Skip to content

Misconceptions Regarding Android’s ‘Open’ness

I’ve wanted to write a post for some time now regarding the ‘open’ness of Android. Every time an Android user tells me about how their device is better because it is open, no one has been able to show me how that makes it a better OS than its competitors.

The only people who tend to care about ‘open’ are the ones looking for a utilitarian benefit. The tinkerers/programmers who want to code functionality into something, and businesses looking to save money. Consequently, little care or thought is given to the user experience. Programmers by their nature generally have no interest in the user experience of their application. Fortunately, UI guidelines/requirements in a closed model force programmers to think about how their application is being used, or wanted to be used. There is no such driving factor in an ‘open’ model, and consequently, they generally fall back to modelling their application after UI/UX work done by others. There is also no real governance (by principle) of an ‘open’ model, and therefore little financial incentive to research and develop UI/UX. This is why ‘Open’ will never lead in UI/UX development, and will always tend to copy the look and feel of other proprietary software on the market.

This is also why Open Source has done so well on the server side. There is almost no need for UI/UX, but the breadth of functionality available, and the ability to create new functionality, is very advantageous to businesses and users looking for low cost server functionality.

I’ve written three points regarding the openness of Android, along with supporting information.

‘Open’ does not mean what you think it means

  • Google gives early, priority access to select partners. 1 This is hardly ‘open’ nature.
  • Google buys partners. This not only is merely to get access to patents to use as defense in litigation, it also is hardly fair to other device manufacturers.
  • Google takes an average of 100 days to open source Android code. 2 The point of the ‘open’ principle is to allow everyone to contribute to the same set of code.
  • Android is encumbered by patent lawsuits. More than half of Android OEMs have signed patent license agreements with Microsoft 3, and Samsung has well-publicized patent lawsuits from Apple. Google steals hard work and ideas from other companies, makes it ‘open’ (not free), and considers themselves justified. If you don’t like the patent rules, work to change the system, don’t abuse it. Play by the rules while working to change them.
  • Slavish copying of the iPhone by Android manufacturers. See here 4 and here. 5
  • Carriers block versions of Android if they choose 6. This is one of the flaws (features depending how you look at it) of the Android model. Every carrier can customize and distribute Android as they see fit. Unfortunately, this also means that they can choose to not distribute entire versions of their customers if they so choose.
  • The idealisms of ‘open’ and ‘free’ are not enough to win. Linux zealots have been claiming for as long as I can remember that ‘this is the year of Linux’, that Open Source will triumph. Yet, the desktop market share of Linux has never gone much above 1% market share 7. Idealism is not enough. Just like communism, Open Source promises much in its ideology, but there are many practical matters in life that hinder reaching ideal. Only the billions of dollars thrown at Android by Google have given it any headway whatsoever.
  • Developers live by the profit generated from their code. They will go where the money is. iOS generates 4 times as much return for developers as Android 8, so this leads to more investment in the platform, and better apps for the platform.

‘Open’ does not mean safer

  • Android has seen a rise of malware (37% increase last quarter, 1000 detected infections, doubled over the past year). 9 Almost all new mobile malware targets Android. Just because software might be ‘open’, does not mean that exploits are patched and gone.
  • CarrierIQ. Precisely because the Android distribution model allows carriers to install their own customizations/bloatware on devices before distributing, nefarious apps like CarrierIQ can be installed and customized to scrape all your data, including text messages and email. So the average customer gets a device that they believe is safer because it’s ‘open’, but the carrier may have already exploited that ‘open’ nature and implemented spyware.
  • Viruses are prevalent on Android. Because apps are not vetted, it is free range for coders/hackers to distribute malicious apps. There was a 400% increase in malware Year Over Year in May 2011, and in 2H 2011, another 472% increase.10
  • I’ve heard arguments that Android has permissions that can be set on a per-app basis, and that this makes the device secure. This model of security however, has been broken, using the very model designed to protect it.11 It does not make your device secure.
  • Another excuse I hear frequently is that the user should make sure that they are installing legitimate apps. No, just no. Respecting a user means taking all that background gunk out of the picture and giving them peace of mind. They should not have to worry about whether the app is safe or not… that is up to the distributor. Users in general are not inclined toward technology, and just want something that works. You don’t ask to see your bus driver’s license every time you get on the bus because you trust the transit commission. Why should a user have to worry about whether the app they’re installing is safe if coming from a primary distributor?
  • I also hear the excuse that a user may need to sacrifice security for choice. Again, no. Microsoft and Apple have managed to bring the best of both worlds in a closed model, so this is merely an excuse for selling Android’s ‘open’ness with its security flaws.
  • I also hear that if users want security, they should only stick with ‘trustworthy’ sources. This violates the entire principle of ‘open’! A user should not have to go to ‘trustworthy’ sources at the expense of ‘open’, if you are selling to them on the principle of ‘open’!
  • A misconception I often hear is that viruses infect iOS and WP7, proven by the jailbreak toolkits. No. Exploits are not viruses, and viruses are not exploits. An exploit is a vulnerability, a virus is something malicious that takes advantage of the vulnerability. Android is the only major smartphone platform invaded by viruses, thanks to its ‘open’ model.
  • Carriers distribute updates infrequently. Typically, after 6 months, carriers/OEMs of Android phones no longer distribute updates.12 This means all those security vulnerabilities that have been discovered, are no longer patched. New security enhancements and features in new phones are not available on the old phones. This is because there is too much cost and no incentive to either the carrier or the OEM in the ‘open’ model to distribute updates to their users. Compare this to the iOS and WP7 platforms, where updates are mandatory on WP7, and updates are still being distributed for the latest OS to even 2.5 year old iPhone models.

‘Open’ does not mean better

  • As we saw above, ‘open’ systems will always lag behind ‘closed’ systems in areas of design and UI/UX, thanks to the very nature of those developing ‘open’ systems.
  • ‘Open’ systems will generally be significantly weaker in security, thanks to the principle of allowing anyone to distribute whatever they want. There is no real safeguard to prevent coders with malicious intent from distributing their wares to unsuspecting users.
  • As MG Siegler points out13, comparing an iOS device to an Android device is a bit like comparing a Mercedes to a Honda. Those who appreciate design and experience will get much more out of the Mercedes, but have difficulty telling someone who only appreciates functionality why.
  • Android has poor integration with enterprise services. No native IPsec VPN, and varying Exchange compatibility between OS versions. Thanks to the carriers who choose not to ensure updates to their devices, the support effort required to support Android on an enterprise deployment becomes astronomically larger in comparison to properly governed systems in a closed model.
  • There is no official support desk for Android. This is a huge barrier for many enterprises. Sure, there are many forums with coders and hackers to come up with fixes, but how many of them have experience in an enterprise setting, and would be able to resolve issues involving infrastructure beyond the device itself?
  • ‘First’ is irrelevant. Arguing that one OS or piece of UI was developed before a competitor is irrelevant when it comes to which is better. Stop sidetracking!
  • In general, Android apps are not as polished as iOS or WP7 apps, thanks to reasons I outlined previously. Low-quality apps from more sources is not ‘better choice’ than high-quality apps from a single source.
  • ‘More Choice’ does not necessarily attract a customer. Simple is often better, and when you look at the lineup of iOS phones (4 phones) vs the hundreds of phones from other vendors, a user will often pick from a simple, easy to understand lineup. A very interesting study on this here.14
  • Feature phones do not equal smartphones. By stripping down Android as a base OS for cheap/free phones that provide basic phone service with a few extra features increases market share. However, this increased marketshare does not make Android a better smartphone OS, as it’s no longer a smartphone. It merely speaks to the flexibility that Android can function.
  • Being able to install Flash because it’s ‘open’ does not make it better. Mobile Flash has proven to be a battery and performance killer on every platform. Installing a now-deprecated15 battery and performance killer does not make the platform better.
  • ‘Open’ software does not mean able to change your battery. This is something that is at the discretion of the manufacturer. Some will choose to make it user-serviceable, others will not. The only thing that really matters in this scenario is the cost and downtime to fix it.
  • ‘Open’ does not mean better quality of code. Firefox for example, is incredibly bloated on the Mac OS, and runs poorly. It also has hit the 32bit limitation for compiling.16 Open does not mean better code or coding practices.
As we can see from the above points, the virtuous, ‘open’ nature of Android is really not so open or virtuous. Please don’t try to sell Android on the merits of being ‘open’.

  1. http://fosspatents.blogspot.com/2011/09/shocker-for-android-oems-google.html
  2. http://www.phonearena.com/news/Android-ranked-the-most-closed-open-source-project-heres-why_id24671?ratelimit=5&sort=threaded
  3. http://fosspatents.blogspot.com/2011/09/samsung-takes-android-patent-license.html
  4. www.reddit.com/tb/kr14a
  5. http://www.cultofmac.com/137752/samsung-is-now-shamelessly-ripping-off-the-design-of-the-4-years-old-iphone-3g-photo/
  6. http://mediapost.com/publications/article/164172/verizon-accused-of-violating-license-by-blocking-g.html
  7. http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=9&qpcustomb=0&d=2011-10
  8. http://techcrunch.com/2011/12/13/android-24-percent-ios/
  9. http://www.linuxfordevices.com/c/a/News/McAfee-3Q-2011-malware-report
  10. http://www.dailymail.co.uk/sciencetech/article-2064686/Google-Anti-virus-apps-infected-Androids-charlatans-scammers.html
  11. http://viaforensics.com/security/nopermission-android-app-remote-shell.html
  12. http://techcrunch.com/2011/10/27/charted-android-fragmentation/
  13. http://techcrunch.com/2011/12/14/iphone-galaxy-nexus-review/
  14. http://www.minimallyminimal.com/journal/2011/11/16/coffee-time-market-share-vs-profit.html
  15. http://www.wired.com/gadgetlab/2011/11/adobe-kills-mobile-flash/
  16. http://www.ghacks.net/2011/12/13/firefox-suffers-middle-ages-bloat/

Posted in General, Technology.

Tagged with , , , .

No comments

By Wes Kroesbergen December 17, 2011

Notes on SCCM 2007 R3/FEP 2010

This is a just a summary of troubleshooting notes from the installation and initial configuration of SCCM 2007 R3. SCCM 2007 R3 is quite possibly the worst install procedure I’ve ever experienced, starting right from initial download of the software. SCCM 2007 R3 ships in two ISO’s, a 1.4GB file, and a second 25MB file. The first large download contains SCCM 2007 SP2… the second contains R3. In order to apply R3 to your SCCM install, there is an interim hotfix that must be applied first. A completely horrendous affair all-in-all.

SMS_MP_Control_Manager errors:

Navigate to %windir%\\System32\\inetsrv\\config\\schema, take ownership of webdav_schema.xml,  remove the readonly attributes, and edit them to these:

attribute name=”allowAnonymousPropfind” type=”bool” defaultValue=”true”
attribute name=”allowInfinitePropfindDepth” type=”bool” defaultValue=”true”
attribute name=”allowCustomProperties” type=”bool” defaultValue=”false”

If issues, still exist, and your authoring rules are correct, try removing WebDAV, rebooting, re-installing WebDAV.

Clients not talking to server:

  • Is the client push installing? If not, check WMI is enabled on the client firewalls
  • Are site boundaries defined?
  • Is the install flag cleared?
  • Is a sitecode defined in your AD schema? If so, are the clients picking it up? Sometimes your clients may appear to have a site code assigned (from the SCCM console), double-check on your client machines to be sure they are actually picking it up. If this has occurred, please see the following note.
  • Are you using a GPO with the Configuration Manager ADM template to control the site code? If so, be aware that it works by applying a registry key (also considered a preference, so it’s stickied unless you explicitly define a removal policy for it). This registry key defaults to an x86 portion of the registry. The actual key for an x64 machine is located elsewhere, and needs to be defined in the following key:

‘HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\SMS\\Mobile Client\\AssignedSiteCode’

I recommend pushing this registry key out by GPP in one of your GPOs, and then initiating a re-install of the SCCM client on the machines affected.

WSUS MP issues:

  1. Remove WSUS, delete the existing database.
  2. Remove WSUS component from SCCM.
  3. Reboot server. Re-add the WSUS role. You may have to manually download WSUS with SP2 from Microsoft Download Center if you are encountering errors re-adding the role. Do NOT configure the WSUS role when re-adding.
  4. Re-install WSUS component in SCCM.

Forefront Endpoint Protection 2010 installation on SCCM failing:

When installing FEP2010 on SCCM, you may be hit with an error just before installation completion that ‘Setup was unable to create unknown machines. 0×80070003‘, and/or that sms_def.mof couldn’t be updated. This occurs because the FEP2010 setup is looking for the x86 Program Files directory for one of the last steps, and not using the default Program Files directory on an x64 machine.   To resolve the first error, do the following:

  1. Manually create this folder structure:  Program Files (x86)\\Microsoft Configuration Manager\\inboxes\\auth\\ddm.box  (give folder same ACL’s as is on existing installed directory)
  2. Run R2 setup again. When install completes, copy the two DDR’s from the C:\\Program Files (x86)\\Microsoft Configuration Manager\\inboxes\\auth\\ddm.box and place them it into the “C:\\Program Files\\Microsoft Configuration Manager\\inboxes\\auth\\ddm.box” (where SCCM is actually installed):
  3. Once the DDR’s processed the R2 installation should succeed.

To resolve the error about sms_def.mof not updating, do the following:

  1. Manually create C:\\Program Files (x86)\\Microsoft Configuration Manager\\inboxes\\auth\\clifiles.src\\hinv
  2. Copy C:\\Program Files\\Microsoft Configuration Manager\\inboxes\\auth\\clifiles.src\\hinv\\sms_def.mof to the folder you just created
  3. Re-run FEP2010 setup and then copy C:\\Program Files (x86)\\Microsoft Configuration Manager\\inboxes\\auth\\clifiles.src\\hinv\\sms_def.mof back to the original Program Files path.

Posted in Technology.

Tagged with , , , , , , , .

1 comment

By Wes Kroesbergen March 19, 2011

SCVMM 2008 R2 Network Library Issues

This past week I encountered an interesting permission issue while adding a software share to a library in SCVMM. What made this issue interesting was that there was already a share from this particular server added to the library. Network sharing permissions appeared to be set the same on both the existing network share and the share I was trying to add as a library to SCVMM. I could browse the share manually, but attempting to add to SCVMM spat back an access denied error. So I checked the local NTFS permissions. Everyone had Read permissions, the SCVMM server computer account had Full Control, System had Full Control, and Domain Administrators had Full Control, so there didn’t appear to be anything wrong with the permissions.

On the existing SCVMM share, I noticed that it had the local Users and Administrators groups added to the NTFS permissions. After adding both these to the ACL on the share I was trying to add, SCVMM was able to add the share. I’m assuming this is related to how the SCVMM agent operates.

So, if you’re having issues adding a network share to an SCVMM library, check the local NTFS ACL, and try adding the local Users and Administrators group to the folder.

Posted in Technology.

Tagged with , , , .

No comments

By Wes Kroesbergen March 13, 2011

Thoughts on Apple’s iPad 2 event

I think Apple designed the iPad 2 to target the reading consumer. The thinness and apparent feel (as well as the new cover) strike me as targeting the magazine feel.

I could be wrong, but it looks like they’re enabling home WiFi streaming via Home Sharing in iOS 4.3 and iTunes. This is something I’m definitely excited about.

Watching some of the Engadget videos I must say the new device looks fast as hell. I didn’t think they could make iPad 1 look slow, but watching those videos I get the feeling that my iPad lacks some of the power and speed of the new ones, particularly in regards to real-time media editing in the Photo Booth application.

Speaking of movie editing, it looks like they’re really targeting home media production with this new device. Those new movie/audio apps, the HDMI out, and AirPlay turn iPad into a powerhouse for media generation.

I appreciate and agree with Steve’s comment near the end. “Our competitors are looking at this like it’s the next PC market. That is not the right approach to this. These are post-PC devices that need to be easier to use than a PC, more intuitive.” An important distinction in mentality I think. The PC market was for reasonably tech-savvy people, or people with reasonably tech-savvy relatives. The tablet/post-PC market is a new generation, one where anyone can pick one up and being computing. There’s no fear of technology, just something that stimulates curiosity.

Those are my thoughts for now. I won’t buy one now as the only benefit I get is the new form factor and Facetime communication. The speed is not something I need at this point since I don’t produce home movies or audio. However, while it’s not a jaw-dropping new product, it is definitely a quality upgrade to the product line.

Posted in Technology.

Tagged with , , , , .

No comments

By Wes Kroesbergen March 2, 2011

EDNS Lookup Issues with Server 2008 R2

Last week I had an interesting issue crop up in my environment. Recently I migrated our domain to a Server 2008 R2 domain functional level. Last Tuesday I finally shutdown the last DNS role on a Server 2003 box, leaving only Server 2008 R2 DNS servers in our environment. Over the next few days, clients started reporting DNS lookup hiccups. When they requested pages, they would get a DNS lookup error in their browser. When they refreshed their page, it would come through. I combed through the DNS server logs for errors, and found nothing. I ran Microsoft’s Best Practices Analyzer (BPA), and it reported that everything met best practice standards. I tried adding a couple more forwarders, and double-checking the validity of the root hints, but to no avail. The same DNS hiccups kept occurring.

Next I checked the ISA 2006 event logs. I started seeing a lot information events about packets dropped because of invalid data. These packets were coming from the servers configured in the root hints. It seemed odd, as they were literally filling my event logs. I stumbled across this1 gem. Windows Server 2008 comes with a new protocol called EDNS turned on by default. These EDNS UDP packets are often well over 512 bytes. ISA 2006 apparently has issues handling these packets. Quickest solution: turn off EDNS.

EDNS can be turned off by the following command from an elevated command prompt: “dnscmd /config /enableednsprobes 0″

Immediately after disabling EDNS, clients had normal DNS lookups again. No more failed page lookups resolved by a refresh. There was one catch though: web browsing was drastically slow. In some cases it appeared an “ipconfig /renew” would fix it briefly, but for the better part of the day web browsing was slow. What was particularly odd was that speed tests would report the performance that we expected from our lines. After some Googling, I found this2 Microsoft KB which describes slow web browsing performance between ISA and SBS 2008. While I don’t have SBS in my environment, I thought it might be related. I ran the hotfix, and after it did its thing, it restarted the firewall. I’m not sure whether the hotfix or the firewall restart (or both) was the solution, but after that our browsing performance was speedy again!

  1. http://www.itnervecenter.com/content/some-dns-queries-are-unsuccessful-using-windows-server-2008-r2-dns-server
  2. http://support.microsoft.com/kb/839510

Posted in Technology.

Tagged with , , , , , , .

No comments

By Wes Kroesbergen March 1, 2011

Configuring Anonymous SMTP for DPM 2010

I stumbled across an annoying bug in Microsoft Data Protection Manager 2010. Apparently anonymous authentication is broken in DPM 2010. Error 2013 keeps coming up when attempting to send an email while leaving the authenticated user fields blank. To fix this, do the following:

In the registry, browse to HKLM\\SOFTWARE\\Microsoft\\Microsoft Data Protection Manager\\Notification\\

Delete the SMTPPassword and SMTPUserName keys

That’s it, anonymous SMTP authentication works now!

Posted in Technology.

Tagged with , , , .

No comments

By Wes Kroesbergen March 1, 2011

Experiences Creating a VPS-based VPN

Years ago I used Pandora Internet Radio 1 as my primary source of discovering new music. Pandora Internet Radio is unique in that it is based on something called the Music Genome Project 2, which essentially attempts to map ‘genes’ to songs for a more accurate analysis of the type of music the listener enjoys, and more accurate suggestions. (Songs in the Music Genome Project database can often have upwards of 400 different attributes assigned to them!) After licensing restrictions were implemented and Pandora no longer was accessible to Canadian users, I switched to the then free Last.FM 3, which essentially suggests songs that other people who have listened to similar music also enjoyed. Last.FM is no longer free, and costs about $3/mo.

Earlier this year my music collection started to seem a little stale, and I started to wish for more variety, more music I have not listened to. This lead me to consider a VPN, which would essentially tunnel my Internet connection to a server in the US, allowing me to access Pandora and other sites such as Hulu 4. I considered paying for a subscription to a VPN, but was having difficulty finding one that was reasonably priced and would tunnel my connection properly (all my data needs to flow through the US IP, not just a HTTP proxy). The other requirement was that the VPN be accessible via my iPad and iPhone as well as my desktop computers (Windows and Mac), and the only type of VPN connection that seemed to adequately satisfy my needs was an L2TP/IPSec VPN.

Since I couldn’t find a VPN service that seemed to satisfy my needs, I decided to create my own, which means I need root access to a server. I also plan to tunnel a lot of data, considering I will primarily be using it for media streaming. I also didn’t want to pay Windows Server licensing fees, so decided to take the route of Ubuntu Server. OpenVPN does not do native L2TP/IPSec, so was out of the question considering my iPad/iPhone requirement. This left StrongSwan and FreeSwan as the potential VPN platforms.

I started looking at LowEndBox 5 for cheap Virtual Private Servers (VPS) that came with copious amounts of data. I don’t need much processing power… just a lot of bandwidth. Initially I thought I found a great service for $5/mo… an OpenVZ based VPS with unlimited data. I purchased a couple months worth, and began setting up an Ubuntu 10.10 server, using the guide at ByBacon.com 6.

It was then that I hit a major stumbling block. Every time that I attempted to initiate a connection with the VPS from any one of my clients, the server would fail to respond. Checking the server logs, I didn’t see any record of either PPP connections or IPSec initiations. Obviously there was an issue with the NIC interface.

On investigation, I found that OpenVZ creates virtual, emulated ethernet devices, using the name VENET, with no MAC address. IPSec VPN service I was attempting to use requires root-level access to the device itself, as well as an accessible MAC address. Now, this can be accomplished using a TUN/TAP device… but requires some not-so-simple changes by the OpenVZ administrator. I put in a ticket to have one created, but unfortunately the service I’d paid for happens to not support creating these devices for clients.

So… I needed to find a different service… either Xen-based or VMware-based. Eventually I found a service from ENScloud 7 that seems to work well, and provide me with copious amounts of bandwidth. It took about a week for them to provision my server and IP, but after the initial hiccup everything seems to function well (their support guy Brandon was more than helpful after I put in a ticket requesting update). I’ve been listening to Pandora a lot since the VPN was created.

I eventually plan to rent out access to my VPN to family and friends, as I want to recoup my costs, so I figure that if I can rent out access for $5/yr if I get 12-15 people interested. I’ve managed to get it working easily under Windows (certificate-based), Mac, iPad, and iPhone, so no matter what platform family and friends are using, it will be accessible to them. I would eventually like to get a WebDAV service running as part of the service, so those with iWork for iOS can use it for cloud document storage.

  1. http://www.pandora.com
  2. http://en.wikipedia.org/wiki/Music_Genome_Project
  3. http://www.last.fm
  4. http://www.hulu.com
  5. http://www.lowendbox.com
  6. http://www.bybacon.com/2010/08/28/l2tp-ipsec-vpn-ubuntu-10-04-server-maciphone-clients
  7. http://www.enscloud.com

Posted in Featured Articles, General, Technology.

Tagged with , , , , , , , , , , , .

2 comments

By Wes Kroesbergen December 27, 2010

Thoughts on Mac OS X Lion

It has been some time since I last posted an update to this blog. I had intended to be more frequent with updates, but unfortunately have not had material of late that I deemed worth writing about. Last week however, Apple disclosed a few of the features they’re working on for the next version of OS X. Some of these features I feel are noteworthy, particularly as I feel they mark a subtle but important change in direction for desktop computing.

I’d like to start with one of the changes to application state management. Starting in OS X 10.7, developers will have API’s similar to iOS, and possibly requirements as well, to auto-save their application state. This means that when a user exits an application, and relaunch, it will re-open right where they left off. In addition, a few keen-eyed observers have noticed a lack of running application indicators in 10.7′s dock. This indicates to me that the dock will become similar to iOS’s dock, merely a launch area for frequently used applications, and not a means of managing open applications. This, combined with auto-state saving for applications, and an emphasis on full-screen application view, also indicates to me that the operating system will also handle memory and process management the way iOS does. Developers should no longer expect to leave their applications running at all times.

Obviously, if application state management changes to an iOS style system, then we should expect drastic performance increases on the Mac computing platform. If an iPad or iPhone can perform the way they do with the A4 processor and limited RAM, imagine what a desktop can do with copious amounts of RAM and processor power.

Another item I found very interesting was the introduction of the Mac App Store. While a logical next step for Apple, it caught me by surprise. I think this is a particularly noteworthy evolution of the Mac platform for both developers and end-users. To my eyes, the Mac App Store brings:

  • Exposure for end users to indie software. Many new users to the Mac platform miss out on a lot of the capabilities of their Mac, simply because they are unaware of third-party hole-in-the-wall websites for software. Now they will see new and nifty applications highlighted for them, as well as Genius results for software they might also like.
  • Exposure for developers. No longer a little site in a corner of the web, with their software going un-noticed. Now a proper repository, with great exposure, and millions of eyeballs viewing.
  • Easy software maintenance for end users. Once a user has purchased software, updates will become something routine, a habit formed when they visit the App Store. Developers will have much less likelihood of having to troubleshoot out-of-date software. Not only easy maintenance of updates, but also easy maintenance of licenses. No longer a requirement to store different license files or keys in some central backup location or email.
  • Easy software distribution for developers. Developers no longer have to worry about creating proprietary licensing or activation mechanisms. They no longer have to worry about creating a website to host their software. They no longer have to be concerned about creating proprietary updating mechanisms. All can be done through the App Store.
  • Easy in-app upgrades. A new mechanism for developers to add extra content into their applications. Enough said.

    • The Mac App Store is a noteworthy addition to the Mac platform. I completely understand Apple’s decision to push it out within the next 90 days.

    Another item of note is the coming of Push Notifications in the FaceTime beta. I suspect we’ll see this fully implemented in OS X 10.7. I suspect this will give rise to a new class of desktop applications and services.

    These are the things I think particularly noteworthy in Apple’s next OS. Snow Leopard was a performance upgrade. OS X Lion looks like it will be an upgrade that brings huge advances in refinement to the desktop computing experience.

Posted in Design, General, Technology.

Tagged with , , , .

No comments

By Wes Kroesbergen October 25, 2010

Update re: ESXi & ZFS Storage

It’s been a while since I’ve posted an update to this blog. I’ve been rather busy with both work and personal matters, and haven’t had a chance to maintain this blog properly. I hope to rectify this and post at least once a week for the next few months.

I posted an update1 regarding my home server on ESXi a few months ago, and that I was re-evaluating how my data storage implementation was going to change. I’m happy to report that I’ve finally found an appropriate solution, utilizing the NexentaStor OpenSolaris-based OS2. While not without its problems (notably a buggy web-management interface, I suspect due to Python issues), it has proved itself to be quite stable as far as data access and integrity.

In my last post about my home server I mentioned a few issues I would have migrating data, including the scaling down an LVM-based Linux VM to enable RDM (Raw Disk Mapping) to the NexentaStor VM. I mitigated this issue by adding 3 new drives, one ATA based 500GB drive to host the actual virtual machine installations, and two new 1.5TB SATA drives for storage. I mapped these two new drives to the NexentaStor VM using RDM and set them up as a ZFS array. I then migrated data over the network from the old Ubuntu VM to the new storage VM. After a large portion of data was migrated, I diminished the size of the LVM to free up the 1.5TB drive, and disconnected from the old storage VM. I then mapped it to the new storage VM and added it to the ZFS array. I then migrated the rest of the data and deleted the old storage VM.

So, my data storage needs are met for now. Unfortunately, the original 1TB drive has the ESXi installation on it, meaning I can’t format and add to the new ZFS array. I am considering the best approach to this, but it seems I’ll likely move the VM’s from the 500GB drive to the 1TB, disconnect all drives except the 500, and install ESXi to the drive. After this I would import the machines from the 1TB back to the 500GB drive. My concern with this approach is how to ensure that the physical ZFS disks import appropriately to the storage VM.

As always, post any questions in the comment section, or send me an email, and I’ll do my best to respond.

  1. http://www.kroesbergens.com/portfolio/2010/05/esxi-zfs-and-home-server-data-storage-part-1/
  2. http://www.nexentastor.org/

Posted in Technology.

Tagged with , , , , , .

1 comment

By Wes Kroesbergen August 10, 2010

Some Perspective on Google Ditching Windows

Just a quick note regarding the Financial Times’ report Monday1 about Google phasing out internal Windows client operating system usage, and Microsoft’s subsequent response2. Microsoft has retorted that Windows is indeed secure, and that the facts don’t support the assertion. Microsoft makes its defense by attacking its competitors, and highlighting a few things that Windows 7 ‘focuses’ on.

The point I’d like to make here is that Google may be phasing out Windows 7, not because of any inherent security flaws, but that it’s possible that licensing and maintenance costs are the driving factor to phasing out Windows. Perhaps Google feels that it could spend less effort maintaining internal security by using a Linux or Unix-based OS.

  1. http://www.ft.com/cms/s/2/d2f3f04e-6ccf-11df-91c8-00144feab49a.html
  2. http://bit.ly/cF3eNB

Posted in Technology.

Tagged with , , , .

No comments

By Wes Kroesbergen June 2, 2010

Summary of Steve Jobs at D8

Thought I’d post a quick summary of key remarks by Steve Jobs at D8, courtesy Engadget’s live coverage1.

Regarding Foxconn Suicides:
Steve: It’s a factory — but my gosh, they have restaurants and movie theaters… but it’s a factory. But they’ve had some suicides and attempted suicides — and they have 400,000 people there. The rate is under what the US rate is, but it’s still troubling.
Steve: We had this in my hometown of Palo Alto, copy cat suicides.

Regarding Search:
Walt: So last year we had a company called Siri, a search company…
Steve: They’re not a search company. They’re an AI company. We have no plans to go into the search business. We don’t care about it — other people do it well.

Regarding Press:
Steve: Well I think the foundation of a free society is a free press. And we’ve seen what’s happening to papers in the US right now. I think they’re really important. I don’t want to see us descend into a nation of bloggers. I think we need editors now more than ever.
Steve: I can tell you as one of the largest sellers of content on the internet to date — price it aggressively and go for volume. That has worked for us. I’m trying to get the press to do the same thing. They need to do it differently than they do it for print.
Steve: I think people are willing to pay for content. I believe it for music and video, and I believe it for the media.

Regarding Interaction with Computing Devices:
Steve: People laugh at me when I say it’s magical… but something has been stripped away and removed between you and the computer…

Regarding Pulitzer-winning Cartoon Censorship:
Steve: Yes… and political cartoons got caught in that. We didn’t think of that. So this guy submits his app and he gets rejected. We didn’t see that coming. So we changed the rule, but this guy never resubmitted… then he wins a Pulitzer Prize, and he says we rejected him. So, we are guilty of making mistakes. We’re doing the best we can, we’re learning as fast as we can — but we thought this rule made sense.
Steve: We’re doing the best we can, we’re fixing mistakes. But what happens is — people lie. And then they run to the press and tell people about this oppression, and they get their 15 minutes of fame. We don’t run to the press and say “this guy is a son of a bitch liar!” — we don’t do that.
Steve: 95% (of app submissions) are approved within 7 days…

Regarding Gizmodo:
Steve: Well a guy… who can say if he’s a journalist.
Steve: The person who took the phone plugged it into his roommates computer. And this guy was trying to destroy evidence… and his roommate called the police. So this is a story that’s amazing — it’s got theft, it’s got buying stolen property, it’s got extortion, I’m sure there’s some sex in there (huge laughs)… the whole thing is very colorful. The DA is looking into it, and to my knowledge they have someone making sure they only see stuff that relates to this case. I don’t know how it will end up.
Steve: You know, when this whole thing with Gizmodo happened, I got advice from people who said ‘you gotta just let it slide, you shouldn’t go after a journalist just because they bought stolen property and tried to extort you.’ And I thought deeply about this, and I concluded the worst thing that could happen is if we change our core values and let it slide. I can’t do that. I’d rather quit.

Regarding TOS Change for Analytics:
Q: You changed your TOS on analytics — do you want to own that for developer’s data?
A: Well we learned this really interesting thing. Some company called Flurry had data on devices that we were using on our campus — new devices. They were getting this info by getting developers to put software in their apps that sent info back to this company! So we went through the roof. It’s violating our privacy policies, and it’s pissing us off! So we said we’re only going to allow analytics that don’t give our device info — only for the purpose of advertising. But you can’t get info off of our devices and turn around and sell it. That you can’t do… is that clear?
Q: It is, but there is vital info there that could make apps better…
A: That’s true… but there’s no excuse for them not asking customers if it’s okay to send that data. We’re willing to talk to some of these people when we calm down… but it’s not today.

Regarding DRM-ed Content:
Q: I bought the movie Up on DVD, it had a digital download. I put it on my iPad. I hooked up my VGA adapter and tried to play it… but I couldn’t because of HDCP. Can you tell me how you’re helping with this?
A: We didn’t invent this stuff…
Q: But you did deploy it…
A: Well the content creators are trying to protect this stuff, and they’re grabbing at straws. Sometimes they grab the right ones, and sometimes they don’t. If we want access to this stuff, we have to play by some of their rules. I feel your pain.

Regarding TV:
Q: Hi, I’m from Hillcrest Labs… do you think it’s time to throw out the interface for TV? When will Apple do something there?
A: The problem with innovation in the TV industry is the go to market strategy. The TV industry has a subsidized model that gives everyone a set top box for free. So no one wants to buy a box. Ask TiVo, ask Roku, ask us… ask Google in a few months. So all you can do is ADD a box to the TV. You just end up with a table full of remotes, a cluster of boxes… and that’s what we have today. The only way that’s going to change is if you tear up the set top box, give it a new UI, and get it in front of consumers in a way they’re going to want it. The TV is going to lose in our eyes until there is a better go to market strategy… otherwise you’re just making another TiVo.
Q: In the phone area you were able to partner with a carrier… would you do that with TV?
A: Well then there’s a problem, providers are local… it’s a Tower of Babel problem…

  1. http://www.engadget.com/2010/06/01/steve-jobs-live-from-d8/

Posted in Featured Articles, General, Technology.

Tagged with , , .

1 comment

By Wes Kroesbergen June 1, 2010

Facebook

I hate Facebook. I hate their constant changes to UI without adequate customer feedback. I can’t stand the deteriorating usability they introduce with each update. The frequent updates to the terms of service force me to give up more control over my data each update. The usability of their account and privacy controls are absolutely appalling. The cavalier attitude of their young and immature upper management toward their customers is disgusting. The way they introduce changes to access levels/privacy settings and open up their client data is disgusting.

I don’t trust Facebook. Never have, and never will. Unfortunately, with their actions they’ve lowered my trust from minimal levels to less than zero.

Unfortunately, they’ve got me by the cajones. Their client base includes my connections. I have to decide whether my distrust of Facebook is great enough to sever my easy access of up to date information from those close to me. How important is that data to me?

Posted in General.

Tagged with .

2 comments

By Wes Kroesbergen May 14, 2010

ESXi, ZFS, and Home Server Data Storage – Part 1

UPDATE: It seems I may be re-evaluating my choice of OpenSolaris vs. Nexenta. I’ve experienced a lot of issues with SMB/CIFS authentication on OpenSolaris, and have not been able to get it to work properly. I’ve also had a reply from a commenter assuring me as to the stability of Nexenta 3. I’ll post again once I’ve re-evaluated my choice of SAN OS.

A few months ago I wrote1 about a new home server I was setting up. I designed the server from ground up to handle VMware ESXi 4.0. When I built it I did not build in data redundancy, as I had two mismatched drives (a 1.5TB and a 1TB). Also, because I was relatively new to ESXi, I created the datastore with default block sizes, limiting me to 256GB virtual disk file sizes. I used Ubuntu Linux to link the virtual disks together with Logical Volume Manager (LVM), and create one big mount for my data storage. Unfortunately, the 2.5TB volume is now full.

With a full server volume, nothing would seem more obvious than to go out and buy more storage. So, I went out and bought two 1.5TB disks (I don’t believe that 2TB drive sizes have hit the optimal price point yet). On my way home however, I realized that I now have the capacity for almost 5.5TB of storage. If one physical drive were to crash, I would not only lose the data that was on that drive, I would also lose my entire dataset. LVM does not handle missing drives, so the entire logical volume, with all my data on it, would be gone. This is far too much risk, and I decided to build in data redundancy.

With that in mind, I began to consider various options. The motherboard’s BIOS supports RAID 1,0, 10, and 5. Of those options, I would prefer a RAID5 configuration, as it offers the best capacity/redundancy ratio. Unfortunately however, I’ve already got ESXi installed on the existing 1.5TB drive, and the data between it and the second drive must remain intact. I don’t know how well ESXi would handle a sudden BIOS change to a RAID configuration. Also, after some reading, I found that it was likely that drivers would be required in the OS install to support the RAID configuration. There are too many unknown variables to risk my data with a BIOS RAID configuration change.

The next option I considered was a software level RAID5 implementation, one where I’d have a virtual machine handle the RAID5 control. Unfortunately however, this approach also has its drawbacks. RAID5 requires 3 drives of the same size to setup. I have 3 1.5TB drives right now, but one of them is full of data, including my ESXi host install. I would have to create a deteriorated RAID5 array with two drives, install another physical drive for the ESXi host install, import my original ESXi host configuration to the new host install, move my data to the new array, then move the actual client OS virtual disk to the new physical drive. After that point I could wipe the original 1.5TB and add it to the RAID5 array. I would be left with the 1TB to use for other purposes. During this whole process praying that something does not mess up the LVM i the Linux install. All in all, a very messy endeavor. Too much risk, both with the data itself as well as with the host/client OS installations.

Since a RAID configuration seemed to be out, I looked for other ‘outside-the-box’ solutions. Obviously it would have to be a disk/file level solution, as LVM with virtual disks wasn’t going to cut it. Then I remembered looking at ZFS2 (a file system format) a couple years ago. ZFS offers great data redundancy for little disk cost, flexibility, compression, good performance, and a host of other things (things most non-technical people wouldn’t care about). The stability of the filesystem has come a long way since I first looked at it (it was more proof of concept at the time), to the point where I would trust my data with it. ZFS seemed to fit my current needs and network conditions perfectly.

Now that I’d decided on ZFS as my new network storage solution, I had to decide how I was going to implement it. Because it was developed by SUN Microsystems, there are licensing quirks that have kept it from being incorporated into the Linux kernel. There is however, an implementation via the FUSE project. I could potentially install it into my Ubuntu media server virtual machine, and have a relatively easy transition. After some investigation however, I felt that ZFS-fuse was still too much of a hack for me to trust my data with.

The only other real ZFS options were FreeBSD, OpenSolaris, and a project called Nexenta3. Nexenta is a Gnome (Ubuntu-like) user land built around the OpenSolaris kernel. This initially attracted me quite a bit, as it seemed to perhaps be the easiest way forward. Two things kept me back however. One, the version of Nexenta that offers deduplication support for ZFS is currently labeled beta. Two, because it was built around the OpenSolaris kernel, there would be a lot more hacking required if I was going to try to replicate my Ubuntu media serving services. At this point I realized that it would be easiest to keep my Ubuntu media server, and just point its data volumes to another VM’s network share, as though the other VM was a SAN. So, I decided that Nexenta was more than I needed, and that it was targeting a different person than I. Add to that the lack of deduplication, and Nexenta was out.

The other two ZFS options were OpenSolaris and FreeBSD. Since I’m a Max OS X (built around BSD Unix) power user, it seemed the most attractive option. On doing some analysis however, it seemed that OpenSolaris had better support and a better-performing ZFS implementation. Consequently, I’ve decided to go the OpenSolaris route for my virtual SAN.

I’ll post Part 2 over the next week or so. Part 2 will cover the actual implementation (still in progress), and some of the challenges encountered.

  1. http://www.kroesbergens.com/portfolio/2010/01/vmware-esxi-as-a-media-server
  2. http://en.wikipedia.org/wiki/ZFS
  3. http://www.nexenta.org

Posted in Technology.

Tagged with , , , , , , , , , , , .

6 comments

By Wes Kroesbergen May 12, 2010