Monday, June 27, 2016

Multiple connections to the Canadian Heritage Information Network (CHIN) LOD project

One of the things I like about working at Canadiana.org is the links between what I'm paid for (systems and software design,administration,maintenance) and other aspects of my life. A project we have with the Canadian Heritage Information Network (CHIN) is an example.

A Linked Open Data Internet Hosting Project

Canadiana's primary involvement in the project is to host the Artefacts Canada Linked Open Data website.

The platform was developed by another contractor for CHIN, and is built upon two NoSQL database servers with Solr for text search and Blazegraph as a graph database.  The 'aclod' (Artefacts Canada Linked Open Data) application is written in Java, and runs within a Jetty.

Part of why we wanted to partner with CHIN is that we are growing our access platform and need to explore graph database technology for Linked Open Data (LOD) projects.  The graph database would be in addition to our existing use of Solr, CouchDB and MySQL. Our metadata architect, software lead and myself as systems lead will be taking a close look at this application.

The site is currently hosted within our Ottawa datacenter, but will soon be moving to a more powerful host located at the University of Toronto. As part of our Trustworthy Digital Repository certification we have succession agreements with 3 partners where we have servers as part of our preservation network: Library and Archives Canada in Ottawa, University of Toronto, and University of Alberta in Edmonton. We have a half-cabinet in a Montreal commercial datacenter, but I look forward to when this can be moved to a fourth partner joining the preservation network (Greetings to anyone reading this from McGill, Université de Montréal, or UBC which are the other 3 often listed as the top 5 Canadian universities).

An Open Government initiative

I am a long time (Free/Libre and) open source, open data and open government advocate. While I was reading the Draft New Plan on Open Government 2016-2018 I noticed something familiar within Commitment 8: Enhance Access to Culture & Heritage Collections.
In 2015-16, the Canadian Heritage Information Network Program (CHIN) partnered with eight art museums across Canada to develop an approach to link the collections of each museum with each other, and to related external resources, based on industry best practices (e.g., Linked Open Data). This work demonstrates the feasibility of using Open Data approaches to link collections across museums and other memory organizations.
This project that Canadiana has been asked to host is a small part of something much larger that will hopefully grow with further stages of this project and the growth of government released linkable open data.

A past customer

I was a self-employed consultant between 1995 and the summer of 2011, when Canadiana convinced me to become a salaried employee.  This was after completing a 6-month contract with them starting in January 2011.

In the winter of 1997/98 I did a contract for CHIN to upgrade their online subscription registration system to include subscription renewals. This was built with PHP and FI, prior to when those component were merged to become the PHP scripting language people are more familiar with today. I was impressed that this agency of a federal department had adopted this emerging web-based language developed by Danish-Canadian programmer Rasmus Lerdorf. At the time so much of what I saw in the federal government was locked into languages and technology that were proprietary and controlled by foreign corporations.

Part of the copyright debate

For my first few years at Canadiana I requested to be part-time so that I could attend, live-tweet and write daily commentary on the hearings for the copyright bill (first for C-32, which was re-tabled as C-11). I was a witness on March 8, 2011.

Browsing the ACLOD site you will see images of artwork whose creators have died prior to 1966, meaning the works are in the public domain in Canada and not subject to copyright regulations for Canadians. On the site there are notes suggesting some of these images are regulated by copyright, with the gallery or museum alleging copyright.

Canada is a country that requires "skill and judgement" as a test for originality to be granted copyright, and most lawyers agree that merely digitizing (regardless of the type of recording equipment used or if a human or tripod was holding the recording device) existing artistic works does not create new copyright.

This policy of some museums and galleries is controversial for artists as they find it frustrating (and sometimes insulting) that these institutions often don't pay creators to publicly exhibit their works during the term of copyright, and yet charge "copyright" related fees for artists to build upon mere digitization of works in the public domain.

Canadiana is a creation of the Canadian library community: We're a Canadian charity with a board made up of representatives of the LAM community, not a vendor.  I believe it is important for all memory institutions and other parts of the Library, Archive and Museum (LAM) community to work together to help minimise confusion and animosity around copyright. I don't say this as a critique of the great work that went into this or similar projects, but as an area of policy where I believe there is considerable opportunity for improvement within our community.

Saturday, June 25, 2016

"Copyright-free" material is not edging out Canadian educational texts

The misinformation campaign about the minor clarification to educational fair dealings is ongoing. This includes fictional claims about kids suffering, abusing the standard "why won't they think of the kids" in a way that I believe is harmful to the education of Canadian children.

As my minor contribution to the education campaign about the reality of the situation, and who is actually promoting the interests of foreign interests, I sent the following letter to Nigel Hunt about his oddly by-lined Copyright-free material edging out Canadian educational texts.




While this article accurately portrays the narrative often spun by John Degen, further investigation into the issue reveals a very different story.

Prior to modern communication technology like the internet it was very hard and expensive to get licensing for copyrighted works. To solve this problem Collective Societies were created that offered blanket licensing at fixed fees no matter how many works required licensing. These fixed fees were then distributed to copyright holders based on estimates from surveys.

In the case of Access Copyright, the collective with John Degen is promoting, the money flows primarily to foreign educational publishers. This is in addition to the fact that Access Copyright collects a quite large transaction fee, some estimating about a third of the royalties that flow into the collective.

Modern technology provided many opportunities. Copyright holders can now directly license their works on a variety of business models. Large databases are the bulk of what educational institutions are using for licensing, and this is a great win for copyright holders who no longer need to rely on inaccurate surveys and large transaction fees but accurate computer generated statistics of usage. Another growing model is open access where the costs of creating the work are paid up-front to the authors, editors and reviewers, with later access being royalty free. This also allows for friction free derivatives, enabling things such as low cost localization where a textbook authored by an international community can be cheaply Canadianized.


While these modernizations are good for authors, the educational sector, and taxpayers who are ultimately paying for all of this, it is opposed by Access Copyright promoters.

While it is important to waive the flag, it is important to recognize which flag people are flying. Those who support these modern advances are benefiting Canadian authors, Canadian educators, Canadian students, and Canadian taxpayers while those who promote the conflicting interests of Access Copyright are primarily promoting the interests of foreign educational publishers.

John Degen is also spinning a tale on one of the minor changes made in the recent copyright bill. Educational institutions are quite conservative, and are prone to over-payment of copyright fees by paying in situations where payment is not required by law While the Supreme Court has offered numerous rulings to clarify the law, educational institutions remained nervous. While it made no real change to what the Supreme Court had already stated, the word "education" was added to the list of criteria to help reduce the fears of educational institutions. It was not, as John Degen claims, a radical change to the law that allows educational institutions to not pay where the law previously required they pay, but to deal with overly-conservative institutions which were over-paying collectives to the detriment of Canadian taxpayers.

There are some authors who are trying to leverage their copyrighted works as a type of Trojan Horse to impose Access Copyright on everyone by refusing to add their works to online databases or allow transaction licensing through other methods. This problem reveals the fact recent copyright amendments didn't go far enough on Fair Dealing, and should have included the effect on the market as a major consideration. This should clarify that it would not be an infringement of copyright to use a work where its copyright holder can't be found or no longer exists (orphaned works) or where the copyright holder refuses to license on reasonable terms. This would provide a much needed economic incentive for those who prefer to play political games rather than allow people to pay them.

In the meantime, it is necessary for education institutions to warn staff about these political games and advise them to steer clear of the affected (infecting?) works. It is not educational institutions which are forcing these works out of the Canadian education institutions, but the relevant copyright holders.

Note that none of this relates to public domain works which are the only "copyright free" works. It is simply false to suggest that public domain works have any significant impact on this discussion, making the byline for the article quite confusing.



See Also:

http://mcormond.blogspot.ca/2016/03/educational-fair-dealings-battles.html
http://mcormond.blogspot.ca/2016/03/educational-fair-dealings-battles_10.html

Monday, April 4, 2016

Perspectives on computer security and encryption from Apple, the FBI and I : Apple

Apple's perspective on computer security and encryption

This is the third in a series that started with discussing the FBI and my own use of security and encryption technology.

Apple's most lucrative product line at the moment is their iOS based distributed content delivery platform. This includes the iPhone, iPad, Apple TV, iWatch, and related hardware.  While this hardware is distributed to customers, the platform is similar to the platform I manage for my employer where hardware is distributed geographically but control remains in our hands.   This is the platform which Apple has been marketing to the content industry for decades as a safe secure platform for them to distribute their multimedia where it is Apple and not the end users which control the technology.

These devices are intended to be connected to the network, and the ongoing work to secure them is similar to any other network connected device.  The network and exploits carried out on the network don't differentiate clients and servers as much as the layperson thinks, and any network connected device must be constantly updated to deny unauthorized control.  The question of authorized control doesn't differentiate between types of devices, and it is just as easy for Apple to remotely manage an iOS device as it is for me to remotely manage the computers I do.  The major difference is in the reliability of the network connection, with mobile devices having less stable network connections than servers.  People also don't tend to turn servers off when a specific user isn't using them, but remote management and control doesn't require constant network access.

Hardware assistance for Apple's security

Apple's iPhone 5C which was discussed in the FBI vs Apple lawsuit does not include Touch ID or a Security Enclave, so it is similar to the existing control which Canadiana has of our distributed computers. While Apple remains in control of the platform, they are not as secure from malicious apps or intruders with physical access to the computers as they would like.

Secure Enclave is Apples implementation of the SecureCore and TrustZone technologies from ARM I discussed in the previous article.  This will grant Apple greater control over the technology than they had before, including greater control over the scenario where the attacker has physical access to the hardware.

Some users may find this technology will eventually make what is commonly called jailbreaking much harder, if not impossible.  Apple could opt to use Secure Enclave to disallow the people who possess the hardware from having any ability to bypass any of Apple's control.  It is critical to understand that Apple's use of this technology is not to grant the technology user more control over the hardware or their data, but to transfer any remaining control that the user might have had to Apple.  People who possess this hardware often incorrectly think of themselves as owners, even though acquiring an iOS device has become legally more similar to renting than purchasing due to anti-circumvention legislation.

People who acquire this hardware are not alone in the confusion. When James B. Comey, Director of the FBI, offered testimony in front of the Judiciary Committee he said, "In recent months, however, we have on a new scale seen mainstream products and services designed in a way that gives users sole control over access to their data."  While some people have suggested he might have been talking about Apples adoption of SecureCore and TrustZone, he is incorrectly suggesting it was "users" of these devices who would have sole control over access to data rather than Apple having additional control over the device.  It is possible that he fully understands Apple's use of technology, and wants to offer free advertising to Apple knowing that Apple is specifically not offering the service he is suggesting they are.

This is the same concern I have with the services I provide:  If law enforcement and courts believe it is the entity that possesses the hardware that is in control rather than the entity controlling the software stack with full network access then they will continue to send court orders to the wrong entity.

Law enforcement need to understand the technology better.  In the case of an iOS device, it is Apple who is the responsible entity and should be served with the warrant.  A very different scenario would be someone who is running CyanogenMod where it is the individual user (in this case, legitimately called an owner) of the device that is in control and thus they should be served with the warrant.

Limits to Apple's control

In the specific case before the courts the technology user didn't destroy the device, and there has been nothing to suggest that the user even "jailbroke" the device to bypass any of Apple's control.  The FBI currently possesses the device and will obviously be granting network access and power to the device.  This means that all the potential limits to Apple's control do not apply in this case, and thus they have full access to do anything requested of them.

In this case it appears that the FBI jailbroke the device on their own, no longer having a technical requirement to require assistance from Apple.

The law

While I may believe that lawful access all too often grants excessive access to police without adequate oversight, the law is clearly in the government's favour in this instance with the iPhone.  If we were talking about information stored on Facebook or Twitter, where the physical location and who was in control of the computer in question wasn't confusing people, the debate would not be happening at all.  Clearly Facebook is in control of their network of computers whether or not the devices are stored in locations that Facebook owns, and Apple is similarly in control of their secured platform.

There is no back-door being discussed.  All that Apple was being asked is to use their keys to the front door and access the data.  They are the entity that holds those keys, not the user of the technology who under anti-circumvention laws are denied legal access to the keys.

While Apple has been misdirecting people and stalling, and there are "engineers" who have allegedly threatened to leave Apple if the government is lawfully granted access, the situation is no different than any other of hundreds of technology companies providing services to users on a platform that the vendor rather than the user controls.  If Apple executives or individual employees are destroying evidence they should be found in contempt of court, and handled severely.

If Apple's engineering staff is not sufficient (or no longer after vigilantes resign) to solve any technical problems, then the court should order all source code and technical specifications to be disclosed to a third party who can do the require work.   If Apple refuses to disclose this information, then I would suggest that revoking their corporate charter should be the minimum on the table.

The fact that the FBI jailbroke the device should not have ended the case, and Apple should still be pursued by the government.

Politics

Adi Shamir, an award-winning cryptographer who helped create the RSA encryption algorithm in 1977, suggested that Apple "wait for a better test case to fight where the case is not so clearly in favor of the FBI."

I'm not convinced that Apple had an interest in winning the case. Apple's greatest threat to the market share for their secure vendor controlled content delivery platform comes from technology users switching to devices which they can individually control. Apple has a history of dishonestly trying to misdirect responsibility for their centralized control. While for decades it has been the confused content industry that still has some who mistakenly believe that this vendor control benefits them, a far more powerful scapegoat would be law enforcement and national security agencies.

Apple has the FBI falsely suggesting that next generation iOS devices "gives users sole control over access to their data", providing Apple with marketing for a service they don't provide and driving users to technology which the FBI and other government agencies will have easier access to through the legal system than competing technology. Whenever Apple is requested to disclose information they can claim "the Government made me do it", even though it is Apple who denied users of their services any device control in the first place.

It seems unlikely to me that the FBI didn't already have technology to "jailbreak" the device at hand.  This isn't going to be the simpler third party services available to end users, as governments will have far more resources and techniques available to them to "jailbreak" devices.  I suspect that the case was pursued for political reasons to try to push this issue forward, and likely to prop up Apple's marketing claims that they are providing technology which protects the users rather than Apple's conflicting interests.

Apple also knows that their business model and lobbying in support of anti-circumvention legislation is controversial, and them being the ones to push this case forward would provide less community opposition to the FBI than if a less divisive company were bringing the case forward.  Their involvement complicates what could have been an easy to understand set of sound bites in support of protecting technology owners rights against unreasonable search and seizure into something extremely complex to discuss.  I have been delayed in participating in the discussion as it took me a while to decide how to explain my position, and I fully expect to still get confused "but Apple are the good guys" comments to this article.

Apple's ongoing attack on technology owners interests could cause considerable damage.  If it becomes considered normal to have the vendor rather than the user be in control of communications technologies it may eventually lead (likely with Apple's continuing political lobbying) to governments outlawing citizen controlled technology which competes with Apple's vendor controlled technology.  It could be used to strengthen backwards laws which outlaw alleged device "owners" from removing non-owner locks from their devices, with the justifications moving from odd unproven theories about protecting "copyright" to even further counter-productive arguments about law enforcement and national security.

Conclusion

My answer to the question of whether I was on Apple or the FBI's side is clearly neither, as I consider them to have perspectives dangerously close to each other.  Neither are interested in allowing the wide deployment of technology that "gives users sole control over access to their data", and while their positions appear to be in opposition they are actually greatly helping each other.

Those who recognize the critical importance of secure citizen controlled communications technology should be opposing both of these entities, not siding with one or the other in a battle where the public interest loses no matter which one of those entities wins.

Perspectives on computer security and encryption from Apple, the FBI and I : my use

My perspective on computer security and encryption

This is a second article in a series that started with discussing the FBI and will end with discussing Apple.

I have worked in this industry since the early 1990's, administering Internet network connected computers.  I have worked for companies that produced firewalls, as well as worked in government departments where implementing security policies were critical.  Encryption is a critical part of what I do for clients and/or employers, as without it we could not build the services we are able to offer.

Local vs Remote Control

One of the hardest concepts to grasp with modern technology, including with fairly technical people, is the need to separate the concepts of geography and control.  With simpler technology the person who possessed something was the one who controlled it, but with modern computing this is not the case.

A big part of my current job at Canadiana is to manage a network of computers.  While some of the computers are located in the building I normally work in, most are not.  We currently have computers in Ottawa, Montreal, Toronto and Edmonton, with plans to continue to expand across the country as we grow. I control all of these computers from wherever I am at the time, whether that is physically in our main Ottawa office or when I am working from remote (I am in Sudbury as I type this).

We use Virtual Private Networking (VPN) technology to connect these computers together, and a variety of other encryption technologies used for authentication and privacy.  In order to connect to any of these computers I must possess both the required cryptographic keys as well as passphrases required to unlock those keys.   This is required to ensure that it is only authorized individuals like myself that can gain administrative access to these computers, and we need to ensure that nobody can eavesdrop on this communication and learn anything that might allow them unauthorized access.  We often are working with multiple layers of cryptography: secured ssh command-line access through VPN encrypted connections to network interfaces which don't have publicly routable addresses.

It is modern computer security and cryptography which makes this critical feature possible.  It is what allows us to know that we are able to have exclusive control over these devices regardless of their location. Any weakening of computer security, either to benefit law enforcement or some third party special interests (device manufacturers, etc), opens the technology up to other unauthorized access and makes my clients at risk.  I am not alone, and much of the modern economy and politics of society is built upon the need to continuously improve computer security and encryption.

Hardware assistance for security

We plan to expand our services beyond what we currently offer in two important ways that will impact security policies.

Currently we host our servers in partner organizations that we trust, as well as a commercial service provider. As we expand we may want to physically locate computers on networks and in server rooms of organizations that we have less trust in.  We will want security features which will protect us even from people who have physical access to the computers, to ensure that the most they could do is disable a node and not be able to abuse keys/etc stored within that node to attack other nodes in our network.

As we move from hosting digitized images towards the data which the digital humanities community need, we will have reasons to offer these communities the ability to author apps which run on our servers with faster access to the data and only need to communicate the results of complex queries to remote computers. These apps will run on our computer, but we will want to ensure that nothing that these apps can do can impact the rest of our network.  While there is a wide variety of software based virtualization technologies, we may have reason to harness hardware assistance to implement security policies.

One example is ARM architecture manufacturers which offer SecurCore and TrustZone technologies.   This allows combinations of multiple physical CPUs as well as multiple sections within a CPU being separated, allowing one to secure the other.  This can be used in conjunction with UEFI secure boot, which if implemented correctly can ensure that only software digitally signed by the owner can run on the computer.

Using separate System on Chip (SoC) technologies, the firmware loaded into a secure SoC can be instructed to erase local keys if it detects tampering.  This way encrypted data on the system could not be accessed even if the computer itself was physically compromised.  Keys could be stored in that secure zone, meaning that even if disks were removed from the server the data on them would be inaccessible.

While some companies will be able to afford to manage the software stack on each CPU within each zone, many will simply hire this from other companies.  Ideal in these environments is if the hardware vendors and software authors of the different components consider each other hostile, providing the same types of checks-and-balances within a computer that we need in our public policy spaces.  In this way the operating system might detect hostile secure zone firmware in the same way that the secure zone firmware may detect a hostile operating system, with both working together to protect the computer owner from hostile applications.

For some of us we will only put our trust in transparent and accountable FLOSS.  Genode provides good documentation on their TrustZone implementation. Open Virtualization provides a great ARM TrustZone FAQ, which describes the relationship between TrustZone and the Trusted Platform Mobile (TPM).  These are both commercially supported projects which offer both FLOSS and non-FLOSS licensing options for software which is open and accountable.

The limits of physical access

Once a computer is fully secure, there are only a few things that someone with physical access can do that is not under the control of the entity with all the security keys.
  • They can disconnect the device from the network.  This doesn't grant the person with physical access control, but it does deny the remote owner the ability to issue new commands to the device.  The device can only act on instructions it already has on it, in the form of installed software.
  • They can disconnect the power to the device.  This also doesn't grant the person with physical access control, but denies the ability of the remote owner to execute any commands whether the software was already installed on the device or not.
  • They can destroy the device.  This also doesn't grant the person with physical access control, but denies the ability of anyone to ever control the device again.
This means that while it is possible for someone with physical access to disrupt the operations of the device, it doesn't grant them control over the device.

The Law

When I am controlling a distributed set of computers on behalf of my employer, I and my employer should not be considered above the law.  If evidence of a crime was stored on our computers, and we were served with a valid court order to present this information to law enforcement or the court, we would obviously do so.

I would not consider it a reasonable course of action to deliberately configure computers under our control to destroy evidence.  As much as we might claim we are protecting the "privacy" of our clients, I don't consider that to be a valid reason to ignore a court order.  I would consider this an example of vigilantism that would be contrary to the public interest.  When a government makes harmful demands this should be something that is fought in the courts and debated in parliaments, not something that individual citizens or corporations take on themselves.   While we might agree or disagree with any specific government in any individual case, it makes us all unsafe if we condone individuals or governments ignoring the rule of law.

When a law is wrong we work hard as citizens to fix the law, not ignore it.  While I agree there are many buggy laws deployed in every country, I consider this a reason to get politically engaged as any trustworthy citizen or corporation should.

Law enforcement and courts need to modernize their understanding of technology, most importantly the question of control in a networked computing environment.  They need to understand that the physical location of the computer is not the most important factor to determining who controls the computer, and thus who to serve warrants to.

If we deployed fully secure hardware with hardware assistance, and had security put in place to protect us against attacks by unauthorized persons with physical access (IE: wiped keys if unauthorized physical access detected), then law enforcement must be aware of this advancement.  If in the pursuit of evidence to convict a user of our services they served a warrant against the physical hosting company rather than us then they risk destroying the evidence they are trying to collect.     The warrant must be served against the entity that controls the computer, not the entity that physically houses the computer.

It must never be considered the fault of the computer owner that evidence was destroyed by law enforcement.  The current technology illiterate or technology neophyte politicians, judges and police officers are making all of us unsafe.  Technology literacy must become a requirement of those who will be trying to make or enforce laws impacting technology.


Keep reading: Apple's use of computer security and encryption

Perspectives on computer security and encryption from Apple, the FBI and I : FBI

Many people have weighed in on the Apple vs FBI case, including a speech by President Obama.  People in the technology industry have lined up in support of one or the other.

My views can't be expressed as a simple support of one position or the other.  As I believe there is a third option I am authoring this as a series of articles that discusses the issue from three perspectives:

* This article discusses FBI
* A second article discusses my use of security and encryption technology
* A third article discussing Apple

Lawful Access

I've written about the question of lawful access before, and the requirement for there to be strong oversight of police and security agencies in order for those agencies to not themselves be the risk to society that they are supposed to be reducing.  Law enforcement and security agencies must have strong court oversight, and the courts themselves must have strong citizen oversight through ensuring the number of closed court sessions are kept to an extreme minimum.

There is a conflict of interest when it comes to law enforcement and security agencies and protecting the public.  Often these agencies will confuse protecting citizens against death from protecting their lives.  They promote policies which make it easier for them to find and punish wrongdoers, but generally have no concern about the harmful consequences of those policies on the health, safety and security of citizens.

FBI Opposition to encryption

There is no better example of why there is a need for checks-and-balances than the extreme views expressed by James B. Comey, Director of the FBI.  He has for some time been suggesting that the world is "going dark" because an increasing amount of communications is encrypted.  He sees only the narrow potential downsides of this technology in that it might hide criminal activity from the FBI, and ignores the critically important features -- the very fact that the modern economy and much of modern society is built upon private communications requiring strong encryption.

If Mr Comey were a doctor, he would recommend amputating a patients head to solve a back pain problem. He would be correct in saying that after amputation the patient would no longer feel back pain, and would likely be confused why people would consider that a failure.

Fortunately in our society we don't leave extremists like him solely in charge.  Even the NSA, which does its own cracking of encryption and has been accused many times of trying to weaken or put back doors in encryption, had its director come out in favour of encryption due to the extreme views expressed by Mr Comey.  In fact, there is a rift within the US government about this issue, and it is quite a complex one that simply can't be expressed by saying individuals and agencies are picking sides between Apple or the FBI.

The FBI or any other government agency, here in North America or elsewhere, should never be given "back door" access to technology in general as that would enable them to bypass the required checks and balances which the courts and the public must be able to provide in a democratic society.  I have absolutely no respect for the position that suggests they should have no barriers to their investigations, as I do not believe democracy and the required separation of power between agencies can ever be claimed to be a barrier to protecting a democracy.


Keep reading:  My use of computer security and encryption

Sunday, April 3, 2016

First look at Bell's CraveTV

While I am not a fan of Bell as a company or their harmful politics, I decided to give CraveTV as a technology a quick look given they un-tied it to their BDU and Internet services since I wrote about it in January.

Technology

The service works on few devices, nowhere near what is available for Netflix.

While their site listed Samsung SmartTV, the model I have appears to be too old for their immature app. This makes it unlikely my wife will be interested in watching video on CraveTV as she finds the other options far less convenient than just using the remote control that came with the TV -- there is so much from Netflix, YouTube, and Ted Talks that all work great on the SmartTV option to bother looking elsewhere.

My first successful try with CraveTV was with what I would most often be using, which is my Chromebook and Chromecast devices.  The website was sufficient, but not inspiring.  Their "My cravings" menu allowed you to play the next video in a series, but using that interface you couldn't pull up information about the shows like you can in the other listings or after a search.  There is no recommendation engine, rating system, or other features that really bring you the modern video watching experience.  It felt kinda flat like traditional broadcast TV, only with more of a PVR experience where you can watch when you want rather than only when someone else scheduled it.

The play/pause button is not well implemented with Chromecast.  While you can open a new video on the website it does not switch which video the Chromecast is playing, and it will leave you stuck in the previous title.  There is no "stop" button which disconnects from the previous video and allows you to play a new one -- you are stuck going to the cast tab and stop casting before you can cast the next episode or switch titles.

The app for Android worked similar to the site with the Chromebook, with my phone also able to control a Chromecast device.

I tried on my desktop.   On Chrome it brings up all the widgets as if it is going to play video, and even gives that little spinning circle that they display when they are filling buffers, but no video or audio ever plays.  No indication why is ever displayed.   The little Chromecast button sits in the bottom-right corner, and interestingly it will connect to the Chromecast and play the video.  Possibly useful if you wanted to use a laptop as a remote control to a Chromecast, but not very useful otherwise.

First attempt with Firefox displayed a suggestion that I install a non-existent upgrade to the Adobe Flash plug-in.  I am already running the latest that is available for my Ubuntu 14.04 desktop (version 11.2.202.577 as I write this).  Second attempt after upgrading every package that had an update didn't get that far, with the site displaying a connection problem : "It appears there was  problem completing your request.  Please refresh this page.".  The page I was trying to go to was http://www.cravetv.ca itself, so that is a pretty bad sign.  I exited the browser and tried again, and again got the claim that "To watch video, you need an Adobe Flash Player Update" with a link to the Adobe site that only confirms I'm on the latest.

General impressions is that this is a beta service that they are marketing as if they were ready for general audiences.  I hope they realize the immature level of their site and plan to invest in finishing it.  Even ignoring my political problems with Bell I would not recommend this service to less technical users who would be frustrated having to fiddle and do odd things to try to get the video going.  The site is workable for technically literate people who can work their way around bugs in beta websites.

This site is improvement over  Rogers on Demand Online from 2009 which implemented commercials so poorly as to make programming unwatchable.  Then again, that might only be because they aren't trying to put commercials into the stream.

Content

It is the content that made me look at CraveTV rather than Shomi.   I'm not interested in the regular "reality" TV, sitcoms, or excessively light drama that the lowest-common-denominator brought to broadcast television.  CraveTV has a number of titles that are more to my liking, the type of stuff that would normally be on Space.ca (about the only channel I miss from my Cable TV days) as well as titles from HBO (Although, no Game of Thrones or even True Blood for whatever reason).  12 titles went into the "My Cravings" listing pretty quickly, and even though I only started my free trial yesterday I've already watched several episodes of The Librarians and Penny Dreadful.

It is typical of Bell that they are relying on questionable legal/business tactics like exclusive regional licensing to force people to their services, rather than offering competitive services using technology that would be considered of "release" quality by modern Internet era companies.  The only reason I would use their service is to access content I'm not legally able to get elsewhere, and I expect I will always have to put up with technology from them that is generations behind what modern companies like Netflix are offering.   It is sad that HBO and other cable-era content companies like it see Netflix as a competitor and Bell as a partner, rather than the other way around. I think far more people would be paying to access that content if it were untied from lesser distribution services and providers.

Sunday, March 13, 2016

Windows 10 the last desktop version of Windows? The future is unevenly distributed...

I was pointed to a Linux-centric article that included the following section which surprised the person who pointed it out:
Windows 10 will be the last desktop version of the operating system that once gave Microsoft dominance in the PC software market. After that, Windows will be offered on a subscription basis and run from the cloud, but this will not be a Microsoft-exclusive cloud. Internally, Windows will be virtualized within software containers running on Ubuntu.
I'd like to parse this quote a bit, and offer some of my own interpretation.

Last Desktop version

The inevitable disappearance of the desktop operating system has been discussed for decades.  It is really a poor fit for the modern era.  Unlike their more thin mobile counterparts, desktop operating systems really only work well if you have a systems administrator on-hand to handle issues ranging from malware to multi-application compatibility.  System administrators, on the other hand, really want to centrally manage these services so they don't have to spend large parts of their budgets going to each individual desktop to maintain them.  While there is software that attempts to help with this, none of those options can ever compare to running those applications in a server room (local to the office, or in some other server room in "the cloud"). In the server room it is also easier to manage hardware resources, virtualize applications into their own containers to avoid multi-application compatibility issues, and manage software testing and upgrades in a way that is transparent (and thus not disruptive) to users.

Far worse than the problems within medium and large businesses is people running desktop operating systems in small offices or homes that don't have a system administrator.  This why such a high percentage of desktop operating systems are infected by one thing or another -- or just generally not working as well as the hardware and software could work.  This has a high cost to society as a whole, given the harm from spam and malware distribution from this army of infected desktop operating is only surpassed by the fact that these remotely controlled clusters can be bought to be utilized for anything including cyber warfare/terrorism.

I've been looking forward to the death of the desktop operating system for decades, and that is both as a person who works in offices where people expect the IT staff to inappropriately spend a chunk of their budget on desktop support, or as someone constantly asked by less technical family members or friends for help.

It shouldn't surprise anyone that I purchased my wife, mother and my father-in-law each a Chromebook, and as quickly as I could upload all their old documents to a Google drive or put on a USB drive -- and gleefully tossed their old desktops in the trash.

I hope I also will see the eradication of desktop computers in my workplace as well, but that isn't something I have much influence on (even as "Lead Systems Engineer").

What I see in the future isn't less computers, but a recognition that we should be using the right computer and right operating system to fit the job.  The historical "one size fits all" approach that we saw in the desktop era always meant that the operating system used did the job at hand poorly compared to alternatives.

While it is possible that there may be a kernel that will dominate because it receives the most contributions and the most vetting (IE: The Linux kernel), I would consider it yet another market failure if the software stack on top of that remained as similar as we saw in the desktop era.

In my home I run CentOS and Ubuntu on the server, Ubuntu on my development workstation, and we have a variety of mobile devices running Android and ChromeOS.  We have entertainment devices running a variety of OS's (Android on Chromecast, Linux kernel+Boxee software on Boxee box, and a Samsung Smart TV).  While they may all have a linux kernel under the hood, the rest of the operating system built on top is not the same.   I would consider it a backward movement on the part of Google if they merged ChromeOS and Android into the same OS as these two classes of devices serve different purposes and the operating system should be more focused on each purpose.  And I have no interest in running Ubuntu or CentOS on my tablet or phone.

When Google announced ChromeOS they had Citrix there, with the suggestion being in those early days that desktop apps should be virtualized into the server infrastructure, with mobile/portable/disposable devices providing the user interface.

What this will mean is that applications previously run on desktops like office suites and image editing (Photoshop) will be run on servers (in office or in the "cloud") where the computing and system administrators are, and the mobile OS is the user interface only. The desktop application divisions of Adobe and Microsoft have already been moving this direction. The free trials from Google apps may last longer (including still being available free for Gmail users), but they are by no means the only alternative available.

This is also an obvious and long discussed solution to much of the software copyright infringement problem. If you don't distribute software to end users to run in their computers then you don't need to worry about them infringing copyright.   This not only suggests proprietary vendors moving more to the cloud, but that the devices that end users have in their hands will eventually be FLOSS-only.

Subscription?

This is also an inevitable modernization of how proprietary software development will be paid for.  It has never made sense to think of software as a product, as it is more of an ongoing conversation.  While you can buy snapshots of the conversation with a fixed fee, that isn't a useful thing to do when you need to at least keep up with the security patches part of the conversation even if you don't care about new features.

In the early days of computing the hardware advanced quickly as well, and thus people were buying a new computer every few years and thus was paying for new software as well.  Now that computers have reached beyond what the average user needs on their desk/lap there isn't a constant hardware upgrade stream to pay for the massive amount of work that goes into upgrading the software.  In fact, people are wanting to simplify the hardware that they carry with them and want to go mobile where the computing power (as well as battery power consumption) is decreasing rather than increasing.

Subscriptions are the obvious way to go, and this will be of great benefit to both vendors and consumers.

And if you don't want to pay a subscription fee, there will always be legally free FLOSS alternatives. Given software development and system administration time is also expensive this will have to be financed somehow (by someone) even if you never have to pay a software licensing fee again. 

Not be a Microsoft-exclusive cloud

This is also inevitable, and we shouldn't be making a big political deal out of it.  As Microsoft moves away from trying to squeeze percentages out of hardware purchases to being a services company their focus will transition to choosing the right tool for the job.  This will also be a transition away from some of their odd historical political rhetoric in opposition to FLOSS and Linux. Sometimes the right tool will be software from companies and/or open source communities they thought of as competitors in their previous market.

Microsoft's Azure Cloud Switch (ACS) is but one example of this. This isn't a server, desktop, or mobile operating system, but a specialized operating system for network switches built on the Linux kernel.  Using the Linux kernel just makes sense as they can leverage existing community software work, as well as contribute their own code to a community that will then help massively deploy ACS compatible devices.   It is a win-win for everyone involved.

Virtualized within software containers running on Ubuntu

This is the only part of the quote that I'm not convinced was articulated clearly.  Why bother with Ubuntu?   Ubuntu offers a good application server environment, and it works great for workstations, but why bother with the overhead of Ubuntu for a virtualization environment?   This may not be what is being presented in the article.  There may be some value in using the Debian packaging system and build environments, and then spin a virtualization focused distribution.  It might even make sense to build this as a fork of a tiny subset of packages from Ubuntu.  I just don't see using Ubuntu itself as being likely for a company that has the resources to do this right on their own.