On 2025-01-16, Computer Nerd Kev wrote:
In comp.misc Ivan Shmakov wrote:
On 2025-01-12, Bozo User wrote:
>>> Once you get a Gopher/Gemini browser, among yt-dlp, the web can go away.
I. e., my point being: you can't escape web by switching to
Gopher, because Gopher /is/ web. (Even if 'darker' part of it.)
>> While I do appreciate the availability of yt-dlp, I feel like a
>> huge part of the reason Chromium is huge is so it can support
>> Youtube. Granted, there doesn't seem to be as many DSAs for video
>> software (codecs and players), but it's still the kind of software
>> I'd rather keep at least in a container.
> You fear that a hacker can upload a YouTube video containing
> an exploit and manage to pass that exploit through YouTube's
> transcoding in order to attack Linux video player programs?
> Seems like a big stretch to me.
I'm not familiar with how Youtube processes its videos; I've
never even uploaded anything there myself, much less looked at
their sources for security issues that might or might not be
there.
(I do have experience with Wikimedia Commons, and I'm reasonably
certain that while they offer processed versions of the user
uploads, they still keep the originals in publicly accessible
locations on their servers. Why, I distinctly recall uploading
a fixed version of someone else's malformed SVG file there.)
Neither do I have any idea how opposed they would be to requests
from companies to introduce such security issues deliberately.
(I believe such hypothetical business entities are usually
referred to as "MAFIAA" in colloquial speech, but I can't help
but note that the company that pioneered the approach was in
fact Sony [1].)
[1]
http://duckduckgo.com/html/?kd=-1&q="sony"+rootkit+controversy
And even were I to believe for videos downloaded from Youtube
to never ever have any potential security flaw whatsoever,
having two copies of video player software installed, one
within and one without container, would still be ill-advised,
if only for the reason that I might use an out-of-container
install for a potentially unsafe, non-Youtube video by accident.
>> By the by, what's the equivalent of wget(1) for gopher:?
> Curl supports Gopher. Not Gemini though.
Curl is my tool of choice for doing API calls; say (JFTR, [2]
has a couple of complete examples):
$ curl -iv --form-string comment="New file." \
-F file=@my.jpeg -F text=\</dev/fd/5 5< my.jpeg.mw \
--form-string filesize="$(wc -c < my.jpeg)" \
--form-string token="1337cafe+\" \
... --
https://commons.wikimedia.org/w/api.php\
"?action=upload&format=xml&assert=user"
[2]
http://am-1.org/~ivan/src/examples-2024/webwatch.mk However, I distinctly recall finding it inadequate as a mirroring
tool back in the day. (Though that might've changed meanwhile.)
And similarly for yeti's comment in [3]: I try to share what I know
with others. Such as on IRC. So, suppose someone asks on IRC,
"how do I get an offline copy of gopher://example.com/?"
"You can easily write your own Gopher / Gemini recursive
downloader yourself" is not something I'd be comfortable giving
as an answer, TBH. (Though I /would/ be comfortable with
providing assistance if someone explicitly asks for help with
writing one in the first place.)
[3]
news:874j1yyt0s.fsf@tilde.institute
terminal only for two weeks
Re: terminal only for two weeks
