Open D3SOX opened 2 years ago
I appreciate that you spent your free time on a project like this. But at least I personally have trust issues if I don't know the source code like in this case. The question is when do you expect to be done with implementing the two features you want to have implemented before releasing this source?
The question is when
The answer is always soon
Any ETA on open sourcing the backend? If it's not soon, I suggest please mentioning it in the FAQ/contribution guide because I just spent some time trying to find the backend code and then reading this issue because I wanted to help on this issue but it seems that's not possible
API is quite vulnerable to botting
It really depends on the state and stage of the project. If I know that all it takes to tamper with video scores is just reading the code of backend - can I disclose it right now?
You can
Or both
By the way - a bunch of copycat-extensons died today once I enabled IP rate limiting.
They were just calling my api in their backend - no own DB, no caching - nothing. Just pretending to provide a service while in reality they didn't. Now imagine they had a DB dump and server code - what good would it make - more userbase fragmentation, less reliable votes? And all while using my work for free.
You can license the backend with AGPLv3 to orevent copycats from making clised source forks. Its still FOSS, they just have to disclose the source
It would be very great if we could make the backend FOSS
Both approaches have their limitations. Captchas are annoying and expensive (if you propose to use 3rd party implementation and not self-hosted).
Youtube OAUTH has limits on number of free requests. Not to mention that not everyone would like to provide their identity to the extension.
Vanced is still used by millions - but it's not going to get updated if API changes. So we can't make backward-incompatible changes to the API.
You can license the backend with AGPLv3 to orevent copycats from making clised source forks.
Yeah, because someone copying everything (including my name) in their malware copy of the extension will obey licenses.
Vanced is still used by millions - but it's not going to get updated if API changes. So we can't make backward-incompatible changes to the API.
Im pretty sure Vanced stopped working some time ago. Also there is ReVanced
Im pretty sure Vanced stopped working some timr ago.
Still works for me and millions of users.
I think implementing batching (ideally with a thumbnail ratings feature in the official extension) would reduce a lot of the "botting".
You can license the backend with AGPLv3 to orevent copycats from making clised source forks.
Yeah, because someone copying everything (including my name) in their malware copy of the extension will obey licenses.
Someone could make a malicious copy without having the backend anyways.
Both approaches have their limitations. Captchas are annoying and expensive (if you propose to use 3rd party implementation and not self-hosted).
I don't think releasing the source code would really help much with botters. They can bot it anyways. Unless there is a proper protection mechanism (Or just release the source code with everything expect the security mechanisms)
It's kind of depressing this still hasn't been resolved
There seems to be no interest from the maintainers at all, so I guess this will never happen and the situation is like many other projects where they open source clients but don't care about the server side.
do this
Extension or Userscript?
Both
Request or suggest a new feature!
I want to suggest open-sourcing the backend so that people can self-host it and also maybe contribute to it.
Ways to implement this!
Release the source code on GitHub
Can you work on this?