Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Just saying, being open source doesn't make it safe. Those codes are there alright.
But it is dependent on who manages the project and servers. Code can always be be added to the service/server.
Not saying they did, but saying its safe because you can read the source code ain't it.

Its only safe, if you download the source code, inspect it, then host your own server.
Just like any other open source programs, download, inspect, compile. Now that's safe.
You’re very welcome to self host Musish! We plan on setting up a Dockerfile some time over the next week or two.

For now I understand feeling uneasy, we’re more than happy with self hosting and if you want help feel free to reach out!

We use Apple’s federated authentication system, it works similar to how a login with Google or Facebook on a third party service works- at no point are we able to access the user’s credentials, and at no point do we even take their token. Musish is designed to be safe, secure, and private!
[doublepost=1548135455][/doublepost]
Soooo...they work at a desk, but can’t charge their phone? Bull.
Perhaps it was a slightly over-engineered solution, but at least now I have less of an excuse to be distracted by my phone while at work.

And lol, we all do well over the work we’re paid to do.
 
Last edited:
  • Like
Reactions: kakinc
Theoretically yes, but the only if people actually checked the software in depth. Regardless of it being open source, source code can contain malware that is hard to detect even upon code review. Colourama and other python libraries had malware issues last year and the malicious Javascript libraries found in npm back in 2017 also comes to mind. I'm not saying Musish is malicious or anything, but you shouldn't blindly trust open source software.
You shouldn’t blindly trust closed source software either......
 
Shows just how far Apple has fallen. We all know how this story will end. Apple will force these developers to stop, and there will be nothing for a while, then BOOM! "We invented the web player!".
 
Most people use a family account... Currently Apple Music support is extremely bad. If a paying Spotfy user can also link their Apple Music account allowing them to use various Spotify enabled hardware that would really help Apple Music AND spotify. Apple gets more support and spotify can collect statistics and possibly gets Apple Music customers who want to play their music on their exisiting hardware. So, spotify would earn a few bucks a month just acting as proxy. Win-Win.

I still don't get it. You want to pay for a Spotify account plus an Apple Music family account just so you can use the Spotify UI and Spotify hardware, but play Apple Music music? Why not just ditch Apple Music altogether at that point?
[doublepost=1548152352][/doublepost]
they then loose control of passing their AppleID to these unofficial websites, (something which always happens when you login via google or any website that allows Google login)

Google, like any other major tech company (and like Apple Music in this case) uses OAuth so you don't give a third party your credentials. You give the first party your credentials, then opt in to the third party getting limited access to your profile information (but not your credentials).

Sure, phishing is a major concern. Yes, it's possible someone writes a web app similar to Musish that merely mimics Apple's sign-in UI and actually steals your credentials. And yes, there is a risk of training people to confirm stuff they shouldn't have confirmed. But this app is not an example of that, and this thread is full of poorly-informed fearmongering.
[doublepost=1548152410][/doublepost]
Shows just how far Apple has fallen.

No, it shows how useful it is that Apple has provided APIs to write an Apple Music-based web app, and it shows how nice those results can be.
 
You want to pay for a Spotify account plus an Apple Music family account just so you can use the Spotify UI and Spotify hardware, but play Apple Music
Why would you need to pay for Spotify just to use their UI? There’s also no Spotify hardware.

Only to make it available at the next conference as a new feature of Mac OS 10.13.
Well it’s a good thing we’re on macOS 10.14...
 
Sadly, it looks like this does me no more good than did the previous attempt -- though, I did do slightly more analysis this time than last. It appears that you have to be a subscriber to the full Apple Music service in order to take advantage of their API in this fashion; iTunes Match subscribers (like myself) are the proverbial red-headed step child, and need not apply.

Mind you, I suppose I could just cancel iTunes Match entirely at this point, and instead use a free home cloud solution, such as Tonido...
 
I was curious to see what this would give me that iTunes didn't, so I tried it. The surprising thing to me is that it won't show anything in "My Library". The only selection that it shows anything for is "Browse". But I did browse through and found a song and went to play it, but could only play 30 seconds. iTunes is buggy, but it *does* talk to my HomePod, and I can find all of its music.
 
You shouldn’t blindly trust closed source software either......

Of course. I'm simply pointing out the dangers that are inherent in all software. The post I was replying to was implying that software was inherently safe if its open source.
 
So I’m going to enter my iTunes Apple ID and password on a third party website so I can listen to my music? NOT!
Why are you so out of the picture? You are entering your ID and password through Apple on Musish. Nothing suspicious.

I'm guessing you don't use "Login with Facebook/Google" you see on Soundcloud, forums and other websites? This is the same thing.
 
  • Like
Reactions: tonyr6
I'm guessing you don't use "Login with Facebook/Google" you see on Soundcloud, forums and other websites? This is the same thing.

This is FAR FROM the same thing, and it's incredibly naïve to think so. By using Facebook/Google credentials on other websites/services that provide content, you give Facebook/Google access to your activity on those services. Musish does not provide any content themselves, and by using Apple ID on Musish you only gain access to Apple's own content.
 
This is FAR FROM the same thing, and it's incredibly naïve to think so. By using Facebook/Google credentials on other websites/services that provide content, you give Facebook/Google access to your activity on those services. Musish does not provide any content themselves, and by using Apple ID on Musish you only gain access to Apple's own content.
It really is the same thing, though.

All three services named here (Facebook, Google, and Apple) use a type of system known as "federated identity", which is a method a service can use to provision a trusted access token to a service. This token can enable the access / management of a scope of data.

In fact, not only are they both using the same sort of system, but they seem to actually be built around the same industry standard at their core: OAuth. Apple connect through https://idmsa.apple.com/IDMSWebAuth/auth?oauth_token when you access their login page, they then feed the token back to Musish.

Read more about federated identity here:
https://en.wikipedia.org/wiki/Federated_identity

When you login to Musish, Apple provide your web browser a token. This token enables Musish within your browser to verify your Apple Music access (with a very limited scope) to Apple. This means that Apple have verified you are the person who they handed the token to, and now they are happy to send you a list of your library songs, albums, and to even let you stream data from Apple Music's catalog. When you login through Facebook the exact same thing happens, and at that point Facebook are happy to serve you data from your account (or even send some data if permitted), to the scope which the authentication window asked for.

Without wanting to spend time to find a "Login with Facebook" or "Login with Google" button, here's some examples from Google Images:
https://imgur.com/a/jZTJDoO
 
Might be a good idea but I'm not sure I would trust my Apple ID to third party software.

Actually, this service appears to use the Apple-authorized API for Apple Music, which uses OAuth to authenticate you!

OAuth is awesome, it allows 3rd party services to have access to your accounts, without ever learning your passwords. Instead, they receive a token that they can use to authenticate after you give them permission through Apple (notice the popup from Apple Music when you first login?).

Additionally, all this company could take is your music data? I'm not a paranoid privacy person, but that seriously doesn't seem like vital information. Maybe to big record labels? Who cares.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.