Tuesday, October 30, 2012

LTE thoughts.

While The Verge has nicely explained why the Nexus 4 comes without LTE, it stops short on explaining why LTE is not really a critical feature.

Actually LTE is a critical feature, but it's critical to Verizon and Sprint, not directly their consumers.

Here's why:

LTE has at the current moment only one thing going for it, and a long list of drawbacks. LTE provides, especially for the non-HSPA+ networks bandwidth, by using better technology and additional frequencies. Hence non-HSPA+ networks need consumers to use LTE handsets because their non-LTE handsets are forced on an overloaded network.

Tests suggest, that given comparable coverage, the difference between a good HSPA+ network and LTE are mostly the smoothness of operation: LTE having no (or not overly many) users, have always enough bandwidth to deliver say 20-30mbit/s, while HSPA+ has a tendency to be slightly more volatile bandwidth, as it's to be expected with a network that has shared bandwidth and active users.

The issue here is, that this benefit of LTE will go away with time when the network gets more users, so it's again only Verizon/Sprint with their proprietary pre-LTE networks that are way over their capacity. HSPA+ while no LTE, has enough capacity to keep the users happily youtubing on their mobiles without issues.

Now LTE has a number of drawbacks:

  • power usage: LTE is new technology, so it does use more battery juice, as has UMTS in the past. Personally, I've just killing the habit of switching my mobile to 2G-mode only to preserve battery, my current Nexus seems to handle UMTS well enough that the GSM power benefits are rarely relevant.
  • VoLTE. MetroPCS has started to deploy VoLTE just in August, and till that works well enough, probably somewhere next year, LTE is a pure data network, with no support for typical phone functionality, e.g. phone calls. The ugly CSFB fallback solution where devices fall back to non-LTE networks adds a couple of seconds delay, plus leaves you potentially unreachable while being online (in all the places that have LTE coverage but no pre-LTE coverage). It's a hack, and an ugly one at that.
  • LTE without flat fees is a non-starter. LTE can roughly pull 1GB per minute. Without a flat fee it's kind of like driving a Hummer while gas is rationed. Add to this the fact that data usage is hard to measure and very hard to correctly assess by lay persons. Combined this gives a situation where depending on your contract you pay quite hefty fees or are throttled to dialup modem speeds. Not good.
  • LTE is a frequency chaos. Building a HSPA+ mobile that works globally (the only country without a GSM network that comes to mind would be Japan, West Sahara and a couple tiny islands) is comparatively simple. LTE adds 7 frequency bands on top of GSM (4 bands) and UMTS (5 bands), which leads to situations where selecting the right mix of bands is hard (e.g. the iPhone 5 can do LTE in Europe on exactly 2 LTE networks, out of roughly 70 LTE networks. So LTE makes a phone meant to work globally quite a bit complicated, with minor relevancy to the majority of users. Some manufacturers do the hassle dance to serve Sprint and Verizon, but for the time being LTE is irrelevant to the rest of the world.

So if you live in a place without reasonable GSM/UMTS coverage, you'll probably need a LTE device. If you're in a place with reasonable HSPA+ coverage, one might want to consider switching to an operator that operates with standard technology.

Friday, October 19, 2012

MS has not really figured it out

Jaime claims that MS has figured out how to provide one product from desktop to phone.

That's not completely correct, what MS did, was take Win7, and replace the Start menu with a tablet/phone appropriate UI. And as almost any commenter has pointed out, on keyboard/mouse hardware the Metro screen sucks.

Which is not surprising. Android land had a number of experiments into this direction too, and they were not overly successful:

  • Ubuntu has implemented Android support that would run natively as an experiment some time. Obviously phone/tablet apps sucked in a desktop environment.
  • A number of netbooks, e.g. the Toshiba AC100 used Android. They did not even manage niche status.
  • There are a number of niche products that make kind of sense, e.g. the Asus Transformers that offer a keyboard. These work well, and probably way better than Chrome books, but they are not meant to replace full computers.

So what MS managed is to mix up the UI for phones, tablets with the UI for desktops. If any of the above is an indication, that's a bad thing. OTOH, MS might get away with it, because the bad part of the equation is located on the desktop side, where MS still has monopoly level market share. Or not, considering that the huge commercial customers seem to be about to migrate from Windows XP to Windows 7, and it's by no measure a 100% thing that they'll follow to Windows 8 as well conditioned lemmings.

Thursday, October 18, 2012

Todd@Macblog:People Keep Talking about iPhone 5′s Weight

Todd is again at his best, living in a corporate walled garden.

Hint: the iPhone 5 is not the lightest phone out there. And while it feels nice, that only lasts till the scratches get deep enough that you can feel them, not only see them.

Hint: There have been many very nice, and anything but cheap feeling/looking tablets in the 300g (10oz or so) range, for some time now.

From personal experience, ~1.4 pounds or 650g as Apple specs it's iPad is clearly to heavy to hold in one hand for any period of time. Never understood how understanding "premium customers" can be, OTOH, I guess these are more civilized and less willing to complain. (An observation from my teenager days, privately paying patients, "premium patients" if you want so, were almost always more willing to wait for their treatment, than social cases on a government plan, which sometimes managed to raise a stink after waiting 5 minutes.)

Wednesday, October 17, 2012

Todd@Macblog: Don't use Apple tools, use something else

Todd has written an interesting article answering John Battele's gripes with Apple products.

A nice summary would be, use the right tool for the job, and the right tool is almost always not an Apple toy.

Take for example the address book. If we follow Todd's advice, if you have 1000 contacts you should use a 3rd party CRM tool. Sounds like my above summary, don't use the Apple toy, use something serious. But the recommendation is wrong on a number of critical points:

  • A rough limit of 1000 contacts in an address book is a random limit. Why? Correctly speaking it's a bug, and don't tell me it make designing implementing the address book easier in a relevant way just by using static data structures internally instead of sensible dynamic implementation. (As an example from history, UNIX tools had a tendency to have arbitrary limitation, e.g. on line lengths. Btw, before anybody says Unix is irrelevant, just remember MacOS X AND iOS are both Unix under the hood. GNU has provided replacement tools with no arbitrary limits and for years installing the GNU tools has been a common place step in getting an Unix server running.)
  • First, a CRM app is right if what John is doing customer relationship management. But I have not noticed that John does not mention CRM at all. He just wants the contacts with him.
  • As an use case for having many contacts, let me explain how I use the address book: As a freelancer I'm contacted by agencies all the time. I usually stuff the data of the agent that called me into the address book, label it with a group "agents" and see the next time somebody calls that's it's not an initial call immediately. This way I can also assign different ring tones, "direct to (non-existing) voice mail", notes and so on to these. See no real CRM, I do not call any of these, but I want my phone to know about these, and I want to assign attributes to them.
  • Last but not least, especially with an iPhone (Androids are way more flexible), you cannot just replace the address book/dialer hence no matter how nicely you keep your data in a CRM app/website, the phone will not be able to show you informations about the caller, will not be able to customize ringing behaviour, and so on. So a separate CRM app does not solve the issue at all.

In short, Todd forget to propose a working alternative, e.g. don't buy an iPhone, get a serious phone. This applies in analogy to the other "solutions" Todd suggests, plus he has nicely ignored the John's wife's issues which are not so outlier at all.)

Ok, so you complain, why do you single out Apple in your complaint, others have produced more than enough crap that is not worth the electrons used to store it.

  • Well, Apple has always presented itself as a premium brand. So eat your marketing message, and provide the premium experience. Stuff that's okay with a second hand Geo, is not acceptable in a new Audi A8.
  • Apple has been messaging "we are different, we are better" for years now, so the "but your Honor the others do it all the time" defence does not work for them, sorry.
  • Apple is the leading "welded hood" provider of gadgets. If you do that, you've got way more responsibility for your customers. E.g. displaying >50% of the space on the iPhone as occupied by anonymous data and giving no way to diagnose the problem or solve it to the user, recommending to restore the phone, is well, a non solution. In any other industry, the consumer would be returning the faulty product for a replacement. Btw, Todd seems to like to ignore the relevant details in John's post, e.g. Which I did. And I lost all my apps save the ones that come preinstalled on the iPhone in the first place. And guess what? It didn’t fix the problem. to which Todd recommends " If the instructions are to restore your iPhone, then maybe that works." Hint: read the post you are commenting first, John tried restoring, lost his phone setup, AND it did not solve the problem.

Thursday, October 11, 2012

A naive view on FRAND

So what are FRAND patents?
Simply said, they are patents where the owner has agreed to negotiate with anyone wanting to license it, and grant reasonable licenses.
A FRAND commitment is usually a requirement by standard bodies to allow "patent tainted" standards.
Actually FRAND practices discriminate against free software, and that's it's biggest issue.
Now as an innocent bystander, IANAL, FRAND has no real hard legal implications, because to many terms are undefined, what's fair, what's reasonable, what's discriminatory?
OTOH, in practice FRAND meant that the guys involved negotiated, cross licensed the patents, and went home happy.
FRAND, especially did not involve:
  • Ignoring the patents, and not negotiating a license.
  • Starting a patent war.
Hint: Apple did all of the above.
Before anyone points out, that others started it, well before you had mostly to kinds of events:
  • Tiny patent skirmishes.
  • Non practicing entities ("patent trolls") shaking down practicing entities. ("manufacturers").

So yes, Apple shouted "Fire" in a theater full of people bristling with mass weapons of IPR destruction.

Wednesday, October 10, 2012

Patents and what's wrong with the system

Patents to be valid need to fulfil a number of criteria:
  • applicable topic (although this is being pushed further and further, nearly everything seems to be patentable today).
  • Full disclosure of the invention.
  • No prior art.
  • Not obvious to somebody in the field.
IANAL, and I'm sure there are other criteria, and legal scholars would probably phrase it differently.

Now the Patent Office in the US (which finances itself as they like to boast) and other countries issue invalid patents (obviously trivial/prior art) by the wagon load day by day. And they leave the private citizen (or to be more precise companies but these are usually owned by private citizens) the bag, to invalid in court.

Let's be realistic, there are a number of categories of patents that should be done away for the good of the community, but the patent system would get way more tolerable if all these invalid patents would go away.

Let's think about this from a business perspective:
  • Costs to file a patent (not the R&D just the patent filing) are say around $10000. (It basically depends upon jurisdiction, and if you use an external patent attorney, or happen to have such legal experts on staff, ...)
  • Costs to defend against an invalid patent: As a number of patent trials have shown, these can go easily over a million, and that's when you win.
  • This means depending for how much you are being shaken down, it makes economically sense to pay, and not defend against even a trivial invalid patent.
So what can one do? The problem is that the patent office mostly rubberstamps any patent that is not obviously wrong on formal grounds. The fees to the patent office are the same no matter if the patent is valid or invalid, so it's the easiest way out for the patent office to grant a patent. If they don't they end up potentially in a paperwork "war" with the inventors. If they grant it, they can cause huge economic damages if it's invalid, but that's of no relevance to their bottom line.

So basically, invalid patents need to hurt the patent office. It's as simple like that.

Ideas that come to mind are increasing fees so that rejected trivial patents are more expensive, so that the patent office has an incentive to look for invalidity. That would be the carrot so to say.

Another idea would be for the patent office to pay the legal defence costs if a patent is found invalid. That would be the stick.

E.g. if the current Apple/Samsung verdict in California will stand on appeal, the patent office would have to pay Apple's legal bill, because the Samsung patents have been found invalid, and by issuing these patents in the first place, the patent office caused the damage to Apple, in this case.

Especially the US patent office is proud to be not using tax money, see we are not like other government agencies, we are like a good working private sector company. If that's so they should also take responsibility for damages they cause, especially if they cannot document that they did due diligence on the patents issued.

(It's easy to be profitable if you can print your own money, which what's the patent office does by taking the fees, without much service in return. And I don't think that they can consider themselves a net positive institution without taking into account the damages that they cause to the economy, at least the specific ones where invalid patents cause legal costs, the general costs to the economy by hindering innovation are to hard to account correctly.)

Tuesday, October 9, 2012

Privacy mode does not keep the evil guys from tracking you.

Many people mistake what the Privacy mode of their browser provides for them.

Privacy mode is not about them not being trackable. Privacy mode is about surfing somewhere without leaving many visible fingerprints in the browser.

When say law enforcement wants to track your surfing behaviour, they've got basically three places where they can learn about you:

  1. They can take your PC and look what traces your browser left on the harddisc.
  2. They can intercept your internet connection and take a look what you are doing.
  3. They can find your IP address in the logfiles of say some webserver, and ask your ISP to tell them whose account was associated to it at the given time.
Now privacy mode makes number 1 harder. How much harder is an interesting question, but personally privacy mode is something you can use if you do not want any other user of the browser to figure out that you've browsed it.

To cite the firefox support page, it also does throw away any cookies that you might have acquired. Cookies are just one way to encode an unique id, see also here or this wired article, so clearing them only helps in a limited way, and is probably giving you a false sense of safety.

So from an "avoiding tracking" perspective privacy mode is even a weak placebo.

Monday, October 8, 2012

Browser cookies

Nowadays, many people have heard about browser cookies, but experience shows that many people do not understand what they can be used. Worse, concentration on cookies means that most people do not realize that there are many other ways to be tracked.

Basic webbrowsing

The basic setup to get a web page is that a browser talks to a webserver, requesting a specific address, and gets back the document. For typical web pages the document returned is a HTML document.

A HTML document consists of text with markup elements, called tags, these are delimited with < >.

Now the same game with cookies:
The point here is that http without cookies contains no concept of a session, each and every page is delivered separately and the webserver cannot be sure if it's coming from the same user.

Now HTML usually does not contain media objects, say images, these are linked and the browser retrieves them in a separate http requests. Javascript code can also be loaded from a seperate URL.
That the usual way that adnetworks (or tracking services, basically all the bad guys disliking your privacy) operate:

Notice that I've added the Cookie that previous visit to adnetwork.com has created. Combine this with the fact normally browsers tell the webserver from which page the http request originated from (goes by the name of Referer tag), and adnetwork.com, if it only has enough partner sites can easily enough track your behaviour in the webbrowser.

But cookies is not really the whole story

Cookies are basically meant for tracking users, kind of linking together separate http requests, which as such can be also very useful, actually tracking an user session is critical to most websites that go beyond simple static ones.

But there is more to this, because beside cookies that by design give your browser an unique id, there are a number of ways to "brand" you with an unique id:
  1. Flash and other plugins contain code that allows to store local data.
  2. HTML5 introduced localstorage.
  3. The browser cache can be used to store a little bit of unique javascript.
  4. Some more current research suggests that browser capabilities plus your PC's address can create a fingerprint like value that is highly unique.
This list btw is by no means complete, it's just what a 15 seconds brainstorming session has produced.

So how can one avoid be tracked?

Well, for Desktop browsing, I'd recommend the following addons: Ghostery, Adblock+, NoScript (sorted by usage pain).

These addons btw (or ones with similar functionality) are available for Firefox/Chrome.

Ghostery (despite being itself sponsored by a tracking company) is a simple way to disable most if not all tracking constructs in use nowadays. It should be usable even by the most computer averse users, and requires no user interaction after being installed and configured.

Adblock+ blocks ads/tracking urls, and provides a way more relaxed web experience. As ads are often used as vectors for malware, consider it security software. It needs almost no interaction with the user, and any average user should be able to handle it.

NoScript protects from a number of issues, and allows a way of browsing where dynamic (Javascript, Flash, ...) elements are disabled by default, and one has to manually enable these for a given site. (It's not as bad, because it remembers your preferences) This involves a certain level of user interaction, because on visiting a site for the first time the user has to tell the browser which sites he considers safe.

Last but not least, if you want to separate accesses, so that they get not tracked together with your main identity, consider using a different browser and/or a different local user (which gives a clean slate when it comes to tracking state) on your PC.

What about mobiles?

Well, the situation is way worse for mobiles, because most of the browsers do not support addons/protective measures. Plus you've got apps that can get all kind of data about your device and you (serials, contacts, location, ...). All of these are listed during installation, but just because the app has a valid reason for some permissions does not mean that it does "less valid" stuff with them.

If you've rooted your phone, you can use AdAway to block a good part of tracking/ad networks from being accessible from your device. You can use DroidWall to enable/disable Wifi/mobile data access for any given app. You can use special apps to remove permissions for installed apps. All of these suggestions require a rooted device, and can interfere with the correct operation of Apps.

One thing mentioned above, using separate browsers for different use cases works on mobiles too. (Probably does not apply to iDevices, as Apple allows only it's own browser engine, so "different" browsers are more like skins there. Basic test: login to a site, say google.com with a browser and access it with the second browser. If you are still logged in, you are probably very trackable. If not, it might work.)

Sunday, October 7, 2012

It's only partially about work conditions

Some people assume it's only about work conditions, but this is not about what one would usually call "work conditions" (hours, pay, rest room breaks, stuff like that).

The issue that is irritating workers is that Apple has raised quality standards (to avoid the scratches that many of the iPhone5 in the first batch had out of the box), actually blemishes smaller 0.001 inch will not be accepted any more. Which would be well enough, if the workers would be thought how to do it, but they lack even the instruments to detect these blemishes themselves.

Basically, because of poor material selection considering durability, so that they have a phone that feels "good" and "expensive", Apple has chosen materials known to scratch easy. Now that some reviewers started to complain, they solved it by turning on the heat on the work force. As some people have pointed out, this kind of blemishes are in fact not fixable with exalate aluminium.

Saturday, October 6, 2012

How Android handles sharing, and why bad websites can wipe your phone this way

First, if you have not heard about it yet, if you have not a complete uptodate S3 or a Nexus device, install NoTelURL to be safe.

Anyway, how does Android handle sharing and how does that relate to the issue above? Roughly:
  • Whenever an app wants to share something, it packs up the data (image, url, whatever) into a data structure called Intent, and basically hands it over to Android to handle it.
  • Android figures out which apps have declared that they can handle the specific Intent, and if it's only one, it hands the Intent over. If not, it offers an user menu to choose which app should handle it.
  • The receiving app handles the sharing.
Generally speaking this stuff is usually called decoupling, and it's a good thing, because the sender is strongly decoupled from the receiver, and errors in one of these usually don't affect other parts of the system.
Btw, that's also why at least for a long time, if you had more than one Browser installed on your device, pressing a link caused also such an Intent being sent, and the user was "happy" to be able to choose which browser to use on every click. Sigh. Nowadays browsers tend to handle links that they can handle internally to handle internally.
Now a tel: url is meant to allow a webpage to dial a number on your phone. E.g. search results for a take out can als include a Call button so you can order directly without copying/pasting the number manually.
Now, USSD codes are special phone numbers that can be used perform special functions. Some manufacturers also included their own extensions like "reset to factory"
And before Android 4.1.1 the default dialer, when presented with tel: containing Intent just dialed it without any further user interaction.
Ooops, combine that with USSD codes or even just expensive numbers to call, and you end up with a problem.
NoTelURL handles that by offering an alternate "dialer", and that's where you need to rely on the user, if the user has not pressed a Call button in the browser, you probably should choose it to handle the unexpected phone number. If you wanted to Call a number from the browser, select Phone.

Wednesday, October 3, 2012

Securing a WLAN accesspoint is clearly nontrivial.

So a California court had the sense not to ask people to secure their Wifi.

Well, that makes sense in multiple ways. But one aspect that was not mentioned is that known WPS attacks make it hard on a consumer.

What's WPS? Well, WPS is what makes setting up a secure WLAN a possibility for the average user. WPS has basically three ways to facilitate WLAN setups with enabled encryption:
  • Pressing the button on you Router allows your phone to join in short time window.
  • Then there is variant where you tell the router a pin that device has generated.
  • And last and here most relevant is the variant, where you read a pin (usually on a sticker) and enter it on the client.
Now some clever person noticed that WPS gives early feedback if the first part of the long pin is wrong. Depending upon details, this can mean that somebody parking an hour in a car can get access to your WLAN, or that your WLAN is secure anyway.

Counter measures are:
  • Change the router not to leak if the first part of the password is good.
  • Change how long a WPS pin attempt takes.
  • Change how many WPS pin attempts are allowed before locking up.
  • Disable WPS pin method.
Now, all of these have some drawbacks. The first three and similar need to be implemented by your device manufacturer, no influence whatsoever for the owner. And the last method is not supported by all routers, might be to complicated for many users (WPS is meant to make setting up a WLAN with encryption noob proof), and worst of all most consumer-grade devices can only turn off WPS completely, hence the user after that needs to register all devices manually with the right crypto key. (again some users might have problems managing that.)

Gingerbread still popular

People still wonder about the slow adoption of Android 4.x, although IMHO there is not much to wonder, nor is it much of a hassle.

The Android ecosystem is very far from homogeneous, you've got devices that are sold for $100 and $700 in it. Some of these lowend/older phones don't even bring the specs to be capable to run Android 4 officially. (Inofficially, the HTC Dream, the first Android phone can be upgraded to ICS.) So even 2012 you still can get newly released phones with Gingerbread.

Then users don't see the point of upgrading, it works, so why change anything. (Don't ask, got 2 S2 users in my home that explicitly told be keep my hands of their phones) Android is way more modular than other mobile OSes, and quite a bit of builtin functionality like Google Maps, Email, ... get just updated as apps.

Then you've got the issue that the manufacturers think that they need to include their own set of patches on top of Android, which slows down the time till an official upgrade for a device is available.
In practice, if one is willing to flash an unofficial image, most phones can be brought  uptodate.

So don't expect iOS style instant update effects, a more realistic comparison would be the PC market (XP, Vista, Windows7 and Windows8 are all out in the wild nowadays), although for a number of reasons (modularity) there is less of a reason to upgrade.

Tuesday, October 2, 2012

Why does Marketing do this to us? (or why is the S3 probably slower and faster at the same time, compared to the iPhone 5

Reviews of the iPhone 5 comparing it to the S3 usually claim that the CPU performance is comparable, sometimes claiming that the S3 comes out faster sometimes the iPhone 5 comes out faster.

Now, benchmarking is prone to many problems, getting it right is far from trivial, but beside this, the CPU benchmark for US/international version vary around 10% (with the US version being slower), which would explain that some review suggest that the iPhone 5 is slightly faster, and some reviews suggesting the iPhone 5 is a tiny bit slower.

So because for marketing reasons two different phones (quadcore with 1GB RAM, dual core with 2GB RAM) are being sold as the same device.

Btw, while the CPU is slightly faster on the international version, I'd personally prefer the 2GB version, OTOH, it's a tiny difference at a very very high performance level.

Monday, October 1, 2012

Apple might not approve a Google Maps app

As others are realizing that a Google Maps app for iOS is not a given, they seem to miss the relevant consequence. I mean mapping/navigation is one of the critical functions of a modern smartphone.

So what do you need not working to come to the conclusion that you might want to buy something that works?

I mean, the iPhone 5/iOS 6 offers:

  • An insult when it comes to Maps. That's not even pre-Alpha, they knew it, and they still decided to go ahead with it, without thinking about user experience.
  • Then we've got scratching. I mean, a premium device that scratches more easily than any cheapo tracfone. And if you have to put it in cover, all you get is something that looks and feels like any cheap Android phone, because covers are the great equalizers here. Does not matter what's inside, you still feel and see primarily the cover. And 4" is not exactly a highend screen for current phones. Add to this light leakage, and you get a quality picture that is rather sad.
  • But as any Apple lover will tell me, having a deeply scratched phone is just about become highly trendy and cool, and Apple was so nice to prescratch a good part of the currently available iPhone 5s, considering that someone trying to replace his iPhone5 for an unscratched one did not manage to find such in 30 boxes in the Apple store he was at.
  • The iPhone5 has a mediocre battery at best (if I believe certain German consumer watchdogs, it's 2.5 hours standardized surfing via UMTS, shorter than the 4S, and much shorter what the Samsung S3 manages), and you cannot change it on the fly. My T-Mobile G1 years ago had a somewhat small battery, but at least I could change it for a full battery anytime.
  • iOS features that have been common on other phones for over a year. Wow, so you can take panorama images. I can relate I just discovered that my phone can do that too, never bothered to figure out the features of my phone. Twitter/FB intergration. Wow. What about Dropbox. Your own home server? (Photostream is cool, but I prefer to keep my photos private by default so they are directly uploaded to my PC at home.)
Obviously it works "well enough", because while Apple does have a number of cultist followers, most of the 5 millions iPhone5s were not sold to people waiting in line outside. OTOH, if I think about my family, there are certain effects that can explain that lemming-like buying behaviour (like I already know how to press icons and I don't know anything else, hence it's working. I once observed a secretary printing a certain preprinted form multiple times, because she never realized that the system was meant to reliably to find the left upper corner on every print, and as reprinting the form once or twice was still much faster than doing it by hand. Hence that printer was replaced only when I noticed it for myself, the regular user found the bad printer "good enough"). OTOH, 5 millions on one weekend and running out of stock is rather poor performance, it's kind of the number of Android activations in a normal week.