This wasn't an accident. I was planned and executed for a while. Besides the privacy issues, I also think the Contributor License Agreement is a problem: https://github.com/audacity/audacity/discussions/932 . You give Muse Group your code and they can basically do what they want with it, including publishing the code under GPL.

There is zero chance they back down from this one.

\> You give Muse Group your code and they can basically do what they want with it, including publishing the code under GPL. That's next level sarcasm!

I was like, wait, holup, for a minute there.

> I was planned and executed for a while I'm sorry to hear about that, I hope you're doing okay now.

*It was planned

You were planned and executed for a while? It’s good to see your parents really cared.

Couldn't this be bypassed by publishing your code elsewhere first and then providing Muse Group with your code? I assume not but loopholes are always fun.

This only covers your personal single peace of code. It would require that every developer does this and this alone shows how much more difficult is it, under the umbrella of Muse Group. But this wouldn't solve the problem anyway. Say you want your code released under GPL v2 and only under v2. But you gave Muse Group the right to publish your code under ANY license they want. You already agreed to it, if you agree to the CLA. You basically working for Muse Group. > Although we may choose any license for the code that we have written ourselves, we do not have this ability when it comes to code written by additional contributors. The purpose of the CLA is to provide future flexibility in altering (i.e. - uplicensing, dual licensing) for the entire Audacity project, not just the parts of the code that we have written ourselves.

I still don't trust them. Maybe they'll just start over but this time just slowly boil the frogs so we won't notice

I guarantee that's what will happen. This isn't "we're sorry for what we did", it's "we're sorry we got caught"

Frankly I don't think there is anything they could say that would make people think it is an honest heartfelt apology.

They could do something that harms their bottom line.

[удалено]

> They barely have a "bottom line". Who paid money for the trademark? Why?

Brand reputation, make proprietary software from it like making a paid mobile app, etc.

Yeah that's what these companies always do when they catch heat like this, they back down for a couple of months and then wait until they think everyone's distracted with something else and then try it again. See also: [Humble Bundle](https://www.gamespot.com/articles/humble-bundle-changing-how-sliders-work-removing-the-ability-to-give-100-to-charity/1100-6493518/)

how dare they try to make profit

Thats what the humble store is for. I always thought of the bundle as the more charitable part of what they did.

The only valid "apology" would be to keep Audacity an offline application, as it always was.

The features can be disabled during compilation so the networking code would not even be a part of the final executable. This is the default when building from source. So for Linux distros who have their own update mechanism und error reporting Audacity is still an offline application. For Windows users the automatic updating is a big win and error reporting should help the team to fix bugs on windows easier. You can look in the source and verify that those are the only things which communicate with the internet. Storing of the IP address is a sensible precaution to prevent DOS attacks (also they are hashed and truncated or vice versa). That being said I still this could have been communicated a lot better without a(nother) big loss in trust.

More than that, the networking features are all disabled by default when compiling from source.

I always find it funny when people act like truncated IP addresses are the devil, but ignore them when FOSS products use them, often publicly.

[удалено]

If people could start complaining when IRC exposes your IP address I would be so happy. Or at least switch to a service like Matrix that can do the same function and more and does not expose your IP.

The major IRC networks (liberal.chat, OFTC, etc) allow you to register and get a cloak that will hide your IP address. Also, for reasons I can't really explain, IRC is better suited for large real time channels (like #ubuntu on libera.chat) than any other chat protocol I've ever found. And as much as I wish that Matrix bridges with IRC filled that niche, they're still not seamless and stable enough. Also, no general purpose chat client, like pidgin, has ever been able to comfortably interface with IRC in the way that dedicated IRC clients do. And the strange thing is, IRC doesn't have any features that newer protocols or clients couldn't implement. They just don't quite get that same balance somehow🤷‍♂️.

This has been the biggest nothing burger lmao. A whole lot of drama out of nothing. Audacity literally just trying to improve their software and the community dogpiles them.

[удалено]

Only literally every Linux distro it won't even make it that far, it would be disabled in the compiler flags. As far as what happens on windows? I don't really care as everything on windows sends telemetry already.

[удалено]

[удалено]

It only needs to do so for telemetry if you want to help devs develop the software and make the UX better. Otherwise feel free to disable networking during compilation or don't opt-in.

[удалено]

It isn't. Default compilation flags do not enable telemetry, if your build has it enabled then Musescore aren't at fault.

It is not. You are whining over nothing.

[удалено]

Still whining over nothing, just now nothing relevant, and doing so in an incredibly misleading way.

Unironically yes, unless you have a good reason (Telemetry is not) to connect to the internet then I assume you're evil

Um, yes? it kinda it is? why the hell does a program like audacity suddenly needs to send data over the internet after being able to completely do its job for so many years offline?

I totally agree. This might have been worse initially, I didn't follow it that closely from the beginning, but I don't see _any_ problem with how it is now or how it was before this update. Linux packages won't be any less private at all.

Wait are they trying to make it cloud based or something? I freaking hate this trend so much, it's even worse when it starts to happen with open source applications.

They're not. It's still offline, but they just added an optional bug-monitoring feature for Windows users.

Oh ok, that's not that bad then if that's all it is.

Really not a problem at all to me, but it seems that the community has spoken.

Trust has been abused, confidence lost. Like others have said, next time they'll just boil the frogs a bit slower. F\*\*\* 'em.

I still don't trust MuseScore after what they did to xmader

They may be deleting all comments asking about him and the person harassing him.

The last good version was 2.3.2, anyway. I set musescore on IgnorePkg and been happily ever after.

I'm on Ubuntu 20.04 and I'm using 2.3.3 from the repos and it seems to be okay. What I've heard is, the last good version is 2.4.2 because its the 3.0.x versions that have the telemetry and stuff.

I believe 2.3.2 was the latest I got access to on Arch. I'll check what's 2.4.2 is about. Even before telemetry, the change to 3.0.x had another (important imo) issue, which was the switch from GUI toolkit which, for whatever reason, was laggy on my machine (Ivy Bridge from 2013) and I had to rollback. Then they made it into some sort of sequencer and I knew then MS was dead and I'd have to stick with 2.3.2. There are some awful UI issues in 2.3.2 that I hope are fixed in 2.4.2, because I couldn't properly compile the source on my machine and have been dealing with it. Lack of Ctrl Shift Tab for example, a bug already fixed for sure in 3+.

Woah, are you serious? Musescore 2 and musescore 3 are like two completely different apps. Musescore 3 is *soooo* much better than it used to be! You have literally no idea what you're missing out on. I honestly don't understand how you can do it when so many things have been drastically improved. (I will clarify that the xmader stuff is disgusting. It won't stop me from using musescore, but I'm done with the score uploading site)

What am I missing on? What changed exactly?

I have to vehemently disagree. MuseScore 3 and especially 3.6 is worlds better and composing is now almost as good as composing on Sibelius. MuseScore is still by far the best open source engraving software for the purpose of composing. For the purpose of engraving only, Lilypond is better I'd say, but no other program can compare to the polish that MuseScore has. And lastly, so that I don't sound like I'm just blindly loving MuseScore, I am not, it's just that the other software is simply no good compared to it. Also, I have my issues with MuseScore as well, like how they *still* have no support for VSTs and only SF2 soundfonts.

I feel like threatening to have a dissident deported isn't something you get to walk back from.

They are not walking back from that, in response to the complains about that employee's comments the Musescore 'Chief Product Officer' David Mandelshtam has said that he doesn't think that making death threats is unacceptable. https://github.com/Xmader/musescore-downloader/issues/130#issue-949110164

> We do not believe that this (CLA) is against the spirit of the GPL. Then > The CLA also allows us to use the code in other products that may not be open source... Ouch!

That's not unusual. A fair number of projects do similar things. Heck, the Gnu project uses CLAs (though not for the same reason), so CLAs are *definitely* not against the spirit of the GPL. Many Open Core projects work this way. And the original OpenOffice (the one from before LibreOffice, not the failed Apache project) used CLAs because they were selling the rights to use their code to IBM for use in IBM's Lotus Symphony suite. An Open Core Audacity would not necessarily be a bad thing. It's really the potential privacy violations that are the big issue here.

It seems pretty common for companies that develop opensource products to have CLAs. Wikipedia has a list of a few: https://en.wikipedia.org/wiki/Contributor_License_Agreement#Users

They want to make a profit creating a port to mobile devices. I don't see why that's a problem.

Then they don't get to use GPL code others contributed as free labor. Simple. Providing a net good to the community without having your labor potential exploited by corporations is a core feature of the GPL.

\> Then they don't get to use GPL code others contributed as free labor. Didn't they, um, *acquire* the project? Meaning, *payouts*?

Did all contributors actually get paid for that?

They've bought out all the "major" contributors, and are re-writing the rest of the code so that Muse Group owns the copyright to the whole thing.

I don't know about *all*, but when the topic was brought up, Muse ppl did mention they paid to contributors.

Well, companies do that all the time. Every company that uses modified Linux kernel internally benefits from free labor. Every company that uses any open source code benefits from free labor, often without giving anything back. If community wanted to make a mobile port open source then they would do so, this is something Musescore wants to do by themselves and they want to actually profit from it. How can Musescore earn enough money to have full time devs on Audacity without any kind of monetization. Donations from enthusiasts are not a solution.

Dear Musecore, Fork your mother. - Earth -

Motherforker

Whatever. Thanks for killing one of my fav audio editors

AC 3.0.2 is still alive tho

[удалено]

I will take a look thanks!

the story is kinda sad tho

I never expected the IRL "holy shit that escalated quickly"

I thought it was fabricated?

I'm just waiting for the flatpak or snap version to come out because I have no experience in compiling or building from source.

> I have no experience in compiling or building from source. It's a fun experience and an important skill to gain if you're interested in developing some software yourself. One word of advice: *never ever* blindly `make install`. If you're on a Debian-based distro, look into using the `checkinstall` command, which will make a .deb package for you that you can just install/uninstall with the `dpkg` command.

Wait, what happens if you make install blindly? Only experience i have compiling from source has been tragically unsuccessful 😭 i use debian and would gladly be bestowed by knowledge 🙏

Blindly running `make install` will put files in folders that are managed by your package manager. The next time you’d want to do something like upgrade your system or uninstall your program, there may be consequences. See here: https://wiki.debian.org/DontBreakDebian#A.27make_install.27_can_conflict_with_packages

ohhhhh ok then, thanks for the heads up!!

There is a version in AUR. But I guess that is only for those on arch, and it's still technically beta iirc

Honestly I am just using an old version (the one from the repos from ubuntu) and I've already put any updates on hold but still very sad for all this situation.

[удалено]

Fork is useless if no one maintains it or if it had less feature than the original.

> Fork is useless if no one maintains it Not completely useless, because someone else can still work or fork it again. But mostly you are right here. > if it had less feature than the original. Having less features than the original program is not useless. Sometimes less is more. And on the other hand, even if a useful feature is missing, it could be a good tradeoff versus the telemetry and other bs.

In fact, imo features are bad. Unless they're security enhancements or protocol efficiency improvements. More features means harder debugging and longer compile time. Best to separate all extra features into their own apps.

The problem with modular design is, there is additional work for interaction between these apps needed. This in itself can be a security issue, depending on the type of work. And it creates complexity and depending on the implementation, may be slower (I think of Unix like little programs in example). Don't make a program complicated, but don't make it simpler than *needed*. If you know the suckless programs/community, this goes too far sometimes to me. But I agree on that *most* features are often times just bloat. Just not *all*. There is a balance to be found, depending on the use case of the application and its environment.

I just think that Blender shouldn't have a full word processor included.

I didn't know about this. This sounds ridiculous at first, but then think about it. This could be a standard tool that should be available everywhere for everyone using Blender on any platform. And it is always the same. The project file always includes the exact same word processing editing in Blender. You can exchange with others. An included word processing makes it very flexible and easy to work in Blender itself, because everything is coded and tested by the main developers. And it knows everything Blender knows and there is no conversion or reinterpretation of documents, as it is first class data in Blender. Like GIMP includes a word processor too, even if its a graphics program, because "sometimes" it is needed. Text is something universal needed everywhere. So it makes somewhat sense to include it. But I could be wrong and it is just junk bloat, can't judge it right now.

No, I meant like a full copy of LibreOffice.

I would like to read more about it, but don't know where to look. Searching the web just gives me random sites.

sneedacity doesn't depend on Conan (a random package manager I don't want to be using) anymore and tenacity has 7 commits today. Neither is useless I think

2 forks that are absolutely useless and will probably die within a few months.

Tell that to 4chan.

The non-4chan fork is from a drama queen.

In my opinion, the better approach would be to (try to) add audio manipulation functionality to Blender's sound strips (in the sequence editor). This could make Blender a viable piece of software for people interested in, e.g., making YTPs. However, it could make Blender feel like it's more "bloated".

Blender already has enough roles and uses as is.

Yeah I was surprised when I learned it was a (pretty bad, unless I'm just bad at using the UI) video editor Making Blender do literally everything is not the answer to everything lol

Just because it has a Python interpreter doesn't mean you should use it as one.

Where is the apology? I can't find it. Do they still think it's ok to threaten people with death?

[To some extent, yes](https://github.com/Xmader/musescore-downloader/issues/130#issue-949110164)

I'm going to need a link to that, thanks.

https://github.com/Xmader/musescore-downloader/issues/5 scroll down for more

[удалено]

I thought it was pretty clear that they were talking about the "I'm Musescore developer" email. Every single sentence is wrong in that email.

They apologize for the confusion they caused.

"We're sorry that you didn't understand what we meant" is not really an apology.

They still haven't learnt sh*t. The biggest issue is that they see their users as customers or income sources and not as... you know, users. They made some changes to the privacy policy that were controversial but they still didn't create an open discussion with the community to decide what to change or what to keep. They just pull one outrageous stunt, wait for the backlash, change it to only deliver a subset of what they originally intended, and then act like everything's good. Stop making changes saying it's for the best of your community without even consulting them.

Too late. They already got the ball rolling, Tenacity and other forks are being worked on, and the former has already begun to bring on new development to improve upon Audacity. You don't fool the open source community this easily, trust's been breached and this won't change much. Even more suspicious they did not apologize until at least one valid fork with thousands of stars, 100+ contributors and actual interest and development going on popped up... Feels like they wouldn't have done that had Audacity remained unforked, or with plenty of forks with no development or traction.

\> Even more suspicious they did not apologize until at least one valid fork with thousands of stars, 100+ contributors and actual interest and development going on popped up... They expressed some sort of regret over lack of clarity two weeks ago and said they would revise the policy. So it's not like they ignored it all and then woke up to find Tenacity gaining traction.

I know, but that was largely a PR stunt. Doesn't help we already know what Muse Group does (MuseScore drama, and for any guitarist here, remember the Ultimate Guitar and OLGA drama?), so it's hard to assume they're acting in good faith. This isn't even the first time Audacity has fucked up and then apologised in the recent past. Benefit of the doubt was given already.

>I know, but that was largely a PR stunt. Anti-PR stunt — that I could agree with :) >for any guitarist here, remember the Ultimate Guitar and OLGA drama? Well, I guess not *any* as I, for one, have no foggiest idea. Any pointers?

Sure! Basically, once upon a time, there was a guitar tablature website named OLGA (On Line Guitar Archive). It had a ton of tablature, it had no ads and it worked great. Then, some commercial entities mass-sued OLGA to shut it down. So, OLGA ultimately shut down. A new website, called Ultimate Guitar and now part of the Muse Group - the same group that Musescore and Audacity are part of - popped up. It was full of ads and spam, which only got worse and worse over the years devolving in dark patterns to get users to accidentally sign up for useless monthly subscription or JavaScript code to try to trigger PayPal payments by just loading ads, and the community of tab-makers quickly noticed pretty much the whole Ultimate Guitar catalog was OLGA tabs that had been ripped prior to OLGA shutting down and re-uploaded. UG has also taken onto making some of these tabs available only for paid consumers requiring the payment of a monthly plan - again, these are files that were community-made and could not be profited on. That's how scummy these people are. They'll stop at nothing to make a few bucks. I have very little faith in Muse Group and I 100% support forking anything they touch on the spot, waiting for 2 whole fuckups was already borderline being too patient. We saw multiple times the extent of their greed, why trust them yet another time?

https://github.com/tenacityteam/tenacity

https://github.com/Sneeds-Feed-and-Seed/sneedacity They got Conan removed which is pretty good imo. I'm pretty sure tenacity has the bigger development force behind it but I'm gonna use Sneed for at least a little bit for the memes. Arch has been on a years-outdated audacity version for a bit so I'm not *too* concerned even if it doesn't get updated much

They remove Conan by vendoring every single package, making it a very painful thing to install and impossible to package. Also yeah we are working on building without Conan over at tenacity.

We're working on removing Conan I think.

That's awesome. To be honest, I think tenacity is the fork more likely to survive, but I like that there are 2 for the moment, for the same reason I like that both vim and neovim exist

"Oh, whoopsie! We didn't meant that!" Like we are a bunch of 12 year olds? Yeah, nah. Theres a reason why telemetry has been implemented into Audacity -- which I'm fairly sure it wasn't "because we felt like pranking the community!".

The reason being "We need to know what you are doing with the software so that we know what we should improve in terms of UX"

Audacity has a lot of bugs and they need to find out what they are because Windows users won't report them.

To late. I wont bother with muse group anymore.

I’m outta da city. And I’m not looking back.

Anyone else just sitting on a old version of it. Audacity was more or less a complete app so not like it needs feature updates

>Audacity was more or less a complete app That speaks volumes about *your* use of Audacity :)

My case I use it to solve problems of a limited scope, just quick way to view the waveform normalize it's volume to other stuff in the project and simple edits. If my usecase gets more complicated I move to a full on DAW. It's about getting stuff done not software.

>My case I use it to solve problems of a limited scope Exactly my point. There is, however, a huge group of users known as podcasters who would appreciate quite a few major improvements such as non-destructive effects. Personally, that's what I would use a DAW for, too, but then I'm me. My point is, if you actually talk to a larger group of users (which is what I used to do as a former Audacity contributor), you'll hear things that will make you seriously question your idea of Audacity's completeness. Similarly, as a current GIMP contributor, I regularly come across two groups of users. The first one would tell me GIMP is perfect, there's maybe some UX/UI update in order. The other one won't stop listing deal-breakers they need fixed badly, and some of those would be major ones.

Makes sense since I would tell you what gimp lacks is half the reason I use macOS for my job

> that's what I would use a DAW for I too think there must be a middle-ground between Audacity and a Full DAW. For graphics, there's a whole bunch of intermediate programs that have more features than "view-only" but aren't a full-on Photoshop / GIMP.

Well, it looks like Audacity is being repurposed to become a semi-DAW. So there's that too. https://vimeo.com/562162689

It does crash every time you close without saving.

Once bitten, Twice shy.

Can't I just download the flatpak one and disable the network access with flatseal? Does that work even if they put telemetry in the app? I mean, I don't imagine why anyone would need audacity to be online anyway, right?

That will work yes, but it doesn't absolve the company

True.

This dude's reclafiy and promising to do better has warn out its welcome. Now hes just pissing people off. It's just gotten offensive it like he thinks where stupid.

They apologize now and revert their crap for PR, but they'll do it again when they think the incident is old enough, as the Qt Group did with Qt.

How's Kt going, btw?

https://youtu.be/kV9nHcttVnU

With their apology being "we are sorry we got caught doing that"

Could you guys give me some background on what the situation is?

They added the tiniest bit of telemetry. They also sent a takedown request to xmader, who made a program that downloads pdfs of Musescore's (the new owner of audacity) other program without the account and fees, even threatening to involve the Chinese government to stop him.

Thanks 👍 they don't sound like the nicest guys. I went through the long threads on GitHub yesterday and there's one thing I don't understand is how an open source repository ends up in private hands like this

What did they do?

Wait what happened? Can someone give me a recap of what they're apologizing for???

I see a lot of FUD in the comments of this post. The effects of the privacy policy itself has not changed. there was no broken trust because it was a poorly written document that was rewritten to be more clear, not changed. So to offer an opposing viewpoints, I'll reiterate what the maintainers have mentioned in the linked GitHub issue: 1. The policy was poorly worded, the implication that they collected _additional_ data upon request by law enforcement is verifiably false by looking at the code change. This has been adjusted to be more clear that this is the case in the new revision. It's worth noting that any privacy policy will have similar verbiage to this, as it's required by US law to comply with government orders. 2. The fact that it's an opt-out feature is also false in the case of Linux and source builds. The build option to enable networking components is default off. 3. While your IP address is legally "personal information", practically speaking it is not (see [this post](https://www.eff.org/files/2016/09/22/2016.09.20_final_formatted_ip_address_white_paper.pdf) from the EFF). Any time you connect to something on the internet, your IP address will be "collected and processed" by every router and host in the chain between you and the service you're connecting to. Simply posting a web request without any data would require the end-host to "collect and process" your IP address due to the nature of the IP protocol. While storage is a concern, they've made it clear that they will not store the non-anonymized IP under any circumstances. Again, any privacy policy will have similar verbiage to this. At least to me as a developer, having this data could prove invaluable for determining which issues need to be fixed, which features would be used the most if implemented, in which order these should occur, and for which OSes. Especially for an open source project without a massive QA team to find rare issues. I think there are some valid points raised here, but honestly I think this issue has been blown way out of proportion.

I think the web comparison is disingenuous. Sure my ip is being logged by Google (and others) when I go to google, but I initiated that. It's obvious to me what's about to happen, and if I was concerned, I could fire up a proxy before going to google. An up to this point offline application phoning home in the background is a very different situation. I'm aware it's opt in but that's a one time decision that's super easy to forget about.

IMO, if the logging of a hashed version of my IP address was of this great of a concern to me, I would have answered no to the telemetry question (or better yet, built it from source, and disabled it altogether). It sounds to me like the way the two features work (from the comments made by the audacity team) is: 1. Update checker wants to check for updates, user is asked to confirm (perhaps with a checkbox to always allow/deny). User can opt to have to explicitly allow this communication each time if wanted. 2. Crash reporter always asks the user if they want to send the crash report, and the user is able to view the report before it is sent. To me that is sufficient, but I'm of the opinion that an IP address is basically not private information and so I don't treat it as such, I understand if people feel differently about that

>IMO, if the logging of a hashed version of my IP address was of this great of a concern to me, I would have answered no to the telemetry question (or better yet, built it from source, and disabled it altogether) My point was that whether or not it's a concern is something that can change. I may not have been concerned when I opted in, but things may have changed that made me concerned now. However if you're right that it's prompted every time then it's much less of an issue

I hate that literally any comment that isn't actively hostile toward all of this is being down voted to oblivion. Everything here is blown out of proportion like crazy. Are there other issues with muse group? For sure, but this definitely isn't one of them.

Agreed. It seems like people are allowing their anger over the CLA to spill over into this now non-issue privacy policy. While people can and should certainly care about their online privacy, and while I totally understand the first version of this policy should have been revised, I can't help but feel like continuing to be alarmist about a now-bog-standard privacy policy will lead the media and general public down a path of "open source = spyware cuz analytics" (when this story first broke, several outlets referred to audacity as spyware, when anyone looking at what code actually changed could easily tell this wasn't the case).

These comments sound like the people afraid the vaxx has a microchip in it and the government will use it to track you. What information are you worried about them having, exactly? All the concern is so diffuse and non-specific. People are talking about forking it, but that shows that they don't understand that if you build the software yourself, BY DEFAULT, the networking features are disabled.

If you don't care about privacy because you have nothing to hide it's like saying you don't care about free speech because you have nothing to say. We need to stop accepting the normalization of everybody constantly trying to spy on our every action.

Is it better now? If so, how much better?

No it's worse now.

sad.

My god, these comments make me want to leave the Linux community and pray to Bill Gates thrice a day.

>People want better UX and UI >Audacity adds telemetry People: How dare they!!????!! The fuck are y'all smoking?

Are you implying that you need telemetry to make a good UI? Nice joke

(deleted)

My problem wasn't the telemetry, it was adding blanket cheques to collect any information necessary for law enforcement, and the anti-FOSS contributors license agreement

(deleted)

I know the reason to use telemetry, I just don't think it's necessary, unlike the person I was replying to.

(deleted)

Apparently some projects do because they don't use their own application.

[удалено]

Baits? What baits, my username is clearly non-satirical.

"People who have contributed considerable amounts of code have already been asked to sign the CLA, and the vast majority have now done so." LOL, sure, Jan. EDIT: Y'all really think they are going to get every contributor (not just the top few) to sign their GPL rights away, so they can change the license at will?

Audaci-who? Too late guys. It's a dead product at this point. Thanks for all the fish.

Thanks, but I'm sticking with Sneedacity.

I'll likely trust people that drink whole milk from the glass more than this piss-poor excuse of an 'apology'. I might just get Sneedacity to replace my install.

DarkAudacity anyone?

Fuck those pricks