The problem is if one channel only uploads once a month and another channel uploads twice a day, I will see many videos from the frequent upload channels and might miss the infrequent uploads. If it was just a list of channels with their most recent video I'd see a new thumbnail and know to check that channel for any new videos.
I just unsubscribe from the spam channel because they're producing too much noise. I don't need content producers like that in my life, and making it less obvious that they're adding mostly noise is just disguising the problem, not solving it.
Good for you, but that’s not a solution if you have mixed interests, e.g. you want to get daily entertainment content to choose from and content that is deeper than that. You may not need it, but if you can’t do that anyway it’s indistinguishable from coping.
All I'm saying is that this appears to be an extremely niche use case, and OP's line about YouTube not wanting you to find things from channels you love is over the top. They have a very specific requirement that YouTube hadn't addressed, that's very different than YouTube being designed to prevent you from finding subscriptions.
I don’t think so. Youtube is search, explore and usage hostile for many years. Not sure how one can miss that. “Which channels have new videos” is not niche. They even have it (a blue dot), but either fail to sort or intentionally sort channels seemingly randomly. I’ve missed videos from rare channels too due to this “mechanic”.
You could use an RSS reader to subscrib to the video feeds for the channels where you don't want to miss anything. That's how I used to follow channels I care about (currently none) because I don't want to be subjected to YouTube's algorithms or have to check yet another website.
An operating system inside a text editor inside an operating system maybe inside a vm inside another operating system. Wait I forgot nested virtualization.
Anyone could see what cert signed it though. Sure anyone could sign video, just as anyone can have a site with SSL, but it would be easy to verify that the signing cert isn't the same.
For example, if some news org shot footage with some of their cameras or produced some video, the video player could show which certs were used in editing and to capture the video. If another party tampered with the video, the signed frames could reflect that, as the other party would not have the signing certs.
This is all hypothetical vaporware of course. Just saying I wonder if a video encoding solution like this could help people have faith in the video content they see.
> Not to mention if your threat model includes attacker has hacked the server and added javascript, why doesn't the attacker just take over the server directly?
If the attacker can only hack the server that hosts your SPA, but not your API server, they can inject javascript to it, but can't do a lot beyond that
So assuming server side compromise not xss - in theory the servers can be isolated, in practise its rare for people to do a good job with this except at really big companies.
Regardless if they got your spa, they can replace the html, steal credentials, act as users, etc. Sure the attacker might want something more, but this is often more than enough to do anything the attacker might want if they are patient enough. Certainly its more than enough to do anything TOTP would protect against.
You can use SET ROLE to become another user you have permission to become (I think you need to be in the same group or something) and RESET ROLE to go back to your original user. If the initial connection was made with a superuser or whatever, you could change to the user in the connection manager and reset when the connection goes back in the pool.
