Hacker News new | past | comments | ask | show | jobs | submit login
YouTube's ban on “hacking techniques” threatens to shut down infosec YouTube (boingboing.net)
1553 points by KirinDave 13 days ago | hide | past | web | favorite | 429 comments






The problem here is that "hacking techniques" to a black hat are also, equal-and-oppositely, legitimate security research and prevention -- to a white hat / security researcher / ethical hacker...

In other words, they're aspects of the same thing...

The idea that you're going to ban something because one aspect of it has a negative social purpose is philosophically unsound... We don't ban videos on electricity or electrical engineering because people can be electrocuted... We don't ban videos on chainsaws because they could be used to cut a person in half... We don't ban videos on cars because they could be used to run people over... Everything in the universe can be used for a positive or negative purpose, when you start banning things because some people use these things for negative purposes, you misunderstand that those effects are caused by the actor, not the information and/or the tool that's being used...


Ironically, I tracked the real world identity of someone using stolen credit cards in my ecom site BECAUSE he posted a tutorial/how-to on YouTube showing the vulnerability tool (script kiddie), under his real name. SMH.

This won't stop this information from being disseminated, but it may save some idiots from themselves.


It would be ironic if Youtube did this because they were tired of fulfilling warrants from governments over authors of these videos

> We don't ban videos on electricity or electrical engineering because people can be electrocuted... We don't ban videos on chainsaws because they could be used to cut a person in half... We don't ban videos on cars because they could be used to run people over...

Don’t give to YouTube too many ideas.


I think the real problem is the obsession with a centralized video silo, when internet video hasn't been "hard" for nigh on a decade. Chuck a video on a host (hell, Cloudfront is just an SFTP transfer away), and drop an HTML video tag onto a web page and you're done.

Everyone who wants to run some sort of "channel" can trivially use cheap hosting and open syndication tools.


Cloudfront may only be a transfer away but bandwidth pricing is so expensive you can not afford it for video streaming.

> The idea that you're going to ban something because one aspect of it has a negative social purpose is philosophically unsound

Uh, guns?


We're not banning knives though, are we? Guns are different, and they're banned for the same reasons that, say, carrying around a bioweapon is banned.

- Their primary purpose is to inflict harm.

- The harm caused is potentially / easily lethal.

- Their existence escalates nearly all situations.

- They're dangerous items that can very easily cause accidental harm.


"we"? In the UK you are not allowed to carry a knife with you, unless you just bought one and are bringing to home or are a certified chief who needs one for work, or are going camping.

Actually, in the UK you are not legally allowed to carry a hard fruit such as for example a squash or miniature pumpkin in a plastic carry bag if you end up using it for self defence when attacked.

Yes, that's right, in UK carrying in public any object that can be or is used as a weapon (including defensively) is considered a crime. This is normally applied to knives, but if the letter of the law was to be adhered to someone who did defend themselves against an attack with a small pumpkin could be arrested for the possession of the said pumpkin... This is the madness of UK law.

I remember few years ago a situation where a dog attacked a small child and wouldn't let go, someone ran home, grabbed a kitchen knife, killed the dog and saved the child. When the police arrived they had to arrest the person who saved the child life because of the knife... Thankfully the person didn't end up being charged as no witness would testify that that person has indeed used a knife as a weapon.


No, this is untrue.

You're not allowed to carry a hard fruit in a bag with the intention of using it as a self defence weapon. But if you go shopping and happen to have it on you when you're attacked you're allowed to use it to defend yourself. (And you don't need to wait for the attacker to land the first blow, you're allowed the first strike if you're genuinely trying to defend yourself).

EDIT: also, you seem to misunderstand the purpose of English arrests. Of course if you stab an animal to death you're going to get arrested. The arrest allows the police to question you, and it _protects your rights_ -- you get a free lawyer for that interview; they have 24 hours to charge or release you etc.


You make it sound like arresting the person is doing them a favor.

That's not actually true, the law states, "Without a reasonable excuse", so any reasonable excuse is fine. The idea you'd need to be "certified" to carry a knife is fiction to drive an agenda.

Ok, by "certified" I just meant that if you say you are a chef, you better be employed as a chef and be able to prove it. I don't mean that you need to produce a diploma from a culinary school. If you get stopped with a knife on the London metro saying you're off to cook some food at someone's place(and you need your own knife for some reason) that's probably not going to be accepted without some brief investigation.

Hmm, how is it actually regulated? So, e.g. if I am going to my friends and carrying a bottle of wine altogether with pocket knife bundled with a corkscrew to be sure I will be able to open it, then I am in a grey zone or even illegal?

As long as it's a small, non-locking pocket knife, you're fine. If it's larger, you're fine as long as you have a good reason (eg. needed for work).

That's dangerous advice in many areas of the United States. In NYC if a police officer finds any kind of folding knife, regardless of how harmless, if he wants to arrest you he probably can under NYPD's absurd perversion of the law by considering it possession of a drop knife. If the officer can open the knife by holding it and flicking it open via inertia then he can arrest the victim for possession of a drop knife. They usually don't hold the handle to try and flick it open either, they'll hold it from the tip of the blade as that makes it very easy to just arrest anyone with a pocket knife.

https://news.ycombinator.com/item?id=15372404

The first man mentioned in that article was convicted and sentenced to 6 years in prison on the sole charge of possession of this knife.

https://www.amazon.com/Sheffield-12113-One-Hand-Opening-Lock...


Try with a slightly-stuck Opinell. You're more likely to throw the knive or cut/puncture your finger than you are to flick it open. You can push it open with the thumb while retaining the handle with the ring? finger, but that's not flicking.

If the blade is under 3" and isn't a locking blade you don't need a reason. If the blade is longer than 3" you need a reason. "I'm taking this bottle of wine to my friend's house and they don't have a corkscrew" would be fine.

Many states in the USA are similar once you get above a certain blade length to allow for common pocket knives. Then again the same rules will get you in trouble for having a baseball bat and don't seem to have a good reason.

That's untrue.

If the blade is under 3 inches (and isn't lockable) you're allowed to carry it.

If the blade is longer than 3 inches you need a valid reason to carry it.


It's not automatically legal to carry a blade under 3 inches,

(2)Subject to subsection (3) below, this section applies to any article which has a blade or is sharply pointed except a folding pocketknife.

(3)This section applies to a folding pocketknife if the cutting edge of its blade exceeds 3 inches.

The three inches is clarification around folded pocketknives, it's not blanket authorisation to carry knives less than that length.


Banning guns is philosophically unsound, for the exact reasons this guy just listed. Look at Britian where they are now having unprecedented amounts of stabbings and are actually confiscating things like pliers and forks.

I'm uncertain about this idea that increase in knife crime means gun control is pointless. I'd much rather get stabbed than shot given the differential in mortality. Even if all gun crimes were replaced with knife crimes the per capita homicide will be lower.

Guns are loud even with a silencer. Knife crimes are easier to conceal in urban ambush situations.

If that were such a big factor, then allowing guns wouldn't make a difference, as criminal could still choose to carry a knife for this reason.

Look at Chicago for an example: It's one of the most restrictive states in the union on 'gun control' yet has some of the highest murder rates and death by guns across the board.

Seems to have worked GREAT there!


I read years ago in a book about gangs that knife wounds lead to death far more often than gunshot wounds

If you meant to stay on topic (reads like a tangent), I believe firearm videos are still kosher on Youtube. Look up FPSRussia.

If by kosher, you mean "allowed, without monetisation, and under some arcane, opaque and onerous restrictions that mean you never know if this video will get you a strike or not", then yeah, they are

Yeah, guns are another example.

Popular hacking-related YouTube channel LiveOverflow has a nice discussion of the ban that addresses this very concern at https://www.youtube.com/watch?v=LIdZ2oPyB1Y

What’s the gist of it? I can’t watch videos without headphones, my speaker is busted :/

The video is captioned if you want. But the TL;DW is that there's an ethical spectrum of security content; on one end is sketchy content that has little educational value - like, say, a tutorial on how to make a phishing page - and on the other end is educational content that could be applied maliciously but isn't intended that way - like a general web programming tutorial (or a DefCon talk). YouTube seems justified in demonetizing or removing the former type of content, but the difference between these two types is not always obvious if you don't have a security background, and so it's expected that there will be some false positives / negatives in YouTube's filtering. In practice, educational content (from LiveOverflow, for example, and from the other security channels he knows) hasn't been banned, and the few false-positive bans appear to have been reverted quickly, so it seems like this is largely a non-issue. If YouTube actually starts blocking educational security content, and not being responsive to appeals, then this would worth being upset about, but right now it seems like a non-issue.

(Note that YouTube has plenty of other problems; I'm just summarizing LiveOverflow's take on this particular controversy)


Oh man thank you so much for that. Totally makes sense and glad live overflow won’t be (hopefully) affected.

Videos aren’t working at all because the speakers on my phone are busted. On an iPhone, they won’t load even if the volume is set to 0. It has to have an output :(


> Yesterday, Youtube froze Kody Kinzie's longrunning Cyber Weapons Lab channel

Did his channel get unbanned? Kody's website links to this active channel with its first video uploaded in Oct 2017: https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g

edit: Yep looks like the ban was a mistake ️

> In a subsequent comment, a YouTube spokesperson confirmed to The Verge that Cyber Weapons Lab’s channel was flagged by mistake and the videos have since been reinstated. “With the massive volume of videos on our site, sometimes we make the wrong call,” the spokesperson said. “We have an appeals process in place for users, and when it’s brought to our attention that a video has been removed mistakenly, we act quickly to reinstate it.”

https://www.theverge.com/2019/7/3/20681586/youtube-ban-instr...


It is always same story. If a problem concerns someone "well known" who is able to attract attention, than Google, Facebook, etc. are stepping back.

If it were some random "amateurish" hacker channel, it would be banned and nobody would give a crap. The problem is that many valuable things started as some "amateurish" stuff put together by some clever guys in a garage.


I'll actually be a counter example to that, I recently started a security podcast with a couple friends, talking about the latest in exploit development and mitigations, and whatever news we find interesting.

Shortly after we uploaded our 4th episode we were banned on Youtube. We appealed the ban and were allowed back on pretty quickly (hours) and we are by no means a large channel even now (~50 subs).


What's the name of your channel? :)

Day[0] - https://www.youtube.com/channel/UCXFC76FDHZRVes6_lZqwLBA

We are not putting out any new episodes right now though, I'm currently off on a long-distance hike.


What trail? I'm reading this from northern California on the Pacific Crest Trail

Right? I want to sub.

I'm happy for you that you speak a language google happens to have support in, and that you have the time to besides creating and uploading content, to monitor it is not censored at a later, random, date by google. And that you were able to provide the US based documentation they required and that your videos content happened to not be in the blacklist of any nation state.

/s (I guess)


YouTube is a private company. They are under no obligation to provide support in 5,000 different languages. Or to host your videos at all. This post reeks of entitlement.

This poster is a customer and has every right to complain about a service.

The fact that you think they are entitled tells me you view the services as a gift and they should be grateful for whatever they get. The services provided are not gifts.


YouTube's customers are advertizers, not viewers.

Yes, because the viewers are the product being sold to the advertisers. Content creators, meanwhile, are essentially independent contractors that get free video hosting and a little cut of the ad money (assuming they fulfill a lengthy checklist) in exchange for giving the platform any real reason to exist. You'll find that this is the exact angle that the folks at Google like to spread until the second one of their advertisers starts to hesitate.

So in essence, you have a bunch of kind-of employees complaining about their kind-of employer's insistence that the customer is always right, even if it undermines their livelihoods. That sounds like what you'd expect out of any other customer-facing job, so what's the problem here?


They control the pathways of modern speech. It's not like a baker where you can just get your wedding cake somewhere else. If Google doesn't like you they can damn near erase you from public view. If you have an internet business they can ruin it. There is no way to escape their influence.

Because of this, they have a responsibility to uphold people's natural right to expression. In many ways Google now has more control over speech than governments historically have.

If there was a viable competitor this would be different, but there is no such competitor.


>They control the pathways of modern speech.

Not true. Almost all modern speech doesn't take place on Youtube or any Google platform. It's possible to broadcast without Google, publish without Google, disseminate without Google, gather without Google, dissent without Google, make phone calls without Google, chat, email, text, audio, video, everything - literally all forms of speech and expression are possible without Google, both on and off the internet.

>If Google doesn't like you they can damn near erase you from public view.

Also not true. Plenty of people Google "doesn't like" are still in public view. Name one person Google has effectively "disappeared" in this way, and I'll bet they still have a presence elsewhere on the web, still participate in society, still can communicate publicly, be contacted, etc.

>If you have an internet business they can ruin it.

Maybe. But then so could Amazon. So could your ISP. If losing SEO would ruin your business, the problem isn't Google's power, it's your crappy business model.

>There is no way to escape their influence.

Really? Do they control you here? In your home? Do they moderate other sites? Do they control Twitter, Facebook, Hacker News?

It's arbitrarily easy to escape their influence. They control one platform, not the internet, not society, not governments.

>In many ways Google now has more control over speech than governments historically have.

Governments can imprison you, torture you, kill you, run over your friends with tanks, nuke entire cities, fill shallow graves with dissidents, burn down libraries and make it legal. Google has no more control over speech than the governments whose laws they must obey by definition. They don't claim a monopoly on violence or sovereign immunity.

>If there was a viable competitor this would be different, but there is no such competitor.

There are plenty. Google is not the only search engine, and Youtube is not the only video streaming service.

Almost every part of your comment is falsehood, hyperbole and nonsense.


>Plenty of people Google "doesn't like" are still in public view. Name one person Google has effectively "disappeared" in this way, and I'll bet they still have a presence elsewhere on the web, still participate in society, still can communicate publicly, be contacted, etc.

Alex Jones was attacked by Google, Twitter, Facebook, and Apple in a short span of time and this certainly does bring noticeable harm. Your argument that Google isn't a monopoly so much as a participant in an oligopoly is pointless.

>Maybe. But then so could Amazon. So could your ISP. If losing SEO would ruin your business, the problem isn't Google's power, it's your crappy business model.

It's amusing how people raise this same argument about advertising and how newspapers or other publications can die for all they care, but then newspapers are ''important to Democracy'' and shouldn't need to exist like others do and the other publications are just trying to make end's meet and can't do anything else. Maybe letting large businesses buy or crush everything else is a bad idea?

>Really? Do they control you here?

No.

>In your home?

No.

>Do they moderate other sites?

Yes. Large chunks of the WWW contain Google malware or are at the behest of Cloudflare and that makes avoiding these two difficult, as it's likely at least one place one visits is involved with one or the other. I can't even contact some businesses because of Gmail and its strangulation of the email protocols and with ReCaptcha it becomes increasingly harder to do certain things without giving Google free work.

>Almost every part of your comment is falsehood, hyperbole and nonsense.

You're either misguided or purposefully arguing in bad faith.


"noticeable harm" was not the claim. The claim was that Google alone could, at a whim, "damn near erase you from public view."

Alex Jones has not been anywhere near "erased from public view."

Also by "moderating other sites" I clearly meant moderating content - as in comments, videos, what Google moderates on its own platform. Obviously, they don't do that, and can't. Putting up a captcha or ads isn't the same thing.

>You're either misguided or purposefully arguing in bad faith.

OK, there's the personal attack, so I'm done with this thread. Good day.


> Alex Jones was attacked by Google, Twitter, Facebook, and Apple in a short span of time and this certainly does bring noticeable harm. Your argument that Google isn't a monopoly so much as a participant in an oligopoly is pointless.

Alex Jones is not a victim of anyone but his own avarice. He defamed victims of horrible violence and refused to stop. He kept ending up in court trying to use defenses like, "I am actually a comedy show and everyone knows it is a joke." It became so absurd that his liability was spilling over onto other broadcast networks who couldn't deny he was deliberately slandering people.

I'm saying: his speech is about as valuable as shouting "fire" in a crowded movie theater. So maybe he is not your go-to example. May I recommend instead Dan of "Three Arrows," who has been banned for explaining Nazi history in a factual way with the highest standards of evidence, but ends up being banned or demonetized because of brigading organized by pro-fascist elements lead by reactionary channels failing the same standard like Tim Pool.

But I agree that you could probably make a case YouTube is a monopoly.

> Large chunks of the WWW contain Google malware or are at the behest of Cloudflare and that makes avoiding these two difficult,

Your problem is with site runners who do not consider it malware. You're demanding a product with a price of $0, but such things don't have $0 cost. And of course, you can instantly 0 it out by using tools like noscript. But you can't try to blame Google or CloudFlare for the presence of these tools. That's a conscious decision by website engineers who could offer their content free of charge, but cannot afford to. Ain't capitalism great?

May I recommend doing what I do, which is using NoScript on Firefox? I won't lie, FireFox is worse than Chromium and the plugins are worse, but sometimes we gotta take a hit for our principles.

> ReCaptcha it becomes increasingly harder to do certain things without giving Google free work.

Exactly how many street sign identification tasks do you think Google needs for Waymo or Maps? I'll give you a hint: a kid with tensorflow can solve those captchas using off the shelf parts. The primary value of those captchas is forcing a human to interact with the captcha in a very short span of time, which raises the costs of using cheap contract labor solutions to evade the captcha several orders of magnitude.

> You're either misguided or purposefully arguing in bad faith.

"People who disagree with me are all wrong or liars" isn't a very "good faith" argument either.


> Not true. Almost all modern speech doesn't take place on Youtube or any Google platform. It's possible to broadcast without Google, publish without Google, disseminate without Google, gather without Google, dissent without Google, make phone calls without Google, chat, email, text, audio, video, everything - literally all forms of speech and expression are possible without Google, both on and off the internet.

I actually challenge you to find a credible alternative to Youtube that is a genuine contender and doesn't rely on webtorrent (which would very much DOS the entire internet into tiny fragment networks if it tried to service Youtube level volume).

Who's the alternative? The closest thing is broadcast television, which is under extremely tight government regulation.


>I actually challenge you to find a credible alternative to Youtube that is a genuine contender and doesn't rely on webtorrent (which would very much DOS the entire internet into tiny fragment networks if it tried to service Youtube level volume).

Yeah, see, you're using subjective weasel words like "credible" and "genuine" and assuming that no site operating at anything less than Youtube's scale would be effective - yet plenty of other streaming sites demonstrably do exist and have communities and users.

Even most videos on Youtube don't even have nearly the traffic that would necessitate that scale - "youtube level volume" isn't necessary. Convenient, cheap, reliable, but not necessary.

So... Vimeo? Twitch? Dailymotion? Metacafe? Veoh? Pornhub? The Internet Archive? Whatever they use in Asia? Most social media sites that let you upload videos directly? There seem to be a few here[0].

Until Youtube can stop other streaming sites from existing, it's absurd to say they have any real control outside their own platform. They're popular, but that's it - popularity can wane. They don't control video distribution or streaming the way JP Morgan controlled the railroads, they don't control the infrastructure nor can they enforce monopoly control over the internet, and they certainly do not control "the pathways of modern speech."

[0]https://en.wikipedia.org/wiki/List_of_video_hosting_services


> Yeah, see, you're using subjective weasel words like "credible" and "genuine" and assuming that no site operating at anything less than Youtube's scale would be effective - yet plenty of other streaming sites demonstrably do exist and have communities and users.

Okay, but they don't do archival at even a fractional scale. It's true other streaming contenders exist. They are all much smaller than youtube.

> So... Vimeo?

Doesn't really compete in the same space anymore. It's a lot more focused on corporate offerings.

> Twitch?

Big site. Run by a massive company that actually has the networking capacity to make a competitor. But doesn't do archival of all content. That makes it a lot, lot harder.

Edit: Don't get me wrong! Twitch is an incredibly impressive piece of work despite its technical flaws. They do things Youtube has failed to do. But the long tail of content distribution they need to deal with is smaller, and that redefines the problem the resolve.

> Dailymotion? Metacafe? Veoh?

All of these aren't really competitors to Youtube, now are they? Dailymotion is more of a hosting service for corporate offerings as I see it. I also think you pay them for hosting, but I'm happy to be corrected about this.

> The Internet Archive?

What?

> Pornhub?

I know a bunch of SWE and SRE there and they're good folks. But uh... well if they want to explain to you how this is misguided I will let them.

> Until Youtube can stop other streaming sites from existing, it's absurd to say they have any real control outside their own platform.

YouTube is bigger than any 3 of your other alternatives combined, and that's ignoring the fact that they're doing broadcast TV now. The only site on your list that has any credibility in the space of user-generated content is Twitch, and they don't do archival unless you're a Partner still, right? It's been awhile since I've run my twitch channel.

> They're popular, but that's it - popularity can wane.

The following is my opinion:

I have become much harder on youtube since joining Google because I learned how absurdly difficult it would be to do what Youtube does. You've gotta be an international mega-corp to compete with what they're doing. While I am enjoying understanding how the internet actually works, I also confess to a certain degree of despair over its reality.

YouTube could grow to meet its demand because of its affiliation with Google. Other sites would need to build a global scale supercomputer with network to match to do what Youtube and Youtube TV does.

Further, the internet itself cannot handle the amount of media streaming users want to do. That's why otherwise noble ideas like PeerTube can't be used to route around this damage. And as we've seen with search and human interaction, the network effects of concentrating media all in one place are just too overwhelming.

Perhaps you feel more optimism about it. If so, I encourage you to try. As it stands, only Amazon's Twitch could possibly pivot into this position and they seem disinclined to do so for now.


Why do they have to be a "genuine contender"? I get that the discoverability of YouTube's platform is desirable to creators, but why is it important at a societal level that creators have access to that?

What will ultimately determine if Youtube is a monopoly or not is if there are credible contenders of similar size that aren't just reselling Youtube with a branded player.

The public demand itself is enough. Search for Google is already subject to regulation in the EU.


A monopoly is only illegal if YouTube is using anti-competitive practices to stifle competition. It's not illegal if people just prefer YouTube's product.

> A monopoly is only illegal if YouTube is using anti-competitive practices to stifle competition. It's not illegal if people just prefer YouTube's product.

This isn't strictly true even in America, and it's worth noting that every sanctioned monopoly in American history has tried to use this line of reasoning.


It is strictly true as far as the law is concerned.

> every sanctioned monopoly in American history has tried to use this line of reasoning.

So what? That's like saying "every criminal has claimed they were innocent". It doesn't mean that innocent people don't exist.


> It is strictly true as far as the law is concerned.

I think maybe the problem here is that you're assuming that "active" interference needs to take place. All you need to do to hurt competition is set your monopoly-backed prices too low for other competitors to match and if you lack any competition, you're not stifling it.

> So what? That's like saying "every criminal has claimed they were innocent". It doesn't mean that innocent people don't exist.

Right, but that means "I am innocent" doesn't constitute an ironclad defense. Which is the only point I'm trying to make.

And I think the ugly part about this is that YouTube actually does an amazing and in fact peerless job on the technical side. I know how a lot of it works and it's breathtaking.

But that's part of why they can set their price for hosting at $0/byte. And that's hard for anyone at a less superlative scale to compete with.


> All you need to do to hurt competition is set your monopoly-backed prices too low for other competitors to match and if you lack any competition, you're not stifling it.

YouTube has stayed the same price since it was created, long before it became a monopoly.

> Right, but that means "I am innocent" doesn't constitute an ironclad defense. Which is the only point I'm trying to make.

Obviously. My point is that you haven't shown any examples of YouTube abusing its monopoly to stifle competition, thus the argument that they are in danger of violating anti-trust laws does not seem to be correct.

We both agree that YouTube has the largest market share, but can you explain to me why you believe YouTube's market share is the result of anti-competitive practices and not a result of a superior product?


You're not wrong, but it's also bad customer service. Given Youtube has essentially no credible competition, you'd think that they'd be more worried about being the focus of multiple new national government regulatory frameworks.

The important think to recognize about Youtube (as opposed to search, or ads) is that YouTube has no real competition and it's absurdly difficult to compete with Youtube. They're like Facebook but moreso. As such, they may end up being subject to different rules from other businesses if they're not careful.


They are way more likely to face regulation for not attempting curating. The mainstream of small minds is why we are in this shitshow.

Mainstream mentality has always been to freak out when something goes outside what they consider acceptable even if it is harmless. It goes back to the Oscar Wilde and he certainly wasn't the first.

Including the observers commenting on the stupidity with "So long as they don't do it in the streets and frighten the horses." While callous and somewhat homophobic by today's standard it pointed out how society really should be reacting - not giving a shit unless it leads to an actual danger.


The issue with that is the global monopoly YouTube currently has on video content and video communities

At what stage does a private company need to become a public service? There's examples of this happening throughout the ages where private companies like fire fighters, telephone, etc went from being private to public, and sometimes back to private.

It's uncouth and a rude display of privilege to be smug about the fact that English is by far the most supported language on the Internet.

They're a private company and GP is complaining about their poor service. They're not obligated to support multiple languages, but a service that big not supporting multiple languages seems like an incredibly bad move even from a purely business perspective. Doesn't seem entitled to me.

> And that you were able to provide the US based documentation

I don't recall needing to provide any documentation? I'm also not American so I couldn't provide "US Based documentation" whatever that means.

There also wasn't any back and forth interaction with support to get unbanned.


To play devils advocate.. is this really true? Or do we just only hear about bans/reinstatements from people who are "able to attract attention"?

I'm not entirely convinced it is. I started a exploit development/security podcast with a couple friends a few months ago, we were banned on Youtube shortly after the 4th episode for a community guidelines violation.

We appealed it and were reinstated pretty quickly (hours), which was a genuinely surprise to me given all I've heard about the Youtube system and the assumption that channels only got unbanned by being able to attract attention.


It is, and it's not just YouTube, I follow alot of "niche" channels, and the distribution of enforcement is comical.

Well, then they kill two birds with one stone, they snuff out their potential competition.

No? The content creators are not youtube's competition. If anything, they're pushing those creators off to competing platforms...

It's certainly true now, but once upon a time the Google search engine was also a "neutral platform that didn't directly compete with other web properties shown on search pages."

How times have changed there, haven't they?


It is not just this isolated case. Youtube changed their terms and conditions in such a way that affects all educational content related to infosec, more info in the other HN thread here: https://news.ycombinator.com/item?id=20346865

To be fair, it's reasonable to forbid instructions on how to attack specific online third-party systems, just that the phrasing of YT's policy is too ambiguous and can be extended to any educational infosec content.

Yes I agree, the article that I linked above focuses on the ambiguity of the policy wording, interesting read.

Speaking personally (obv) that's scary and if they don't change the ToS I can imagine reviewers will keep making similar mistakes

Maybe if the channel was named "Kody Kinzie's Flowery Cyber Instrument Safe Space", it would have been promoted instead...

The internet promised so much, but is being ruined by corporations and governments.

I can't help but feel the ruining is accelerating.

I hope the infosec community can come up with some kind of decentralized way to actually share free speech. If anyone is capable, they are.

The discovery problem is an illusion. If you build it, they will come.


>I hope the infosec community can come up with some kind of decentralized way to actually share free speech. If anyone is capable, they are.

There are decentralized/open/ethic friendly services alternative to big corporations services. In the case of Youtube there's PeerTube[1] for exemple (even if in that case there's a IP leak due to the p2p protocol if I remember correctly).

The sad thing here is that people decide to stay on the "big" services due to the network effect, and few people decide to boycott them just to follow principles.

[1]https://joinpeertube.org/


In some video sectors people issue "preview" videos on YouTube (for discovery, network effect) and have a full video elsewhere that doesn't have to comply with YouTube's terms.

That would probably work here until YouTube move on to "can't signpost content that's not allowed here".


This approach implies that YouTube actually pays attention to the details of their terms, rather than just using wide sweeping keyword filters.

It seems to work in the sector I was thinking of (lewd ASMR).

I guess if YouTube blocks content by keywords we'll need to get creative with the thesaurus or ROT13.


This is why we need a solution that separates the social network from the storage platform. Maybe as a first step, have a system that combines your peertube, bitchute and youtube accounts together, like a semi-rss feed. Maybe you should be able to use your google account on the alternate platforms. Google won't like such adversarial compatibility, but if done client side there won't be much they can do.

Don't be so pessimistic. There are still plenty of resources and places to discuss whatever you want.

Youtube is like that big commercial avenue in the city, where you can only see mainstream stuff. If you look for the bookstore that has hacking/engineering/pyscology books, you'll have to go elsewhere. But it has always been this way.


YouTube used to be that place.... I remember it, I want that YouTube Back...

YouTube did not become popular with "mainstream stuff" if I wanted "mainstream stuff" I would still be a cable TV Subscriber

YouTube promoting only "mainstream stuff" like CBS, and CNN will kill YouTube


YouTube got popular with mainstream TV shows and movies. Then after it won all the market share with that content, Google bought it and turned it legit.

No that is not what made YouTube Popular at all

I have never once watched a mainstream TV show or Movie on the platform.


Yeah that's utterly wrong, YouTube got popular because it was the best platform to upload any video and find and watch any video. Then music got big on youtube. Right now they are trying to go into movies, not sure how it will work out for them.

> CNN will kill youtube

Given CNN'S dwindling ratings I sincerely doubt that. If anything youtube needs to rescue them.


No CNN should collapse

there's plenty of niche content that finds its home on YouTube. It's as if the commercial avenue was infinitely large and could contain every shop you could wish for.

You have to leave the avenue for porn.

Pornhub has good enough porn, can find something for most any niche.

Soon you’ll find though, if you’re really into this or that, individual studios that cater to your niche create videos with high production value that are all around better than what you dig up on pornhub.

There are marketplaces for small studios like clips4sale.com (nsfw).

Also aggregators for specific niches / topics, etc.

Maybe anti-YouTube people can look to porn for the way out?


You have to know what you're looking for, which I think is traditionally the biggest hurtle.

Nah, all the old services are still out there and still work. You can still use irc, you can still set up your own mail and web server. There are even new alternatives, from tor to other hidden/dark/free...nets.

But people are too lazy, and find the "just use the largest corporate platform" very convenient, especially if it's "free".

edit: ...which is a problems, since also your viewers only use that "one big" platform, and don't check elsewhere.


There is nothing to come up with. Serving video is a well understood process, both as a service and self-hosted. YouTube's popularity is based mostly on network effect and Google footing the bill for a top notch experience for your viewers. Few people will pay the Vimeo prices, or build something at multiple the cost, if they can get the whole package for free.

Disclaimer: I'm a Googler, so can't help you with estimating the cost. But a few years back the research community had some reasonable-sounding models. Plug in current hardware and you can get an idea.


What about PeerTube? Seems like a good fit for the infosec community.

That's entirely reasonable. My plan of record in for YouTube no longer footing the bill of disseminating videos of my children to extended family is similar (seeding them on bit torrent).

Edit: note that peer to peer doesn't exactly solve the economies. Instead of advertisers, you're asking your viewers to provide the resources. Depending on the audience, this will or will not work.


Well, the internet is still there. It's just that the majority mistook private spaces for public ones.

Well, it is convenient I guess. Your content is being found, the interface is great, someone else is paying for servers, storage and bandwidth. All of that for a little control and advertisements...

And honestly, I want platforms to regulate content. They have millions of users, some of them are underage or even democratically unstable.

It's okay to put a little effort into finding knowledge now and then.


"Well, the internet is still there. It's just that the majority mistook private spaces for public ones."

Exactly. Using Twitter or Facebook in place of Email/IRC/Usenet/WWW is wrong so many ways, but good luck telling that around without getting laughed at.


> The internet promised so much, but is being ruined by corporations and governments.

No, it is ruined by normal citizens who largely don't understand democracy and its value. As long as the dictator doesn't bear the label "dictator", people generally prefer dictators, and then at times they are surprised that dictators abuse their power.


Don’t forget that people are behind both corporations and governments. It’s being ruined by people.

>The internet promised so much, but is being ruined by corporations and governments.

The only way to fight it is to make sites like we used to, and make sure they have onions


The internet will route around this block, just like it has always routed around other obstacles.

Infosec people tend to be crafty (it's a job requirement imo) and quite a lot of the greybeards were part of building the infrastructure from the beginning, so no need to despair yet.


But regular laymen never look beyond youtube (everything non-advertized and popular in general). There is no business model in being underground greybeard publisher.

Considering that you can pull in 100-300k as a security professional at a company, and a multiple of that as a consultant, I don't think that YouTube ad money is that big a deal

giveth and taketh.

Google/YouTube/FB/etc made the web more accessible, fun and useful to normal people. The profit motive was great for cutting through the more idealistic 'open web's" occasionally stubborn^ roadblocks.

YouTube, for example, got online video bigger/better/faster by doing centralisation, flash & such.

After they win though, they effectively become squatters. YouTube or FB could go offline today and tomorrow we'd probably see new services, possibly free and decentralised, popping up to replace them. But, while they monopolize their areas... they probably create negative value.


>But, while they monopolize their areas... they probably create negative value.

I think Facebook is already creating negative value.


I am curious when you thought FB created positive values

>The profit motive was great for cutting through the more idealistic 'open web's" occasionally stubborn^ roadblocks.

Could you give some examples of this, please?


YouTube, for example, got online video bigger/better/faster by doing centralisation, flash & such.

..FB also, photos of their grand hildren was the reason a lot of people got online.


But YouTube having faster servers isn't an "open web" roadblock, Facebook's social graph isn't either -- neither of these shed any light on your previous comment for me.

What would?

In the original comment you mentioned the open web put roadblocks in the way of progress due to idealism. So, if you could say what those roadblocks were, and how the idealism supported them ...

Presumably you're not accusing "open web" activists of having ideals that favour inhibiting bandwidth, or hosting content on slow servers, so noting that proprietary ["closed"] services had those facets is irrelevant to your original comment.

If you felt that people wanting to use PNG, because GIF was closed and contrary to [the nebulous concept of] "open web ideals" has retarded progress on the web, then that might be an example? I'm struggling for an example, because I don't know of any examples, which is why I asked you because you spoke implying you know [many] examples!


No. I just meant that for whatever reason (a large array), closed ( different types of closed) solutions like Facebook and YouTube were more user friendly for the majority who came online post-2000... and these things played a prominent role in moving things forward.

Flash made online video work. Facebook & YouTube made contributing & sharing content accessible. IRC, host-your-own webpages, later attempts like RSS and such, which were more idealistically "www" were also not right for Aunt May. They were right for 1990 users, who were a self-selected bunch.. not alway representative of the majority.

Even jewels like Wikipedia (a brilliant achievement of the www idealism, imo) are relatively inaccessible (the editting part) to the average person. That works very well for Wikipedia specifically.


Opening up the Internet to commerce was our Original Sin.

> If anyone is capable, they are.

True. Even the audience for this will be devs which is right fit to make a decentralized community.


It's like banning Karate & Judo because it teaches violence. (When it actually improves personal security/safety)

Or banning gun videos because they could teach someone how to shoot up a school.

It’s no surprise YouTube opted not to censor this genre based on their workplace shooting incident. Companies are getting more and more paranoid these days.


Gun youtubers were hit very hard by adpocalypse to my knowledge.

Big advertisers dictate what content is allowed on YouTube. Corporations like Disney and Coca Cola get to decide what we can watch.

Aren't there any corporations that market to people who like guns, violent videos, etc? Is if you like guns you don't exist or consume anything? I bet that a lot of people that like guns drink a lot of coca cola and eat a lot of junk food.

Won’t be long until gunsmithing videos about how to manufacture machine guns (legal in most countries with the right license) are banned, too.

EDIT: Spoke too soon. It’s already gone.

https://www.thefirearmblog.com/blog/2019/01/04/coat-hanger-m...

What’s next? Lockpicking?


Please no! The lock picking lawyer is my favorite :(

Some of those videos should be government sponsored infomercials -- here's how to open a nationally (USA) used door lock in 1s with a magnet.

Bookburnings of the anarchist cookbook, obviously...

YouTube is less and less about You.

It's like they've got too much content anyway, so why not just start banning stuff?

Ironically, they remove the videos that people watch, not the thousands of terabytes of videos with 3 clicks in the last 6 years.

It would be sad if they removed the videos with 3 click in the last 6 years, because those are the ones of your granddaughter, living thousands of km away, taking her first steps, or reading her first reading primer by herself. These are the things that help families stay in touch. Just because they don't attract mass clicks (and aren't intended to) does not detract from the value they have for the small number of viewers to whom they matter.

WTH, don't keep that stuff on YT.

Well,... for some people that seems to be the easiest way to distribute it to the whole (widely dispersed, extended) family.

What would you suggest as an alternative?


I'd recommend Firefox Send (https://send.firefox.com/) or maybe Dropbox.

Or whatsapp or signal... Or google drive. Just not YouTube.

Google Photos

It is actually probably kind of like that, although not as part of a moralistic panic or a political purge as seem to be the common assumptions. What they likely have is too much content that makes too little money and attracts too few advertisers, so they're willing to lose the content they can most afford to lose. It's a simple cost/benefit analysis to them.

Social media sites which depend on user supplied content use that content to advertise the platform. Maybe no one told Youtube content creators that they were really doing sales work for Google, but that's always been the nature of the modern social media model. They don't work for you, you work for them.

TANSTAAFL.


Ah, the Wikipedia strategy.

Hackers use adblock anyway.

Now that you said it, GTube rebranding seems imminent, especially with Google's track record on such things.

*google

*alphabet

Trying to apply logic to a political decision is like playing chess with a pigeon.

I agree it is stupid to ban such items on such grounds but:

with "actually improves personal security/safety" I do not agree. If you are not training daily watching video about martial arts does nothing to improve your personal safety. Though there is guy having gym in China who is explaining it better than me and he has martial arts channel. But that is one guy vs tons of "self defence bullshit".


I've not had YouTube around when I was learning karate, so I don't know if I'd be using it if I was learning karate now. However, I did use it to learn some dance moves, and although I was just sitting in my chair and watching it, it did help a lot with many "aha" moments and practiced them later. Sure, there is a lot of crap on there, but I can filter that myself. Things in karate that you could just learn by watching without much training are pressure points and how to get out of someone's hold. The other stuff needs training (especially conditioning), but a good video can give you directions for how to do it.

Isn't this the problem of the viewers' own doing? Youtube would not give a shit until someone feels offended by it and complaints. So we can blame corportions all we want but we should also think how much of it is influenced by us. Note: above only applies to the comment about violence. Infosec thing most likely is different.

What's next, cracking and reverse-engineering? Debugging? (Anti-authoritarian) programming?

As usual, Stallman tends to be quite prescient: https://www.gnu.org/philosophy/right-to-read.en.html (perhaps more like "right to watch" in this context.)


I always think he’s mostly right, but a little too uncompromising, but then everything he says comes true. I don’t know how he predicted so far ahead at the time, it’s humbling.

As a software author working at startups, am I part of the problem? I don’t understand how to make a good living without locking down the code to some extent, with few exceptions (it’s hard to found red hat)


> I don’t know how he predicted so far ahead at the time, it’s humbling.

As I cast my eye over the FSF's basic definition of free software [0] I can't spot much of a mystery.

If a user don't have those freedoms, then someone else is in control of their software. It is inevitable that sooner or later the situation will change and the person who does have control the software is going to do disagree with what the user wants to use the software for - and at that point the user is the one with the problem.

Stallman isn't using a genius level of insight, but he is avoiding some very common shortcuts people take where they assume that because people are on 'their side' today that they will remain on 'their side' even if the incentives change. They are then shocked to discover that when the incentives change that nobody was ever actually on 'their side', it was just that the shark swimming placidly alongside wasn't hungry before.

I'm usually with Stallman's theories, it amazes me people keep being surprised that liking someone doesn't mean that the person is immune to the incentive structures that surround them. People have a remarkable and underappreciated capacity to make decisions that are good for them rather than good in the abstract.

[0] https://www.gnu.org/philosophy/free-sw.en.html


It's intriguing to witness this phenomenon live, for example with Google: first we were all in love with it, so refreshing, fast, humble when compared with Yahoo, Lycos et all. We loved their "do no evil" mantra. When they started to offer their free e-mail, we were queueing to migrate. Then the phenomenon you're describing started to happen and people are struggling to de-googlify their lives only to discover it's already too late to do it 100%.

It happens everywhere - similar concerns raised for cloudflare. Diversity is a good thing, big monolithic providers of services CAN be good as long as leadership is aligned, but once they start optimizing towards less altruistic goals it’s scary. You could argue government works the same way.

> ... first we were all in love with it

People commonly seem to express this idea. That's not actually true.

Plenty of people haven't believed the PR from day one. What you're seeing now, is the reason why.


This.

I think he was a bit off with regards to source code/open source, because while having source code helps in understanding and modification, it's not essential; you could similarly imagine a world in which open-source wasn't a huge movement but instead the right to reverse-engineer (or basically, understand) software was guaranteed, and it would have as great an effect on freedom; perhaps even more so, because now it'd be the norm for people to disassemble/decompile anything they wanted, and the lack of any "chilling effects" would greatly increase advances in program analysis in general. It could even be argued that the rise of open-source lead to a decrease in interest and skills of RE.

In fact, PC magazines of the 80s and early 90s used to contain articles specifically about patching software to do interesting things, complete with instructions of the form "change byte at X to Y"; AFAIK they didn't violate any copyrights because they didn't distribute copyrighted material. Then there's the whole series of "undocumented DOS/Windows" books written by people like Matt Pietrek, Andrew Schulman, and Mark Russinovich; all of which required substantial amounts of reverse-engineering and analysis, but instead of them being persecuted, two of them now work at Microsoft.

"If you outlaw freedom, only outlaws will have freedom."


Sometimes I wish people had developed an expectation that commercial software should come with the source code, rather than as (only) a binary blob. Licensing terms could be the same, but people would look at you funny and feel cheated if you tried to sell them a binary blob.

The only domain where I have seen this is with commercial scientific software that is designed to be run on supercomputers. This is mostly due to the difficulty of producing high performance binaries that work with the MPI implementation.

One interesting implication is that since people can view and modify the source code, patches and modifications to the software are shared.

This has always lead me to wonder if a diff file violates copyright as it includes some of the original source as context.


I'm not a lawyer but this reminds me of how game mods are shared for old games. They are shared at patch files to avoid sharing the copyrighted original binary/rom file.

My understanding is that use a patch file as long as your patch doesn't include any copyrighted material it is fair to share.

A patch file does not necessarily have any of the original code, just the location info and the new value.


This is still how custom themes for the switch are distributed since the menu file is considered copyrighted they distribute a file and a tool you can use to apply the file to the menu file on your system.

YLLMV (Your Local Legislation May Vary), but reverse engineering and subsequent modifications are completely legal here, if they're more for compatibility than competition.

I also wish everybody would install adblock on all their devices etc.

It's one of those problems that are solved only at the individual level but because of that are not going to be solved at all.


This was a shift in viewpoint -- earlier in the life of computers, the hardware was seen as the really valuable part of a computer. So companies would provide the source code because that was simpler (the software was "just a toy"). But then software became the valuable component, and so businesses (as is a recurring theme in capitalism) didn't want to give away something that might be potentially profitable. And so we now have proprietary software. This shift in viewpoint by users was an intentional move, pushed by soon-to-be proprietary software businesses.

I think you may have missed my point. I want businesses to profit off of their software... I just also want them to provide customers with the sources used to produce the software they just paid for.

Copyright law can still apply. Just because I have your sources doesn't mean I can go and use them in my own software, or re-implement your patented algorithm.

"But how can I be sure that my customer isn't stealing my work?"

Well, ask someone to look at the source code they provide to their customers. Remember, we're in an imaginary world where source-included is the normal way to sell software, and anyone peddling binary blobs is seen as shady.


You having the sources does not change the incentive of the software’s creator. The unwanted functionality (which the software creator is pressured to include) will instead be put in:

1. Obfuscated code. This is a classic, employed back in the day when raw machine code wasn’t quite as much of a barrier like it is nowadays. Less common now since its importance has lessened, but still ever-present, and could be re-employed instantly.

2. The very design of the software. For instance, the software might require a phone number for every user, and this is baked in at the very fundamental design level, making it impractical to change. Other design choices might encourage you to share your contact lists, for say, backups, and your data is now leaked.

3. The software is merely a collection stubs calling a cloud service. Very common now with so-called "apps" for phones. This design has come to its pinnacle with “web page apps”, where only the front-facing UI portion sits on the user‘s control, and the rest runs remotely.

This is why “shared source” and the like is not enough. The end user must have the practical ability to, reasonably easily change the software, either by themselves or by hiring anyone they like and/or trust to do it for them.


Kinda how commercial game engines often came with the source code. Not open source, heavily restricted with license, but available for the user (licensee) to look at and make modifications to it required.

[flagged]

cyphar 13 days ago [flagged]

I find it interesting you are harping on an aside I made in the middle of an accurate (though very abdriged) description of the history of proprietary software.

But, to your point -- yes, companies can do altruistic things. That doesn't mean they always do altruistic things, nor does it mean that they tend to do altruistic things. This should not be surprising -- companies are designed to maximise profit and altruism is rarely as profitable as other avenues. Companies which contribute to or sell free software are in the overwhelming minority today, let alone 30 years ago.

I didn't mention socialism, nor redistribution of assets. More importantly though, if you feel the need to protect the concept of capitalism whenever there is even the hint of criticism, then you should take a page out of Hamlet -- "the lady doth protest too much, methinks".

Also, free software isn't socialist. If you feel the need to tie to it a political ideology, it's much closer to anarchism.


> while having source code helps in understanding and modification, it's not essential

It technically isn't, much like having an excavator isn't essential to digging up ground for a new mall, when you can technically do this with a shovel too.

I get your point, but right now, I'm sitting in front of a 22-years-old game I spent a great deal of time even trying to get to run. I want to restore it. There's no source leak of it that I know of, it has no clear relation to prior titles and there wasn't any reversing effort I could find either. Half of the formats used by it are obscure, and from causal inspection seem to be dumps of in-memory structures.

Having source code, my main problem would be to build it - but it's essentially a straightforward task of finding and patching or mocking various 1990s-era peculiarities, until the whole thing builds correctly with an reasonably current compiler. The source code would assist me with reversing the data formats too. However, I don't have the source code, just a barely-32bit application with a 16bit installer. The game plays really weird tricks with your screen, so attaching a debugger will be a PITA (unless I figure out how I can run a debugger on a different machine and remotely debug the game on the one computer that it manages to run in half-broken fullscreen mode). Best I can do now is poke it and see what changes.

> It could even be argued that the rise of open-source lead to a decrease in interest and skills of RE.

I think so too - simply because being able to ask decreases interest in and skills of figuring stuff out yourself. Has its good and bad sides.


The game plays really weird tricks with your screen, so attaching a debugger will be a PITA (unless I figure out how I can run a debugger on a different machine and remotely debug the game on the one computer that it manages to run in half-broken fullscreen mode). Best I can do now is poke it and see what changes.

Two suggestions for you: 1, VMs are your friend. 2, decompilation technology has gotten very good. I'd "statically analyse" the binary in a disassembler/decompiler for a while first and figure out what it's doing before actually trying to run it.

I don't think source is necessarily always making things easier either --- I've had a few times where, even with open-source software, it's easier to find the right bytes in the binary to patch than to figure out where in the (huge) source that would be, and then how to build the rest of it (along with all its hairy web of dependencies) completely unmodified from the original binary.

Especially if it's a fundamentally trivial change (like a string constant somewhere, whose desired value is the same or smaller in size), and I don't expect to make any more complex changes, I'll definitely choose opening the hex editor for a few minutes (at most) over spending perhaps hours downloading a few hundred MB of source and dependencies and figuring out how the original was built and how to reproduce that.


> because while having source code helps in understanding and modification, it's not essential

You're right that it's not essential -- and he does mention this in most of his talks. But reverse engineering is very time-consuming and difficult, especially if you need to do it for every program you use.

So his view that software freedom requires the source code to be available to users is much more of a practical requirement than a philosophical one. This is why the GPL requires the preferred form of modifying the program be provided -- to ensure it's just as easy for users to modify the program as it is for the developers.


in the US DMCA did infact make alot of Reverse Engineering a violation of Copyright

Most EULA's prohibit Reverse Engineering and companies like Oracle have entire legal teams dedicated to prohibiting reverse engineering going as far as prohibiting people from reporting security vulnerabilities discovered using "reverse engineering techniques"

Further the wide interpretation the courts have allowed under CFAA can easily be applied to reverse engineering as well, i.e "Exceeding authorized use" making reverse engineering of software a felony under US Law


Unfortunately for Oracle if you prohibit people from reporting security vulnerabilities they will just sell them in the black market.

It's harder to argue that reverse engineering is harmed by open source, in a world of software patents and copyright protection that occasionally permits interop, but always prohibits competition

The alternative to working on favorably licensed OSS that you posit, is roundly illegal, unless you had no designs on modification and/or redistribution of a derivative work.

https://reverseengineering.stackexchange.com/a/73


He is always right because his predictions about companies are as cynical as possible. He assumes every company acts entirely in its own interests and will do whatever they can get away with to make the most profit.

And of course this ends up being true almost every time.


I thought at first that he was a pompous ass who was out of touch and mostly wrong.

And slowly, I noticed that he was still a pompous ass, but he was right. And longer I observe, I notice that he wasn't wrong, but ahead of the curve. And instead of being an ass, he was calling these issues out before they reared their ugly heads... but lo and behold they did eventually.

That's why I'm a proud member of the FSF.


>>> but a little too uncompromising,

You can not compromise on freedom, for once you allow a single exception that allows authoritarians to take your freedom in "limited" situations, they will quickly invent more and more situations to take more and more of your freedom until none remains

If you value liberty, uncompromising protection of that liberty is the only way to secure it


The system that prevents you from making a good living without locking down code is most of the problem. To the extent you support that, you are likely a part of it. No different from most people nowadays I think, myself included.

Its refreshing to see the sentiment among HN crowd has shifted and embracing RMS. Few years ago the comment section was dismissing RMS outright as not being practical.

We need people like him. He's the anchor that keeps the ship from floating away at sea. If it were entirely left to the more practical people, GNU wouldn't be a thing and the ecosystem would suffer. We would all be worse off.

He is literally a genius.

The question you should be asking yourself is “why do I have to take freedom away from others to earn a living?”


No, the question you need to ask yourself is 'how small of a living can I stand?'. I make a living programming audio software that's GPL-compatible (I'm using MIT license on the grounds that nobody succeeds in the music business unless they allow themselves to be exploited). Stallman can use anything of mine, I just can't use the capital F free stuff GPL users create in exchange, but I get to feed 'em if anything I do is worth having.

I do make a living, it's just a very poor and insecure living. I sleep a lot easier, though, and it's very unmistakably a 'First World' living even if it's sort of constrained. How small a living can you stand? How rich do you have to be to have 'enough', and do your 'quality of life' calculations include personal guilt over screwing people over, or not doing that? Software freedom matters to my day-to-day life, but so does the fact that my income's low enough that I qualify for Section 8 housing. Without that, I'd lose some things making it possible to be writing the free software.

Can you afford to be on the side of good, or do you have to play for team evil in order to keep the doors open? If it's the latter, can you plan for a heel/face turn and execute a dramatic betrayal of Team Evil? I did (sort of). I was selling the audio software for years and merely keeping all my code proprietary (and getting sucked into the hype mechanic, more and more) and when I made my exit and went full Patreon I executed a clear, very public transition from commercial to open source, even reserving that as a threshold for the Patreon to hit. Took a major loss in revenue right away, but made that threshold pretty soon, and now I don't have to go back. But I wouldn't have been able to do it without years of exposure as a commercial developer.

Just like doing an IPO or executing an acquisition strategy, you can execute a heel/face turn into Free Software if you handle it properly. You need to care about the values of it, that's part of the return for you, but I'm still seeing annual returns in excess of, say, index funds. I'm growing at about 34% a year (started out more, but that's over the last year and ignores launch) and I feel I can continue to expand at that rate through taking on more interesting (and costly) projects. Note that this is not passive, this is working capital and is continually funding new stuff I'm able to take on. Hey, if it works for Amazon… ;)


Using section 8 to fund cottage industry like free software is brilliant. The absurd exploitativeness of contemporary landlords in large part drives the perceived need to be a heel.

Frankly you're an inspiration, thanks for this post. Know that I hope your growth rate continues or even increases.


The free software movement is really a radical concept. It encourages us to go beyond capitalism and making a buck to more fundamental aspects of humanity.

I’m afraid we are all part of the problem, but we can also be part of a solution, particularly if we work collectively.


Honestly? Take the mentality you see in the world - the bottom line comes first, the consumer wants easy consumption, security comes first, whatever else - and try to imagine where that comes in conflict with the things you love. What would have caused that conflict? What, if anything, do you see coming out of it?

And if you think Stallman was the tinfoil-hat prophet, you gotta hear about this guy Karl Marx. He predicted the economic turmoil of automation back when the US had a war over "States' Rights" to choose whether Slavery was Legal.

I predict that the US will slide further and Further into being a 3rd world nation, until suddenly, another collapse happens. US citizens wont break right away... No, they'll suffer it for a while. They'll even go hungry for a while - and I'm not talking about Detroit or Chi-raq. Im talking Seattle, Houston, NYC looking like the Rust belt, complete with bridge collapses and deaths-via-crumbling infrastructure.

China's upcoming divorce from the US markets will insulate them from the crash, but their involvement in our real estate market will only worsen the crisis for Americans. Russia, China, and the Eurozone will finally band together with their currency-basket idea upstaging the dollar. And Americans will still think we're special.

Then, when the Hoovervilles have swollen enough to be dangerous, someone will have the bright idea to mobilize and radicalize us. Still, we'll do nothing, even in the absence of Netflix and Cable TV. But that wont stop the government from trying to herd us into camps, just like the immigrants... And in those, with the forced absence of soap, sleep, food..., something will snap, and the guillotine will be reborn in fire and fury.

The Climate Change problem? Will get so bad it starts on Xenocide before anyone does anything effective - the sole exception being economic collapse. And we're going to have to shoot a few CEOs for the rest of them to take any of it seriously.

Everything from human trafficking to drug use is going to boom.

You know slavery - just barely behind propaganda, it was the second biggest influence on modern management practices. Psychology just taught us how to sugar coat it better.

Speaking of Propaganda, 1984 aint got shit on 2019. And 2030 is gonna make today look adorable.


> ... security comes first, whatever else...

Really? the feeling of being secure may come first. Think of how much modems/routers/phones or any other embedded device comes with obsolete software pieces with lots of security bugs. The non-free methodology of software development, I feel, is actually killing security, and making everybody more vulnerable.

Most firms don't like giving the source code of the devices away. I understand that they have their own reasons for that (whether it is right is another thing). But at least, there should be an official way to unlock those devices and run custom software pieces (which of course, voids warranty).

These days more people are moving to "Open Source," but not "Free Software." See how Linux & busybox essentially making any hardware non-free. Hope people understand the difference and help make the world better.


I wonder what companies would be good investments to hedge for this possible future.

Amazon. Failing infrastructure that other companies rely upon and expect to function adequately, will not pose the same challenges. They deal with the logistics of delivering items of necessity to people all over the globe at enormous scale. They have their own fleets, their own delivery people, and their own automation approach. In a decade Amazon won't need the post office or UPS. The barriers to entry in taking that on are enormous to the point of near impossibility. Heck, even their ability to sell counterfeit garbage to customers without significant penalty on themselves shows they even know how to disappoint people correctly...

Good points, I wonder what a government run by Amazon would look like...

He is technically correct, idealistic, and uncompromising. Unfortunately that doesn't really work in the real world unless your name is Richard Stallman. It's not pragmatic.

I ignore him.


I don't ignore him. There's a lot to be learnt from what he says.

You may think it's too idealistic or uncompromising, but his predictions have been proven repeatedly.

You should learn from him, not outright ignore him.


You can ignore him but the reality that he has been impressively predicting won't ignore you. It will come for you, just a matter of time, if you keep ignoring it.

He has shifted the Overton window in the direction of software freedom for a long time. That has made a huge difference in how all software developers work today. He's worth listening to as long as you don't treat him as an idol.

What ever happened to "the best kind of correct?"

You know what else is technically correct, idealistic and uncompromising and works in the real world: Bitcoin.

That system requires the power of a small European country to do 7 transactions a second generating a max of 1 mb of data volume every 10 minutes. That's like 1970s transaction speeds. Who the heck is ever going to use that?


youtube is not the internet, it's a privately run silo. I think it's actually better if people stop using it for everything. We've somehow got to the point where we are demanding private companies somehow preserve our freedoms simply because we've entrenched ourselves in their commercial products and given them control over content. Let youtube curate their content, I wish they'd do it more. Then maybe we will start seeing some more diversity rather than these massive silos

Agreed. Youtube doesn't host pornography and, guess what, there are plenty of other sites that do.

I almost think the reaction to this is too pessimistic! "Oh YouTube is banning content the Internet is DOOMED". As long as we can freely connect to any service then there will always be an alternative.


Have you used Google Video Search recently? for vast majority of people internet is Google and Facebook. It is not ideal, but it is not to be ignored.

There's a real threat in Google (Youtube) controlling what is shown on their platforms. We might be informed and willing to try alternatives, but the masses don't (yet). This gives Google enormous propoganda power, and it is clear they already use this power to further their own agenda. It's not about freedom of speech, it's about deplatforming: the ability for your speech to be heard by the masses. The argument that you can just go elsewhere is like saying you can hang up your manifesto in the forest instead of on the church door.

When I was 16, back in 1999 I came to basically the same conclusions as Stallman.

I came to that conclusion trying to “fight” a (non-existant) virus that could infect any non-volatile memory onboard.

Since I didn’t actually control (really I mostly didn’t understand) my hardware it’s always seemed natural to me that, for example, the firmware of a hard drive of a networked computer could be compromised.

Since I didn’t control anything, I was at the mercy of those who did. Therefore I was always very hygienic on the internet, for example.

Stallman’s an arrogant self-righteous bastard. But he’s our bastard, damit! And I love him for it.


The best thing we could do at this stage is provide alternatives to Youtube, sooner than later.

There are lots of decentralized alternatives. People just don't use them much yet.

To paraphrase an old joke : "Nobody goes there anymore. It's too empty". What you describe there is the classic problem of Network effects. The limitation is not on the tech side of things. People don't use the decentralized services because either favourite content isn't there. Producers don't post to the decentralized service because the consumers aren't there. Unfortunate reality :-( I really don't want so much power concentrated in the Facebooks and Googles of the world.

It's gonna bite us in the ass pretty soon, because the direct consequence of this effect is that the ability to launch a successful network depends on marketing - you need to achieve a critical mass of users pretty much instantly, since each new user won't stay for more than a day or two if their friends and content aren't there. That requirement forces potential new tech to have massive backing by a strong entity like a tech giant.

I wonder if we'll end up seeing state actors (or supranational entities like the EU) promoting state funded networks as a public alternative, as is sometimes the case in industries that tend to be monopolistic due to the cost of starting - transportation, telecommunications, etc.


> I wonder if we'll end up seeing state actors (or supranational entities like the EU) promoting state funded networks as a public alternative, as is sometimes the case in industries

You make a good point but I'd like to think of it this way: If the said service is made mandatory, then it has a chance of succeeding. Else, building that critical mass entails a lot of customer acquisition costs that a Govt may just not be in a state to justify. And therein lies the beauty and danger of network effects. Once a company has them, it is very very difficult to dislodge it. Look at Visa and Mastercard: V has been around since 1958 and MC from 1966. Both are valuable as they have network effects.


The effort involved in pushing videos to one or two more platforms when you already did to one is close to zero. This is how you start while not leaving YouTube yet and making it possible for the alternative to develop progressively.

In theory you could make a json file with all the details and push it to 100 content libraries like YouTube/Vevo/Peertube/Facebook/etc. but most of them want to be exclusive, they're not there to host your content, they want your viewers. There's no way they're going to do anything to help democratise that content.

We need to stop feeding the beast.

I'm still convinced that Opera Unite, which fused distributed social + web client + web server, should have been the way forward to make the web truly owned by the people: if social sites were simply caches of content available p2p or through any social site of my choosing (that the content owner allowed) ...


Cracking and reverse-engineering DRM is already illegal with the accepted US laws, so it's not far fetched for YouTube to be forced to remove those videos as well.

But it is decidedly legal to publish materials that explain how to do so.


Kicking someone in the face is illegal too, but there a million - or more - YouTube videos showing you how to do it, and most towns in my country have more than one class you can go to to learn how to do it (TKD, BJJ, Karate, etc.).

"Well you can use it for defence ..."

White-hat hackers are a thing too.


No one here mentioned DRM, though that would be a valid subset of videos to delist under this new rule.

What if I want to reverse engineer my toaster, and make a video about it?


I'm sure there's a way the toaster company can interpret your video as a copyright or trademark infringement.

If you could figure out the order of construction of the parts in the toaster that could be considered intellectual property/trade secret.

The big thing RMS misses in that article is all the bio-identification that has been happening the last couple years.

Dan is going to get caught because the machine takes a picture of him when he logs in with a password instead of the fingerprint reader, cause you know can't have a PC without a camera pointed at the user..


On the upside, that's literally the only scenario where hackers typing on computers wearing balaklavas would actually happen.

Still waiting for a scenario where two persons typing on the same keyboard at the same time as an effective solution will happen. edit: typo

Damn, we got the fingerless gloves wrong, though. Didn't think about hiding our fingerprints.

It's more sinister than that. Dan is going to get caught because his typing frequency, style and mouse movements are unique in the whole world. Moreover, he usually works on a computer with unique hardware that can be fingerprinted by some silly W3C standards already. Camera would be a bonus "just to be sure". We will soon need typing/movements randomizers that would add tiny delays/perturbations to our typing/mouse movement to fool some advanced Deep Learning pattern extractor. Using those would place Dan on some "no loan" blacklist though.

For an article written in 1997, it's pretty damn prescient. The article also isn't focused on surveillance. I would argue that modern bio-identification was at least somewhat predicted by 1984 (though Orwell assumed that humans would be doing the identification, not computers).

Not getting caught led Dan to question if the bio-id AI was really that intelligent and helped release thousands of wrongfully convicted people 20 years later!

If only there was a way to condition users to have a picture taken of them every time they unlock their device ...

This reminds me of that Nintendo Switch game that had a ruby repl in it that was then removed from the Nintendo store. Nintendo is particularly bad in this department but it's still upsetting.

Modern day's Cassandra, unfortunately.

The thing that bores me the most is that the sentence not event makes sense. "Showing users how to bypass secure computer systems". If you can bypass a computer system, in which way can it be considered secure?

A secure system is a not open system. Think of a door to your apartment, house, etc. It isn't relevant how secure it is but whether it is closed to others or not.

Because every security system is potentially flawed, contain bugs and therefore is vulnerable to hacking.

But knowing the flaw makes it insecure.

It was insecure whether you knew it or not.

So, it's not protected by YT's definition.

Yeah, YouTube's definition is self serving, and breaks apart for many important use cases. Their real definition is "we allow/block whatever makes us look good in the court of public opinion", and to think they have any real definition beyond that is a fallacy.

I expect it's a slight more meta metric, I doubt they care about the court of public opinion beyond its relevance to company profit.

Sure, but the medium term relevance to company profit isn't a metric you meaningfully have until it's too late to do anything about. You can actually react to the court of public opinion, and reacting to that will pretty much give you a level of CYA as a decision maker, so there's not really a down side on that end.

secure system != security system

There is such a thing as an insecure security system.


So if I build a flawed security system, it is not insecure?

Of course it is. Just what the parent said. It is an insecure security system. (As opposed to a secure security system.)

Cue "protected by ROT13 encryption" jokes.

US wanted to have this as a law and got quickly informed how insane it is.


ROT13 is for rank amateurs. I protect my data with multiple rotations of ROT26 encryption.

Overbearing youtube, 10 years from now if it's still a medium it may be a far-cry from an expressive and genuine platform (Even worse-so than it is now). How long until biohacking, and other things are blocked based on the same sensitivity triggers for the topic?

Overbearing youtube, 10 years from now if it's still a medium it may be a far-cry from an expressive and genuine platform

Yahoo's not the place it was in its heyday. Facebook's not the place it was in its heyday. Even Google's not the place it was 10 years ago. I don't think anyone is immune. The best you can do it to make sure the trajectory is positive. Netflix isn't the place it used to be. I think that's positive, though.

How long until biohacking, and other things are blocked based on the same sensitivity triggers for the topic?

All the really cool stuff should disappear from YouTube. That's just the natural order of things. They no longer want to be edgy. They want to be fat and happy off those big establishment corporate dollars. They've positioned themselves to be the next cable. That just means they want to be the current "vast wasteland."

https://en.wikipedia.org/wiki/Television_and_the_Public_Inte...

The faster YouTube becomes the next cable, the better. The less time the public discourse spends squished under the pressing thumb of the corporate oligarchs, the better.


What I am worried is that a lot of the "cool stuff" is disappearing from the web. I remember back in the day (late 90's) we had CrackStore, Phrack, Fravia, DeCSS, the box.sk domains a vibrant reverse-eng. community and a lot of really cool content.

Nowadays with the USA policing a lot of that content has disappeared, and slowly people are pushed not to do new content. There are some very small efforts in some subreddits, but a lot of this is pushed to the underground, where it is difficult to find.


In fact are there any other good gathering places than some obscure subreddits?

Subreddits are weird. Because of how Reddit works, it's awful easy for the place to be governed by state actors and various coordinated brigades. So you can be there, sure, but if you're in the wrong place with information someone doesn't want seen, it won't do you a lot of good as you'll get the "oh look, 25 downvotes in a matter of seconds, someone's on point today" effect. It's REAL easy to police Reddit and enforce your agenda if you're organized and have teams of bots or sockpuppets.

Can anyone recommend any good obscure subreddits? I have trouble finding new content.

It depends on what you're interested in. There's virtually one for any topic.

Discord? I've had good luck with chat rooms these days.

>"Be sure to hit that like button and subscribe!"

When I hear this standard YouTuber meme, I always trip hard over the dislike button and never quite make it to subscribe. :^)


They have to say it because otherwise people don't subscribe. I know some youtubers who never did it hut had to resort to saying it because their subscriber numbers where stagnating otherwise.

Then there are refreshing youtube channels like "Primitive Technology" where he never says a word and manages to end up with 9.5 million subscribers...

But you know... people CAN just be ok with their subscriber numbers stagnating a bit.

Whoring for likes/subscribes is desperate and it cheapens the hell out of your art. It may give you more likes/subscribes but there are other great things that come from artistic creation than the pitifully minimal effort required by the clicking of a button.


It isn't always about art though? If more subscribers equal more views over time which in turns equals more ad revenue, then I can't blame someone who's trying to make a living for doing something that might come across as cheap to some.

As I understand, it's not about the likes/subscribes, really, but that at subscriber count directly translated to more favorable monetization terms for the content creator. That is, they're basically internet buskers.

I need to experiment with this. I don't say that mantra and my channel is slowly growing (by about 100% a year and starting to do a hockey-stick curve, but starting from very little). I should take a minute at the end of a video (or even the beginning!) to make a case for supporting the actual channel, on the grounds of it'll help the message get out.

I can phrase it as 'like OR DISLIKE and subscribe and click the bell icon', and explain how the dislike button is the same thing (both go to 'engagement') plus a little feedback for me the creator. So you can help the channel AND try steering me away from more channel-whoring by disliking and subscribing. Hell, maybe it helps you more. Please dislike and subscribe :D


Short of moving hacking tutorials to pornhub, is there anywhere out there more interested in serving our fringe cases?

I'm not sure if using hidden services is considered a viable solution here on HN, but it seems to to me to be the solution. Don't know any video streaming services but I assume that such sites already exist. The main selling point would be relative difficulty to take down a specific video through a legal action. I assume that youtube takedowns are either results of complaints/legal threats that they have received or a preemptive action to avoid such legal problems happening in future, i.e. their legal department assessed that the risk of such motions in future to be likely. On the other hand, considering bandwidth requirements for video streaming deanonymization of such service appears to be relatively easy, hence possibly some service centered around ipfs would be viable.

PeerTube!

archive.org ?

Don’t worry the hatespeech will still be there, for something to be banned it needs to do something that like 80% of politicians oppose (“hacking” videos are only useful for crime, so we must stop the kids from criming), or that causes advertisers to pull out, or if the content otherwise hits their bottom line (reporting on hate crimes, privacy, tracker blocking, etc).

Anything else is fine - you have to be either small target or get a large amount of media attention for them to enforce some semblance of their stated policies (which is why defcon and black hat videos haven’t been touched)


>an expressive and genuine platform (Even worse-so than it is now)

Yeah it already is hard enough to dig through the sea of YouTube personalities who mimic each other and start up with the YouTube-isms.

Nothing is worse when someone you follow stars doing reaction videos, rants... YouTube drama :(

I already rarely leave the handful of channels I follow. Too much garbage to dig through.


My fav part is repeatedly getting recommendations for many years old videos when something like a week’s worth of new comments is uploaded every minute ... why youtube why?

I've noticed older videos as well and often they're really good. Not everything new is better.

But it recommends me videos I remember seeing 5 years ago that just seems unnecessary

The point isn't to make you a more informed and well-rounded person, it's to keep you on YouTube so you see more ads. I bet "old favorites" that might make you feel nostalgic or have rewatch value (it's not a gamble, you already know it's good) makes a significant number of people stay longer.

It’s funny because YouTube preroll and midroll ads were what finally broke the camel’s back many years ago and made me install an adblocker

Because recommendation engines suuuck.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: