In sticking to vanilla HTML/CSS/Javascript for my hobby projects over the past ten years, I've come to enjoy writing "simple" code with minimal dependencies and bare-bones interfaces. I believe that the skills I've learned in doing so has benefited me many times since then, especially during the times when I needed a specific tool, ASAP, for my job as a biomedical researcher. Without having the need to look up documentation, tease apart the workings of frameworks, I've been able to make hyper-specific web based guis for image labeling and more, sometimes quicker and better than the programmers hired for these jobs, who would otherwise need constant communication and supervision to ensure that the correct thing is built.
A while back I installed uBlock on my grandparents' computer to help them avoid scammy ads. This change will make it more difficult and dangerous, for elderly users to browse the internet. As a young nerd, I can switch to Firefox easily, but I can't imagine it will be easy for everyone. My experience from using Firefox is that it has its own quirks, and comes with its own learning curve.
I don't know what to say but to encourage everyone to make some noise. Please let your representative know about this. Hopefully we can still put a stop to this before it's too late.
It was pretty straightforward for me to install and use yt-dlp. On a Mac with Homebrew you can do `brew install yt-dlp` to install it in one command. IIRC yt-dlp also provides binaries you can install directly. I'm not sure if installing docker and running a web server is any way easier than that.
However, there are ways to download Youtube videos without installing a native app. For example, it is possible to use a library like Youtube.js [0] to make a browser extension that downloads Youtube videos directly. You won't find those on Google's web store due to policy, but you can find a handful on Github.
The moov contains a list of byte offsets which the player can use to directly access media data. You can skip the moofs and other headers inside by using gaps in the offsets.
Having worked with some MP4 demuxing for my extension [1], I feel the pain. Lots of times I would play the video only to find inexplicable issues such as drifting audio. I highly recommend using an mp4 inspector tool, such as mp4box [2], to debug these issues.
Great article. I've always thought that pessimistic sci-fi dystopias were on the rise, but it turns out most still have positive endings. The observation about walking out of the theatre, and seeing the worst ahead of us is quite interesting.
It would be cool to compare with other, non sci-fi stories. EG: I have been noticing the rise of escapist fantasy narratives in popular media — wish fulfillment stories where a Mary Sue like main character rises above all challenges without struggle. You can see this particularly in light novels, manga, and anime in the now popularized "isekai", "cultivation", or "system progression" genres. It would be interesting to find out how the public's fascination with these types of stories correlate with economic, social, or political undulations in the real world.
Cyberpunk was always the “real sci-fi” in terms of what was actually going to happen wasn’t it? Murder drones, corporations having more power than nation states, the EU block becoming regulatory, climate havoc, the gig economy and a continuous restructuring of centralised society.
It also didn’t have a lot of happy endings. Because the world didn’t end, it just got continuesly shittier.
Some would argue we are already living Cyberpunk, just without all the cool stuff.
BTW, why single out "the EU block becoming regulatory" as something negative prophesied by Cyberpunk? I have recently watched a video about the timeline of Cyberpunk 2020/2077 (which is just one universe, granted), and the EU sounded like the only ones who had their shit together, even though they were facing sabotage from all directions.
The world of Cyberpunk RPG essentially has EU be a lot nicer NUSA, with considerable economical domination (thus the use of eurodollar, which was one of the names floated for what became Euro currency), Soviet Union as this really schizo place but which on basic human decency scores miles above post-USA America, and an alliance of African nations as the unexpected black horse who made huge resurgence in space (which also contains probably the only really "free" nations - the old ESA space habitats and their allies).
This is also reflected (and probably heavily influenced CP2077) in Ghost in the Shell, where European Union, in somewhat fluctuating alliance with Soviet Union, is probably among the best locations to live.
1. Browser extension has a wildcard pattern for content script.
2. Content script passes postMessage messages to the background script using sendMessage.
3. Background script passes the message to native application using sendNativeMessage.
4. Native application handles the message dangerously, leading to code execution.
Requirement 2 seems to be the most important. postMessage messages should never be passed to sendMessage raw without validation. Fortunately, this should be a rare occurrence in the wild. It only provides very specific benefits to use postMessage in an extension to begin with, and developers who do need to use it are more likely to be aware of the potential vulnerability.
> Fortunately, this should be a rare occurrence in the wild. It only provides very specific benefits to use postMessage in an extension to begin with, and developers who do need to use it are more likely to be aware of the potential vulnerability.
I'm not sure you're making a sound assessment of code quality in the wild. What a practiced and responsible engineer might do and what somebody slapping together an extension under deadline pressure or without a strong foundation in defensive practices might do are very different, and there's a lot of that latter stuff out there, some in wide use. That's why so much effort and attention is put into crafting systemic safeguards that (seek to ) prevent savvy people from exploiting mistakes by not-so-savvy people.
Stopping at 3 might already be enough if the background script has a sufficiently juicy bug that can be triggered by a message, e.g. if you can exfiltrate cookies or trigger requests with the user's credentials.
I have trouble watching things without subtitles. I dislike most video players on websites since they don't give you the option to search for or manually upload subtitles.
This and other inconveniences motivated me to make a browser extension to fix bad video players on the internet. It works by replacing the video player with a custom one. It also allows me to see what the manifest URL is and what headers it uses so I can copy it over to VLC if I need to.
The extension is available on Github, you can find it here
Nice extension! It would be cool if it could also re-render the page to be _just_ the video player (thus solving the problem in the Gist, with all the ads).
About subtitles: in case an m3u8 stream has them, you can ask VLC to render them with a flag like `--sub-track 0`
Thanks! You can already do that. Open a new tab, and then click the icon to make the player appear. It will fill the whole tab. Then use another tab to find videos on other websites. The new-tab player will automatically collect sources and you can play it by using the sources browser tool. You can then close the tab with the original website.
> I have trouble watching things without subtitles.
Having subtitles is very convenient. I don’t have to worry about the volume. I can shift back and forth between listening while being busy with something else or reading them. Also, when it comes to movies, a lot of the time the SFX volume is louder than the people's voices, and unless you want to be that annoying neighbor, you have to keep the remote controller in hand to adjust the volume accordingly.
Most sites still use a player that fetches a ".m3u8" or ".mpd" manifest file. The extension monitors webRequests and triggers when it sees a request to such a file.
