Rob Pegoraro

Google’s I/O News: A Reminder Of How Apps Don’t Just Write Themselves

by Rob Pegoraro on May 17, 2013

SAN FRANCISCO–The second most-important company at Google’s I/O developer conference wasn’t there: Apple.

The competition between Android and iOS often gets played out as a battle between different phones and tablets, operating systems, and shipments and installations of each. But it’s also built on apps, and those programs don’t just write themselves.

The keynote that opened Google’s I/O developer conference here Wednesday shed some light on how that contest has been not as even as device sale and activation numbers might suggest.

Beyond a raft of announcements covering changes to Google’s search, social-media, music and mapping products–much of which involved a level of anticipating a user’s needs and concerns that not everybody may be ready to sign on to–it was remarkable to see how much time Google spent on patching some long-standing issues with the construction and marketing of Android apps.

For example, the company is shipping a new development toolkit to build phone and tablet apps, Android Studio, that streamlines writing for different screen sizes, resolutions and aspect ratios. That might not seem a big deal, but then look up how many coders hate the predominant development environment, Eclipse; Google based this new software on a competing option, Intellij, that’s drawn better reviews.

A similar overdue upgrade is coming to the Play Store: It will finally break out apps that have been optimized for Android tablets (my thought on hearing this was “they’re only fixing this now?”) and provide personalized recommendations.

On the developer side of the Play Store, a revised management interface will allow detailed tracking of revenue, country by country, as well as of which ads worked best to encourage users to download an app. It will also offer professional translation of apps into other languages and help developers conduct beta tests with selected groups of users with, presumably, a greater willingness to file bug reports if things go wrong.

And some new framework code, such as the gaming and location services Google announced and a Bluetooth wireless rewrite it did not highlight, ought to yield more reliable, less battery-intensive apps that are less likely to yield bug reports.

The unspoken context to all this was one thing that hasn’t changed even as Android devices now outnumber the iOS population: Developers make more money in iOS.

MORE »

{ 0 comments }

Group-Playback Apps Let You Choose Your Own Copyright Adventure

by Rob Pegoraro on May 10, 2013

The play button is getting yet another upgrade from the Internet: the ability to function in sync across multiple devices. Instead of only being able to listen to a song on your own computers, a few apps can cue up that tune on other gadgets–in effect, turning them into Internet-connected speakers.

Is that legal? You’ve heard this before in copyright debates: It depends!

The best-known implementation of the concept is Samsung’s free Group Play app, which comes preinstalled on its Galaxy S 4 but also works on other recent Samsung phones and tablets.

It’s pretty straightforward to set up: Open the app and tap “Create group” on your device, choose a song and then a second phone within WiFi range can have the same tune streaming in sync–with its left and right channels sent separately to each device for a proper stereo effect.

The default setting requires you to set a numeric passcode for the group, with up to nine other devices allowed, but you can assign a single-digit passcode or make the group open. You can also share pictures and documents or play games this way.

Last weekend, I saw a similar concept at the Day of Fosterly startup conference: a Web app called Speaker Blast, which lets you upload a song to a server and then have it play through multiple Web browsers at a preset time.

Two tests of this app (still in private beta) did not work quite as smoothly. The desktop, laptop and iPad evidently did not have the exact same time, resulting in playback a tic out of phase–as if I were hearing “Radio Free Europe” played not by R.E.M., but by a cover band needing more rehearsal.

A third app, Seedio, offers similar group-playback features on iOS, but I haven’t tried that yet.

All of these products intersect with a core concept of copyright law: the restriction on the “public performance” of a copyrighted work without a proper license.

MORE »

{ 1 comment }

SideCar Approaches A Regulatory On-Ramp

by Rob Pegoraro on May 6, 2013

Can SideCar get a lift from the District of Columbia, or is it only going to get taken for a ride?

The ride-sharing service, which matches passengers with drivers heading in about the same direction, launched in San Francisco last June and began limited operation in D.C. in late March.

The District of Columbia Taxicab Commission is not pleased by the development.

“The DC Taxicab Commission has determined that Sidecar offers a public vehicle for hire service and as a result their drivers must have licenses from the Commission and those drivers’ cars must have L tags,” wrote spokesman Neville Waters in an e-mail Wednesday.

DCTC has yet to take enforcement actions against SideCar. In New York, however, the Taxi & Limousine Commission had police briefly detain two drivers and impound one’s vehicle. In Philadelphia, the city fined three drivers and impounded their vehicles, then fined the company too.

Here’s how the app works: After you open an account in SideCar’s iOS or Android app, including storing a credit card for a “donation” covering each ride, you set pickup and destination addresses. The app suggests the right donation for that route, you confirm the ride, and a driver accepts and arrives. At your destination, you pay what you want, then you and the driver rate each other.

Or so I’m told: The service only runs on weekends for now in the District, and I’ve yet to have an opportunity to use it.

Co-founder and CEO Sunil Paul explained Thursday morning that the company provides a matching, not a dispatching service.

A driver need not accept a ride request, and a passenger can balk when a driver rolls up (Paul said he declined a ride when the car wasn’t the one pictured in the driver’s profile.) Drivers aren’t supposed to drive full-time or even go out of their way; a FAQ states “you share the rides you’re already taking.” And that voluntary payment can be zero.

(The suggested donations on a few sample itineraries are in the range of taxi fares–for instance, $11 to go from 15th and L Streets in downtown D.C. to the Rosslyn Metro stop in Arlington, less than three miles away.)

SideCar also aspires to be a friendlier ride than a taxi. “It’s social versus chauffeur,” Paul said. “Most people sit in the front.”

Passengers and drivers discussing SideCar on Quora have made the same point. As one driver wrote, “Money shouldn’t be your motivation, [….] meeting new people, discovering new places in the city & being a friend giving a ride to another friend should be.”

MORE »

{ 8 comments }

Government To Industry: Secure Your Systems, But Also Make Them Easy To Wiretap

by Rob Pegoraro on May 1, 2013

You can’t blame tech companies if they feel a little confused about Washington’s security priorities this week.

For months, Congress and the Obama administration have been pushing for public-private cooperation to improve the state of cybersecurity. It’s not enough for companies that run critical infrastructure in telecommunications, finances and power to their individual defenses; the government also needs to make it easier for them to pool their knowledge and resources.

Congress just hasn’t been able to agree on how to do this in two weeks of trying. For the second year in a row, a “CISPA” (Cyber Intelligence Sharing and Protection Act) bill passed by the House has stalled out in the Senate over fears about privacy and accountability, backed up by veto threats from the White House.

Now comes news, courtesy of a front-page story in Monday’s Washington Post, that an administration task force is proposing a system of steep and escalating fines to push tech companies to open up encrypted online communications channels to wiretap requests:

“Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders [….] After 90 days, fines that remain unpaid would double daily.”

The story by my former colleague Ellen Nakashima goes on to note that while this proposal would be tech-agnostic, allowing companies to develop their own backdoors for the FBI and other law-enforcement agencies, it would also exempt smaller companies from these fines.

The piece notes the difficulty or impossibility in enabling real-time decryption in many of these situations, especially those involving peer-to-peer systems, but does not describe what will ensure that bad guys only stick to big-name communications systems. And that’s nowhere near the only head-scratching moment in this idea, which the White House has apparently not yet signed off on.

Consider this paragraph further down in the article:

“Former officials say the challenge for investigators was exacerbated in 2010, when Google began end-to-end encryption of its e-mail and text messages after its networks were hacked. Facebook followed suit. That made it more difficult for the FBI to intercept e-mail by serving a court order on the Internet service provider, whose pipes would carry the encrypted traffic.”

I’m not unsympathetic to the difficulties law enforcement can have here. But these companies–beyond Google and Facebook, you can add Microsoft and Twitter to the list–adopted full-time encryption, among other overdue security upgrades, for the sound reason that their users’ accounts kept getting compromised by man-in-the-middle eavesdropping.

If the cost of making it easy for the Feds to listen in on the communication of criminals is to open up everybody else’s chatter to Chinese hackers… yeah, good luck with that.

MORE »

{ 0 comments }

Resolved: Competing Over Pocket-Sized Screen Resolution Has Gotten Out Of Hand

by Rob Pegoraro on April 26, 2013

By a year or so ago, the leading smartphone vendors could have jointly hoisted a “Mission Accomplished” banner–by then, they’d all succeeded in shipping displays with as much resolution as humans could hope to discern.

Instead, many of them have since escalated this competition by shipping phones with even-denser displays that may now require upgrades to our own retinas to appreciate their awesomeness.

In the process, these companies risk replaying one of the older stories in competition: incumbent vendor overshoots while trying to satisfy one perceived customer demand, then astute upstarts notice how it’s neglected other needs and proceed to eat its lunch.

That’s not what I expected in 2010 when Apple introduced the idea of the “Retina Display” on the iPhone 4′s 960-by-640 pixel screen. Quadrupling the pixel count from the iPhone 3GS’s 480 by 320 screen–and going from 163 pixels per inch to 326–made the usual bitmapped edges on text and graphics vanish.

(Fun fact: According to the display calculator at Is this retina?, my old Treo 650′s 2.7-in., 320 by 320 screen had the first three iPhones beat in terms of pixel density, at 167 ppi.)

It seemed inevitable that other manufacturers would match this new standard. But many have since been vying to demonstrate their superiority by going past it.

MORE »

{ 2 comments }

Yes, Android Updates Are A Mess. What Do We Do About That?

by Rob Pegoraro on April 19, 2013

The American Civil Liberties Union has a gripe with an unusual subject: the software on your Android phone.

It filed a complaint with the Federal Trade Commission on Tuesday that asked the FTC to investigate the major wireless carriers’ slow delivery of security and other updates to Google’s operating system, then compel those companies to let customers walk if their phones don’t get those patches soon enough.

The call for the FTC to research this situation looks a little redundant: Thanks to the astute reporting of Ars Technica’s Casey Johnston and Computerworld’s J.R. Raphael, among many others, we already know that Android phones get updates months after Google releases them, if they arrive at all. Meanwhile, almost all new models continue to ship with the 4.1 Android release that dates to last summer–not the 4.2 version that Google released in November.

But maybe having a government stamp on this will get more people’s attention.

What’s less obvious is how much late or never-shipped security updates will expand the market for malware on phones. At a minimum, this makes life easier for crooks looking to make a few quick bucks off unsuspecting Android users. At worst, I worry that unpatched vulnerabilities will allow compromises of the authentication apps used in many sites’ implementations of two-step verification.

(I asked about that concern at a discussion about user-account security at Google’s Washington offices yesterday. The gist of Google engineer Mayank Upadhyay’s reply: “This is a problem we are definitely aware of.”)

MORE »

{ 0 comments }

Who’s Going To Crack The Cord-Cutting Conundrum?

by Rob Pegoraro on April 11, 2013

Monday’s NCAA men’s basketball championship cost nothing to watch on over-the-air television–or on the NCAA’s March Madness Live site. That made it a much better deal than most TV programming, and may be a sign of how we might watch more TV a few years from now.

But a lot of other things will have to happen before the menu of online video options can start to match what you can get with a traditional cable or satellite multi-channel service. I was reminded anew of the scope of these obstacles at a panel discussion I led Saturday in Denver at Free Press’s National Conference for Media Reform on “cord cutting”–at which only two of the five panelists, myself and author/activist Susan Crawford, had ditched their TV subscriptions.

But our conversation also touched on a few potential turning points that could serve to ratchet open our TV-viewing options.

* What if other companies start cutting deals with Aereo?

Aereo’s system of routing over-the-air broadcasts to customers via individual antennas and Internet feeds has survived court challenges so far, and the company is getting ready to expand its service beyond New York. And recent reports have pointed to possible tie-ups between this startup and such established companies as Dish Network and AT&T, which might decide to offer Aereo as a cheaper alternate to their traditional programming lineups.

There’s a less likely possibility waiting in the wings: The Federal Communications Commission could decide that, after years of deliberation, that online-only TV providers such as Naples, Fla, Sky Angel legally qualify as multichannel video providers–which would subject them to a complicated legal regime and require them to pay retransmission fees to channels they carry but also ensure that they could not be shut out of programming altogether.

* When will a major sports league abandon regional blackouts? 

Right now, watching most sports online is a frustrating experience for fans of the home team: You can watch any other city’s team online, but not your own. There are workarounds–a neighbor has used proxy-server services that give him a distant Internet Protocol address to watch Washington Nationals games for the past year or two–and they should only get easier.

So at what point do sports leagues and regional sports networks decide they’re leaving too much money on the table? The math shouldn’t be hard; all MLB.tv has to do is look at how much money somebody might spend extra on a proxy-server option to get a sense of the value apparent in watching the home team at home.

MORE »

{ 2 comments }

Stick A Fork In That Browser-Breakup Story, It’s Done

by Rob Pegoraro on April 5, 2013

On Wednesday, Google announced it would change a part of its Chrome browser that users never touch directly, with differences that might take months or years to surface. The result was predictable: stories about Google’s “divorce” from Apple, underscored in some quarters with the claim that this is really Google sticking a shiv into Apple’s back.

Using the breakup metaphor to describe Google taking the Apple-led open-source WebKit code and using it to write its own Blink browser engine (also open-source) is tempting. But leaning too hard on it, or outright reading this switch as one company trying to sandbag another, may only show our continued fondness for soap-operatic analysis of the tech industry.

First, “forking”: It’s a normal, no-permission-required part of open-source development. Forking well-running code isn’t always advisable but sometimes is unavoidable: When developers of the OpenOffice.org productivity suite got fed up with Oracle’s stewardship of the project, they split the code into LibreOffice, and that effort has now taken a clear lead.

WebKit itself started life as a private fork of an older engine called KHTML (Apple contributed back its improvements after announcing the release of Safari in 2003). Google says it’s branching Blink off of WebKit to give itself room to write faster, cleaner, and more secure code; these improvements may be especially noticeable in mobile, and in the bargain Chrome’s development cycle should accelerate.

Google says Chrome’s openness won’t change. You may not feel inclined to trust it–why would you, when it’s only been weeks since the surprising, dismaying news of Google Reader’s impending demise?

But Google isn’t a monolithic entity, and the history of Chrome offshoots deserves consideration on its own. And with Blink using the same open-source licenses of WebKit, there should be no barrier to somebody else forking this code too.

The Blink fork matters more for how it should push back the threat of a Web monoculture–something I wrung my hands over two months ago here. A diversity of Web rendering engines (that is, the internal parts of a browser that draw pages on your screen) reduces the incentive of Web authors to support the majority platform and ignore others. For instance, Time’s Harry McCracken noted an intriguing possibility: Google’s move might make it easier for Firefox, which announced a new rendering-engine project with Samsung, to claw back some of Chrome’s smartphone market share.

And it can strengthen the Web’s collective security–see a 2010 Opera blog post pleading for Google to fork WebKit.

This change may inflict some extra work for Web authors, but there are already enough differences in WebKit implementations to require checking sites for compatibility in different browsers. As one Chrome developer opined: “If you test in Chrome but not Safari, you’re doing it wrong.”

Even if you suspect Google’s underlying goal is to subvert Web interoperability to hinder Apple’s products, an open-source project–in which the underlying code is open to everybody’s scrutiny and, if desired, forking–is one of the clumsier ways to go about that. Instead, make sure that Google’s own sites don’t lock out competing browsers. Watch out for changes to how third-party apps can connect to Google’s services–for instance, its puzzling switcheroo, since walked back a bit, about calendar-sync support.

And please remember to hold Apple, Microsoft and other major Web players to those standards too. It takes more than one company to play this game.

{ 0 comments }

ReDigi Ruling Shows The Widening Atoms-Vs.-Bits Fracture In Copyright Politics

by Rob Pegoraro on April 2, 2013

Those songs you paid for and downloaded legally from the likes of Amazon and iTunes? A federal district court ruling yesterday held that you don’t really own them, in the sense of having the basic ownership right of being able to sell them.

Judge Richard Sullivan’s decision in Capitol Records v. ReDigi isn’t going over well with digital-liberty types. It shouldn’t. It’s another example of trying to fit a digital case into an analog frame, at the cost of denting some logic along the way.

The case started when ReDigi opted to set up a clearinghouse for iTunes purchases. You’d use its music-management app to verify which of your files had come from Apple’s store and transfer those to its online storage (deleting your local copies in the process); from there, you could stream them to your computer or put them up for sale to other ReDigi users (making them unavailable to you in the process).

If this transaction involved a CD, nobody would question its legality. You bought the disc and own it; U.S. copyright law’s first-sale doctrine guarantees your right to sell that physical object to somebody else.

But the relevant section of copyright law is not so clear about the status of digital downloads. (You can’t point to Apple’s terms of sale for clarity in ReDigi’s iTunes-specific case; they don’t explicitly bar resale or call a music purchase a license, unlike Amazon’s.) Facing that unsettled situation, Sullivan read those provisions to favor Capitol Records: a transfer of a digital music file over the Internet is not a transfer but a reproduction, legally speaking.

“It is beside the point that the original phonorecord no longer exists,” wrote Sullivan. “It matters only that a new phonorecord has been created.”

(I hear some of you protesting already: “But… but… what difference does it make? The supply of music is the same!” I hear you.)

MORE »

{ 1 comment }

Social-Media Trend To Watch: Security That Doesn’t Have To Suck

by Rob Pegoraro on March 29, 2013

Social networks, e-mail services and other Web apps are competing to make logging into their sites more complicated–finally.

Alongside more traditional features like extra storage or a wide range of smartphone apps, their sales pitches have started to cite support for “two-factor authentication,” also known as “two-step verification.” That’s a generic term for asking users to provide some shared secret besides a password; in consumer practice, this extra ingredient usually takes the form of a numeric code sent to a device or produced by an app that only you should be able to use.

It’s not a new idea, even among consumer services.

Google introduced its version back in February of 2011, and Yahoo did likewise in December of that year. But after early attention among security types and the occasional tech columnist, attention faded. Much the same thing happened a year earlier when Microsoft and then Facebook added a lesser security alternative–allowing users to request a single-use code via text message, which they could then use in place of a password.

It took a bout of successful hacking attempts to put this feature into fashion. Last July, a Dropbox employee’s account got “pwned,” leading to the exposure of users’ e-mail addresses. A few months later, a teenage hacker pierced the security mechanisms around Apple’s iCloud to take over Wired writer Mat Honan’s Twitter account and remotely wipe his laptop in the process. In February, Twitter had to reset users’ passwords after its own systems were compromised; a month later, Evernote went through the same drill.

And a growing number of U.S. government offices, law firms and companies have reported break-ins by Chinese hackers.

No further confirmation should be required that the old security routine of telling users to pick hard-to-guess passwords (how often have you seen a site reject your chosen password as too obvious?) and then maybe change them every 90 days (because no bad guy would ever think to put a keystroke logger on a compromised machine to catch each change of passwords) no longer suffices.

So last August, Dropbox began offering two-factor authenticationApple started rolling it out as an option (with one halt to fix a serious security glitch in the first deployment) two weeks ago. And Evernote and Twitter have said they’ll provide their own forms of two-step verification.

MORE »

{ 7 comments }

← Previous Entries