From 0ba69fe1acdf229a5e6eb0d4fee006318f3b359f Mon Sep 17 00:00:00 2001 From: Amolith Date: Sun, 16 May 2021 01:08:58 -0400 Subject: [PATCH] eh updates --- blog.org | 360 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 348 insertions(+), 12 deletions(-) diff --git a/blog.org b/blog.org index 3dfd43c..6822e16 100644 --- a/blog.org +++ b/blog.org @@ -4,6 +4,282 @@ * Meta :@Meta: * Technology :@Technology: +** TODO Audacity and the telemetry pull request +:PROPERTIES: +:EXPORT_FILE_NAME: audacity-and-the-telemetry-pull-request +:EXPORT_HUGO_CUSTOM_FRONT_MATTER: :toc true +:END: + +Five days ago at the time of writing, [[https://github.com/crsib][Dmitry Vedenko]] opened a Pull +Request (PR) in [[https://github.com/audacity/audacity/pull/835][Audacity's GitHub repository]] entitled [[https://github.com/audacity/audacity/pull/835][/Basic telemetry +for the Audacity/.]] About two days later, all hell broke loose. That PR +now has over 3.3 thousand downvotes and more than one thousand comments +from nearly 400 individuals. I started reading the posts shortly after +they began and kept up with them over the following days, reading every +single new post. I recognise that few people are going to feel like +wading through over 1k comments so this is my attempt to provide a +summary of the PR itself using the community's code reviews along with a +summary of the various opinions conveyed in the comments. + +When I reference comments, I'll provide a footnote that includes a link +to the comment and a link to a screenshot just in case it's removed or +edited in the future. + +*** Audacity's acquisition + +I haven't been able to find /much/ information in this area so forgive me +if I'm scant on details. + +On 30 April, a company called [[https://mu.se/][Muse Group]] acquired [[https://www.audacityteam.org/][Audacity]]. According to +[[https://mu.se][their website]], Muse is the parent company behind many musical +applications and tools. It was founded by Eugeny Naidenov just days +before it acquired Audacity. Before all of this, Eugeny Naidenov founded +[[https://www.ultimate-guitar.com/][Ultimate Guitar]] (UG) in 1998. The service grew rather quickly and now +has over 300 million users. UG acquired [[https://deanzelinsky.com/][Dean Zelinsky Guitars]] in 2012, +[[http://agilepartners.com/][Agile Partners]] in 2013, [[https://musescore.org/][MuseScore]] in 2017, and [[http://trycrescendo.com/][Crescendo]] in 2018. Muse +Group was established in 2021 and it seems as if all of the services UG +acquired were (or will be) transferred to Muse Group, as well as UG +itself. Immediately following its establishment, Muse not only acquired +Audacity but also [[https://www.staffpad.net/][StaffPad]]. + +I say 30 April because that's when Muse published their [[https://mu.se/newsroom/tpost/6dhedma301-muse-group-acquires-audacity-expanding-c][press release]] +and when Martin Keary (Tantacrul) published a video entitled [[https://www.youtube.com/watch?v=RMWNvwLiXIQ][/Iā€™m now in +charge of Audacity. Seriously./]] According to his comment,[fn:17] Martin +will help with proposing Audacity's roadmap and many of its future +features as well as working with the community. This has been his role +with MuseScore since he joined that project and he will be continuing it +here. + +~-----BEGIN PERSONAL OPINION-----~ + +Looking at [[https://www.martinkeary.com/][his website,]] I also suspect he will play a large role in +redesigning Audacity's interface. Considering that he was instrumental +in designing [[https://www.martinkeary.com/#/ubuntu-touch-os/][the best mobile interface I've ever had the absolute +pleasure of experiencing,]] I have high hopes that this is the case. + +~------END PERSONAL OPINION------~ + +*** Telemetry implementation +**** Implementation Basics + +A few days after the acquisition, a PR was opened that adds /Basic +telemetry for the Audacity/. This implementation collects "application +opened" events and sends those to Yandex to estimate the number of +Audacity users. It also collects session start and end events, errors +for debugging, file used for import and export, OS and Audacity +versions, and the use of effects, generators, and analysis tools so they +can prioritise future improvements. Sending this data would be optional +and the user would be presented with a dialogue the first time they +launch the application after installation or after they update to the +including release. This description was mostly copied directly from [[https://github.com/audacity/audacity/pull/835#issue-629891447][the +PR description itself.]] + +**** Frontend Implementation +This is fairly straightforward and a pretty standard UI for prompting +users to consent to analytics and crash logging. This section is +included because the community has strong opinions regarding the +language used and its design, but that will be discussed later. The +screenshot below is copied directly from the PR. + +[[/assets/pngs/audacity-pr/consentdialogue.png]] + +**** Backend Implementation +Many of the code reviews include the reviewer's personal opinion so I +will summarise the comment, provide the code block in question, and link +directly to the comment in a footnote.[fn:9] + +#+BEGIN_SRC c + if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n"))) + return false; +#+END_SRC +[[https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/libraries/lib-telemetry/TelemetryManager.cpp#L199-L200][Lines 199-200 of TelemetryManager.cpp]] save the user's unique client ID +to a file.[fn:8] This allows the analytics tool (in this case, Google +Analytics) to aggregate data produced by a single user. + +#+BEGIN_SRC c + def_vars() + + set( CURL_DIR "${_INTDIR}/libcurl" ) + set( CURL_TAG "curl-7_76_0") +#+END_SRC +[[https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L3-L6][Lines 3-6 of CMakeLists.txt]] "vendor in" libcurl.[fn:10] This is when an +application directly includes sources for a utility rather than making +use utilities provided by the system itself. + +#+BEGIN_SRC c + ExternalProject_Add(curl + PREFIX "${CURL_DIR}" + INSTALL_DIR "${CURL_DIR}" + GIT_REPOSITORY https://github.com/curl/curl + GIT_TAG ${CURL_TAG} + GIT_SHALLOW Yes + CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS} + ) +#+END_SRC +[[https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L29-L36][Lines 29-36 of CMakeLists.txt]] add curl as a remote dependency.[fn:11] +This means that the machine building Audacity from its source code has +to download curl during that build. + +#+BEGIN_SRC c + S.Id (wxID_NO).AddButton (rejectButtonTitle); + S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault (); +#+END_SRC +[[https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/src/telemetry/TelemetryDialog.cpp#L93-L94][Lines 93-94 of TelemetryDialog.cpp]] add buttons to the dialogue asking +the user whether they consent to data collection.[fn:12] ~SetDefault~ +focuses the button indicating that the user does consent. This means +that if the user doesn't really look at the dialogue and presses +Spacebar or Enter, or if they do so accidentally by simply bumping the +key, they unintentionally consent to data collection. If the user +desires, this can later be changed in the settings menu. However, if +they weren't aware what they were consenting to /or that they did +consent/, they won't know to go back and opt out. + +There are other problems with the code that include [[https://github.com/audacity/audacity/pull/835#discussion_r628816050][simple mistakes,]] +[[https://github.https://github.com/audacity/audacity/pull/835#discussion_r628774985][styling that's inconsistent with the rest of the project,]] [[https://github.com/audacity/audacity/pull/835#discussion_r628500849][unhandled +return values resulting in skewed data,]] [[https://github.com/audacity/audacity/pull/835#discussion_r628792423][use of inappropriate functions,]] +and [[https://github.com/audacity/audacity/pull/835#discussion_r628818054][spelling errors in the comments.]] I believe these are less important +that those above so they won't be discussed. + +*** Community opinions +There were many strong opinions regarding both the frontend and backend +implementations of this PR, from the wording of the dialogue and +highlighting the consent button to devices running something other than +Windows and macOS not being able to send telemetry and thus skewing the +data that /was/ collected. + +**** Opinions on the frontend + +Really, the only frontend here is the consent dialogue. However, there +are /many/ comments about it, the most common of which is probably that +the wording is not only too vague[fn:13] but also inaccurate[fn:14]. The +assertion that Google Analytics are not anonymous and any data sent can +be trivially de-anonymised (or de-pseudonymised) is repeated many times +over. Below are a few links to comments stating such. I searched for the +term /"anonymous"/, copied relevant links, and stopped when my scrollbar +reached halfway down the page. + +- [[https://github.com/audacity/audacity/pull/835#discussion_r628156527][r628156527]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-833969780][833969780]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-833969933][833969933]] +- [[https://github.com/audacity/audacity/pull/835#discussion_r627995927][r627995927]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-834358022][834358022]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-834377549][834377549]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-834382007][834382007]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-834385463][834385463]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-834405825][834405825]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-834531779][834531779]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-834546874][834546874]] +- [[https://github.com/audacity/audacity/pull/835#issuecomment-834638000][834638000]] + +The next most pervasive comment is regarding the consent buttons at the +bottom of the dialogue where users opt in or out.[fn:15] Many individuals call +this design a /dark pattern/. Harry Brignull, a UX specialist focusing on +deceptive interface practises, describes dark patterns as [[https://www.darkpatterns.org/][/tricks used +in websites and apps that make you do things that you didn't mean to/.]] +The dark pattern in this situation is the opt-in button being +highlighted. Many community members assert that users will see the big +blue button and click it without actually reading the dialogue's +contents. They just want to record their audio and this window is a +distraction that prevents them from doing so; it needs to get out of the +way and the quickest way to dismiss it is clicking that blue button. +Below is a list of some comments criticising this design. + + - [[https://github.com/audacity/audacity/pull/835#issuecomment-834286641][834286641]] + - [[https://github.com/audacity/audacity/pull/835#issuecomment-834358022][834358022]] + - [[https://github.com/audacity/audacity/pull/835#issuecomment-834399813][834399813]] + - [[https://github.com/audacity/audacity/pull/835#issuecomment-834479968][834479968]] + - [[https://github.com/audacity/audacity/pull/835#issuecomment-835250737][835250737]] + - [[https://github.com/audacity/audacity/pull/835#issuecomment-835253882][835253882]] + - [[https://github.com/audacity/audacity/pull/835#issuecomment-835291066][835291066]] + - [[https://github.com/audacity/audacity/pull/835#issuecomment-835445481][835445481]] + +Another issue that was brought up by a couple of individuals was the +lack of a privacy policy.[fn:16] The consent dialogue links to one, but, at the +time of writing, one does not exist at [[https://www.audacityteam.org/contact/privacy-policy/][the provided URL.]] I have [[https://web.archive.org/web/20210510012924/https://www.audacityteam.org/contact/privacy-policy/][archived +the state of the page]] in case that changes in the future. + +**** Opinions on the backend + +#+BEGIN_SRC c + if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n"))) + return false; +#+END_SRC + +The issue many individuals take with this snippet is saving the +~ClientID~. Say an individual has an odd file that causes Audacity to +crash any time they try to open it. Say they attempt to open it a +hundred times. Without giving the client a unique ID, it could look like +there are 100 people having an issue opening a file instead of just the +one. However, by virtue of each installation having an entirely unique +ID, this telemetry /is not anonymous/. Anonymity would be sending +statistics in such a way that connecting those failed attempts to a +single user would be impossible. At best, this implementation is +/pseudonymous/ because the client is given a random ID, you don't have to +sign in with an account or something. + +#+BEGIN_SRC c + def_vars() + + set( CURL_DIR "${_INTDIR}/libcurl" ) + set( CURL_TAG "curl-7_76_0") +#+END_SRC + +Timothe Litt's comment gives a good description of why "vendoring in" +libcurl is a bad idea[fn:19] and Tyler True's comment gives a good +overview of the pros and cons of doing so.[fn:18] Many people take issue +with this /specifically/ because it's libcurl. Security flaws in it are +/very/ common and Audacity's copy would need to be /manually/ kept up to +date with every upstream release to ensure none of its vulnerabilities +can be leveraged to compromise users. If the Audacity team was going to +stay on top of all of the security fixes, they would need to release a +new version every week or so. + +#+BEGIN_SRC c + ExternalProject_Add(curl + PREFIX "${CURL_DIR}" + INSTALL_DIR "${CURL_DIR}" + GIT_REPOSITORY https://github.com/curl/curl + GIT_TAG ${CURL_TAG} + GIT_SHALLOW Yes + CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS} + ) +#+END_SRC +The problem with downloading curl at build-time is that it's simply +disallowed for many Linux- and BSD-based operation systems. When a +distribution builds an application from source, its build dependencies +are often downloaded ahead of time and, as a security measure, the build +machine is cut off from the internet to prevent any interference. +Because this is disallowed, the build will fail and the application +won't be available on those operation systems. + +Note, however, that these build machines would have the option to +disable telemetry at build-time. This means the machine wouldn't attempt +to download curl from GitHub and the build would succeed but, again, +telemetry would be disabled for anyone not on Windows or macOS. This +defeats the whole purpose of adding telemetry in the first place. + +#+BEGIN_SRC c + S.Id (wxID_NO).AddButton (rejectButtonTitle); + S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault (); +#+END_SRC + +There was a lot of feedback about the decision to highlight the consent +button but that was mentioned up in the frontend section; I won't rehash +it here. + +**** Broader and particularly well-structured comments +These are simply some comments I feel deserve particular attention. + +From SndChaser... +- [[https://github.com/audacity/audacity/pull/835#issuecomment-834037351][834037351]] +- + +*** The Audacity team's response + +*** My opinions +Can't decide whether to include this section or not. If you make it all +the way down here, let me know what you think. + ** TODO A perfect email setup (for me) :PROPERTIES: :EXPORT_FILE_NAME: a-perfect-email-setup-for-me @@ -445,10 +721,11 @@ arguably more important so I don't actually mind that it runs Android. The only place that Android stands out is in system operations; file transfer uses MTP and, when you swipe down from the top of the device, a -small bar appears as in early Android. This lets you change WiFi -networks, sync between the companion app on your LAN, the remote -servers, take a screenshot, search, and access the system settings. -Nothing else about the device really makes me think of Android. +small bar appears similar to what was in early Android. This lets you +change WiFi networks, sync with the companion app on your LAN, the +remote servers, take a screenshot, search, and access the system +settings. Nothing else about the device really makes me think of +Android. *** Community I don't usually browse Reddit but [[https://old.reddit.com/r/Supernote/][the Supernote community]] there is @@ -531,18 +808,47 @@ Viewing with my naked eye at a comfortable distance, it does look better /At the moment,/ I am pretty disappointed with Table of Contents detection for ePUBs. A great many of my books seem to use a legacy ToC format that the Supernote sees and tries/fails to read before attempting to read the -more recent +more up-to-date one. This is easily remedied by editing the ePUB in +[[https://calibre-ebook.com/][Calibre]], going to Tools ā†’ Upgrade Book Internals ā†’ Remove the legacy +Table of Contents in NCX format. You might need to make a small change +to one of the HTML files and revert it before the save button is +enabled. After that, just copy it back over to the Supernote and +everything should work properly. **** Writing notes I write notes as often if not /more/ often than I read and annotate books. It's the main reason I purchased the device and I love the experience. +The Supernote doesn't /really/ feel like paper despite what their +marketing materials claim, though it doesn't feel /bad/ either. It's hard +to describe but I would say it's something like writing with a +rollerball pen on high-quality paper with a marble counter underneath: +incredibly smooth with but a little bit of texture so it doesn't feel +like writing on a glass display. + +While writing latency[fn:6] is noticeable, I really don't have a huge +issue with it. I write very quickly but find that the slight latency +actually makes writing /more/ enjoyable. It sounds weird and I'm not sure +why, but I /really/ like writing on the Supernote; it's wonderfully +smooth, pressure-sensitive, the latency makes things interesting, and +[[https://supernote.com/#/part?id=SP-04][the Heart of Metal pen]] feels good in my hand. **** Surfacing Content +While organisation is done using a regular filesystem hierarchy, the +Supernote does have other ways to search for and surface your notes. As +you're writing, you can use the lasso select tool and encircle a word. A +little dialogue pops up and gives you a few buttons for things you can +do with that selection: copy, move to another page, cut, add it to the +Table of Contents, or mark it as a key word. If you select the key word +icon, the Supernote does some incredible OCR[fn:7] on it and displays a +dialogue where you can add it to the note file as a tag. This dialogue +allows you to edit the word before adding it just in case the OCR was +wonky. Even with my terrible handwriting, I've found that it works very +well and I rarely have to make edits. *** TODO Pong Isi and Volpeon when finished ** TODO Setting LXC up for local "cloud" development -* Education :@Education: +* Education :@Education: ** TODO Homeschooling * Music :@Music: * Pipe Smoking :@Pipe__Smoking: @@ -550,15 +856,45 @@ It's the main reason I purchased the device and I love the experience. * Footnotes +[fn:19] [[https://github.com/audacity/audacity/pull/835#issuecomment-834451187][Link to the comment]] and [[/assets/pngs/audacity-pr/privatelibcurl.png][link to the screenshot]] + +[fn:18] [[https://github.com/audacity/audacity/pull/835#issuecomment-834010117][Link to the comment]] and [[/assets/pngs/audacity-pr/vendorproscons.png][link to the screenshot]] + +[fn:17] [[https://github.com/audacity/audacity/pull/835#issuecomment-836069326][Link to the comment]] and [[/assets/pngs/audacity-pr/tantacrulrole.png][link to the screenshot]] + +[fn:16] [[https://github.com/audacity/audacity/pull/835#discussion_r627762185][Link to the comment]] and [[/assets/pngs/audacity-pr/missingprivacypolicy.png][link to the screenshot]] + +[fn:15] [[https://github.com/audacity/audacity/pull/835#issuecomment-834286641][Link to the comment]] and [[/assets/pngs/audacity-pr/darkpattern.png][link to the screenshot]] + +[fn:14] [[https://github.com/audacity/audacity/pull/835#discussion_r627764300][Link to the comment]] and the screenshot is the same as previous + +[fn:13] [[https://github.com/audacity/audacity/pull/835#discussion_r627756976][Link to the comment]] and [[/assets/pngs/audacity-pr/vaguedialogue.png][link to the screenshot]] + +[fn:12] [[https://github.com/audacity/audacity/pull/835#discussion_r628124998][Link to the review]] and [[/assets/pngs/audacity-pr/defaultconsentbutton.png][link to the screenshot]] + +[fn:11] [[https://github.com/audacity/audacity/pull/835#discussion_r628008821][Link to the review]] and [[/assets/pngs/audacity-pr/externaldependency.png][link to the screenshot]] + +[fn:10] [[https://github.com/audacity/audacity/pull/835#discussion_r628005925][Link to the review]] and [[/assets/pngs/audacity-pr/vendorcurl.png][link to the screenshot]] + +[fn:9] Note that because I am not a C programmer, these reviews might +not be entirely accurate and I wouldn't be able to catch the reviewer's +error. I am relying on other community members to catch issues and +comment on them; none of the reviews I link to have such comments so I'm +assuming they are correct. + +[fn:8] [[https://github.com/audacity/audacity/pull/835#discussion_r627993755][Link to the review]] and [[/assets/pngs/audacity-pr/writeanalyticsid.png][link to the screenshot]] + +[fn:7] /Optical Character Recognition/: the program looks at your +handwriting and tries to turn it into text. + +[fn:6] In this situation, latency refers to how long it takes for "ink" +to show up on the "page" after writing something. + [fn:5] It's not really a fountain pen even though that's what they call it; it's just pressure-sensitive. -[fn:4] While this would be absolutely awesome, it would also be -prohibitively expensive and difficult to write software for. E-ink -displays are /far/ from cheap and the incredibly low refresh rate would -render usual computing habits ... odd. For example, words wouldn't show -up right as you type them; the delay there would be significant and the -same goes for a mouse. The idea is nonetheless compelling. +[fn:4] There does seem to be a group of people interested in just such a +thing: /[[https://alexsoto.dev/challenges-building-an-open-source-eink-laptop.html][Challenges Building an Open-Source E Ink Laptop]]/ [fn:3]Taken from their [[https://support.remarkable.com/hc/en-us/articles/360006699537-About-reMarkable-2-][support page about the reMarkable 2]]; search the page for /operating system/ and it should show up.