Launching the Linux release and noticed in the logs:
Directories:User Directory: /home/bisby/Grayjay
And there is a directory there now. I absolutely hate having stuff automatically create anything in my home directory like this. Ideally, this should be following XDG directory guidelines on linux: https://specifications.freedesktop.org/basedir-spec/latest/
I love the right to repair work Louis Rossmann does, and this project goal as a whole, but this license is a major step backwards for software distribution with high assurances of security, freedom and privacy.
Debian, Arch, Guix, F-droid or any other independent signed reproducible build channels require a true Open Source license to function legally.
The license thus forces users to download unsigned non-reproducible binaries off grayjay servers and trust blindly that their build server is creating binaries from exactly the published code and not compromised to inject tracking or malware not in the public repo (an increasingly common attack they may not even know about for years!). Or say the grayjay domain is hijacked or even a BGP attack or a LAN MITM. All sorts of ways they could be helping distribute malware and not know it with no signatures or reproducible build proofs.
Thing is, your team would not have to solve these problems if you licensed it so the community could solve them for you, as we do for thousands of open source software projects.
I really want to see a project like this take off and would gladly donate, but only if it can be opened up for accountability via third party compilation and distribution channels so it can never be backdoored or co-opted for surveillance if your leadership or release engineers are ever compromised.
There are other licenses like AGPL that would kill any attempt for someone to rip your code off to make their own proprietary offering, without locking yourself out of established freedom, security, and privacy preserving software distribution channels.
If anyone from the team is reading this, I would be happy to detail and discuss my concerns further as a software supply chain security specialist. Hit me up.
Does this app has any creator monetization in mind, or does 'your way' means 'fuck you, i'm not paying you for shit, i'm just taking it'? None of it is "your content", or their content, it's just someone else's content they're leeching on. "full ownership" - of what?
literally just, what are their thoughts on that. do people deserve being paid? or don't? and if they don't and it's not worth paying for, how is it still worth watching? what is this bizarre mix of disdain and yet desire and entitlement to things, that they'll try to get them in whatever roundabout way, instead of just not watching the thing?
Please remove "Also available on FDroid" from the page. This app is not available on F-Droid and isn't allowed to be added to it since it isn't open source.
For anyone who wants a lo-fi solution to subscribing to a youtube channel without having to deal with the youtube.com website, every channel has a built-in Atom feed that contains an entry for each video. My pipeline for watching subscribed channels is to just run a feed reader in one terminal (newsboat) and then copy-paste new videos from that into an adjacent terminal running a loop that runs `yt-dlp` on each pasted line.
You can find the feed URL by inspecting the HTML of the youtube.com/channel/.../videos page and searching for "rssUrl"; it'll look like `www.youtube.com/feeds/videos.xml?channel_id=UC...`
Downside: this feed will contain premieres, shorts and livestreams in addition to videos and AFAIK there's no way to filter those out. Depending on the channel, the title might make it obvious whether it's one of those.
bisby ·20 hours ago
Directories:User Directory: /home/bisby/Grayjay
And there is a directory there now. I absolutely hate having stuff automatically create anything in my home directory like this. Ideally, this should be following XDG directory guidelines on linux: https://specifications.freedesktop.org/basedir-spec/latest/
Show replies
lrvick ·9 hours ago
Debian, Arch, Guix, F-droid or any other independent signed reproducible build channels require a true Open Source license to function legally.
The license thus forces users to download unsigned non-reproducible binaries off grayjay servers and trust blindly that their build server is creating binaries from exactly the published code and not compromised to inject tracking or malware not in the public repo (an increasingly common attack they may not even know about for years!). Or say the grayjay domain is hijacked or even a BGP attack or a LAN MITM. All sorts of ways they could be helping distribute malware and not know it with no signatures or reproducible build proofs.
Thing is, your team would not have to solve these problems if you licensed it so the community could solve them for you, as we do for thousands of open source software projects.
I really want to see a project like this take off and would gladly donate, but only if it can be opened up for accountability via third party compilation and distribution channels so it can never be backdoored or co-opted for surveillance if your leadership or release engineers are ever compromised.
Said license: https://github.com/futo-org/Grayjay.Desktop?tab=License-1-ov...
There are other licenses like AGPL that would kill any attempt for someone to rip your code off to make their own proprietary offering, without locking yourself out of established freedom, security, and privacy preserving software distribution channels.
If anyone from the team is reading this, I would be happy to detail and discuss my concerns further as a software supply chain security specialist. Hit me up.
Show replies
pxoe ·2 hours ago
literally just, what are their thoughts on that. do people deserve being paid? or don't? and if they don't and it's not worth paying for, how is it still worth watching? what is this bizarre mix of disdain and yet desire and entitlement to things, that they'll try to get them in whatever roundabout way, instead of just not watching the thing?
Show replies
josephcsible ·19 hours ago
Show replies
Arnavion ·18 hours ago
You can find the feed URL by inspecting the HTML of the youtube.com/channel/.../videos page and searching for "rssUrl"; it'll look like `www.youtube.com/feeds/videos.xml?channel_id=UC...`
Downside: this feed will contain premieres, shorts and livestreams in addition to videos and AFAIK there's no way to filter those out. Depending on the channel, the title might make it obvious whether it's one of those.
Show replies