And those don't have to be exclusive possibilities.
the control changes sound like you might have gotten caught in some kind of a-b testing
They flop back and forth at a high frequency though. I can hit all three cases in five minutes and it's been like that for months.
Also there is never a sensible reason to offer video speeds as a combo-box popup of all options from .05x to 4.00x. It's like three times the vertical size of my screen.
All that testing and they've never thought to offer a one-tap way to get back into speed control once I've adjusted the speed one or more times on the same video.
Don’t get me started on the “highest quality” account setting absolutely never selecting 4K options when available. They simply have to try to save the bandwidth money by nesting quality options a couple taps away. (A userscript fixes this on desktop and even in Safari iOS/iPadOS, but I don’t deserve the quality I’m paying for if I use their native app.) [Privileged rant over!]
Also a paying YT Premium subscriber. I live in a rural part of CA where there isn't much 5G reception. For extremely long drives in my minivan, I allow my toddler to watch Ms. Rachel on the screen via an HDMI port input from my iPhone. Youtube Premium videos have DRM that disallow downloads to play over HDMI, so I had to do what you did and add them as files locally to VLC and play them from there.
> Awaiting their “premium cannot be shared with people outside household” policy
I recently got paused for "watching on another device" when I wasn't. I don't think that policy you mention is too far off.
> Awaiting their “premium cannot be shared with people outside household” policy so I can finally cancel
That's been a policy for a while, the sign up page prominently says "Plan members must be in the same household".
No idea if its enforced though.
I have 2 homes. Every time I "go up north" I have to switch my Netflix household and then back again when I return. This sounds like that won't even be possible.
I also have YouTube premium and watch mostly on my iPad and TV. YouTube constantly logs me out at least once per day. I notice because I’ll randomly start seeing ads again (I open videos from my rss reader, never their site). This never happened when I wasn’t on premium. I don’t get what they’re doing, but my impression after almost a year is that it’s only slightly less annoying than getting ads. At this point, I might as well not renew and just use ad block.
YouTube’s “Download” is not really a download, it’s actually “cache offline” within YouTube app.
I run into that download issue all the time. I need to pause downloading each video. Force close the youtube app. Then unpause the downloads to get them downloading again. It has been happening for years and is still unfixed.
I am a premium subscriber so I can download via yt-dlp in peace without any errors or warnings.
We are not the same.
What video did you watch?
Nintendo Direct. Download issue persisted with all videos though
I'll admit to using yt-dlp to get copies of videos I wish to have a local copy of, which can't be taken away from me by somebody else, but I pay for premium because that pays for content I watch. If you don't pay for content, where's it going to come from? Patreon only works for super dedicated stars with a huge following.
Why not use Brave browser and their playlist feature for offline downloads?
We still need competition in the browser space or Google gets to have a disproportionate say in how the Internet is structured. I promise you, Firefox and Safari aren't that bad. Maybe Firefox is a little different but I doubt it's meaningfully different for most people [0]. So at least get your non techie family and friends onto them and install an ad blocker while you're at it.
[0] the fact that you're an individual may mean you're not like most people. You being different doesn't invalidate the claim.
Firefox is in decline and Brave will soon overtake it. Brave blocks ads natively. There is a lot of advantage in that but we also may eventually have a new model that funds the internet. And I don't see Firefox or Safari disrupting advertising.
https://data.firefox.com/dashboard/user-activity
https://brave.com/transparency/
I'll just throw out there that zen-browser.app is a gentle fork of Firefox to make it look like the (abandoned, chromium) arc browser, it's great.
That Brave link shows growth has flatlined
I think you've missed the point entirely.
The point is that if everyone is using a single browser (not just Chrome/Chromium) then that actor gets disproportionate control over the internet. That's not good for anyone.
The specific gripe to Chromium is that _Google_ gets that say, and I think they are less trustworthy than other actors. I'm not asking anyone to trust Mozilla, but anyone suggesting Mozilla is less trustworthy than Google probably has a bridge to sell you. Remember that being Chromium still means that Brave is reliant upon Google. That leads to things like this[0,1]. Remember, the chromium source code is quite large, which is why things like [0] aren't so easily found. I also want to quote a quote from [0.1]
That wouldn't be the first time people have found Google preferencing their browser and it is pretty known this happens with YouTube. Do we really want ANY company having such control over the internet? Do we really want Google to? I'm not sure what you're trying to tell me here. That Brave has 64% of the number of users as Firefox? That Brave users really like Gemini, Coinbase, and Uphold? That Brave users are linking their Brave account to sites like Twitter, YouTube, Reddit, GitHub, Vimeo, and Twitch? That Brave Ads is tracking via the state level? Honestly I have more questions looking at the Brave "transparency" report, as it seems to have more information about users than Firefox...If you're extra concerned about privacy and that's your reason for Brave, then may I suggest the Mullvad browser[2]? It is a fork of Firefox and they work with Tor to minimize tracking and fingerprinting. You get your security, privacy, and out from under the boot of Google.
[0] https://github.com/brave/brave-browser/issues/39660
[0.1] https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs...
[1] https://www.bleepingcomputer.com/news/google/google-to-kill-...
[2] https://mullvad.net/en/browser
> Why not use Brave
Reddit has the answer for you: https://www.reddit.com/r/browsers/comments/1j1pq7b/list_of_b...
I’m not using brave browser so did not know it could download videos
I’m using Brave, but didn’t know either :p
Nice, didn't know Brave could do that.
For anyone here who runs a startup, I propose two lifestyle benefits you should add:
1. Unlimited YouTube Premium
2. Unlimited drink reimbursement (coffee, tea, smoothies, whatever)
The psychological sense of loss from those two things would be larger than any 5% raise.
I don't like that math, rather have the 5% than $8k in perks.
The pitch is for the employer: This would likely be both cheaper and simultaneously stickier.
I personally wouldn't want to hire a startup employee who couldn't figure out how to install a browser extension. ;-)
Roku tho
You're assuming startups are all tech. At my job, tech is not even 1/3 of employees.
Browser extensions are not meant for the technical crowd, they're meant to be installed by all users of the browser. If someone is not bright enough to figure out how to install a browser extension, or change a lightbulb, or refill the ice tray, tech worker or not I don't need them in my startup.
ah yes, let me just install a browser extension on the kids ipad
FYI for next time you're buying, you can install Firefox on Android, although this is perhaps threatened by Google's planned changes to user's ability to install software.
Here, this will help with that
https://kagi.com/orion/
I really appreciate the engineering effort went into this "JavaScript interpreter"
https://github.com/yt-dlp/yt-dlp/blob/2025.09.23/yt_dlp/jsin...
This is perfect for the problem they were solving. Really cool that they took it this far to avoid adding further overhead.
This is the buried lede in this announcement for me - I had no idea they were already going to such lengths. It's really impressive!
It's a subset of Javascript. HN discussion here https://news.ycombinator.com/item?id=32794081
This is amazing, an old school but effective approach in this modern age. I was afraid they were going to embed a browser.
I decided just to look at the code for a moment and discovered ChainMap in Python.
This is excellent for some of my usages. I want to have my AI agents "fork" their context in some ways, this could be useful for that instead of juggling a tree of dictionaries.
Heh, now I wonder how much JavaScript it actually interprets and given that it’s < 1000 lines, whether it could be used towards an introductory course in compilers.
Obviously not. An introductory course would introduce concepts like lexers, parsers, AST, etc, instead of working on strings.
Here are lines 431 through 433:
There’s a famous presentation by David Beazley where he implements a WASM interpreter in Python in under an hour. Highly recommended.
Bytecode interpreters are quite simple compared to the actual lexer / parser.
I'm on mobile, this seems like an actual js interpreter that only does objects and arithmetic. Impressive that it went that far
Wait I thought they were running an entire browser engine
Over time they probably will require that. I believe YT still allows most of these things because of "legacy" apps, which they have been killing off bit by bit. I'm not sure if anyone is cataloging the oldest supported app, but most things like using YT from a slightly older game console don't work anymore.
Basically any publicly known method that can sip video content with doing the least work and authentication will be a common point of attack for this.
heh, that's pretty cool.
I wonder how long until it gets split off into its own project. For the time being, it could do with a lot more documentation. At least they've got some tests for it!
> I wonder how long until it gets split off into its own project
The submission is literally about them moving away from it in favor of Deno, so I think "never" probably gets pretty close.
Thanks for explaining - I didn't understand that this is what was being replaced.
Aside from the fact that the point of the announcement is that they're dropping it entirely, this "interpreter" is a hack that definitely is nowhere near capable of interpreting arbitrary JS. For example, the only use of `new` it handles is for Date objects, which it does by balancing parens to deduce the arguments for the call, then treating the entire group of arguments as a string and applying regexes to that.
When I first got with my wife I seemed a bit crazier than I am because I am a media hoarder for 30+ years. I don't have any VHS, DVDs, etc. laying around because I only keep digital copies, but I have pretty decent archives. Nothing important really, just normal stuff and some rare or obscure stuff that disappears over time.
My wife was interested in the idea that I was running "Netfix from home" and enjoyed the lack of ads or BS when we watched any content. I never really thought I would be an "example" or anything like that - I fully expected everyone else to embrace streaming for the rest of time because I didn't think those companies would make so many mistakes. I've been telling people for the last decade "That's awesome I watch using my own thing, what shows are your favorites I want to make sure I have them"
In the last 2 years more family members and friends have requested access to my Jellyfin and asked me to setup a similar setup with less storage underneath their TV in the living room or in a closet.
Recently-ish we have expanded our Jellyfin to have some YouTube content on it. Each channel just gets a directory and gets this command ran:
It actually fails to do what I want here and download h264 content so I have it re-encoded since I keep my media library in h264 until the majority of my devices support h265, etc. None of that really matters because these YouTube videos come in AV1 and none of my smart TVs support that yet AFAIK.Checkout https://github.com/meeb/tubesync
First I ran a simple script, now I use ytdltt [1] to allow my mother via telegram bot to download YT videos (in her case its more like audiobooks) and sort them in directories so she can access/download it via jellyfin. Shes at around 1.2TB audiobooks in like 3 years.
1: https://github.com/entropie/ytdltt
Do you have to put in cookies to avoid the sign in/bot prompt? Do you use a vpn to download yt videos?
> It actually fails to do what I want here and download h264 content so I have it re-encoded
I struggled with that myself (yt-dlp documentation could use some work). What's currently working for me is:
I recently discovered Pinchflat [1], which seems like an *arr-inspired web alternative, and works great for me - I just need to add the videos I want downloaded to a playlist and it picks them up. Also uses yt-dlp under the hood.
1. https://github.com/kieraneglin/pinchflat
Tried this: "yt-dlp -f 'bestvideo*[ext=mp4]+bestaudio[ext=m4a]/best[ext=mp4]/best' -S vcodec:h264 -other_options …" ? I'm still getting proper h264 with that (my Raspberry PI 3 only wants a proper codec too… none of that mushy new-era codec stuff. ;) )
use the new preset feature to get h264: -t mp4
you can also skip the match filters by running the /videos URL instead of the main channel url.
if you want 720p, use -S res:720
>fails to do what I want here and download h264 content
you are missing [vcodec^=avc1] ?
Days of just getting data off the web are coming to an end as everything requires a full browser running thousands of lines of obfuscated js code now. So instead of a website giving me that 1kb json that could be cached now I start a full browser stack and transmit 10 megabytes through 100 requests, messing up your analytics and security profile and everyone's a loser. Yay.
On the bright side, that opens an opportunity for 10,000 companies whose only activity is scraping 10MB worth of garbage and providing a sane API for it.
Luckily all that is becoming a non-issue, as most content on these websites isn't worth scraping anymore.
*and whose only customers are using it for AI training
fortunately it is now easier than ever to do small-scale scraping, the kind yt-dlp does.
I can literally just go write a script that uses headless firefox + mitmproxy in about an hour or two of fiddling, and as long as I then don't go try to run it from 100 VPS's and scrape their entire website in a huge blast, I can typically archive whatever content I actually care about. Basically no matter what protection mechanisms they have in place. Cloudflare won't detect a headless firefox at low (and by "low" I mean basically anything you could do off your laptop from your home IP) rates, modern browser scripting is extremely easy, so you can often scrape things with mild single-person effort even if the site is an SPA with tons of dynamic JS. And obviously at low scale you can just solve captchas yourself.
I recently wrote a scraper script that just sent me a discord ping whenever it ran into a captcha, and i'd just go look at my laptop and fix it, and then let it keep scraping. I was archiving a comic I paid for but was in a walled-garden app that obviously didn't want you to even THINK of controlling the data you paid for.
It's an arms race. Websites have become stupidly/unnecessarily/hostilely complicated, but AI/LLMs have made it possible (though more expensive) to get whatever useful information exists out of them.
Soon, LLMs will be able to complete any Captcha a human can within reasonable time. When that happens, the "analog hole" may be open permanently. If you can point a camera and a microphone at it, the AI will be able to make better sense of it than a person.
Please remember that an LLM accessing any website isn't the problem here. It's the scraping bots that saturate the server bandwidth (a DoS attack of sorts) to collect data to train the LLMs with. An LLM solving a captcha or an Anubis style proof of work problem isn't a big concern here, because the worst they're going to do with the collected data is to cache them for later analysis and reporting. Unlike the crawlers, LLMs don't have any incentives in sucking up huge amounts of data like a giant vacuum cleaner.
This 1kb os json still sounds like a modern thing, where you need to download many MB of JavaScript code to execute and display the 1kb json data.
What you want is to just download the 10-20kb html file, maybe a corresponding css file, and any images referenced by the html. Then if you want the video you just get the video file direct.
Simple and effective, unless you have something to sell.
The main reason for doing video through JS in the first place, other than obfuscation, is variable bitrate support. Oddly enough some TVs will support variable bitrate HLS directly, and I believe Apple devices, but not regular browsers. See https://github.com/video-dev/hls.js/
> unless you have something to sell
Video hosting and its moderation is not cheap, sadly. Which is why we don't see many competitors.
And by "not many" you really mean zero competitors.
(before you ask: Vimeo is getting sold to an enshitification company)
Those "zero" include: Rumble, Odysee, Dailymotion, Twitch, Facebook watch... etc.
And a decent list here: https://ideaexplainers.com/video-sites-like-youtube/
Twitch does live streaming but recently severely limited the extent of free hosting for archived content.
Not actually heard of the first two, what's their USP?
And it's all to sell more ads.
I think this is just another indication of how the web is a fragile equilibrium in a very adversarial ecosystem. And to some extent, things like yt-dlp and adblocking only work if they're "underground". Once they become popular - or there's a commercial incentive, like AI training - there ends up being a response.
For now, yes, but soon CloudFlare and ever more annoying captchas may make that option practically impossible.
You should be thankful for the annoying captchas, I hear they're moving to rectal scans soon.
> Days of just getting data off the web are coming to an end
All thanks to great ideas like downloading the whole internet and feeding it into slop-producing machines fueling global warming in an attempt to make said internet obsolete and prop up an industry bubble.
The future of the internet is, at best, bleak. Forget about openness. Paywalls, authwalls, captchas and verification cans are here to stay.
Those days are not coming to an end:
* PeerTube and similar platforms for video streaming of freely-distributable content;
* BitTorrent-based mechanisms for sharing large files (or similar protocols).
Will this be inconvenient? At first, somewhat. But I am led to believe that in the second category one can already achieve a decent experience.
To how many content creators have you written to request them share their content on PeerTube or BitTorrent? How did they respond? How will they monetize?
1. Zero
2. N/A, but enough content creators on YT are very much aware of the kind of prison it is, especially in the years after the Adpocalypse.
3. Obviously, nobody should be able to monetize the copying of content. If it is released, it is publicly released. But they can use LibrePay/Patreon/Buy me a coffee, they can sell merch or signed copies of things, they can do live appearances, etc.
Do you know what Accelerate means?
I want them to go overboard. I want BigTech to go nuts on this stuff. I want broken systems and nonsense.
Because that’s the only way we’re going to get anything better.
Accelerationism is a dead-end theory with major holes in its core. Or I should say, "their" core, because there's a million distant and mutually-incompatible varieties. Everyone likes to say "gosh, things are awful, it MUST end in collapse, and after the collapse everyone will see things MY way." They can't all be right. And yet, all of them with their varied ideas still think it'll be a good idea to actively push to make things worse in order to bring on the collapse more quickly.
It doesn't work. There aren't any collapses like that to be had. Big change happens incrementally, a bit of refactoring and a few band-aids at a time, and pushing to make things worse doesn't help.
Look at history, things improve and then things get worse, in cycles.
During the "things get worse" phase, why not make it shorter?
Let's give it a shot.
The year is 2003. Svn and cvs are proving to be way too clunky and slow for booming open source development.
As an ethical accelerationist, you gain commit access to the repos for svn and cvs and make them slower and less reliable to accelerate progress toward better version control.
Lo and behold, you still have to wait until 2025 for git to be released. Because git wasn't written to replace svn or cvs-- it was written as the result of internal kernel politics wrt access to a closed-source source management program Bitkeeper. And since svn and cvs were already bad enough that kernel devs didn't choose them, you making them worse wouldn't have affected their choice.
Also, keep in mind that popularity of git was spurred by tools that converted from svn to git. So by making svn worse, you'd have made adoption of git harder by making it harder on open source devs to write reliable conversion tools.
To me, this philosophy looks worse than simply doing nothing at all. And this is in a specific domain where you could at least make a plausible, constrained argument for accelerationism. Your comment instead seems to apply to accelerationism applied to software in general-- there, the odds of you being right are so infinitesimal as to be fatuous.
In short, you'd do better playing the lottery because at least nothing bad happens to anyone else when you lose.
It doesn't foreshorten the cycle, it prolongs it and makes it worse.
I'm not waiting for the collapse to fix things - I'm waiting for it so that I won't have any more distractions and I can go back to my books.
As I said, there aren't any collapses like that to be had. Heaven and Earth will be moved to make the smallest change necessary to keep things flowing as they were. Banks aren't allowed to fail. Companies, despite lengthy strings of missteps and billions burned on dead ends, still remain on top.
You can step away from the world (right now, no waiting required). But the world can remain irrational longer than you can wait for it to step away from you, and pushing for more irrationality won't make a dent in that.
Oh I think the world will push me away at the next Android update. If I can't root/firewall/adblock/syncthing/koreader, the mobile phone will simply become a phone again.
If you showed me the current state of YouTube 8 years ago - multiple unskippable ads before each video, 5 midrolls for a 10 minute video, comments overran with bots, video dislikes hidden, the shorts hell, the dysfunctional algorithm, .... - I would've definitely told you "Yep, that will be enough to kill it!"
At this point I don't know - I still have the feeling that "they just need to make it 50% worse again and we'll get a competitor," but I've seen too many of these platforms get 50% worse too many times, and the network effect wins out every time.
It's classic frog boiling. I want them (for whatever definition of "them") to just nuke the frog from orbit.
Nsig/sig - Special tokens which must be passed to API calls, generated by code in base.js (player code). This is what has broken for yt-dlp and other third party clients. Instead of extracting the code that generates those tokens (eg using regular expressions) like we used to, we now need to run the whole base.js player code to get these tokens because the code is spread out all over the player code.
PoToken - Proof of origin token which Google has lately been enforcing for all clients, or video requests will fail with a 403. On android it uses DroidGuard, for IOS, it uses built in app integrity apis. For the web it requires that you run a snippet of javascript code (the challenge) in the browser to prove that you are not a bot. Previously, you needed an external tool to generate these PoTokens but with the Deno change yt-dlp should be capable of producing these tokens by itself in the near future.
SABR - Server side adaptive bitrate streaming, used alongside Google's UMP protocol to allow the server to have more control over buffering, given data from the client about the current playback position, buffered ranges, and more. This technology is also used to do server-side ad injection. Work is still being done to make 3rd party clients work with this technology (sometimes works, sometimes doesn't).
Nsig/sig extraction example:
- https://github.com/yt-dlp/yt-dlp/blob/4429fd0450a3fbd5e89573...
- https://github.com/yt-dlp/yt-dlp/blob/4429fd0450a3fbd5e89573...
PoToken generation:
- https://github.com/yt-dlp/yt-dlp/wiki/PO-Token-Guide
- https://github.com/LuanRT/BgUtils
SABR:
- https://github.com/LuanRT/googlevideo
EDIT2: Addeded more links to specific code examples/guides
If you ever wondered why the likes of Google and Cloudflare want to restrict the web to a few signed, integrity-checked browser implementations?
Now you know.
>If you ever wondered why the likes of Google and Cloudflare want to restrict the web
I disagree with the framing of "us vs them".
It's actually "us vs us". It's not just us plebians vs FAANG giants. The small-time independent publishers and creators also want to restrict the web because they don't want their content "stolen". They want to interact with real humans instead of bots. The following are manifestations of the same fear:
- small-time websites adding Anubis proof-of-work
- owners of popular Discord channels turning on the setting for phone # verification as a requirement for joining
- web blogs wanting to put a "toll gate" (maybe utilize Cloudflare or other service) to somehow make OpenAI and others pay for the content
We're long past the days of colleagues and peers of ARPANET and NFSNET sharing info for free on university computers. Now everybody on the globe wants to try to make a dollar, and likewise, they feel dollars are being stolen from them.
But this, too, skips over some nuance. There are a few types of actors here:
- small content creators who want to make their content accessible to individuals
- companies that want to gobble up public data and resell it in a way that destroys revenue streams for content creators
- gatekeepers like Cloudflare who want to ostensibly stop this but will also become rent-extractors in the process
- users who should have the right to use personal tools like yt-dlp to customize their viewing experience, and do not wish to profit at the expense of the creators
We should be cautious both that the gatekeepers stand to profit from their gatekeeping, and that their work inhibits users as well.
If creators feel this type of user (often a dedicated fan and would-be promoter) is a necessary sacrifice to defend against predatory data extractors… then that’s absolutely the creator’s choice, but you can’t say there’s a unified “us” here.
> small-time websites adding Anubis proof-of-work
Those were already public. The issue is AI bot ddos-ing the server. Not everyone has infinite bandwith.
> owners of popular Discord channels turning on the setting for phone # verification as a requirement for joining
I still think that Discord is a weird channel for community stuff. There's a lot of different format for communication, but people are defaulting to chat.
> web blogs wanting to put a "toll gate" (maybe utilize Cloudflare or other service) to somehow make OpenAI and others pay for the content
Paid contents are good (Coursera, O'Reilly, Udemy,...). But a lot of these services wants to have free powered by ads (for audience?).
---
The fact is, we have two main bad actors: AI companies hammering servers and companies that want to centralize content (that they do not create) by adding gatekeeping extension to standard protocols.
I don’t feel like dollars are stolen from me. It’s more of companies abusing my goodwill to publish information online. From higher bills as a result of aggressive crawling, to copying my work and removing all copyright/licensing from the code. Sure, fair use and all, but when they return the same exact code it just makes me wonder.
Nowadays, producing anything feels like being the cows udder.
> Now everybody on the globe wants to try to make a dollar, and likewise, they feel dollars are being stolen from them.
I'm not in it for the dollar. I just want the licenses I put on my content/code to be respected, that's all. IOW, I don't what I put out there to be free forever (as in speech and beer) to be twisted and monetized by the people who re in this for the dollar.
i want my content borrowed/shared, and I still need to be engaged in this stuff because the poorly behaved distributed bots that have arisen in the past year are trying to take boundless resources from my site(s), that I cannot afford.
It’s like we are living in an affordability crisis and people are tired of 400 wealthy billionaires profiting from peoples largess in the form of free data/tooling.
> The small-time independent publishers and creators also want to restrict the web because they don't want their content "stolen".
I'm sure some music creators may have, years ago, been against CD recorders, or platforms like Napster or even IRC-based file transfer for sharing music. Hell, maybe they were even against VCRs back in the day. But they were misguided at best.
People who want to prevent computer users from freely copying data are, in this context at least, part of "them" rather than "us".
>The small-time independent publishers and creators also want to restrict the web
Oh really? Does Linus's Floatplane go to this extent to prevent users from downloading stuff? Does Nebula? Does whatever that gun youtuber's version of video site do this?
Does Patreon?
> The small-time independent publishers and creators also want to restrict the web because they don't want their content "stolen"
... or just keep their site on the Internet. There hasn't been any major progress on sanctioning bad actors - be it people running vulnerable IoT crap that ends up being taken over by a botnet, cybercriminals and bulletproof hosters, or nation state actors. As long as you don't attack targets from your own geopolitical class (i.e. Russians don't attack Russians, a lot of malware will just quit if it spots Russian locale), you can do whatever the fuck you want.
And that is how we end up with darknet services where you can trivially order a DDoS taking down a website you don't like or, if you manage to get your opponent's IP leaked during an online game, their residential IP address. Pay with whatever shitcoin you have, and no one is any wiser who the perpetrator is.
When Nixon slammed the gold window shut so Congress could keep writing blank checks for Vietnam and the Great Society, it wasn't just some monetary technicality. It was the moment America broke its word to the world and broke something fundamental in us too. Suddenly money wasn't something you earned through sweat or innovation anymore. It became something politicians and bankers could conjure from thin air whenever they wanted another war, another corporate bailout, another vote-buying scheme.
Fast forward fifty years and smell the rot. That same fiscal recklessness Congress spending like drunken sailors while pretending deficits don't matter has bled into every pore of society. Why wouldn't it? When BlackRock scoops up entire neighborhoods with Fed-printed cash while your kid can't afford a studio apartment, people notice. When Tyson jacks up chicken prices to record profits while diners can't afford bacon, people feel it. And when some indie blogger slaps a paywall on their life's work because OpenAI vacuumed their words to train ChatGPT? That's the same disease wearing digital clothes.
We're all living in Nixon's hangover. The "us vs us" chaos you see Discord servers demanding your phone number, small sites gatekeeping against bots, everyone scrambling to monetize scraps that's what happens when trust evaporates. Just like the dollar became Monopoly money after '71, everything feels devalued now. Your labor? Worth less each year. Your creativity? Someone's AI training fuel. Your neighborhood? A BlackRock asset on a spreadsheet.
And Washington's still at it! Printing trillions to "save the economy" while inflation eats your paycheck alive. Passing trillion-dollar "infrastructure bills" that somehow leave bridges crumbling but defense contractors swimming in cash. It's the same old shell game: socialize the losses, privatize the gains. The factory worker paying $8 for eggs understands this. The nurse getting lectured about "wage spirals" while hospital CEOs pocket millions understands this. The teenager locking down their Discord because bots keep spamming scams? They understand this.
Weimar happened when money became meaningless. 1971 happened when promises became meaningless. What you're seeing now the suspicion, the barriers, the every-man-for-himself hustle is what bubbles up when people realize the whole system's running on fumes. The diner owner charging $18 for a burger isn't greedy. The blogger blocking AI scrapers isn't a Luddite. They're just building levees against a flood Washington started with a printing press half a century ago.
The tragedy is that we're all knee-deep in the same muddy water, throwing sandbags at each other while the real architects of this mess the political grifters, the Fed bankers, the extraction-engine capitalists watch dry-eyed from their high ground. Until we stop accepting their counterfeit money and their counterfeit promises, we'll keep drowning in this rigged game. The gold window didn't just close in '71. The whole damn social contract rusted shut.
Wow. That was eloquent, and coherent, and depressing. I'd be grateful for someone to counter with something less dismal. Good things are still happening in the world. A positive future remains possible -- but we have to be able to imagine it to bring it into being.
Well on the bright side blood avocados are still green. Which the poster also seems to appreciate.
Lately I've had to resort to buying avocados from Costco in those little plastic cups because whole avocados in many supermarkets in my region have started to spoil too quickly. Sad.
until people learn money, the concept, nothing will change. and that in turn will hardly happen while the bad guys own childhood (compulsory schooling).
What does any of this have to do with yt-dlp?
Ostensibly the same forces that drove Nixon to move the dollar off of gold, are driving Google to destroy third party YouTube clients.
Duh. I've known this for decades. The biggest advocates for DRM I've known are small-time content creators: authors, video producers, musicians. They've been saying the same thing since the 90s: without things like DRM, their stuff would be pirated, and they'd like to earn a living doing what they love instead of grinding at a day job to support themselves while everybody benefits from their creative output. In addition, major publishers and record labels won't touch stuff that's been online because of the piracy risk. They don't want to make an investment in smaller creators without a return in the form of sales of copies. That last bit is less true of music now than it used to be because of streaming and stuff, but the principle still applies.
This is why the DMCA will never be repealed, DRM will never go away, and there is no future for general purpose computing. People want access digital content, but the creators of that content wouldn't release it at all if they knew that it could be copied endlessly by whomever receives it.
The fact you shoved Cloudflare in there shows your ignorance of the actual problems and solutions offered.
I don't know, it's really hard to blame them. In a way, the next couple of years are going to be a battle to balance easy access to info with compensation for content creators.
The web as we knew it before ChatGPT was built around the idea that humans have to scavenge for information, and while they're doing that, you can show them ads. In that world, content didn't need to be too protected because you were making up for it in eyeballs anyway.
With AI, that model is breaking down. We're seeing a shift towards bot traffic rather than human traffic, and information can be accessed far more effectively and, most importantly, without ad impressions. So, it makes total sense for them to be more protective about who has access to their content and to make sure people are actually paying for it, be it with ad views or some other form of agreement.
I think your point is valid, but FTR the "shift" happened long before ChatGPT; bot traffic has exceeded that of humans for over a decade.
Don’t worry!
Ads are coming to AI. The big AI push next will be context, your context all the time. Your phone will “help” and get all your data to OpenAI…
“It looks like you went for a run today? Good job, you deserve a treat! Studies show a little ice cream after a long run is effectively free calories! It just so happens the nearest Dairy Queen is running a promotion just for the next 30 minutes. I’m getting you directions now.”
It would not be that much of a problem if ads promoted healthy and tasty food but they will probably promote an ice-cream made from a powder and chemicals emulating taste of berries rather than from milk and fresh-picked berries.
It still would be. Loss of agency. Ads are text and images you see. Native advertising in a chatbot conversation is a third party bidding their way into your conversation. Machine showing you an ad versus injecting intention into your context are very different things.
If open source AI becomes good enough would this model hold? I guess they will try to shut down the open models as they come close?
"I'm calling the user analysis tool... it seems this user is health conscious. I'll suggest a trail app for their next run instead of ice cream."
This is why contra Louis Rossman, Clippy was not a good thing for humanity.
At least for YouTube, viewbotting is very much a thing, which undermines trust in the platform. Even if we were to remove Google ads from the equation, there’s nothing preventing someone from crafting a channel with millions of bot-generated views and comments, in order to paid sponsor placements, etc.
The reasons are similar for Cloudflare, but their stances are a bit too DRMish for my tastes. I guess someone could draw the lines differently.
If any of this was done to combat viewbotting, then any disruption to token calculation would prevent views from being registered - not videos from being downloaded.
From my perspective both problems are effectively the same. I want to count unique users by checking for asset downloads and correlating unique session IDs. People can request the static assets directly, leading to view booting and waste of egress bandwidth.
The solution: have clients prove they are a legitimate client by running some computationally intensive JS that interacts with DOM APIs, etc. (which is not in any way unique to big tech, see Anubis/CreepJS etc.)
The impact on the hobbyist use case is, to them, just collateral damage.
No, the difference is: if I'm fighting viewbots, I want zero cues to be emitted to the client. The client should NEVER know whether its view is being counted or not, or why.
Having no reliable feedback makes it so much harder for a viewbotter to find a workaround.
If there's a visible block on video downloads? They're not fighting viewbots with that.
For general spam deterrence I agree, but how do you prevent paying for the bandwidth in this case?
Youtube has already accounted for this by using a separate endpoint to count watch stats. See the recent articles about view counts being down attributed to people using adblockers.
Even if they hadn't done that, you can craft millions of bot-sponsored views using a legitimate browser and some automation and the current update doesn't change that.
So I'd say Occam's razor applies and Youtube simply wants to be in control of how people view their videos so they can serve ads, show additional content nearby to keep them on the platform longer, track what parts of the video are most watched, and so on.
I'm sure that's a problem for Youtube. What does it have to do with me rendering Youtube videos on my own computer in the way I want?
> What does it have to do with me rendering Youtube videos on my own computer in the way I want?
It doesn't. That interferes with google's ad revenue stream, which is why YT continues to try to make it harder and harder to do so.
You don't have that right. When you view copyrighted content, you do so at the pleasure of the licensor.
How you watch copyrighted content has never been something that copyright has controlled.
As a viewer, this is not even remotely my problem.
Like another comment mentioned: that's a problem for YouTube to solve.
They pay a lot of money to many smart people who can implement sophisticated bot detection systems, without impacting most legitimate human users. But when their business model depends on extracting value from their users' data, tracking their behavior and profiling them across their services so that they can better serve them ads, it goes against their bottom line for anyone to access their service via any other interface than their official ones.
This is what these changes are primarily about. Preventing abuse is just a side benefit they can use as an excuse.
> which undermines trust in the platform
What? What does this even mean? Who "trusts" youtube? It's filled with disinformation, AI slop and nonsense.
I provided an example is given right after that sentence. Trustworthiness of the content is an entirely separate thing.
you forgot the excessive censorship, of course to "fight disinformation"...
it even became an interesting signal which "disinformation" they deem censorship-worthy.
Weird people talking about small time creators wanting DRM I've never seen that... Usually they'd be hounding for any attention? I don't know why multiple accounts are seemingly independently bringing this up, but maybe it is trying to muddy the waters? This concept?
Everything trends towards centralization on a long enough period.
I laugh at people who think ActivityPub or Mastodon or BlueSky will save us. We already had that, it was called e-mail, look what happened once everyone started using it.
If we couldn't stop the centralization effects that occurred on e-mail, any attempt to stop centralization in general is honestly a utopian fool's errand. Regulation is easier.
I am a big supporter of AT Protocol, and I contribute some money to a fund to build on it. Why laugh at running experiments? Nothing will "save us," it is a constant effort as long as humans desire to use these systems to connect. Email exists today, and is very usable still as a platform that cannot be captured. The consolidation occurred because people do not want to run their own servers, so we should build for that! Bluesky and AT Protocol are experiments in building something different, with different use cases and capabilities, that also cannot be captured. Just like email. You can run your own PDS. You can run your own stack from PDS to users "end to end" if you so choose. You can pay to do both of these tasks. No one can buy this or take it away from you, if it is built on protocols instead of a platform someone can own and control.
Regulation would be great. The EU does it well. It is lacking in the US, and will be for some time. And so we have to downgrade to technical mitigations against centralization until regulation can meet the burden.
e-mail can't handle 24/7 1k posts/sec traffic which Twitter was about. A more appropriate analogue is IRC.
There could be valid reasons for fighting downloaders, for example:
- AI companies scraping YT without paying YT let alone creators for training data. Imagine how many data YT has.
- YT competitors in other countries scraping YT to copy videos, especially in countries where YT is blocked. Some such companies have a function "move all my videos from YT" to promote bloggers migration.
>AI companies
Like Google?
>scraping YT without paying YT let alone creators for training data
Like Google has been doing to the entire internet, including people’s movement, conversations, and habits… for decades?
> Like Google?
Like Google competitors obviously.
> Like Google has been doing to the entire internet, including people’s movement, conversations, and habits… for decades?
Yes, but if you allowed to index your site (companies even spent money to make site better indexable), Google used to bring customers and AI companies bring back nothing. They are just freeloaders.
- Enforce views of ads
(not debating the validity of this reason, but this is the entire reason Youtube exists, to sell and push ads)
Then they should allow a download API for paying customers.
But even if you’re a paying customer, the creator is only paid if you watch it on the platform.
Music labels publish the music on YT in exchange for ad revenue, they won't be happy if someone would download their music for free, and making music is expensive, google how much just a single drum mic costs and you need lot of them.
> for paying customers
YT shares income from subscriptions with music labels? I didn't hear about this, and even if they shared the download must be paid much higher than a view because after downloading a person could potentially listen for a track hundred times in a row.
Youtube premium includes Youtube Music, which is alphabet's streaming service, and I assume that they are paying the same fees as everyone else.
> as everyone else
"Everyone else" do not allow to download music in an unencrypted format, so it makes sense if YT doesn't allow also.
It's not YT's content though.
Who says these are valid?
Why is this being downvoted? Are people really gonna shoot the messenger and fail to why a company may be willing to protect their competitive position?
> For the web it requires that you run a snippet of javascript code (the challenge) in the browser to prove that you are not a bot.
How does this prove you are not a bot. How does this code not work in a headless Chromimum if it's just client side JS?
Good question! Indeed you can run the challenge code using headless Chromium and it will function [1]. They are constantly updating the challenge however, and may add additional checks in the future. I suppose Google wants to make it more expensive overall to scrape Youtube to deter the most egregious bots.
[1] https://github.com/LuanRT/BgUtils
LLMs solve challenges. Can we not solve these challenges with sufficiently advanced LLMs? Gemini even, if you're feeling lulz-y.
Yes, by spending money.
I agree, in some cases and depending on LLM endpoint, some money may need to be spent to enable ripping. But is it cheaper than paying Youtube/Google? That is the question.
sometimes, it's not about the cost. it's about who/where the money is being spent.
Once JavaScript is running, it can perform complex fingerprinting operations that are difficult to circumvent effectively.
I have a little experience with Selenium headless on Facebook. Facebook tests fonts, SVG rendering, CSS support, screen resolution, clock and geographical settings, and hundreds of other things that give it a very good idea of whether it's a normal client or Selenium headless. Since it picks a certain number of checks more or less at random and they can modify the JS each time it loads, it is very, very complicated to simulate.
Facebook and Instagram know this and allow it below a certain limit because it is more about bot protection than content protection.
This is the case when you have a real web browser running in the background. Here we are talking about standalone software written in Python.
How does testing rendering work? Can javascript get pixel data from the DOM
https://www.w3schools.com/tags/canvas_getimagedata.asp
why can a bot dev not just get all of these values from the laptop's settings and hardwire the headless version to have the same values?
Because the expected values are not fixed, it is possible to measure response times and errors to check whether something is in the cache or not, etc.
There are a whole host of tricks relating to rendering and positioning at the edge of the display window and canvas rather than the window, which allow you to detect execution without rendering.
To simulate all this correctly, you end up with a standard browser, standard execution times, full rendering in the background, etc. No one wants to download their YouTube video at 1x speed and wait for the adverts to finish.
And barely a few days after google did it the fix is in.
Amazing how they simply couldn't win - you deliver content to client, the content goes to the client. Could be the largest corporation of the world and we still have yt-dlp.
That's why all of them wanted proprietary walled gardens where they would be able to control the client too - so you get to watch the ads or pay up.
Just the other day there was a story posted on hn[0][1] that said YouTube secretly wants downloaders to work.
It's it's always been very apparent that YouTube are doing _just enough_ to stop downloads while also supporting a global audience of 3 billion users.
If the world all had modern iPhones or Android devices you'd bet they'd straight up DRM all content
[0] https://windowsread.me/p/best-youtube-downloaders
[1] https://news.ycombinator.com/item?id=45300810
More specifically, yt-dlp uses legacy API features supported for older smart TVs which don't receive software updates. Eventually once that traffic drops to near zero those features will go away.
That conspiracy theory never even made sense to me. Why would anyone think that a payment and ad-supported content platform secretly wants their content to be leaked through ad and payment free means?
Mainly the theory that, if you can’t use downloaders to download videos, then people will no longer see YT as the go-to platform for any video hosting and will consider alternatives.
And I call that a theory for a reason. Creators can still download their videos from YT Studio, I'm not sure how much importance there is on being able to download any video ever (and worst case scenario people could screen recording videos)
i'd argue that 95%+ of users (creators and viewers) couldn't care less about downloading videos. creators use youtube because it's where the viewers and money are, viewers use youtube because it's where all the content is. none of them are going to jump ship if yt-dlp dies.
also, one could assume that the remaining 5% are either watching with vlc/mpv/etc or running an adblocker. so it's not like google is going to lose ad revenue by breaking downloaders like yt-dlp. grandparent comment (legacy smart TV support) is the much more likely explanation
It's not the 95% you're concerned about, it's the 1%, or 0.0001%, who are top content creators, who both archive their own production and use YT as a research tool themselves (whether simple "reply videos" or something more substantive). Ultimately Google will kill the goose and lose the eggs.
Those creators are what drive the the bulk of viewers to the platform.
Though, come to think of it, as YT's become increasingly obnoxious to use (the native Web client is utterly intolerable, front-ends such as Invidious are increasingly fragile/broken, yt-dlp is as TFA notes becoming bogged down in greater dependencies) I simply find myself watching (or as my preference generally is, listening) to far less from the platform.
I may be well ahead of the pack, but others may reach similar conclusions in 5--10 years. Or when a less-annoying alternative clearly presents itself.
being a de facto monopoly has a lot of value that is hard to quantify...
e.g. censorship, metadata, real time society-wide trends, etc...
google is way-way more than just a company.
Ronsor [1] and reply by seproDev:
> Why can't we embed a lightweight interpreter such as QuickJS?
> @Ronsor #14404 (comment)
The linked comment [2]:
> @dirkf This solution was tested with QuickJS which yielded execution times of >20 minutes per video
How on earth can it be that terrible compared to Deno?
[1] https://github.com/yt-dlp/yt-dlp/issues/14404#issuecomment-3...
[2] https://github.com/yt-dlp/yt-dlp/issues/14404#issuecomment-3...
> How on earth can it be that terrible [>20 minutes] compared to Deno?
QuickJS uses a bytecode interpreter (like Python, famously slow), and is optimised for simplicity and correctness. Whereas Deno uses a JIT compiler (like Java, .NET and WASM). Deno uses the same JIT compiler as Chrome, one of the most heavily-optimised in the world.
That doesn't normally lead to such a large factor in time difference, but it explains most of it, and depending on the type of code being run, it could explain all of it in this case.
QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
My concern is either that QuickJS is something like 100x slower, or that even when using Deno, the download experience will be insanely slow.
In my mind, an acceptable time for users might be 30 seconds (somewhat similar to watching an ad). If QuickJS is taking >20 minutes, then it is some 40x slower? Seems very high?
> QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
Interesting, not come across it before. Running C code seems like an insane workaround from a security perspective.
JIT is still banned by policy on a LOT of mobile devices, meaning that previous usage of yt-dlp on mobile is now effectively unsupportable.
well yt-dlp would also be banned surely? so it's not an issue anyway
I haven't tested this, but in theory running deno with `--v8-flags='--jitless'`[^1][^2] will disable the JIT compiler.
[^1]: https://v8.dev/blog/jitless
[^2]: https://docs.deno.com/runtime/getting_started/command_line_i...
If the performance drops due to lack of JIT, then GPs comment about effectively useless on mobile might still hold weight.
It's horrifying and Google must've worked very hard to kill the performance in other interpreters.
The brightest minds (or something close) working hard to make computation slower and more difficult, so that someone can profit more.
That is interesting. We use QuickJS in Minecraft (Bedrock, for modding) and while it's much slower than V8 it's not _that_ much slower.
It's almost funny, not to mention sad, that their player/page has been changed, filling it with tons of JS that makes less powerful machines lag.
For a while now, I've been forced to change "watch?v=" to "/embed/" to watch something in 480p on an i3 Gen 4, where the same video, when downloaded, uses ~3% of the CPU.
However, unfortunately, it doesn't always work anymore.
https://www.youtube.com/watch?v=xvFZjo5PgG0 https://www.youtube.com/embed/xvFZjo5PgG0
While they worsen the user experience, other sites optimize their players and don't seem to care about downloaders (pr0n sites, for example).
Put that next to GitHub. The app is nearly unusable on an i5 8th, often I just download a snapshot to browse locally.
Many performance problems on YouTube are because they now force everyone to use the latest heavy codecs, even when your hardware does not have acceleration for it. I have a laptop that is plenty powerful for everything else and plays 4K h264 no problem. 720p on YouTube on the other hand turns it into a hot slate after a minute and grinds everything to a halt.
There are browser extensions like h264ify that block newer codecs but WHY??? Is nobody at YouTube caring about the user experience? It’s easier and more reliable to just download the videos.
You are not alone. In Q1 2025 I was forced to adopt the embed player. In Q3 2025, google intentionally broke the embed player. Now the only youtube access I have is via yt-dlp. Long live yt-dlp and its developers
Personally I am looking to get away from Youtube and looking towards some form of PeerTube/peer-based platform.
The writing is on the wall for easy ripping. If there's any YT content you expect you'll want to preserve for a long time, I suggest spinning up https://www.tubearchivist.com/ or something similar and archiving it now while you still can.
pinchflat (https://github.com/kieraneglin/pinchflat) is an alternative to tubearchivst. less mature but also less buggy IME
I agree and feel that the time is now to archive all of the truly valuable cultural and educational content that YT acquired through monopolistic means.
This solution looks interesting, but I am technical enough to know that this looks like a PITA to setup and maintain. It also seems like it is focused on downloading everything from a subbed channel.
As it is now, with a folder of downloaded videos, I just need a local web server that can interpret the video names and create an organized page with links. Is there anything like this that is very lightweight with a next next finish install?
They already had the proper-DRM tech for youtube movies for years, why didn't they already turn that on for all content?
It would break many millions of old consumer devices that no longer receive updates, like old smart TVs. They are waiting for that old device traffic to drop low enough before they can force more robust measures.
You already need such things for certain formats.
It's not really a matter of just turning it on when it comes to the kind of scale that YouTube has on their catalogue. It's practically impossible to retranscode the whole catalogue, so you're more or less stuck with only doing it for newly ingested content, and even there the tradeoffs are quite large when it comes to actually having DRM.
I think we can safely assume that the only content under DRM at YouTube today is the content where it's absolutely legally necessary.
They actually somewhat did: https://github.com/yt-dlp/yt-dlp/issues/12563 "DRM on ALL videos with tv (TVHTML5) client"
YT probably HAD to put the DRM on in order to get the license deal with the studios. Nobody is twisting their arm as much so other interests (wider audience, less server side resources, not getting around to it) can prevail.
YouTube's delivery scale is enormous and adding additional complexity if they don't have to is probably considered a no no.
But if they decide they have to, they can do it fairly trivially.
I was surprised they went with Deno instead of Node, but since Deno has a readily available single-exe distribution that removes a lot of potential pain. This was pretty much just a matter of time, though; the original interpreter in Python was a brilliant hack but limited in capability. It was discussed a few years ago for the YouTube-dl project here https://news.ycombinator.com/item?id=32793061
Node does not have the concept of security and isolation like the Deno has. There is maintainer comment in the same thread.
What evidence is there that Deno's "security and isolation" works?
It's their application, yt-dlp can use whatever it wants. But they made their choices for stylistic/aesthetic reasons.
What evidence is telling the opposite?
Scripts use V8 isolation, identical to Chrome. What comes to rest, we can only trust or review by ourself, but it is certainly better than nothing in this context.
Identical to Chrome except the part where Chrome uses os-level sandboxing on top. V8 exploits are common, Deno sandboxing by itself is not a good idea if you are executing arbitrary code.
We are comparing to situation where the alternative is nothing. Maybe we just should remove locks from the doors because someone has lockpicked door somewhere.
I never said it was a poor choice in this specific context but propagating the idea that Deno's sandboxing is safe and "basically the same security as chrome" is wrong and can easily do damage the next time someone that has read this thread needs a way to execute untrusted JS.
Someone who understands what V8 isolation means, knows that it means process-level memory and garbage collectors. I didn't claim that it includes Chrome's OS sandbox features too.
But the usage of V8 means that Deno must explicitly provide the access (for V8) for networking and filesystem - the foundations for sandboxing are there.
The sandboxing features of Deno also seem to have played a role in that choice. I wouldn't overly trust that as a security layer but it's better than nothing.
This is the first time I've heard of Deno so I'm only going by their Security & Permissions doc page [1], but it looks like the doc page at the very end recommends using system-level sandboxing as a defense in depth. This suggests that Deno doesn't use system sandboxing itself.
To me this is a bit alarming as IIRC most app runtime libraries that also have this in-runtime-only sandboxing approach are moving away from that idea precisely because it is not resistant to attackers exploiting vulnerabilities in the runtime itself, pushing platform developers instead toward process-level system kernel-enforced sandboxing (Docker containers or other Linux cgroups, Windows AppContainer, macOS sandboxing, etc.).
So for example, .NET dropped its Code Access Security and AppDomain features in recent versions, and Java has now done the same with its SecurityManager. Perl still has taint mode but I wonder if it too will eventually go away.
[1] https://docs.deno.com/runtime/fundamentals/security/
Deno is a V8 wrapper, the same JS engine as Chrome. Vulnerabilities are very common there, not necessarily because it's poorly designed but more because there's massive financial incentives in findings them.
This plus what you mentioned is why I would never trust it to run arbitrary code.
Now in the context of yt-dlp it might fine, google isn't going to target them with exploits. I would still prefer if they didn't continue to propagate "DeNo iS SaFe BeCauSe It HaS sAnDbOxInG" because I've seen projets that were actually executing arbitrary JS rely on it thinking it was safe.
Deno sandboxing is paper thin, last time I looked they had very simple rules. It's a checkbox feature. If you want isolation use WASM.
It doesn’t have granularity in terms of what parts of the code have what permission - everything in the same process has the same permission, but aside from that I’m not sure what you mean about it being paper thin. Certainly WASM is a great option, and I think it can facilitate a more nuanced capabilities model, but for cases like this AFAIK Deno should be secure (to the extent that V8 is secure, which Chrome’s security depends on).
It being a checkbox feature is a weird way to frame it too, because that typically implies you’re just adding a feature to match your competitors, but their main competitors don’t have that feature.
In what ways does it fall short? If there are major gaps, I’d like to know because I’ve been relying on it (for personal projects only myself, but I’ve recommended it to others for commercial projects).
Chrome does not rely exclusively on V8's security or else it would routinely get exploited (See v8 CVEs if you don't believe me). The hard part of browser exploitation today is escaping from the os-level sandbox put on the processes that run each of your tabs.
Trusting Deno's sandboxing by itself isn't a great idea. An attacker only has to wait for the next V8 exploit to drop, probably a question of a few months at worse.
Now like I mentioned above it's probably ok in yt-dlp context, Google isn't going to target it with an exploit. It's still important that folks reading this don't takeaway "deno sandbox safe" and use it the next time they need to run user-supplied JS.
Last I looked it was just very basic pattern matching allow/deny with no real isolation, and there have been multiple real escapes already. It's better than nothing, and probably good enough for bush league security, but I wouldn't pitch it to my milspec customers.
Why are your milspec customers downloading from YouTube? This is the Deno use case being discussed.
Don't be reductive, people reading this aren't going to fence their opinion of Deno to the "use in YTDLP" case.
WASM can not run JavaScript unfortunately.
WASM can run a javascript interpreter or compiler. if isolation is the goal, that may even make sense.
Keep in mind that yt-dlp doesn't just support YouTube, which-- notwithstanding the claims of "all DRM is malware" etc.-- probably won't download actively harmful code to your computer: it also supports a huge number of video streaming sites, including some fairly obscure and sketchy ones. Sandboxing in the interpreter that's at least as good as what you'd get in a browser is a must, because by design this is doing untrusted code execution.
This is very related to a talk I did last year [1]. "Part 2: youtube-dl" starts at 18:21. It dips toes into an analysis about software that fundamentally depends on ongoing human labor to maintain (as compared to, e.g. zlib, which is effectively "done" for all intents and purposes).
More concretely, the additional Deno dependency is quite problematic for my music player, especially after I did all that work to get a static, embeddable CPython built [2].
Ideally for me, yt-dlp would be packaged into something trivially embeddable and sandboxable, such as WebAssembly, calling into external APIs for things like networking[3]. This would reduce the value delivered by the yt-dlp project into pure DRM-defeating computation, leaving concerns such as CLI/GUI to a separate group of maintainers. A different project could choose to fulfill those dependencies with Deno, or Rust, or as in my case, built directly into a music player in Zig.
Of course I don't expect the yt-dlp maintainers to do that. They're doing something for fun, for free, for pride, for self-respect... in any case their goals aren't exactly perfectly aligned with mine, so if I want to benefit from their much appreciated labor, I have to provide the computational environment that they depend on (CPython[4] and Deno).
But yeah, that's now going to be a huge pain in the ass because now I either have to drop support for yt-dlp in my music player, or additionally embed deno, as well as introduce Rust as a build dependency... neither of which I find acceptable. And don't even get me started on Docker.
[1]: https://www.youtube.com/watch?v=SCLrNqc9jdE
[2]: https://github.com/allyourcodebase/cpython
[3]: https://ziglang.org/news/goodbye-cpp/
[4]: https://github.com/yt-dlp/yt-dlp/issues/9674
2045:
"yt-dlp needs a copy of your digitized prefrontal cortex in order to bypass Youtube's HumanizeWeb brain scanner"
I used to work on video generation models and was shocked at how hard it was to find any videos online that were not hosted on YouTube, and YouTube has made it impossibly hard to download more than a few videos at a time.
> YouTube has made it impossibly hard to download more than a few videos at a time
I wonder why. Perhaps because people use bots to mass-crawl contents from youtube to train their AI. And Youtube prioritizes normal users who only watch a few videos at most at the same time, over those crawling bots.
Who knows?
I wonder how Google built their empire. Who knows? I’m sure they didn’t scrape every page and piece of media on the internet and train models on it.
My point was that the large players have monopoly hold on large swaths of the internet and are using it to further advantage themselves over the competition. See Veo 3 as an example, YouTube creators didn’t upload their work to help Google train a model to compete with them but Google did it anyways, and creators didn’t have a choice because all eye balls are on YouTube.
> how Google built their empire. Who knows
By scraping every page and directing the traffic back to the site owners. That was how Google built their empire.
Are they abusing the empire's power now? In multiple ways, such as the AI overview stuff. But don't pretend that crawling Youtube and training video generation models is the same as what Google (once) brought to the internet. And it's ridiculous to expect Youtube to make it easy for crawlers.
you have to feed it multiple arguments with rate limiting and long wait times. i am not sure if there have been recent updates other than the js interpreter but ive had to spin up a docker instance of a browser to feed it session cookies as well.
Yeah we had to roll through a bunch of proxy servers on top of all the other tricks you mentioned to reliably download at a decent pace
What are your thoughts on the load scrapers are putting on website operators?
Can anyone explain specifically what the YT code does that the existing python interpreter is unusable and apparently quickjs takes 20 minutes to run it?
Is it just a lot of CPU-bound code and the modern JIT runtimes are simply that much faster, or is it doing some trickery that deno optimizes well?
From https://github.com/ytdl-org/youtube-dl/issues/33186
> Currently, a new style of player JS is beginning to be sent where the challenge code is no longer modular but is hooked into other code throughout the player JS.
So it's no longer a standalone script that can be interpreted but it depends on all the other code on the site? Which could still be interpreted maybe but is a lot more complex and might need DOM etc?
Just guessing here, if anyone knows the details would love to hear more.
Yeah that is guess google using spaghetti code to keep their yt moat.
Sounds like a really silly way to engineer things, but then again Google has the workforce to do lots of silly things and the cash to burn, so they can afford it.
It's silly from an engineering perspective, but unfortunately clever from YT's perspective of "how do we complicate this as much as possible".
Could something like tree-shaking be used to reduce the player code to just the token generating bit? Or does the whole player js change for each video?
YouTube is mining cry-
I mean, running some unknown highly obfuscated CPU-demanding JS code on your machine - and using its results to decide whether to permit or deny video downloads.
The enshittification will continue until user morale improves.
This will be interesting to see how it affects the numerous Android apps on F-Droid that are essentially wrappers around yt-dlp to create a YouTube Music clone.
Can we remove heartdropping mystery from the title? My first thought is that Google makes it more difficult to download from YouTube.
"yt-dlp moves to Deno runtime"
Google is making it harder to download from Youtube. Your first thought is correct! Every other website that yt-dlp supports doesn't require this change. Additionally, yt-dlp is still written in python, it has not moved to deno. They are only adding a deno dependency for the javascript challenges added by youtube.
I get that, but still title is too "loud".
> "yt-dlp moves to Deno runtime"
That makes it seem like yt-dlp itself was rewritten from Python to JavaScript (for those who even know it’s Python) or that it used to use Node and now uses Deno.
TIL that you can run frontend Javascript with a package like Deno. I thought you need a proper headless browser for it.
I think you only need something like `jsdom` to have the core API available. The DOM itself is just a tree structure with special nodes. Most APIs are optional and you can provide stubs if you're targeting a specific websites. It's not POSIX level.
I was thinking the same walking into this thread. I figured DOM/CSS/HTML would be part of the black box magic, but I suppose from the perspective of JS all of that can be faked appropriately.
Why can youtube not just give a micropayments backed API? Just charge a few cents per video download and be done with it.
meanwhile Youtubers: a penny per view would be 10x what Youtube pays us
https://www.youtube.com/watch?v=3nloigkUJ-U&t=4851s
The YouTube RPM (revenue per mille) strongly depends on the location of the audience and the topic of the video. It could be anywhere from $0.5 to $20. That 10x figure could very well be true for that YouTuber, but it's also true that other YouTubers already earn more than a penny per view.
They do. It's called YouTube Premium.
It's not though. You can't download an mp4 to use however you wish with YouTube Premium. And definitely not via an API.
None of that was mentioned in the comment?
did you miss the word "API"? it was there.
AFAIK Premium allows you to download to persistent browser storage. But is it DRM-free/open or usable format?
It's DRM-ed and somewhat broken.
According to [1], the downloaded video is AES-encrypted. Decryption key is stored locally in an IndexDB. I tried building a Python script using plyvel [2], a Python module for reading IndexDB/LevelDB, some time ago but IIRC, it had trouble reading the Chrome DB. Maybe Google's dfindexeddb [3] works. I didn't try it, however.
[1] https://github.com/Marsel-marsel/youtube-premium-video-downl...
[2] https://github.com/wbolster/plyvel
[3] https://github.com/google/dfindexeddb
The length Youtube have gone to make it impossible to download videos. At the same time, Tiktok allows anyone to download a video with just right click
On the other hand, I can navigate, search, and watch any video on YouTube without an account. With TikTok, I can’t even scroll the page without tricks.
With the recent forced buy of TikTok with Rupert, Larry and co, I doubt that's going to be a thing for much longer; they will want to make money some how.
Many Linux distros have Firefox's JavaScript (SpiderMonkey?) runtime independently packaged and available. Can it be used for this?
Yes, Spidermonkey can be ran standalone and would probably be much more secure than Deno would be because it does not have all the server-related APIs.
on why they chose Deno instead of node:
"Other JS runtimes (node/bun) could potentially be supported in the future, the issue is that they do not provide the same security features and sandboxing that deno has. You would be running untrusted code on your machine with full system access. At this point, support for other JS runtimes is still TBD, but we are looking in to it."
While deno has sandboxing, it also has potential access to hundreds of dangerous functions, it might be better just to write a tiny wrapper around JS engine that adds only the function to write to stdout.
Deno blocks by default the access to network, storage and environment variables
JS interpreter doesn't have the access at all - it is provided by native functions, added by the wrapper like deno, so there is nothing to block.
Noteworthy to me: deno is MIT licensed, but PyPI distributions (at least the ones I checked) include neither license nor source code. It's normal for pre-built distributions ("wheels") to contain only the Python code (which for a project like this is just a small bootstrap used to find the compiled executable — it doesn't appear to be providing any Python API), but they should normally still have a LICENSE file.
It's also common to have the non-Python (here, Rust) source in source distributions ("sdists"), but this project's sdist is only a few kilobytes and basically functions as a meta-package (and also includes no license info). It "builds" Deno by detecting the platform, downloading a corresponding zip from the GitHub releases page, extracting the standalone Rust executable, and then letting Hatchling (a popular build tool in the Python ecosystem) repackage that in a wheel.
Update: It turns out that the Python package is published by a third party, so I submitted an issue (https://github.com/manzt/denop/issues/1) to ask about the licensing.
(Update 2: the distribution has been updated. Thanks to Trevor Manz for an unexpectedly prompt response!)
Why are they using the web target? YouTube has multiple other attack vectors which have no javascript barriers.
Plenty of devices have YouTube players which are not being capable of being updated and which must work, exploit those APIs.
Came across this the other day - set of yt-dlp helper scripts loaded up with flags:
https://github.com/TheFrenchGhosty/TheFrenchGhostys-Ultimate...
That's why youtube is so buggy and slow.
What I found much more annoying, and so far have not been able to work around, is that yt-dlp requires you to have a YouTube account, something that I have not had for a decade or so, and am unwilling to create again.
What tool can I use to simply store what my browser receives anyway, in a single video file?
When did it start requiring one? It didn't require one the last time I used it a few months ago...
I think for me it has been this way for a year or so. Maybe it is because I am on a VPN. I also cannot view YouTube videos on YouTube any longer, because it always wants me to log in, to "prove I am not a bot". So I have switched to only using invidious instances, and if they don't work, then I just cannot watch the video.
I wish content creators would think of their own good more, and start publishing on multiple platforms. Are there any terms that YouTube has for them, that reduce revenue, if they publish elsewhere as well? Or is it mostly just them being unaware?
It's a VPN thing, or a 'you've been downloading too much and are ratelimiting you' thing.
Google started using IP range blocks recently. If they decide that your IP stinks, they'll block YouTube viewing and demand that you log in.
It's inconsistent as fuck, and even TOR exit nodes still work without a log in sometimes.
I can confirm this. I guess they didn't like me using Invidious.
That's bad enough for normal VPN users who use VPN for privacy reasons. But a lot of countries have heavily censored web, and not using a VPN is simply not an option there.
Good on Google for kicking people while they're down.
I'm using it right now without a youtube account.
It must be a pretty recent (as in added yesterday) addition, as I was watching youtube with mpv+yt-dlp.
> What tool can I use to simply store what my browser receives anyway, in a single video file?
This. I'm interested in such a tool or browser extension.
The folks at deno have really done a fantastic job at pushing a JS runtime forward in a way that's more easily plug and play for the community. I've used `denoland/deno_core` and `denoland/rusty_v8` quite a bit in embedded projects where I need full JS support but I can't assume users have node/bun/etc installed locally.
Not surprised to see yt-dlp make a similar choice.
I would pay for YouTube if Google created the best possible search engine they could for it. I'm talking inverted and semantic indexing of every word of every video with speaker tagging and second level timestamping. I want to be able to runs queries like "Give me the timestamps of every time Veritasium said math while wearing a blue shirt."
The whole point of YouTube (now) is it’s a market for human attention and behavior. Eyeballs, engagements, tracking and analytics. They will go to great lengths to protect and increase the value of this market.
Surprisingly, Deno was chosen as the first JavaScript runtime due to its security features. I thought it was almost dead, as Bun is growing very quickly among developers.
Why won’t they use my browser for downloads, for example through TestCafe? That would also allow downloading premium quality (for subscribers) and so on.
I think you can get premium formats through the --cookies-from-browser flag
So, instead of using something lightweight and embeddable like QuickJS, they opted for Deno? Nothing specifically against it, just seems... overkill
See this comment:
https://news.ycombinator.com/item?id=45359626
There are other embeddable JS engines out there.
Hmm, like bun? Are there many others?
And you're welcome to implement them and submit them as a PR.
The yt-dlp contributors are not in the business of writing or finding JS runtimes, they're trying to download videos.
Youtube is victim of its success
I don't promote piracy, but it seems that it's easier to download music from youtube than using torrents, which is quite surprising.
Who expected that such a big company would contribute to piracy?
I would be really interested in hearing what Mike Hearn has to say about this. AFAIK he was responsible for something very similar that was used at Google for other products that had some overlap.
Great ad for deno. I hit a similar one the other day from pydantic. They make a MCP server for running sandboxed python code and the they did that… Python to WASM, and wasm running in deno.
How will this JS execution be contained/isolated? Do we have to run it inside a VM, or containers?
They are running the JS in Deno, a sandboxed JS runtime.
Really feels like the somewhat open nature of yt is running on borrowed time
First you spend money to create something people really want and build a big user base.
Then you open it up to third party businesses and get them tied to your platform, making money off your users.
Once locked in you turn the screws on the businesses to extract as much money from them as possible.
Finally you turn the screws on the users to extract every last bit of value from the platform before it withers and fades into irrelevance.
What you say is true for most companies/software, but YouTube can play a nasty game for a very long time before it withers into irrelevance (if at all). They have enormous moat, one would need enormous resources to take on YouTube, I don't think anyone has that kind of patience or resources to even attempt. Like it or not, we are stuck with YT for a while.
I have learned so much from YouTube - I wish it was more open and friendly to its creators and users :(
In the meantime, all we can do is support smaller alternatives like https://nebula.tv/
Looks like this runtime is written in Rust. Really does seem like Rust is rapidly swallowing all kinds of common tools and libraries. In this case a single compiled binary for multiple architectures is quite convenient for something like yt-dlp.
Deno itself is written mostly in Rust, but it also leverages [1] Google's V8 Javascript engine which is written in C++.
[1]: https://choubey.gitbook.io/internals-of-deno/architecture/v8
I've been using yt-dlp to download transcripts. Are there alternatives that don't require going through all these hoops? I'm guessing no.
I wonder if we're going to see JS runtime fingerprinting attempt from google now
I doubt it'd be difficult for Google to detect if the client is a browser or not. They already need to check for signals of abnormal use to detect things like clickfarms and ad scams.
> detect if the client is a browser
User agents are like journalists: there's no such thing as pretending to be one.
If someone writes their own client and says, "This is a browser", then it is one.
Have they not done this for years and years already?
Ah, JavaScript Run-time Integrity checks!
> Up until now, yt-dlp has been able to use its built-in JavaScript "interpreter" [1]
Wow, this is equal parts fascinating and horrifying.
Edit, after looking into it a bit: It seems like a self-contained build of deno weighs in at around 40 MB (why?), so I can see why they tried to avoid that and appreciate the effort.
[1] https://github.com/yt-dlp/yt-dlp/blob/2025.09.23/yt_dlp/jsin...
At some point we’re going to need a better place to put videos than YouTube. The lack of any democratization of bulk storage is beginning to be a real problem on the internet.
Yes, we have archive.org. We need more than that, though.
I’m sure there’s some distributed solution like IPFS but I haven’t seen any serious attempt to make this accessible to every day people.
> The lack of any democratization of bulk storage is beginning to be a real problem on the internet.
There are many thousands of paid hosting services, feel free to pick one. It turns out hosting TB of data for free is a pretty tricky business model to nail down.
There have been plenty of free distributed hosting services for the web that worked perfectly (popcorn time, etc, etc). It's just that every time they become popular they are attacked legally and shut down. The problem is not technical, or even resource based, the problem is legal. Only a mega-corp can withstand the legal attacks.
And even if the legal attacks could be mitigated most people would still use youtube because they're there for the money (or for people who are there for the money). They are not there for a video host. Youtube enables distribution of money and there's no way that any government would let any free system distribute money without even more intense legal, and indeed physically violent, attacks.
If you want to compete with YT you need to basically build AWS S3 in your own data centers. You'd have to find a way to make your service run cheaper than google can if you wanted to survive. You'd have to get very scrappy and risky. I'd start with questions like: how many 9s of durability do we actually need here? Could we risk it until the model is proven? What are the consequences for losing cat videos and any% speed runs of mario64? That first robotic tape library would be a big stepwise capex event. You'd want to make sure the whole thing makes sense before you call IBM or whoever for a quote.
Games Done Quick has raised 10s of millions for charity. I suspect they could raise a few thousand for a few dozen TB of nvme storage if they wanted to host a speedrun archive.
YouTube get 700,000 hours of video uploaded every day. That's 4.3 PB added per day. You may need more than a few dozen TB... https://www.reddit.com/r/AskProgramming/comments/vueyb9/how_...
They don't get 700,000 hours of any particular niche though, so it's easy enough for small groups to compete with youtube for their needs.
> If you want to compete with YT you need to basically build AWS S3 in your own data centers. You'd have to find a way to make your service run cheaper than google can if you wanted to survive.
YouTube's economy of scale goes way beyond having their own datacenters, they have edge caches installed inside most ISP networks which soak up YT traffic before it even reaches a Google DC. It would take a staggering amount of investment to compete with them on cost.
There are: peertube, odysee, minds, rumble, bitchute web torrent)...
It is the same reason why people just can't get off IG. Network effect and in YT case a lot of disk space and bandwidth.
I don’t think network effect matters much if you’re not trying to advertise the content. Organizations can just link to it from their site.
I admit I haven’t looked into peertube, and I didn’t think that rumble was any better than YouTube. I don’t recognize the others. Thank you; I’ll resurvey.
> I’m sure there’s some distributed solution like IPFS
Almost 25 years on the internet and I have not been able to download anything from IPFS. Does one need a PhD to do so?
The problem with bulk storage is that it will be abused at large scale.
CSAM peddlers, intellectual property violators, unconsensual sexual material ("revenge porn"), malware authors looking for places to exfiltrate stolen data, propagandists and terrorists, the list of abusers is as long as it is dire.
And for some of these abuser classes, the risk for any storage service is high. Various jurisdictions require extremely fast and thorough responses for a service provider to not be held liable, sometimes with turnaround times of 24 hours or less (EU anti terrorism legislation), sometimes with extremely steep fines including prison time for responsible persons. Hell, TOR exit node providers have had their homes raided and themselves held in police arrest or, worse, facing criminal prosecution and prison time particularly for CSAM charges - and these are transit providers, not persistent storage.
And all of that's before looking on the infrastructure provider side. Some will just cut you off when you're facing a DDoS attack, some will bring in extortionate fees (looking at you, AWS/GCE/Azure) for traffic that may leave you in personal bankruptcy. And if you are willing to take that risk, you'll still run the challenge of paying for the hardware itself - storage isn't cheap, 20TB of storage will be around 200€ and you want some redundancy and backups, so the actual cost will rather be 60-100€/TB plus the ongoing cost of electricity and connectivity.
That's why you're not seeing much in terms of democratization.
Maybe that’s true, but YouTube is just absolutely miserable to use in every way. There’s got to be better options.
I keep seeing ads on TV for Photobucket (Which I thought was dead) for 1TB of storage for either free, or $5, depending on the ad.
Maybe there is an opportunity for that company to expand.
I wonder if they could use Wasmer to execute Javascript under the hood without limitations.
At this rate they are just gonna have to ship a whole web browser with it lol.
That seems a lot of dev work, why not just run in browser then? There are extensions that work pretty well, like Tubly downloader, Video DownloadHelper.
amazing how posts critical of google quickly fall off the front page during north american hours
Is there an official name for this endless uphill battle? Counter-Enshittification?
Cleaning the Augean stables.
It's incredible how much work goes into these open source projects for downloading youtube videos, especially since youtube keeps breaking them. There are nearly 1500 contributors
To be fair yt-dlp supports a lot more than just YouTube
https://github.com/yt-dlp/yt-dlp/tree/master/yt_dlp/extracto...
I did download YouTube videos a few years ago, I did value that YouTube could keep your place.
But it’s a real mess it keeps crashing, something I might too humbly put down to me having too many files, but passive aggressively put it down to YouTube on iPad not having a limited amount of storage space.
On the other hand there’s a number of amazing videos I’ve downloaded to watch which have been remotely wiped. Grrr
What are folks thoughts on jdownloader2 these days? Hell is that still kicking?
jdownloader2 is one of those weirdly licensed things, it claims to be "open source" but you actually can't find the entire source anywhere. Worse than proprietary, tbh.
Yeah my go to for youtube still. Working as good as ever for that so far.
Fortunately the community is not alone in this fight, because many AI companies need to be able to download YT videos. But they should sponsor yt-dlp more directly..
Youtube is the real monopoly. Creators are also slaves, as they cant monetize elsewhere, and also they cant let their users download their own content. And the icing on the cake is youtube is unbearable without an ad-blocker, and even with that youtube has started throttling ad-block users.
Its such a shithole, with no real replacement, sad state of affairs.
why can't they monetize elsewhere?
> Here's the problem (and it's not insurmountable): right now, there's no easy path towards sustainable content production when the audience for the content is 100x smaller, and the number of patrons/sponsors remains proportionally the same.
https://www.jeffgeerling.com/blog/2025/self-hosting-your-own...
Some do, and those who are able to make the move to patronage or subscriber monetization seem much happier for it. But that's most viable for creators who have already built up a viable customer base, which usually started on YouTube. It's much harder if you start out somewhere else.
Much, much, much smaller audience elsewhere.
And if the audiences got larger on a site, governments around the world would decide together to drag them into court and keep them there until they closed down or sold to Ellison's kid.
This change has been long overdue. The web player has been broken with yt-dlp for such a long time.
I refuse to run JS on my n270 netbook; even less with a propietary license. Thus, I will just use some invidious mirror.
I was scared this morning when yt-dlp did not work, but a git pull fixed it.
A huge thank you to the yt-dlp folks. They do amazing work.
Might as well start an effort to rewrite the whole project in Javascript at this point
Viva Revanced!
more dependency bloat just to deobfuscate some randomly generated bs that's increasingly complex for no reason and has no value existing in the first place, much like its creators
Ugh... Deno. After they started to extort the JS community for money to fund their PR stunt against Oracle and the resulting "last chance" trademark dispute, I stay as far away from it as I can.
none of it will matter soon. anything you want to see or watch will be dynamically generated just for you. enders game is here.
What if I want to rewatch it, offline?
why would I want that?
Good to see the mice are still winning the cat-and-mouse game. Selfishly, I kind of want the cat to start to win, to satisfy my curiosity. I predict that if YouTube ever actually blocked downloading, a YouTube competitor that supports downloading would start to immediately gain popularity. I want to know if I'm right about that, and there's no way to test unless Google actually starts to win. Go, Google, go! I believe in you!
I suspect that if youtube ever fully blocks video downloads you will start to see a lot of piracy groups and file sharing communities providing youtube content.
Those who download videos are a minority and targeting minorities will never give you exponential growth. Furthermore, the same minority probably abuses ad blockers so it would be difficult to squeeze a single cent from these freeloaders.
> targeting minorities will never give you exponential growth
Serving a niche is a very good way to start with many products. It is even common gospel in startups. With the rest I agree.
No requirements for me. I don´t use YT at all :) There are plenty of better alternatives.
My brother sent me a long talk on YouTube and pleaded with me to listen to it. Watching was pointless the video was just talking heads sitting in chairs. However you can’t just play a video and turn off your phone while listening to the audio on headphones. The mobile browser sleeps and the audio stops. So I used yt-dlp to rip the audio and dropped it into my Plex server to listen to with Prologue. It wasn’t even about the ads, I just wanted to do some gardening and listen to something on headphones while I worked, without my phone screen on.
Firefox Mobile has an extension "Video Background Play Fix" to disable the Page Visibility API anti-feature.
on iphone, if you use youtube in the browser in stead of the app (as you should), then you can do background listening if you play the video, lock the phone, unlock the phone, play th video again, lock the phone, unlock the phone, resume play with the media controls, lock the phone.
https://newpipe.net/
You're welcome
I'm watching not youtube but video creators. There is no even worse alternative if person you want to watch doesn't publish video on other site.
Maybe, for watching "recommended" stream without any subscriptions there are alternatives (which? I cannot name good ones, anyway), but if you watch your subscription you are bound to platform which contain this subscription. And no, content creators are not interchangeable.
It's obviously not about YT the product, but about YT the content library. I don't think there are better alternatives to that content library.
Thanks for letting us know!
until someone shares a video with you
any recommendations?
Dailymotion, Vimeo etc. No ads, no bs it feels like freedom again. And if they change others will replace them.
And how do you watch content on dailymotion and vimeo when the content creators only post them on YouTube?
A friend of mine recorded a YouTube video using OBS. She had to do some minor edits on it and could not use her system during the recording, but it worked. I told her to stop it, as that is infringing on the creator's copyright and is an assault on the nation's digital economy. She hasn't recorded a video since, at least not that I know about. I feel good about making sure YouTube can reasonably profit off of creators' content since they give away the storage and access for free.
Instructions on Vine-glo grape concentrate during prohibition: "Do not place the liquid in this jug and put it away in the cupboard for twenty-one days, because then it would turn into wine."
I had another friend that simply recorded YouTube videos from their smartphone. As a zealous law abiding citizen, I immediately smacked the phone out of his hand and lectured on how copyright law is the foundation of the Information Age, which is the future, and disregarding it is an affront to modern life and civilization. I made him delete all his videos, and even made him hand write letters of apologies to the YouTube creators. These creators don't reveal their home addresses, but I'm sure they appreciated the emails containing the scan of the handwritten letters.
We have an old SCSI scanner, so it took about as long to scan it as it did to write it.
Touché