Hacker News new | past | comments | ask | show | jobs | submit login
GitHub reinstated youtube-dl but restoring forks is apparently a problem (torrentfreak.com)
230 points by TangerineDream on April 17, 2021 | hide | past | favorite | 94 comments



Any forks that make the same very minor changes that ytdl made -- not to provide specific instructions for copyright infringement -- will be reinstated. Or they can complete the DMCA counter-notice process, and if that is unchallenged or successful, be reinstated that way.

(Also, the person who wrote this article said that they contacted me, but I never received anything from them.)


As a user, this was exactly my experience. I didn't want to drop my fork since I had open PRs so GitHub support reinstated my fork and gave me a window to rebase it and confirm with them.

That's literally all I had to do: rebase it against upstream.


> Or they can complete the DMCA counter-notice process, and if that is unchallenged or successful, be reinstated that way.

If I was a US resident I would, but I'm not a US resident. If the DMCA claimer decides to challenge my counter notice it ends-up in a US court. Even if their claim is super far fetched they will probably realize there is no way I can realistically defend myself in a foreign court.

Worst case I get convicted in absentia and the next time I set foot on US soil I get in trouble at customs.


>Worst case I get convicted in absentia and the next time I set foot on US soil I get in trouble at customs.

FWIW, you cannot simply be convicted in absentia in the USA. It would violate the 5th, 6th, and 14th Amendments and the due process rights they secure for a defendant. SCOTUS covered this in Hopt v. Utah in the late 1800s and there has been no revision since. If someone engages in voluntary behavior after a trial begins the trial may still proceed, like if they're there for the start of the trial and then voluntarily flee, or they're disruptive, given warning they could be ejected, and continues to be disruptive. But the trial can't start without them.

Granted here we're not talking criminal law at all. And most DMCA takedown claims are just mass sent on the cheap with zero intent to followup.


I'm not interested in playing this kind of game.

Just give me the ability to delete my fork. Currently trying to delete it via API fails with HTTP 451.


You should've gotten an e-mail from Github support back in November with the option to reply to request it be deleted.


I didn't get such a mail.


This seems like a reasonable bug for Github to fix.


Update: the author's email was in my spam folder, which must be why I didn't receive it.


> copyright infringement

Circumvention is only copyright infringement due to the DMCA, which Microsoft, as part of the BSA, lobbied for [1]. This entire incident is Microsoft's doing, from passing the initial consumer-hostile law, to interpreting it in the most copyright-maximal way they can get away with [2].

[1] https://arstechnica.com/uncategorized/2005/01/4511/

[2] Lest anyone think MS is not an enthusiastic abuser of that law: Removing “Annoying” Windows 10 Features is a DMCA Violation, Microsoft Says - https://torrentfreak.com/removing-annoying-windows-10-featur...


Love how the CEO of GitHub reads and comments on HN!


There are tons of CEOs here from Tech. Of course this is just my anecdotal evidence.

Internet is amazing, Bowie was right.


Zuck would be interesting to have on here lmao


Maybe he secretly posts under an alt. Some suspect this on Twitter.


Having to assume a non-zero possibility that anyone you interact with on HN is secretly Zuckerberg makes the whole experience just that extra little bit spicy, doesn't it


There's no reason to admire or have anything but distaste for him, so no.


Is spicy supposed to be a good thing? I don't feel like I understood the GP.


I think the connotations of "spicy" include danger, thrill seeking, and titillation. Whether that's "good" depends on your personal appetite for such things.


Yes, if it isn't referring to food then spicy usually means excitement in a positive way.


you could be excited by the (idea | risk) of Zuckerberg reading you writing bad things about Zuckerberg or Facebook, or saying these things to him without knowing. Like a game. This is how I understood the post and it matches your interpretation of spicy.


I'm not sure why I would feel one way or another about Zuckerberg reading anything I say. (Winklevos twins probably feel differently.)


He does only human things, like drinking water from a glass.


zucc.quench()


I doubt he's still interested in (or even has time for) HN-style discussions.


Posting on twitter secretly doesn't make sense unless you have good followers. Obviously you can do that for friends and family but com'on twitter is not for friends and family.


Question: Do you usually read HN in any form (comments, stories, having friends curate from HN for you), or just comment on GitHub-related articles?


Not the CEO but there are services that will monitor various social media for mentions of your name or your company - and any moderately large company with a PR department monitors those.


Irony: I have cloned and used youtube-dl after these DCMA shenanigans, but had previously never heard of it. The Streisand Effect continues to amaze...


Yes RIAA really shot themselves in the foot with this one. I had also never heard of ytdl before this. Now I fully intend to use it and support it. Maybe I will use it to go download some Taylor Swift songs... Maybe I won't ;)


And there are nice projects based upon it like NewPipe (https://newpipe.net/#download) on Android.


Same. First time hearing about this issue with ytdl.


GitHub's fork functionality is shockingly limited. Started off by forking the organisational repository from your private fork? Well, it's stuck like that forever now. Forked from a colleague's private fork instead of the main repo? Guess all your PRs go to them now.


What is particularly weird about this is that the "fork" (god I hate that word in the general case) mechanism should really be inferred, not explicit: the entire point of a distributed revision control system is that you are able to willy-nilly push and pull from random compatible commit graphs, a feature people who really "work with git" use constantly (like, that isn't somehow esoteric: this is how it is used by the Linux kernel people) in order to quickly merge work from various parties... what does it even mean to claim you are a fork of one, specific other prior repository?


> distributed revision control system

I suspect Github doesn't want it to be that way?


GitHub can, and will, change forks for you if send a request through the support form. It is not exposed in the user interface, but the functionality is there.


Does that make it better?


Yes? If something is possible but inconvenient, that's clearly better than it being completely impossible.


It technically exists in a form where almost nobody will ever realize it exists, let alone be able to use it.


I think they say to contact them in the help. I found out about somehow without anyone telling me.


Support forum said that unforking is impossible


You also can’t fork within the same organization. (For example with a public and private version of the same repo).


Also search doesn't work for forked repos, last time I checked anyway.


That's still the case.


I think the feature that I wish for the most is a standardized git plugin (or transport protocol) that allows a decentralized way to manage issues, releases and project wikis.

Then all the DMCA problems would be immediately gone. It's sad that the gittorrent idea never really took off.


There are e-mail and mailing lists for issues, PRs and releases, there is Web for wikis. What ties us to GitHub is convenience.


E-mail is actually the opposite of what I was trying to talk about.

E-mail is the golden example on how not to solve this. It's unsecure, unvalidateable, unverifiable, exploitable and everything in between can block it or listen to it. And it uses another, unencrypted, transport protocol, which means it is not related to git at all.

The reason why GitHub exploded is the UX experience and the convenience that comes with it. But on the technical side there is no reason not to integrate those features into git itself (or git-web for that matter).


Those should be part of the git project. Like a standard where /wiki/ is where the wiki goes, /bugs/ are where bugs goes, etc. That way you also automatically know what bugs are still present (and not fixed) on older release branches.


Unless the bug is reported after it's introduced...


What do you think of git-bug?


I just keep a GOGS instance that auto-mirrors youtube-DL these days now, so I always have a copy.


The gogs maintainer currently seems to not be doing much with it and seems to be ignoring security reports. I would probably recommend the gitea fork instead.

https://github.com/go-gitea/gitea


Do you have references? Not saying you're wrong, but you provided zero proof.

The instance also runs inside a LAN so... whatever.


Sure, I reported an issue to the Gogs maintainer over two weeks ago and he hasn't acknowledged it at all. Here's the public reference that their SECURITY.md asks for: https://github.com/gogs/gogs/issues/6534

Here's another one posted about a week ago: https://github.com/gogs/gogs/issues/6536


Ok thank you very much I appreciate the reply.


youtube-dl's main feature is its frequent updates, as soon as sites change their api/auth or anything. And that a happens pretty regularly. Therefore say youtube-dl from last month can't download videos from youtube this month, unless you update it.

Thus having a copy only saves you for a few weeks. Then it will start to fail on all sites, one by one.

Relevant. Youtube changed something that broke youtube-dl the day after it was removed from github. It couldn't update as the update source was from github.


youtube-dl's main feature is its frequent updates

Ah, yeah, now they do frequent updates. But here's a fork that I switched to for a while because the maintainers of the original youtube-dl were slacking off. :) https://github.com/blackjack4494/youtube-dlc

I can't believe the level of entitlement my comment exhibits. :)

My attitude (a bit tongue in cheek) is probably why many open source authors abandon their products. Too much work, no thanks, lots of bitching.


youtube-dlc has been inactive since December 2020. I use yt-dlp instead: https://github.com/yt-dlp/yt-dlp

Not only does it keep reasonable pace with original youtube-dl, it also incorporates several improvements from forks (detailed on the page).


Not snarky just curious - why would you have this GOGS instance instead instead of just.. git?


Wasn't familiar with GOGS before this post, but I guess it's just easy to put in place and you could just keep working from there if shit hits the fan?


But what do you need it for? Why not just have a cloned repository?


For many users having an easy to browse/navigate interface is a good selling point.

This reminds me of this post about Dropbox: https://news.ycombinator.com/item?id=9224


Along with that, gogs and gitea support automatic mirroring of repositories. I know that's just a crontab wmtry away but it's got a nice ui on top of it. It also then gives you a place to push private repos and other stuff you don't want to have publically hosted.


Not sure if GOGS does it, but does a git clone also carries the issues entries and documentation from the repo?


"I just keep a GOGS instance that auto-mirrors youtube-DL these days now, so I always have a copy."

I keep this in my local crontab:

  ssh john@rsync.net "git clone mirror https://github.com/ytdl-org/youtube-dl.git"


> ssh john@rsync.net ...

Do you really have an passphrase-less SSH key on your primary machine?


How do you expect an automated process to work over SSH if it has to ask for a password?


I wouldn’t expect an automated process to be using a human’s account to access a remote system.


You're assuming this is a "human's" account. Also it could be a single-purpose key limited to a single static command on the rsync side.


Actually passwordless ssh key is more secure from attacks than using a password.

Unless your computer is compromissed, than no key or password will help.


Not “password”, I’m referring to a “passphrase” for unlocking an SSH key.


You could save some overhead and run git pull in a cron job.


I'm using GOGs for far more than just a single mirror repo. But thanks! :)


They should just use Gitlab in principal after this.


Gitlab is just another US company equally affected by DMCA and other US copyright laws/processes.


It's open source and therefor easier to migrate to a self-hosted version, though.

It's also arguably a US HQed company while GitHub is simply a US company.


Dude wut? Git itself is open and decentralised. You are supposed to backup your data not your SAAS provider. There are bazillion git hosting services/tools much lighter than hot heavy mess of Gitlab.


GitHub isn’t simply a US company, it’s owned by Microsoft.


Probably better with https://codeberg.org/ which is European based ..


I'm sorry because this is off topic, but how does youtube-dl get away with using youtube in its name? Is it because trademarks apply only to commercial usage?


Does this mean that newpipe might start working again?


Newpipe works fine, though the version from the native F-Droid repos tends to lag behind. There is an alternate repo from the devs that updates more quickly:

https://newpipe.net/blog/announcement/f-droid/pinned/f-droid...


What's stopping the forked projects from creating a new fork of youtube-dl and then reintegrating their old changes?


Well fun fact. this repo had 0 changes to the original version (I know it, because I'm the owner. if you want proof, paste some random code as reply and see it going live in my gists account...)

but technically just by looking at my comment history here (not much to see) you can see the likelyness of this b being true


The point here is, for a fair process. (Even with some risk involved.) FWIW, when or if repo comes back online I will update it to include a message for RIAA or others and if they chose to contact me, I will make adjustments accordingly or entirely remove the repo - but at my own discretion.


A DMCA'd repo cannot be deleted and you cannot fork twice. Of course it's possible for someone to make a new disconnected to the upstream repo and push their fork[^1] to it but they won't be able to do PRs to upstream.

[^1]: Considering they have a local clone of their repo.


Microsoft, owner of GitHub, is a member of the RIAA.

I imagine this is a coordinated effort to preserve the "hip, young, fresh" GitHub brand as distinct from the Microsoft corporate stink.

I am unsurprised that the response is only skin deep.


Microsoft is complex. It was evil in the nineties. It's a different company now. It has some evil aspects, like any large organization, but it seems to treat customers better, and is a major open source contributor. On the whole, I don't feel bad about it anymore. I feel like it's one of the better tech giants, ethically, in 2021.

But yes, leaving organizations like the RIAA, BSA, and similar groups of evil would provide for nicer optics of the new, non-evil Microsoft being, well, non-evil.

It's a good business model too. MSFT stagnated based on evil when it no longer had the same type of monopoly power. Non-evil Microsoft is doing much better. I'll take Azure of GCE now, despite GCE having better tech, since Microsoft is more honest than Google.

(although, to be clear, I did pick AWS over both)


It was evil in the nineties.

Not just evil, "More Evil Than Satan Himself".

That phrase was probably the very first Google Bomb, back in 1999. https://en.wikipedia.org/wiki/Google_bombing#History


>Microsoft is complex. It was evil in the nineties. It's a different company now.

I don't get this marketing campaign that I read over and over again in any thread mentioning Microsoft.

It's a real fantasy; Microsoft begins realizing that there is some real cold cash in the open source biz, hops onto supporting linux in any way that might cause Microsoft to see some revenue (WSL comes to mind), and this somehow causes everyone to start parroting "Microsoft isn't evil anymore!"

Two ironies : 1) "Microsoft isn't evil anymore" was motivated by Microsoft losing ground on the OS side of things and acquiescing into the support of another system as long as it made a buck doing so.

2) "not evil anymore " is a pretty fantastically horrible show of support, and honestly I am made queasy by supporting any formally evil entity.

Does anyone buy this stuff?

'Big corporation' isn't good or evil, they are capitalistic with morals and ethics that try to align best with whatever cohort will attract the most profit by doing so.

Don't be fooled into actually thinking about this problem with good/evil in mind, it's a distraction.

It's just a more attractive way to frame 'We changed directions -- since that thing we formally hated as competition is profitable now we won't make it our mission statement to disparage and destroy it as a target, now we're going to use it to make a buck ourselves instead while evangelizing about the product with about as much effort as we tried to disparage it earlier in time.'


Corporations seek profits. They do so in different ways, with different biases and cultures. Some are a net positive on the world. Some are a net negative.

This is a false abstraction: "they are capitalistic with morals and ethics that try to align best with whatever cohort will attract the most profit by doing so."

One step more accurate is would be "THEY THINK will attract the most profit." This reflects personalities.

One more step more accurate is that a corporation is a network of people, most of whom don't care about corporate profits. If I were an engineer at Microsoft, I don't see why I'd care how much I helped or hurt Microsoft's bottom line. I'd care about:

1) Having fun

2) Getting paid myself

3) Getting promoted / setting myself up for future job opportunities

Those sorts of motivations apply to everyone, right up through the CEO. I work at a not-for-profit where people DO care (myself included), and I've worked at start-ups, where there was a mix. Big corporations are an abstraction.

Microsoft, for about two decades, led to a lot of harm to the world and very little good. If Microsoft didn't make Windows 95, we'd have OS/2, NeXT, QNX, Amiga, or something else. It didn't do much innovating. It was just sort of a big parasite, sucking money out of the economy, and lobbying for corrupt laws.

Today, it's just like any other megacorp.


> Evil, I think, is the absence of empathy.”

- Quotation: Captain G. M. Gilbert.

Not to Godwin's law the convo, I just think this definition is accurate, relatable, and salient. Big, capitalist corporations are almost by design, incapable of aligning with values other than profit. Their only approximation of empathy is when PR affects the bottom line.


Microsoft was evil in the late 90s. In the early 90s, I'm pretty sure they were still viewed positively.

Frankly, the MSFT's "this company and everything they do is awesome" to "this company and everything they do is evil" followed a similar timeline to Google's, just shifted by a few decades.


It's ceo was part of it's leadership team during the timeframe when you assert that it was evil the same is true of a lot of folks. It was unethical then and it's unethical now with a strong desire for better PR


> It was evil in the nineties. It's a different company now.

Yeah, now they just sell and support the software that their national government uses to run concentration camps down in Texas. Microsoft in the 1990s was simply anticompetitive. Today it's a horse of a different color.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: