Great, fuck you maintainers of Audacity, trying to sneak in crappy telemetry/analytics into it

https://github.com/audacity/...

Yuck. Seriously?

Fuck me dead and call me Charlie!

Just when you think your day couldn't possibly..... no, I won't finish that line, I'll probably be dead by morning. 😔

That was quick. Now we know where Audacity is going after Muse bought it: to shit.

Wait audacity is written in C?

@johnmelodyme Mostly:

@Fast-Nop wow.... audacity must be in the market for quite long.

@johnmelodyme Nearly 21 years since the initial release, and the work on that started earlier, of course.

@Fast-Nop honestly, I just found out audacity today .... I'm not into audio thingy....maybe I'm not aware...

Imo the bullet points on what they want to know seem reasonable. Not a fan of knowing session start and end, but uploading crashes and plugin usage seems reasonable and great for improving the software to me. I would like a dialog asking if you want to upload crash logs though, some people work on more secretive stuff.

What irks me is the usage of not one, but 2 big networks for this collection as well as logging completely unneeded info.

I could see this being a "I would like all crash logs because we can't reproduce these forum issues" and this being the laziest approach to that, but I would have hoped for better

And they are going to vendor libcurl? What in the actual liquid manure?

Genuine question. How hard is it to host a "telemetry service" by myself? Is it hard to maintain/scale/integrate etc?

And why use GA or Yandex specifically. That seems like a step backwards really.

@AvyChanna there are plenty of self-hostable ones (some are even mentioned in the PR). If you are expecting a lot of data to come in (many transactions) then you do get the usual issues with DB scaling. If you don't collect much then that is less of an issue ofc

If you use GA in application it will sniff all your personal data.

they edited that PR 2 hours ago. Looks like that telemetry will be purely optional, and is also disabled by default in CMake, so it doesn't even end up in the binary.

Well alteast that's some good news.

@epse
Of course they need to vendor libcurl. Audacity is available for Windows and its main feature - data collection - requires that lib...

@Oktokolo yeah on windows it's no contest, but why on other platforms? They gonna forget to do audacity releases for every curl cve for sure

@epse
They probably want to only have a single version running on all platforms until the transition to cloud native completed.

Meh. I used to care about this stuff, but these days the only difference with open source software doing it is that you know it's happening. Everyone else does it under the radar.

@epse Like it says, it's disabled by default. Why would you manually enable it to work on secret stuff?

@ThisIsOra it originally was opt out when I made that comment

@epse You must have gotten through to them 😄

Sorry, but what's the problem with telemetry?

If used properly it can really help speed up development. Honestly I cannot think of a way our machines' software would be nearly flawless without it.

Of course it should never include personal/identifiable information, but I don't see that's the case here?

@jkommeren I agree with you, but using GA (which stores ip instead of discarding) including machine-unique IDs, nonsensical things like when you start and stop audacity is too much imo

@epse There are tons of options for robust software, and telemetry is the least useful one.

How about not writing fragile shit code in the first place, using -Wall -Wextra -Werror when building, using Valgrind and the various sanitiziser options of GCC, using local static code analysers like CppCheck, or even cloud based ones like Coverity Scan (free for OSS projects).

That helps a great deal not to ship buggy, crashing shit in the first place. You don't need telemetry for that, and there's nothing useful to be gained from telemetry.

@jkommeren It's spyware. Nuff said.

@Fast-Nop that only checks whether your code is bug free or not. It has nothing to do with what the code is actually doing i.e. questions like "is this a good thing for Audacity developers to spend time on" or "did my correctly programmed noise reducer actually reduce noise" (since C correctness checkers aren't strong enough to admit good specifications. If you'd suggested using eg. a bounded model checker like CBMC then that's better, but still not quite there). Absence of bugs is a necessary but not sufficient condition for robust software.

Also correct "verified" code can crash when externals change, like something dependent on OS and device differences (the audio driver stack for example).

The stuff you're talking about is the easy bits when it comes to writing correct code (running a tool or using compiler flags isn't exactly difficult). The hard part is everything else.

I'm 100% anti-telemetry as a rule, but...

1. They didn't sneak anything in. It was a PR that fostered debate. Kind of exactly what's supposed to happen with something potentially controversial.

2. It's off by default and opt-in. Yes, we can argue slippery slope "it'll be mandatory eventually", but all you know FOR SURE is what the deal is right now.

3. They came out and clarified all of this not long after it got attention. Again, exactly what's supposed to happen.

4. There's some argument that the opt-in uses a dark pattern. I think there's something to that argument, but it's kind of minor in my view because it's arguably NOT a dark pattern in the first place.

Do I like that they're using Google and Yandex? Nope. But as long as it's all optional, I don't see how it's the end of the world. Yeah, if they make it mandatory three versions from now my view will do a 180. But for now, it seems like the Internet does what it does best and over-reacted to this.

@fzammetti at the start it was opt-out, which is what ticked many people of in the first place. I also don't like this particularly, but the current state is okay with me.

@RememberMe That should be done via feature testing before shipping, not afterwards. Also, telemetry doesn't answer whether a feature works as intended. Neither can it answer whether the users like it or use it only grudgingly as workaround for something completely different. And this crap will get patched out so that even the user base is statistically invalid.

But the point that was addressed was telemetry against crashes specifically, and that's what I argued is also useless. The way to write SW that doesn't crash is writing robust code in the first place. Like, actually checking return values and stuff.

Drivers? Come on, Linux has "we don't break userland", and Windows has "we don't even break internal driver APIs". Besides, you get crash data only from the crashing process, i.e. none from a userland application like Audacity if the system crash is in the driver.

Ah man that's bullshit I loved audacity and used it often for music editing. Any non-shitty free alternative?

@PepeTheFrog Fork it!

@PepeTheFrog There is a program called celluloid i think. It's not that sophisticated as vlc, but works for me so far

Yeah of course, we all write perfect code and perfect code CAN NEVER CRASH.

Whining about this is just being a retarded entitled asshole. Audacity being opensource means you can fork the shit out of it if you don't like something they do. And that's already giving you way more than you deserve. I'm so sick of people trying to tell companies that offer services for free how to run your business.

If they suddenly decide they want your firstborn for the right to use their software, YOU EITHER GIVE IT, FORK IT, OR SHUT THE FUCK UP AND USE SOMETHING ELSE. How fucking hard is that? Really they don't force you to do anything. And opt in is the worst fucking thing ever, cause who the fuck WANTS to be tracked so much they specifically opt in? Noone. But tracking is necessary.

Also. Google doesn't sell your data, that would be the most retarded thing to do from a Business point of view. They sell SERVICES based on your data. "Secred projects" my ass. NOONE CARES how much you use audacity.

To know usage start and end times is not sensitive data. To care about that is just really really sad. And if you really care that much then the effort of forking should be more than ok for you.

Whats the next step? A checkbox in E-Commerce to say "i don't want to pay but still get the product"? Cause that's basically what you want to be doing. Just taking without giving a single fucking thing back.

@eval Bullshit. First off, the data transfer reveals the IP address - and under GDPR, that counts as personal user data. Explicitely in the text to deal with morons who wouldn't understand it otherwise.

Second, "pay with your data" is not acceptable in OSS. There are a number of ways to monetarise OSS, but this is not an acceptable one. Period.

Then the new CLA that aims at released audicity as closed yourse. No, thanks. Let Audacity perish as it is now, let Muse have wasted their money - there will be a fork in the long run, thanks to the GPL. Or people just keep using it as is.

@Fast-Nop yes it's in the gdpr - the most unnecessary law ever. It doesn't actually protect you from anything - it just allows companies to be fined. The actual solution for privacy is a you problem - forking, blocking trackers, or just not putting information in a form that you don't want public.

And yes. If you don't agree, make them pay by forking. But whining doesn't make them pay, doesn't protect your data - it does nothing.

@eval Hefty fines do change things because they impact whether a shady business case is viable or not. That's the point of fines.

And also, it seems that you are unfamiliar with how forks even work. What you mistakenly refer to as "whining" is gathering the overall impression in the community.

@Fast-Nop not talking about you. Talking about the people that seem so entitled to have something for free in the comments of the pull request. I just think it's really unnecessary exactly because it's opensource and free which means the maintainer doesnt have even the slightest bit of control over you.

And gdpr is shit because it has really high theoretical fines but cant or isnt that widely enforced. So in the end (as always) the ruthless companies that just ignore it and pay up from time to time win.

Also the clause about 4% revenue or 20million whichever is HIGHER is stupid cause FB can basically do whatever they want and just pay, while small businesses need to be wayyyy more careful.

@eval

You are probably a Wordpress developer anyway

@Linux really? Don't bring guns to a knife fight :D. That's a way too overpowered insult.

If i was a WP "developer" i would kms right now to make the world a better place.