Trolling Github's DMCA repo with their own security flaws.

github-troll.md

Add new Youtube-dl copy to DMCA repo

1. Fork https://github.com/github/dmca
2. Download latest youtube-dl source code from https://yt-dl.org/latest
3. Extract

   tar -xvf youtube-dl-2020.09.20.tar.gz
   

4. Push code to your fork as the GitHub CEO

   cd youtube-dl-2020.09.20
   git init
   git add .
   git config user.email "nat@github.com"
   git config user.name "Nat Friedman"
   git commit -m "Your message to the RIAA and GitHub Here"
   git remote add origin git@github.com:YOURUSER/dmca
   git push -f origin master
   

5. Get new URL to share!

   echo "https://github.com/github/dmca/tree/$(git rev-parse HEAD)"
   

Clone hidden repo from DMCA repo:

git clone -n https://github.com/github/dmca.git youtube-dl
cd youtube-dl
git fetch origin 416da574ec0df3388f652e44f7fe71b1e3a4701f
git checkout FETCH_HEAD

Has this been fixed? It's not working for me.

git push -f origin master
Warning: Permanently added the RSA host key for IP address 'xxx.xx.xxx.x' to the list of known hosts.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

@Fanboy-Studios https://gist.github.com/lrvick/02088ee5466ca51116bdaf1e709ddd7c#gistcomment-3506887

Set up an ssh key on your account

@aveao Github does not need to change git itself here. All they need to do is deny pushes if the user.email on your commit does not match the email on the account associated with the ssh key you are using to push. People that want to push code on behalf of other people can use "git commit --author" as designed. Naturally any unsigned commits should still show a red loud warning like browsers show for unsigned (non https) websites.

Also GitHub was asked by the RIAA to take down a specific set of repos which they did. Now the RIAA has to come up with a new (huge and ambiguous) set, but they likely won't because their current set is being challenged in court and they likely don't want to incur further damages because their claim itself is very clearly illegal, not the code. Taking down a project using the clause they did requires the project explicitly market itself for copyright infringement, and they claimed a few test cases is marketing, which they -clearly- knew was bullshit.

The power of DMCA to take down a repo is a double edged sword. You must comply right away on good faith, but if it turns out the claim was fraudulent or misrepresenting facts as the RIAA takedown here was, they can be counter sued for damages. They are going to lose this one.

Github does not have to do anything here but fix their own security bugs. The RIAA is however being sent a strong message that, legal or not, the internet will not stand for censorship of open source code and any attempts to do so will only motivate far more copies than they took down.

In the mean time Youtube-DL development has moved to Gitlab: https://gitlab.com/ytdl-org/youtube-dl

This is hilarious!

https://github.com/github/dmca/tree/301575613bfc161452306db20593c5f5644b4b6f

Uploaded a copy of YouTube-DL and added a little something special to the readme...

It's interesting that they've been deleting PRs that pull in ytdl or warez, but not actually deleting the commits. I wonder if their strategy is to just delete PRs that make it easy to find and hope people forget that the commits are still there.

Here is one of the things that was added, where the PR was deleted but the content is still up: https://github.com/github/dmca/blob/ee25b981597634616eafce210df4d67bacf661ff/cool_stuff/github-sources.txt

@dashboarder

Go back to the gist and read step 1.

I think I'll just leave this here: https://www.theregister.com/2020/11/03/github_youtubedl_deletion/

This is absolutely comedy gold. 😂

If only there was a way to blast the source code all over RIAA's website...On Nov 3, 2020 11:02 PM, Jayden Charbonneau <notifications@github.com> wrote:@NobleDraconian commented on this gist. This is absolutely comedy gold. 😂 —You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.

LOL!? https://www.zdnet.com/google-amp/article/github-denies-getting-hacked/

LOL!? https://www.zdnet.com/google-amp/article/github-denies-getting-hacked/

Maybe I should contact zdnet and tell them myself about my experience hacking them... that would be hilarious if GitHub then replies denying hard evidence from a few of us.