A bit disappointing that this sends audio recordings to a server. Even if it's not the intention, that leaves so much possibility for abuse.
Why not use a Pixel phone with on-device song matching? It also keeps history on device. Getting that data out of the app might be a little tricky, but should be possible.
Perfect is the enemy of good. I've found it's much better to get a project up and running as an "MVP" than to chase the perfect until the details suck all the fun out of it.
It is good to care about this sort of thing, but this is untargeted recording in public. It is not very different to the fact that if I was recording a home movie in public I may incidentally record someone's conversation.
The real harm would occur if the conversations were being stored and analysed systematically, for example by police. But the OP is not doing that (they claim).
It's a very public place in the United States. It's not clear that people should expect or be entitled to much privacy in these public places.
We also know that, regardless of the degree of privacy to which people should be entitled, they're not legally entitled to much privacy in these places. Federal court rulings have been extremely clear on this point. In these places, we don't even have the right to not be photographed.
>they're not legally entitled to much privacy in these places.
While I think this is a really cool project, I also agree with the privacy issues. CA is a two party consent state, and recording a conversation (which this is likely to do) like this is likely illegal. While a person might not have a expectation of privacy about someone just hearing the conversation, they are protected by law if they are recorded without their knowledge.
NB: I am not a lawyer, and the above could very well be wrong.
Edit: As I was informed below, I was wrong on the legal points.
There is no right to privacy in a public space. It is not illegal to record an area where individuals would not have the expectation of privacy, even without their consent. Therefore, this is not illegal.
If this were a restaurant, that would be a different story.
> Exceptions (one-party consent required): (1) where there is no expectation of privacy, (2) recording within government proceedings that are open to the public, (3) recording certain crimes or communications regarding such crimes (for the purpose of obtaining evidence), (4) a victim of domestic violence recording a communication made to
him/her by the perpetrator (for the purpose of obtaining a restraining order or
evidence that the perpetrator violated an existing restraining order), and (5) a peace officer recording a communication within a location in response to an emergency hostage situation.
No legally protected right. This doesn't mean it is ethical, and given that it is a protected right in other jurisdictions shows it deserves more consideration and should not be hand waived away.
If "it's legal" is the argument being used to defense a behavior, it's safe to assume it's not actually a good one.
No, "it's legal" is the argument being used to defend the "it's illegal" and "you're not allowed to" argument. The argument to support the project is that it's cool af.
I sincerely doubt that. Should you blindly apply it to everything? Of course not, nuance exists.
Apply it OP's project. The project is super cool, popular, and most of all it's done and it exists. The worst thing you can say about it is that it's not perfect and failed one weird purity test. Oh no, public audio gets sent to a server!
I don't get what you mean by "possibility for abuse". The author abusing it? Well if they wanted to do that they wouldn't have built the whole music detection thing and wrote about it on the internet. If Shazam gets breached or turns evil, we have infinitely bigger problems than this one phone on this one street. If the author's server gets hacked, the hacker wouldn't care about this - the hackers who want large surveillance networks hack phones and IoT crap, not random people's home servers.
And honestly, as a commentary on how commonplace and normal mass surveillance has become, which this project seems to be, I quite like the threat of "there is a box out there somewhere that sends everything it hears to a server and it does this not for good or evil, but because one programmer was bored and thought what if I could know what song was playing in the cafe across the street".
Oh, that's really interesting. I still use Node for everything and haven't really given Deno a shot, but I'm someone who prefers to stay away from bleeding edge things until they become battle-tested.
But with recent NodeJS compatibility changes, this may be really cool for a lot of use-cases.
There was a post a TechCrunch article posted here a couple of months ago referring to the Panasonic Professor of Robotics Emeritus at MIT. This probably happens in other fields too, but every time I've seen one of these brand-deal titles has been in an AI related article.
Are the MacOS runners cheaper than Github? Unless things changed, I seem to remember that you get billed for a minimum of a 24 hour period per instance even if you only have a MacOS instance active for 30 minutes.
These days, I feel like this biggest obstacle with SAML is integrating with SaaS products. I've been in many situations where it requires back and forth emails to a support team. I've been handed a literal 204 page PDF on integrating with one vendor's SSO setup (the entire document was literally just for their SSO integration, nothing else). Attribute mappings are still a mess. It's wild how poor the experience still is.
I've written one of these 204-page PDFs before (I think it was more like 20 pages though). The IDPs don't exactly make it easy on their customers to set this stuff up, and the burden ends up on the SP (i.e. you) to document to folks how to use their own IDP.
Incidentally we just shipped something for this. Rather than having to make a 204-page PDF, you can go into SSOReady, generate a setup URL, and give it to customers. Customers can visit that URL and they get a self-serve UI for configuring their SAML connection to your product.
Wow. My company previously did an SSO implementation for our SaaS where we ran Shibboleth SP behind Apache just for SSO, with a little Python web app using mod_wsgi to call back to the main web app after SSO was completed. But for the customers that we've onboarded to SSO so far, we had to contract with a SAML expert to work with the customer to set it up. This self-service setup might be enough to make it worth our while to migrate to SSOReady.
SSO support took up well over 50% of our engineering teams customer support time.
One of the biggest challenges is our users tended to need to pull in a different department, that actually owned the SSO system. They had little incentive to hustle to get things to work, so there’s tickets would often drag on for ages.
We’d loom bad because we’d need certain information from our customer.
I'm referring to the opposite side of the problem. Even if you use Okta, if you want to integrate with company XYZ using SSO, no amount of Okta spend will save you.
Other languages may handle it differently, but having to manage threads is not a small compromise for going colorless. You're now forced to deal with thread creation, thread pooling, complexities of nested threads, crashes within child or descendant threads, risks of shared state, more difficult unit testing, etc.
But thinking of those trucks primarily as a liability is exactly the kind of mindset that leads to companies minimizing their liabilities instead of maximizing their potential.
Especially when the cost of minimizing (long hours, unsafe conditions) is not felt by decision makers, and may not materialize for a while, but the benefits of maximizing their potential is felt directly and immediately.
Incentives are everything. That's why managers are so careful when applying them to their own jobs.
Maybe this makes sense for the shareholders, but it feels like such a Day Two thing to do.
The fact that AWS doesn't just shut down services is part of what made it so appealing compared to things like GCP. The story about how SimpleDB is still around has become legendary.
Why not use a Pixel phone with on-device song matching? It also keeps history on device. Getting that data out of the app might be a little tricky, but should be possible.
reply