Easiest way to download YouTube videos and convert them to any format including .mp3 in 2022

Methods of downloading YouTube videos have changed over the years. Here are two of my preferred methods for doing so in 2022.

tl;dr: easy:

Use a Youtube-Mp3 converter site, if you know how to Google then you’ve probably found one of these already.

tl;dr: is asked to fix printers:

Get the latest ‘youtube-dl’ fork like yt-dlp. Use ffmpeg to convert.


Yeah there’s really nothing else you need here

The Other Method

  1. Get yt-dlp. Put it in a folder somewhere in C:\ like ‘youtubedownload’. Rename the .exe file to yt.exe.
  2. Get ffmpeg. Put it in the same folder. You could rename this .exe file if you want as well, the names will be the commands used in the future.
  3. Press the WINDOWS key, and type ‘path’.
  4. Choose ‘Enviroment Variables’
    enviroment variables pointer
  5. Then,
    edit path detailed pointer
  6. You can then add a new entry for the ‘path’ environment variable. The system uses this to allow the executing directory to be in any directory listed in the path. Meaning, when you run a command in CMD, the system will always check any directories in the ‘path’.
    add new path entry
  7. Click OK on all open windows after adding the directory the exes are in to the ‘path’.

Example Usage

We will be using this song from YouTube: Moving Romance – Yoann Garel. It’s also available on Soundcloud here.

Right click on your Desktop > ‘Open Command Window Here’. If you don’t have this option in the context menu, you can download these registry edits to add it.

Next type the name of the yt-dlp .exe followed by a space and the url. So if you renamed it ‘yt’ like stated previously, it would look like so:
yt https://www.youtube.com/watch?v=dIMdcJWOEFM
Hitting enter will start downloading that video to the desktop directory you just launched the CMD window in. (Hint! If you want to use a Soundcloud URL like we have below, that will work too! Isn’t technology great?)
yt-dl download example

If you want to convert the resulting video to a proper audio file like .mp3, you have two options. First of all, you can use the quick solution right from yt-dl:

yt -x --audio-format mp3 [video_url]

Or, since ffmpeg is useful for other tasks (and you should have it anyway), you can use it directly. A simple syntax of an ffmpeg command that would convert to an mp3 would look like ffmpeg -i [input file name] [output file name].[output file extension]. But wait, we don’t want to type that long, ugly file name in that yt-dlp just spit out onto our desktop… luckily we have a trick for that.

Run ‘dir /x‘ in the open CMD window.dir /x example yt
This is an extremely helpful windows command that will show ‘short’ filenames for files, making working with longer file names a breeze. Windows is telling us in the screenshot above that we can refer to the video we just downloaded as ‘moving~3.web’. Now assuming no renaming of the ffmpeg .exe took place in the setup step, our command simply becomes:

ffmpeg -i moving~3.web output.mp3
ffmpeg -i output.mp3 example

And you’re done! You now have ‘output.mp3’ on your desktop saved as the song we were just playing on YouTube. I’ve combined this process with scripted metadata adding/titling for an offline library. And, with the right yt-dlp commands it can even become an efficient way to export entire playlists of music.

Quick Links to My Stuff
Published 2022-03-06 02:23:43

Nothing is permanent… especially on the Internet

Link rot is a problem that affects everyone using the internet on a daily basis. This is when a link becomes dead and no longer links to where it’s supposed to because of site changes. Either the owner stopped maintaining and paying for the domain/hosting, the structure changed, or it was deleted or inaccessible for another reason. Nothing is permanent online (unless it’s your ad data 😉), regardless of what your parents may have said.

Research from Harvard Law School shows about a quarter of all articles on the New York Times suffer from link rot, meaning resources linked on the page are no longer accessible. Additionally, links are not immutable. I personally have links such as ‘https://l.gmr.dev/tiktok‘ that link to my TikTok blog post and that can be changed so I can always keep it up to date. This can be a disadvantage if the site goes offline or the link is mismanaged however.

The problem can be combated by using web archivers, and linking to primary, trusted sources as much as possible. Additionally, it’s helpful to copy + paste the information that’s relevant from the site you’re sharing/linking in case it dies somehow later on.

Factcheck.org, which launched in 2004 now has almost 6,000 dead links. Roughly one third of all the links on Pagella Politica, the Italian fact-checking website I edited before joining Poynter, are currently broken. At the same time, trying to manually keep tabs on the state of a site’s links is too time-consuming to be feasible.


The advent of ‘online-only’ services have marked a period full of slow, buggy, overly designed applications, such as Creative Cloud or Epic Games, that run at all times on your computer to feed you advertisements or update notifications. Engines like Unity have transitioned more and more of their editor services and features to online services. Or, they’ve deprecated more traditional methods that would eliminate the need to connect to “Unity Teams” and/or login to their accounts & manage organizations.

When Flash was purged from the internet a few years ago, one of the largest issues Flash archivers faced were games that required connections to servers. Because those servers are no longer around, a game’s functionality can be crippled or even completely broken without a solution. This can easily happen to any server in the future. A program’s functioning that exists on something that may not be there in the future… well, it makes relying on that utility poor planning at best. Many modern day software applications ship without any sort of offline mode or planned use case 20-30 years from now, so that will be interesting to see.

Photos, old posts, and media people thought would be around forever are constantly being deleted. Make any playlist on YouTube with a sizeable number of videos and soon enough a fair number of them will be unavailable. My music library exists entirely on my own servers streamed to me because I can’t trust that Spotify or an alternative will be around in 20 years with the same music I listen to or want to stream now.

Jailbreaking iOS is an increasingly difficult task, and I switched to Android away from Apple’s walled garden a few years ago, but even now most companies are locking it down more and more in the name of security and the common user experience. Samsung removes the ability to unlock the bootloader in most US variants of their new models, so rooting Android is out of the question for me as well.

A bit rambly, but I don’t think there’s much to do about this other than being personally careful about what technologies I enable and what I work on. I’m simply commenting on the current direction of the Internet as a whole because I want the best for it. I’ve become more and more aware of how fragile the current state of everything online is, and began saving and archiving everything preemptively.

Voting with your money and just being aware is probably the best move, and I’ve personally been more and more selective about digital media or programs I’m choosing to spend time, data, energy and finances on.

Quick Links to My Stuff
Published 2022-02-15 04:01:27

Small MedTracker project

Many years ago I created a small app to help me remember whether or not I had taken my medications for the day, so I never took them twice and could be reminded at designated times. I slapped a button and a counter on the screen, made it track the last taken date and display a clock, and that was it. It looked terrible, but it worked, and I was planning on making it look better. However, I tested the concept app for a day or two and that test turned into full time usage. I never updated it or uninstalled the dev copy that I was testing with. If it works, don’t fix it, right?

Recently I decided I was tired of it looking terrible and since I’d been wanting an excuse to use React Native again I decided to remake it.

Here’s the original:

😳 but in my defense this was the first and only ever build

Here’s the updated copy with a UI I spent slightly more than 30 seconds on.

has random quotes that change from a few different APIs
pretty simple but much needed attention!

The app isn’t distributed, just something I updated personally for myself, as the app helps me a lot and has become a part of my routine.


Quick Links to My Stuff
Published 2022-01-27 09:31:14

The worst possible time to build a computer…

…is hopefully almost over. The past few years have seen GPU prices skyrocket, and most GPUs are unobtainable even today because of a chip shortage.

This has led to it being a hostile environment to build a desktop computer in and pushes newcomers away from the PC building scene.

In fact, it’s actually made the age old advice of building your own computer over buying a prebuilt almost obsolete, as many prebuilt PC prices are now as competitive if not a better option for those looking to acquire new hardware.

More than ever, it makes sense to choose a laptop or similarly priced alternatives rather than a desktop PC.

Continue reading The worst possible time to build a computer…
Quick Links to My Stuff
Published 2021-12-21 17:07:36

TikTok: Social Media, or Spyware?

TikTok is the most popular growing social media right now by far, surpassing the likes of Reddit, Snapchat, Twitter, Pinterest and Quora.

It is also much more popular among Gen Zs and Millenials:

The numbers are probably skewed a bit because most children put older ages when an app asks their age until they are an adult… I am guilty of that myself.

Which is why it came as a shock to some people when the U.S. government declared Tik Tok a security threat.


Well, if the government doesn’t want to tell us, we’ll have to find out for ourselves.

Step 1: Obtain Tik Tok source code (unfortunately can’t tell you how to do this)

This is the step most people might get stuck on…

Step 2: Spend hours looking through TikTok source code for suspicious things

Step 3: Share!

Beyond initial paranoia, let’s be realistic about what apps collect. Even Google collects IP (and therefore geographic location), and other pieces of personal data:

Google might collect far more personal data about its users than you might even realize. The company records every search you perform and every YouTube video you watch. Whether you have an iPhone or an Android, Google Maps logs everywhere you go, the route you use to get there and how long you stay — even if you never open the app.

So then what are we looking for? How is this different? For one thing, Google, Facebook, Reddit, and Twitter apps don’t collect anywhere near the same amount of data that TikTok does, and they don’t obfuscate and hide their methods sneakily like TikTok. Additionally, TikTok has some weird code in it that no normal social media app should have. Here’s a quick comparison of the APIs TikTok accesses vs the Facebook app:

They both collect data, but TikTok collects more. And needs access to your SMS messages for some reason, even though it doesn’t interact with that…

I’ll see if I can deconstruct what the TikTok app can/does do and why it might do it, and you can make your own judgement at the end of the day. However, most of this is scary because TIKTOK CAN REMOTELY CONTROL, ENABLE, DISABLE, AND ADD MORE TRACKING/LOGGING FEATURES WITHOUT UPDATING THE APP THROUGH THE STORE.

Things TikTok Collects

  • Location (once every 30 seconds for some variants of the app…)
  • Phone Calls
  • Screenshots(?)
  • Network Information (Wifi Networks’ SSID, MAC address, Carrier, Network Type, IMSI (possible), IMEI, local IPs, other devices on the network…)
  • Facial Data
  • Address(?)
  • Clipboard
  • Phone Data (cpu, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
  • Installed Apps
  • Rooted/Jailbroken Status


Most apps collect your location, so there’s nothing too fishy about this. However, one could argue that your location is not useful to TikTok’s general functioning and therefore shouldn’t attempt to locate you so often or at all unless you’re using a feature that takes advantage of that. The data collected here includes your latitude and longitude, and exact location if they can pull it from the WiFi (done in the wifi collecting code).

Phone Calls/Call Log/Phone Number

TikTok requires you to provide a phone number upon signup on most occasions to function normally within the app, so they can link your identity to your phone number. They also collect your call log (people you’ve called) and have the permission to make calls from your device, although I’ve never heard of a case of this happening. Phone numbers are generally very unique, so this combined with location and name would already be enough to identify virtually anyone using this app in the U.S.


The app hooks an observer at some point (it would make sense to be on app load) that watches when the user takes screenshots. It’s unlikely this code can run in the background or does, but the app at least knows everything you take a screenshot of while using the app. Additionally, TikTok includes a string KEYWORDS that may be of significance. A keyword is defined as: “an informative word used in an information retrieval system to indicate the content of a document”. They may use this variable to find screenshot files and potentially scan/upload/use them. However, this may also have legitimate use in categorizing images for upload by the user.

Network Information

It also collects lots and lots of Network data. There doesn’t seem to be much legitimate use case for the collection of this data, beyond analytics of some sort. Regardless, the app uploads full lists of network contacts, SMS logs, IP, local IP, MAC address information, and probably anything else it can read from the phone (which is virtually everything).

Facial Data/Recognition

TikTok includes facial verification code as well, which upon first glance I believed to be for the face filters they include, but does a little more than that. The code includes a link to this domain (archived just in case). Translating said domain states:

Oops, my bad. Should’ve known I had to reverse-engineer the app, extract a developer URL, and then get a translator just to see that I’d even agreed to facial recognition logging by ‘continuing to use this service’.

And further on, it states what I believe to be particularly interesting:

IMPORTANT TO READ! Near the bottom it states facial images are transmitted to the parties listed above.

In specific:

ByteDance developed this function, which includes but not limited to the Ministry of Public Security’s “Internet +” trusted identity authentication platform, “Query Center” and other institutions to provide verification data and technical support.

This is very important because it mentions a “Ministry of Public Security”, and an “Internet+” identity authentication platform/program of some sort, and it also states near the bottom of the same translated text that facial images and identity verification results + data is transmitted to said 3rd party.

What is the Ministry of Public Security? Well, a Google search quickly turns up results. They “operate the system of Public Security Bureaus, which are broadly the equivalent of police forces or police stations in other countries”, and were “established in 1949 (after the Communist victory in the Chinese Civil War)”.

So, they serve the Chinese Communist Party, or are at least connected to the government in a very direct way.

Okay, and what is the trusted identity authentication platform? More research turns up articles such as this, and this, so it’s not hard to imagine. Forcing users to identify themselves could be disastrous for some Chinese citizens: “Another user – nicknamed mnbxkd, from Zhaoqing, Guangdong Province – wrote: ‘After commenting on the government, one will be thrown into prison on charges of subversion of state power.'”

TikTok seems to be sending facial recognition data of anyone who uses the app back to some sort of 3rd party associated with the CCP that has all the other information combined. This could create a very scarily comprehensive profile and location on high-interest targets China wants to keep track of. Additionally, it can use shadow tracking, which is a term pioneered by the era of Facebook. Shadow tracking or shadow profiles are collected data or hidden profiles of people that don’t use the app but TikTok can keep tabs on because of connections. For instance, when you upload your contacts to TikTok, it will track the names you’ve assigned to each contact and use that data in cross-checks with other uploaded contacts of your friends. For every person that uploads their contacts. This can quickly create a vast network of phone numbers and identities, even for people who aren’t associated with TikTok at all. Combining facial recognition data with shadow tracking techniques, and everything listed in this post could make for a pretty sophisticated tracking tool.


I’ve used TikTok for a while before now, and I’ve never been asked to enter my address, city, or where I live. However, the TikTok app contains code to parse and send addresses of locations. This is probably to generate addresses from locations collected for internal logging and ease of viewing user’s geographical locations. This is not to say that is malicious.


Source: http://web.archive.org/web/20210506011606/https://twitter.com/jeremyburge/status/1275896482433040386

And more information here about clipboard collection by ByteDance.

Phone Data

TikTok collects lots of data about the device you are using to access their app. Installed app list, device ID, phone name, phone storage, etc. Extrapolating from this, it also probably collects more data not proven here.

Rooted/Jailbroken Status

Detects whether or not you’re rooted. This isn’t that big of a deal but I thought it was worth a mention. Could be used in combination with other obfuscation techniques to hide nefarious actions.

Other Problems

Beyond straight up tracking and collecting data about their users, there is also a number of fundamental design issues with the app as well. For instance, the app uses out of date cryptographic algorithms, including MD5 and SHA-1 for hashing. Both of which have been broken wide open and are no longer secure. Additionally, the app used to only use HTTP, not HTTPS until recently, and that exposed user’s emails, date of birth, and username in plaintext to anyone smart enough to look for it.

Execution of Remote Code & System Calls

Some research states TikTok executes OS commands directly on the phone and has the ability to download remote .zip files, extract them, and execute arbitrary binaries on your device, allowing TikTok to run whatever code they want. While I don’t doubt this is possible, I have not personally verified the code in my research. However, I would not put it past the app to have this capability. Perhaps it’s better hidden now.

Security Research Files

Penetrum Security wrote an in-depth paper on TikTok if you’re interested in reading into a lot of what I’ve discovered here, and also compared how much data Facebook, Twitter, and common social media apps collect vs. TikTok. They’ve done great work and I’ve archived those files here. The data collection comparison paper is very interesting (second download).

I’m not the only one who has come to these conclusions, as well. This reddit post and other security researcher both found similar findings.

So, social media or spyware? Why not both?

I’m probably going to continue to use the app, but I’ll be sure not to say Xi Jinping looks like Winnie the Pooh or mention the Falun Gong genocide. At least, not while TikTok is watching.

Quick Links to My Stuff
Published 2021-05-06 09:00:00

Google’s Privacy Policies Policy

Google unpublished a couple of my apps the other day for having out of date privacy policies. Fair, those URLs went dead. However, upon updating the URLs, one app was still not accepted.

Wall Ball. That’s because it doesn’t collect data on you. And what I mean by that is that when my privacy policy looked like this, Google rejected the app.

But, it’s true. Wall Ball doesn’t actually contain any ads or collect any data about anyone or anything. It simply runs as a small free game.

Removed notices from Play Console…

However, I’ve updated the privacy policy URL to:


Which basically just says I have ads in the game even though I don’t…

Whereas the link on the main privacy policy page goes to the “real” one:


So we’ll see if Google accepts it this time. 😊

But hey, maybe it’s just their idea of an April Fools joke. 😛


Quick Links to My Stuff
Published 2021-04-01 13:59:10

Welcome to the Age of Quantum Computers

From Bloomberg:

A team of scientists at Google’s research lab announced last week in the journal Nature that they had built a quantum computer that could perform calculations in about 200 seconds that would take a classical supercomputer some 10,000 years to do.

An age ofQuantum supremacywas duly declared.

Google’s claim to have achieved quantum supremacy that is, to have accomplished a task that traditional computers can’t was premature.

Although the specific problem that Google’s computer solved won’t have much practical significance, simply getting the technology to work was a triumph; comparisons to the Wright brothersearly flights aren’t far off the mark.

Congress should fund basic research at labs and universities, ensure the U.S. welcomes immigrants with relevant skills, invest in cutting-edge infrastructure, and use the government’s vast leverage as a consumer to support promising quantum technologies.

A more distant worry is that advanced quantum computers could one day threaten the public-key cryptography that protects information across the digital world.

This is big for a number of reasons but do not get too excited/scared yet! Quantum computing is still a number of years away. IBM was also quick to point out that Google’s estimate for how long “Summit” (the fastest computer in the world currently Google estimated against), was incorrect. According to papers published after Google’s report, “IBM’s engineers reckon, [adjustments would] allow Summit to breeze through the job in a mere 2½ days. Therefore, according to IBM, Google had not shown quantum supremacy after all.”

Well, that was quick.

What does that mean for their supposed success? Well, it’s still impressive. Google demonstrated a monstrous leap in technological prowess and got one step closer to proving a plethora of theories that many computer scientists are still eagerly waiting to take a crack at. P = NP anyone?

But wait, not so fast. Technically yeah, Google was wrong, but you still have to compare and contrast the differing performance results. Two and a half days is, after all, still about 1,200 times longer than 3 minutes.

Second, each extra qubit doubles the memory required by a classical machine put up against it. Adding just three qubits to Google’s challenger machine would have exhausted Summit’s hard disks. Quantum computers do not face such explosively growing demands. Google’s machine may not quite have crossed the finishing line. But it has got pretty close to doing so.

Additionally, Bloomberg has an excellent point when it says the U.S. should invest in this technology, if they aren’t already. They likely are behind the scenes, as a foreign entity such as China being the first to own a Quantum Computer is very scary. As Bloomberg pointed out, Quantum Computers make breaking passwords look like a walk in the park. Our current method of storing passwords would be under direct attack from Quantum Computing, and it’s one of the reasons the research is so dangerous.

Let me end your day off with this badass robot (fair warning, some of the video is fake) that some very talented individuals are developing.

Quick Links to My Stuff

Published 2019-11-01 11:35:18