[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] youtube-dl might be running non-free software from
|
From: |
Ivan Zaigralin |
|
Subject: |
Re: [GNU-linux-libre] youtube-dl might be running non-free software from webpages |
|
Date: |
Wed, 19 Apr 2017 12:04:33 -0700 |
|
User-agent: |
KMail/4.14.10 (Linux/4.4.38-gnu; KDE/4.14.21; x86_64; ; ) |
It is not the primary function of youtube-dl to run specific non-free code off
the web. The primary function of youtube-dl is to download videos onto the
local host. It may well be that in order to acheve this goal youtube-dl
downloads and executes mystery javascript, possibly non-free.
Compare this with konqueror. One of konqueror's primary functions is to
display web pages. In doing so konqueror downloads and executes mystery
javascript, possibly non-free. And yet no one is suggesting that konqueror
fails FSDG. If the user is averse to non-free software, then It is clearly the
responsibility of the user to make sure that whatever page they are looking at
only supplies free software. In fact, konqueror cannot reliably determine
which software is free (and neither can LibreJS, by the way, since it simply
takes the script's self-identification as the final word, nevermid that
scripts can trivially lie).
I am not saying youtube-dl is perfect or cannot be improved with respect to
how it deals with potentially non-free javascript. All I am saying is,
youtube-dl is clearly a general-purpose web downloader, so its users
automatically assume responsibility for whatever is being downloaded, and how
it's being downloaded. There's absolutely nothing wrong with youtube-dl being
able to process a web site which serves non-free javascript.
For what it's worth, I'd like to say a few words about LibreJS as well. I
don't want to make a comparison between noscript and LibreJS, since they have
very different functions, but I really think that adopting LibreJS approach to
youtube-dl would be another massive blunder. Neither free nor non-free
software is detectable by a simplistic algorithm, so this approach would be
highly ineffective, just as it is right now within icecat.
On Wednesday, April 19, 2017 11:55:23 Adonay Felipe Nogueira wrote:
> To clarify: I'm a LibreJS proponent, not a NoScript proponent.
>
> This issue seems to affect at least: Trisquel, Guix (and GuixSD),
> Parabola.
>
> Backstory paragraph: Earlier on the trisquel-users mailing list, people
> questioned how to watch YouTube videos with free/libre software, and so
> I jumped in suggesting them that, while this is possible, society should
> publish videos in places that use, for example, GNU MediaGoblin and
> GNUnet. Some people asked about Vimeo and Internet Archive. However, I
> told them that these hold the exact same problems against the *average
> site visitor* (i.e.: non-free video formats being provided by default,
> non-free JS being forced by default). By "average" I mean those who
> don't have JS disabled and those which have no non-free JS blocker.
>
> Sometime later, the discussion changed slightly after reports from some
> people saying that youtube-dl can run arbitrary code through
> [[https://listas.trisquel.info/pipermail/trisquel-users/2017-April/076773.ht
> ml]["jsinterp.py" JavaScript interpreter script]].
>
> At first,
> [[https://listas.trisquel.info/pipermail/trisquel-users/2017-April/076787.ht
> ml][evaluators thought that the capability of such script to be limited]],
> however,
> [[https://listas.trisquel.info/pipermail/trisquel-users/2017-April/076820.h
> tml][lcerf argues]] that this script has things that make it
> Turing-complete, and argues that, with this, the problem is not the
> interpreter script
> itself, but the code that it interpretes. lcerf also questions if this
> interpreter script is taking arbitrary code from the web.
>
> [[https://listas.trisquel.info/pipermail/trisquel-users/2017-April/076844.ht
> ml][Other user answered]] lcerf's question saying that it might be, because
> it's set-up to do so --- but he doesn't know if this is the actual case.
> And also says that the module containing the JavaScript interpreter is
> imported by another script at "extractor/youtube.py", and the same user
> points to parts of the code that make use of such JavaScript
> interpreter.
>
> Later on,
> [[https://listas.trisquel.info/pipermail/trisquel-users/2017-April/076931.ht
> ml][people summarized what is hapenning and where to go from here]],
> [[https://listas.trisquel.info/pipermail/trisquel-users/2017-April/076935.ht
> ml][lcerf took a look at ViewTube GreaseMonkey userscript]], and
> [[https://listas.trisquel.info/pipermail/trisquel-users/2017-April/076940.ht
> ml][I made some suggestions to recommend for average users]].
>
>
> Respectfully, Adonay.
> --
> - [[https://libreplanet.org/wiki/User:Adfeno]]
> - Palestrante e consultor sobre /software/ livre (não confundir com
> gratis).
> - "WhatsApp"? Ele não é livre, por isso não uso. Iguais a ele prefiro
> GNU Ring, ou Tox. Quer outras formas de contato? Adicione o vCard
> que está no endereço acima aos teus contatos.
> - Pretende me enviar arquivos .doc, .ppt, .cdr, ou .mp3? OK, eu
> aceito, mas não repasso. Entrego apenas em formatos favoráveis ao
> /software/ livre. Favor entrar em contato em caso de dúvida.
signature.asc
Description: This is a digitally signed message part.