Menu Sidebar
Menu

Android security progress

In a somewhat “click-bait”-y title1 on Motherboard, Lorenzo Franceschi-Bicchierai quotes the Director of Security for Android:

“For almost all threat models,” Adrian Ludwig, the director of security at Android, referring to the level of security needed by most people, “they are nearly identical in terms of their platform-level capabilities.”

In a short interview after a talk at a security conference in Manhattan on Tuesday the talk, Ludwig said that, “for sure,” there’s no doubt that a Google Pixel and an iPhone are pretty much equal when it comes to security. Android, he added, will soon be better though.

“In the long term, the open ecosystem of Android is going to put it in a much better place,” he said, without mentioning that Android has already been around for more than eight years at this point.

There’s no doubt that Google is getting better at handling security.  My Nexus 5, while no longer receiving OS updates, still gets monthly security updates.

However, the business model of Android really fails consumers.  Carriers and manufacturers are not motivated to maintain the toolchain to support updates.2  There are many people who never receive updates at all.  I’m sure Google pays the likes of Qualcomm big money to get support.

The story gets worse as Android begins to take a foothold in IoT devices.  While smartphones are highly personal devices that are at least managed with some sort of effort by users, IoT devices are abandonware by many manufacturers.

In the end, security is always a moving target and what matters to security is how many people are running an older OS.

In fact, Ludwig said showing a graph, less than 1% of Android smartphone contain malware.

Uh, 1% is likely greater than 14 Million active devices.3

Fragmentation is a problem.  Android, by its own success has a difficult job ahead.


  1. Seriously, this is a horrible title. 
  2. Qualcomm, for instance, has no need to keep SOC and LTE antennae drivers up to date. 
  3. Google stated that there were 1.4 Billion active devices  back in Sept 2015.  So it’s probably getting close to 2 Billion active devices. 

Apple Touch Bar & Microsoft Surface Dial: Two separate solutions for the same problem

Yesterday, Microsoft announced their all-in-one Surface Studio PC featuring a very clever integrated zero-force monitor arm.  It reminded me of Wacom’s Cintiq line of visual graphic tablets.

Now the Surface Studio  isn’t cheap ($2,999 USD for the base model), but I’m actually more intrigued by the new Surface Dial that they released as an add-on accessory to the Studio PC.

MS Surface dial

When placed on the screen, a menu appears. You can toggle and adjust different functions by turning it or clicking it.

It seems similar at first to the Griffen PowerMate dial that has been around for years (in USB form), but when placed on a compatible Surface product (works with both the Surface, Surface Book and Studio), it displays a contextual radial command dial that you can interact with.

When the dial is on the screen, you can rotate and toggle commands.

When the dial is on the screen, you can rotate and toggle commands.

Today, Apple released a revision to their MacBook Pro product line with an integrated, secondary touch display called Touch Bar.

Apple Touch Bar

The Touch Bar sits where the function keys used to sit.

The Touch Bar features contextual commands that replace the function keys.

Apples Touch Bar is contextually aware of the app you are in.

Apples Touch Bar is contextually aware of the app you are in.

Firstly, I think it’s great that we’re moving beyond the “right-click” contextual menu.  Too many features are buried behind it.  Hell, Apple even turns it off by default. Don’t even get me started with Linux.1

That said, I remain unconvinced that either of these solutions are home runs.

Apple’s Touch Bar requires you to separate your attention across two different displays.  However, I know many designers and programmers who use multiple monitors successfully to improve their performance.  I think an additional problem is that Apple doesn’t offer an external keyboard with such a display. I would only use the Tool Bar when working mobile.  I prefer a separate keyboard and trackpad / mouse when docked to an external monitor when I’m at my desk. Inevitably, my MacBook is often closed.2

I like the “directness” of the Surface Dial.  Context is king and the fact that there is no spatial separation between the content, the commands and the Surface Dial makes it easier to use.3  I think this is a key learning from Microsoft’s Surface Table device.4   That said, encapsulating it into a physical device that has to be placed on top of the screen will limit it’s uses.  The radial movement doesn’t apply well to certain tasks.  Inevitably, the 360˚ area will be obscured by your had as well. There is also the cost of the peripheral ($99 USD).

The abstraction available for Apple’s Touch Bar will give it additional flexibility, but I wonder how it behaves when multi-tasking across two or more windows. I suspect that the transitions in the Touch Bar commands will be distracting on your peripheral vision as you move between apps. Moreover, with the Touch Bar toggling between apps, it will be difficult to develop muscle memory.5

We’re also held hostage by how well software companies make use of the Tool Bar.

It would be great to see software utilities take some real estate there as well.  I wouldn’t mind using it to display status menus.

A side note on the inclusion of TouchID on the MacBook Pro

I love the addition TouchID to the Touch Bar. Using it to unlock your device is great. I feel the use case of fast user switching isn’t great because I don’t know many people who share a laptop across different user accounts.  It’s unfortunate that this isn’t available across more devices.6  It would be great for the iPad or Apple TV or iMac where there are multiple users on each device (i.e., think Kids’ vs Parents’ profiles) .


  1. There is a Linux Desktop Environment called OpenBox that binds a “root-level” start menu in their mouse right-click. 
  2. Like any good graduate with a Human Factors and Ergonomics degree. 
  3. Similarly, I loved the loupe feature in Apple’s discontinued pro photo software, Aperture. 
  4. For instance, you could sync your camera photos by placing it on the Surface, but you didn’t know what camera (if any) supported this feature. 
  5. For instance, I know how to start / stop iTunes and change the volume without looking at the keyboard. 
  6. C’mon Apple!  Throw me a bone and add this to an external keyboard. 

pfSense OpenVPN, VLAN and DNS Resolver guide

This is a great tutorial on setting up AirVPN (can easily be applied to any VPN provider) on pfSense 2.3.x and VLANs.  I had always meant to update my guide for this.  I had written:

NOTE: FWIW, I think you could accomplish this through VLANs [rather than static IP addresses]

The author goes through the details of setup, including VLANs as well as hosting your own DNS resolver.  It’s a great job.

 

 

The behavioural psychology of engagement

Working in design and UX, my team and I are often challenged with making things more “engaging”.  In other words, how do you make the user come back for more?

Ian Leslie writes in, “The Scientists who Makes Apps Addictive“:

Fogg called for a new field, sitting at the intersection of computer science and psychology, and proposed a name for it: “captology” (Computers as Persuasive Technologies). Captology later became behaviour design, which is now embedded into the invisible operating system of our everyday lives. The emails that induce you to buy right away, the apps and games that rivet your attention, the online forms that nudge you towards one decision over another: all are designed to hack the human brain and capitalise on its instincts, quirks and flaws. The techniques they use are often crude and blatantly manipulative, but they are getting steadily more refined, and, as they do so, less noticeable.

In particular I found the paragraphs about slot machines of interest:

The casinos aim to maximise what they call “time-on-device”. The environment in which the machines sit is designed to keep people playing. Gamblers can order drinks and food from the screen. Lighting, decor, noise levels, even the way the machines smell – everything is meticulously calibrated. Not just the brightness, but also the angle of the lighting is deliberate: research has found that light drains gamblers’ energy fastest when it hits their foreheads.

But it is the variation in rewards that is the key to time-on-device. The machines are programmed to create near misses: winning symbols appear just above or below the “payline” far more often than chance alone would dictate. The player’s losses are thus reframed as potential wins, motivating her to try again. Mathematicians design payout schedules to ensure that people keep playing while they steadily lose money. Alternative schedules are matched to different types of players, with differing appetites for risk: some gamblers are drawn towards the possibility of big wins and big losses, others prefer a drip-feed of little payouts (as a game designer told Schüll, “Some people want to be bled slowly”). The mathematicians are constantly refining their models and experimenting with new ones, wrapping their formulae around the contours of the cerebral cortex.

Gamblers themselves talk about “the machine zone”: a mental state in which their attention is locked into the screen in front of them, and the rest of the world fades away. “You’re in a trance,” one gambler explains to Schüll. “The zone is like a magnet,” says another. “It just pulls you in and holds you there.”

A player who is feeling frustrated and considering quitting for the day might receive a tap on the shoulder from a “luck ambassador”, dispensing tickets to shows or gambling coupons. What the player doesn’t know is that data from his game-playing has been fed into an algorithm that calculates how much that player can lose and still feel satisfied, and how close he is to the “pain point”. The offer of a free meal at the steakhouse converts his pain into pleasure, refreshing his motivation to carry on.

Sound familiar?  One only needs to look at something like Candy Crush Saga to realize how much we are indebted to Las Vegas?

For those who haven’t read Nir Eyal’s Hooked, you’ll find a great model for how rewards can trigger the motivation to return.

@Kobo: It’s been a slice

Today was my last day at Kobo.

Over the past seven years, I have forgotten more war-stories than I remember. What is left are positive memories of Kobo, née ShortCovers, bringing digital reading to the masses through our mobile apps; anytime & anyplace. It’s followed by us dreaming big and making our mark on the world by building the world’s first “affordable” eReader.1 We expanded and grew the Kobo family quickly with early innovations in gamification and social reading. We did this all while taking on industry titans like Apple, Amazon and Google.

In that time, companies like Palm, Nokia, Borders and Oyster are no longer. Sony exited the eReading market.2 Barnes and Noble have all but left the market.

Kobo has played a big role in changing the way people read and I am positive that future historians will talk about Kobo alongside the other companies (west of Toronto) when they talk about the shift to “digital reading”. More importantly, Kobo has played a huge part in moulding the person that I am today.

I’ve had a spectacular time there.

Keep on, keeping on.

Tai


  1. People don’t remember that Kobo was the first to start the eReader price wars. 
  2. Sony actually founded the entire E INK eReader space a decade before Amazon entered. 

Comcast has a dream(works)

The USA Today reports:

Comcast is in talks to buy DreamWorks Animation in a multi-billion-dollar deal, The Wall Street Journal and Bloomberg are reporting. The cost of the deal would be more than $3 billion, according to both news organizations, citing unnamed sources. Jeffrey Katzenberg, CEO of DreamWorks Animation, has been searching for a buyer for the company, which has a current market value of $2.3 billion. DreamWorks is based in Glendale, Calif., and was founded in 1994 by Katzenberg, filmmaker Steven Spielberg and movie and music executive David Geffen. The animation unit was spun off in 2004. Philadelphia-based Comcast has two primary businesses, Comcast Cable and NBCUniversal. Comcast also owns Universal Parks and Resorts. Comcast already owns an animation studio, Illumination Entertainment, known for its work on the Despicable Me and Minions movies.

Comcast already owns NBCUniversal which owns Illumination Entertainment1.

When you’re an infrastructure company like Comcast Cable, you need to diversify into content or services lest you be left behind as a “dumb tube”.

However, I think the real play is against Netflix.  The properties of DreamWorks have long been part of Netflix’s catalogue2.  You can expect them to disappear when the rights are renewed if this deal goes through.


  1. They own properties like Despicable Me, Minions and Dr. Seuss licenses. 
  2. Shrek, How to Train your Dragon, Kung Fu Panda and Madagascar properties. 

Microsoft announces that the Xbox is coming to the PC.

From the Guardian’s piece called, “Microsoft to unify PC and Xbox One platforms, ending fixed console hardware“:

 During a press event in San Francisco last week, Spencer said that the Universal Windows Platform, a common development platform that allows apps to run across PC, Xbox, tablets and smartphones, would be central to the company’s gaming strategy. “That is our focus going forward,” he told reporters. “Building out a complete gaming ecosystem for Universal Windows Applications.”

This is, he explained, the culmination of the company’s vision over the past year. In January 2015, Microsoft announced that it was bringing an Xbox app to Windows 10 PCs, allowing cross-platform play and a cohesive friends list across both platforms. Then, in November, the Xbox One was updated to be compatible with Windows 10, bringing a new interface and features to the console. In late-January, Microsoft chief executive Satya Nadella told attendees at the dotNet conference in Madrid that UWAs would be coming to Xbox One, but did not specify in what capacity.

I actually predicted that Microsoft would do this eventually in Steambox vs. the Incumbants (Xbox One, PS4):

Here are my bets:

• Valves strategy will play out over the next 3-years.
• Microsoft will make their Xbox One experience available as a digital download–you’ll be able to run your Xbox games on your Windows 8 PC.
• PC OEMs will manufacture generic gaming consoles certified for Windows 8.x w/ the Xbox One Experience and Steam OS, but Valve will have the upper-hand because they will support game streaming to android and iOS mobile devices.
• Game streaming from a single high-end PC to lighter / thinner clients will be norm by 2015.

Valve’s Steambox strategy never really played out the way I expected (although they still have 6 months to make my prediction come true).  It was disrupted by the emergence of VR over the last 12-18 months.

In general, the OEM Steamboxes are disappointing.  It makes sense for Microsoft to unbundle the Xbox One’s experience as consoles just don’t have the penetration that PCs do and growth has stopped in both industries.  They can buoy their media business by extending their reach into PCs.  With regards to generic hardware that can run both Windows and SteamOS, this is exactly what the OEMs are doing (e.g., Alienware’s Alpha is the same box for Windows as it is for SteamOS).  It’s unfortunate that SteamOS hasn’t caught on–I would blame the poor performance of Linux GPU drivers. There is little advantage to buying a SteamOS box–the Windows experience with Steam Big picture is just better and more versatile.

Game streaming is still an emerging behaviour, and the forays into it by Steam (via their Steam Linkbox) and nVidia haven’t set the world on fire.  Sony, to their credit, are definitely making headway into this.  Things that hold this back is that this almost always requires a wired-infrastructure.  Wired ethernet is less common now a days and most homes are linked through single WiFi routers. Moreover, single purpose devices (like Steam Link) don’t appeal to general populace.  It needs more mass consumer features (e.g., Netflix, Youtube, etc.).

Will the Internet of Things be the next green field?

I’ve been looking at the MEAN.io stack technologies (it seems like the new hotness) and I can see this being the underlying the language for the “Internet of Things”.  IoT is a term that has slowly crept up into the consumer marketplace displacing the “home automation” trend, but its been in use in many other industries like supply chain and manufacturing for years.  It popped up in the consumer mindshare in a big way in this years CES and MWC.

As we’ve seen the mobile space being dominated by the iOS and Android ecosystems, innovation takes place on those platforms, on their terms.  IoT is proving to be the next green field1.

If you read any of Ben Thompson’s work at Stratechery.com, he wrote a wonderful article in 2014 called “The State of Consumer Technology at the end of 2014“, where he outlines what he calls the “Three Epochs of Consumer Tech”:

An image from Ben Thomspon

The Three Epochs of Technology

Extending the model below, it’s clear why people like Apple, Amazon, Google, and challengers like LG, Samsung, Xiaomi, Huawei, etc. will be leading the charge into the IoT space over the next 1-3 years.

Epoch PC Internet Mobile IoT
Communications Email Facebook Messaging Voice?
Work Office Google “Sharing” Uber, Amazon,
OS Windows Web Browser Android / iOS AWS?
Scale 10s of Millions 100s of Millions Billions 10s of Billions

Extending that illustration, you can map the impact of connected household goods to tens of billions of connected devices; it’s an exciting opportunity.

As with any new technology, there will always be unintended consequences.   As you increase the number of connected devices by a magnitude, you’ll inevitably introduce a completely different number of variables to the equation.

Take the upgrade cycle for instance. The upgrade rate of home appliances are a magnitude longer than any phone or device.2  It’s not uncommon to keep an appliance for 10+ years.  Imagine how the industry will change during that time? Whole services and protocols will go in and out of fashion. Will appliance manufacturers keep the software up to date? Surely closed ecosystems will age out and introduce planned obsolescence–look to more open development platforms to keep devices up and running in the coming years.3

A lot of interesting questions

Who will provide the fabric of the IoT:

  • Clearly the underlying protocol is IPv6 in nature, but I don’t know of any emerging protocol that will take hold.
  • Cisco systems is positioning themselves for this with their Jasper acquisition and OpenDNS acquisition.

Where is the hub for IoT?

  • Is the living room the centre of the connected home?  Both Microsoft and Apple seem to be positioning their bets there (with the XBox and AppleTV, respectively).  Google’s attempts in the TV space are half-hearted and their acquisition of Nest and DropCam only address the outer-edge of the a hub and spoke model.
  • Maybe there is no hub?  It’s centred around the smartphone?

Who will provide the OS for IoT?

  • I think the emerging leader right now is Amazon and their Amazon Echo device.  I can see this being the UI for the OS. In general, it’s voice.  Facebook has planted the seed that the group messaging client will be the new operating system, but their idea of mining intent from messaging using bots and NLP doesn’t pass the smell test for me (people generally don’t want Facebook looking at their chats…).
  • From a platform basis it’s not so clear.  Everyone will have devices running their own software. Strong brands will attempt to create walled gardens (Google vs. Apple vs. Samsung).  In that sense, IoT will a horrible customer experience without some defined standards.  It will take something akin to the early W3C specifications, champions on both the private and standards sized to get to something usable in my opinion.

Who are the Big players in the the IoT space?

  • Will it be Apple? Google?
  • I think it will be out of the hacker space from China.  Only they have the supply chain expertise necessary to build the necessary sensors into devices.

What’s the big payoff for consumers?

  • Is it really important to have a toaster and fridge on the Internet via IPv6? No.  There isn’t.  This is a difficult problem for companies.  Communicating the value is difficult because it’s not very clear how all of these inter-connected devices will improve your life.  Examples need to be specific.
  • It’s all about the sensors and all about the software that will take that information and make it smart and insightful and enlightening–we’ve barely scratched the surface of this for consumer consumption, but we’ve seen this play out for years in in heavy and light-industry (e.g., Supply chain).

  1. To a lesser extent, you could say this with VR as well, but what is markedly different is the scale between the two areas.  We’re talking 10s of millions of devices vs. billions, respectively. 
  2. As much as I am enticed to upgrade my aging iPad3 (from 2012), with the new iPad Pro 9.7″ launched this week, I think I’ll wait one more version.  I think Tim Cook underestimates the upgrade cycle for the iPad.  It’s more akin to a PC and there is no cellular phone provider to offer upgrade subsidies to catalyze its upgrade cycle like with the iPhone. 
  3. I have the same concern with automotive software–it will be interesting to see how Tesla fares.  I think Apple Car and Android Auto is the future. 

Virtual Reality Adoption: Market Size, Affordability, Ergonomics, and Shareability

The big story of CES 2016 was the outstanding Virtual Reality demos by Oculus, HTC, and Samsung.  A lot of stuff on the technology and how amazing it is has already been written, but I wanted to touch upon some of the user adoption issues that I think these companies need to overcome in order to make this a mass-audience play.

There basically 4 contenders emerging out of the CES 2016:

  • Oculus
  • HTC
  • Sony
  • Samsung

We all know that Oculus is the front runner.  Facebook’s purchase of Oculus put them on the map. They are taking VR and pushing the platform forward with brilliant technology and engineering. The new comer is HTC. They’ve come out of no-where with their Vive headset and are showing what some are saying are more impressive technical demos than Oculus.

The key thing for HTC’s Vive is its affiliation with SteamVR.  It gives them that reach towards hardcore gamers and a proven eCommerce platform to sell software off of.  Great move by HTC and Valve. Sony didn’t participate in CES 2016, but they have been showing off their Morpheus headset and are boasting a large gaming catalogue. Samsung’s focus is on their mobile devices with GearVR.  More importantly, Samsung’s take on VR is in the market today.

I’ll admit it: I’m on the VR bandwagon. I bought a cheap Google Cardboard shortly after Christmas and I’ve put it through its paces.  All I can say is that even for $15 CAD, this stuff is real, it has tonnes of potential, and it won’t be going away too soon.  There’s real promise to the technology today (unlike the ridiculousness of the mid-90s version of VR as typified by Vr.5).  I want to pre-order to Oculus Rift, but I’d also have to spend a good chunk of change upgrading my PC. There are also a few things I find questionable about the mass-adoption of VR technologies.

Is the market large enough?

Sony didn’t participate in CES2016 this year.  They probably have the most to offer with their planned Sony VR headset being primed and ready for the Playstation 4.  With a 100 games at launch, this will be a significant coup for them.  Given an install base of over 36 Million PS4s in world-wide, it looks like the addressable market for Sony’s VR platform appear to be 2-4 times greater1 than Oculus and HTC’s share of compatible computers.

As Jason Evangelho from Forbes.com says:

GPU maker Nvidia estimates that when the Oculus Rift ships later this quarter, there will only be 13 million PCs that are able to run an optimized VR experience.

Jason Paul, general manager of Nvidia’s Shield, gaming, and VR business, has insight into the hefty demands for gaming in Virtual Reality. Speaking to VentureBeat, he said: “If you look at your typical PC gaming experience, 90 percent of the gamers out there play at 1080p. For a smooth experience you don’t want to go below 30fps. Compare that to VR where the displays are about 2K, but you have to render closer to 3K, and you don’t want to go below 90fps. **It’s about a sevenfold increase in raw performance to render for VR versus traditional PC gaming.**”

Meanwhile, we just learned that Sony’s $349 PlayStation 4 continues to sell briskly, with the company approaching 36 million units sold globally. Every PS4 sold is capable of running the PlayStation VR (formerly Project Morpheus) experience. On the most basic level, that means there are 36 million PS4 systems in the wild right now, capable of running an optimized VR experience (“optimized” since there’s only one platform with uniform specs to develop for).Jason Evangelho

Is this a profitable business sustainable with only 10s of millions of users? Definitely a “yes” if the devices can be sold at a high margin, but…

We all know that consumer tech is typically a race towards the bottom.

If anyone is positioned well, I got to think that Samsung’s approach is the most valid.  With 100 of millions of handsets already compatible with GearVR, it’s gives a really immersive experience with a relatively low start-up cost.  While I don’t think Samsung will lead the race2, they will be remembered as the ones who really got the VR bandwagon rolling. Hell, they’re providing all the display tech anyway.

New technology is always expensive

I know that hardcore PC gamer will front the money for a headset that promises to offer a more immersive experience for their games, not too sure about console gamers.

The cost is significant. Only a small percentage of PCs today meet the minimum requirements for consumer VR.  At ~$1500 USD for a headset and VR-ready computer bundle, I’m not sure if VR will spur people to upgrade their computers.  More importantly, there really isn’t any portable computing solution that allows people to even experience Rift or Vive.

Quite frankly, households don’t have that many desktops anymore–I typically wouldn’t recommend a desktop to anyone purchasing a new computer.

Wires suck

Having your head tethered to a PC or gaming console feels a bit ridiculous and looks ridiculous.  As impressive as the Vive’s head and motion tracking appears to be, walking around with a cable tethered to your head isn’t exactly immersive.  Total health and safety hazard right there. It’s an ergonomics issue that will require significant engineering to overcome.

The experience isn’t shareable

Having a person holding the cables coming out of the back of your head as you walk around isn’t what I call communal.

Not being able to easily share the experience with others will hold back adoption as well; they can’t leverage the network effects of the Internet and their growth will probably operate more like a SneakerNet. It can’t go viral very easily.  eReaders have the exact same problem with traditional book lovers. Traditionalists don’t see a reason to change over, but if you give them an eReader to use, the likelihood of conversion is much higher.3

That said, the display technology is absolutely bleeding edge.  John Carmack discusses some of the issues that they are encountering in his 2014 Oculus Connect keynote.  I suspect it will probably drive a lot of the innovation in the consumer electronics-, pc-, and mobile-space for several years to come.


  1. Given that nVidia provided the number, they are probably excluding computer systems with AMD-based GPU cards.  So this is most likely underestimated on their part. 
  2. Samsung’s reliance on Google for the software will do them in.  Cheap Chinese OEM knock-offs of GearVR are already flooding the market. 
  3. I’d like to think that I know what I’m talking about here.  ^_^ 
Newer Posts
Older Posts

Pixels & Widgets

A blog by Tai Toh