“Those who count on quote ‘Hollywood’ for support need to understand that this industry is watching very carefully who’s going to stand up for them when their job is at stake. Don’t ask me to write a check for you when you think your job is at risk and then don’t pay any attention to me when my job is at stake.”

As pointed out on the MPAA web site, Dodd is also a former US Senator from Connecticut. Surely he understood the implications of publicly confirming what we have always expected — that Hollywood spends a lot of money on politicans and expects a return on their investments. Rather than condemn him, perhaps we should be thanking him for putting this out in the open.

The movie industry, like many others, is facing a harsh new reality — one that, for the most part, they appear to be in denial about. Pushing for draconian, ill-informed legislation such as the Stop Online Piracy Act (SOPA) and the Protect IP Act isn’t the solution. Perhaps it’s time that Hollywood stop trying to purchase politicians and apply some creativity to their business model instead.

1) The iPad is beyond cool – it’s affordably cool. While the device may cost the same as netbooks and low-end laptops, consider the apps. $10 gets you Keynote — which last night flawlessly slurped in a .pptx from Microsoft PowerPoint. I put my final touches on today’s presentation and emailed myself both a .ppt and .pdf of the presentation.

2) As a device for mobile users, the iPad is light, has a battery life easily twice that of most laptops, and is virtually instant-on. The main drawback for writers is the on-screen keyboard, but with Bluetooth keyboard support the number of options continues to increase.

3) Mobile phone operators are slowly starting to provide affordable data plans for the iPad. In Canada they generally continue to screw their customers – the original $30 for 6GB iPhone plans are nowhere to be seen, but good deals will hopefully return as additional competitors enter the market.

4) Cloud computing is making remote access to virtual computers a cost-effective reality. With Citrix and Windows Remote Desktop clients available for the iPad, connecting to a remote computer with resources that far exceed that of any laptop is not only possible – it is about to become a commodity.

5) For many companies, the days of 3-year laptop refresh cycles are over as they seek all possible cost reductions. As a result, a new generation of workers are emerging: Those who are sick of lugging around heavy, old, and frustratingly slow laptops that have a negative impact on their productivity. (These same companies appear oblivious to the productivity losses and morale issues caused by their failure to provide decent tools to their employees, but let’s save that for another article.) Some workers now choose to use their own computer for work – and for many the iPad and virtual machine solution will be a winner. Some firms are embracing this, including updating their infrastructure to support corporate email on a variety of employee-owned devices.

In short, expect laptop sales to decline.

Apple seems to get this too — you won’t need a Mac or PC to set up, backup, or use your iPad or iPhone with this fall’s release of iOS 5.

April 27, 2011

Apple Q&A on Location Data

Apple would like to respond to the questions we have recently received about the gathering and use of location information by our devices.

1. Why is Apple tracking the location of my iPhone?
Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.

2. Then why is everyone so concerned about this?
Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a soundbite. Users are confused, partly because the creators of this new technology (including Apple) have not provided enough education about these issues to date.

3. Why is my iPhone logging my location?
The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.

4. Is this crowd-sourced database stored on the iPhone?
The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone. We plan to cease backing up this cache in a software update coming soon (see Software Update section below).

5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

6. People have identified up to a year’s worth of location data being stored on the iPhone. Why does my iPhone need so much data in order to assist it in finding my location today?
This data is not the iPhone’s location data—it is a subset (cache) of the crowd-sourced Wi-Fi hotspot and cell tower database which is downloaded from Apple into the iPhone to assist the iPhone in rapidly and accurately calculating location. The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don’t think the iPhone needs to store more than seven days of this data.

7. When I turn off Location Services, why does my iPhone sometimes continue updating its Wi-Fi and cell tower data from Apple’s crowd-sourced database?
It shouldn’t. This is a bug, which we plan to fix shortly (see Software Update section below).

8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data?
Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.

9. Does Apple currently provide any data collected from iPhones to third parties?
We provide anonymous crash logs from users that have opted in to third-party developers to help them debug their apps. Our iAds advertising system can use location as a factor in targeting ads. Location is not shared with any third party or ad unless the user explicitly approves giving the current location to the current ad (for example, to request the ad locate the Target store nearest them).

10. Does Apple believe that personal information security and privacy are important?
Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.

Software Update
Sometime in the next few weeks Apple will release a free iOS software update that:

• reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
• ceases backing up this cache, and
• deletes this cache entirely when Location Services is turned off.

In the next major iOS software release the cache will also be encrypted on the iPhone.

It’s an interesting concept, and it makes some sense.  But it also begs a question:  Why aren’t we allowing pharmacists to deal with non-urgent issues?

It makes little sense, especially for someone without a GP, to go to an Emergency Room or wait for hours at a walk-in clinic for a condition such as a simple infection.  We have experts at our local pharmacy counter with years of training and a knowledge of drugs that far exceeds most physicians.  In many countries they’re allowed to write prescriptions.  Why not not in Canada?

Kiosks are cool, and they have a role, but let’s leverage the professionals already out there first.

Some technological leaps seem clear, especially when viewed historically. For example, we speak of moving from the mainframe to the PC – from centralized to distributed processing – as if it happened quickly.  But in fact it took years and there were several steps and stumbles before PCs replaced “dumb terminals” in numbers.

For the past ten years VMware has been developing leading-edge virtualization technology.  In the early days it was primarily used by developers and geeks.  Then more powerful servers appeared on the market, RAM prices plummeted, and virtualization moved into the datacenter. The business case for server consolidation can be simple: Less hardware, fewer racks, and power savings. 

But virtualization is quickly moving beyond simple server consolidation. VMWare provides the ability to move a running computer between physical boxes without any downtime.  A new feature allows a running “computer” to execute simultaneously in lockstep on two different physical machines — if one fails the other simply takes over.  Security products will defend each virtual machine against attacks.  And this will all work with existing operating systems and applications.

This year VMWare is bringing true cloud computing to the enterprise, and with it comes the ability to implement highly available systems and solid disaster recovery. We’re about to witness the next major jump in computing technology.  Hold on tight, it’s going to be an exciting ride!

As a child, I remember watching Star Trek’s Lt. Uhura with her wireless earpiece.  Today I use a similar peice of “science fiction” in my car so that I can keep both hands on the wheel.  In a generation we’ve gone from rotary dial telephones to mobile phones with wireless headsets.  From landlines to VoIP.  From dollars to pennies per minute to call other continents.  From hurried calls home to videoconferencing with the kids using Skype.

The telephone has become universal across most of the world and in many places wireless services are slowly but steadily displacing Plain Old Telephone Service (POTS) lines.  It’s easy to understand why a young person moving out on their own may simply not feel the need for a land-line.  After all, their friends all just call (or text) their mobile.

I’m wondering what’s next.  Will the land-line survive?  For how long?

According to my tea leaves, we’re one generation away from the death of the residential telephone service because only a few things keep them alive:

• Mobile phones are too expensive in many areas.  While some US carriers are offering “all you can eat” plans, Canadian carriers aren’t there quite yet;
• Most residential alarm systems rely on POTS lines; and,
• Us ‘old’ people who are used to having them.

Over time, all these conditions will change.  I’ll be sure to save a touch-tone wall phone for the grandchildren — because they’ll probably never own one.

How will this impact your business?

Dear Google Docs user,

We wanted to let you know about a recent issue with your Google Docs account. We’ve identified and fixed a bug which may have caused you to share some of your documents without your knowledge. This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document. The issue only occurred if you, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. This issue affected documents and presentations but not spreadsheets.

To help remedy this issue, we have used an automated process to remove collaborators and viewers from the documents that we identified as being affected. Since the impacted documents are now accessible only to you, you will need to re-share the documents manually. For your reference, we’ve listed below the documents identified as being affected.

We apologize for the inconvenience that this issue may have caused. We want to assure you that we are treating this issue with the highest priority.

The Google Docs Team

A lot of people are understandably critical of Google.  But the reality is that systems built like this are doomed to suffer security breaches for three reasons:

• There is often little ‘engineering’ in ‘software engineering’.  People who design most of the world’s software are ‘software artists’ or ‘software developers’ and apply few, if any, engineering principles to the task.
• Users of these services don’t demand — and often don’t desire — a high level of security.
• The applications rely on a single layer of security.

But the purpose of this article is not to bash Google or software developers.  I’ve written software and I’ll be the first to admit that some of it was hacked together as fast as possible for the same reason lots of software is.  The vendors provide exactly what the market is asking for.  The real problem is us.

When it comes to computers, software and the Internet, we consumers are singing the famous Queen song, I want it all and I want it now. We want instant access to information from any computer. We want sharing it to be very easy. We want it virtually for free and it is never fast enough.  And we seldom consider security until something goes wrong.

For some information, security really doesn’t matter.  Most of my personal email falls into that category.  Sure, I’d prefer that others don’t read it, but reality is that the impact on me if they did would be really small.  I use Google Apps for two non-profits I’m involved with.  It’s free, reasonably reliable, and it’s not any less secure than using ISP email accounts. But, for other information, the security provided by Google Docs and other, similar services is woefully inadequate.

The problem is that security seldom is free and easy.  As long as we insist on being able to walk up to any computer, enter a username and password, and access our data, we will continue to see security breaches escalate.  Passwords are a very poor authentication mechanism and using them as the only line of security invites disaster.  But we continue to use them because they’re cheap and easy.

PayPal gets it, mostly because, in the financial world, poor authentication directly results in monetary loss.  If you’ve been following PayPal, you already know that they’re offering customers the ability to use their mobile phone or a (US)$5 authentication token to protect their account.  My guess is that PayPal has begun this as a voluntary measure in order to test it out and gain acceptance, and that they will make it mandatory at some point in the future, as well they should.

Some markets are different.  Medical, aeronotical, defence and financial software used by banks are noted exceptions.  Some security software is also very well designed.  But it’s because in those markets very bad things can happen when the software fails, so customers demand better solutions and are willing to pay for them.

The technology required to make file sharing like Google Docs highly secure has existed for more than a decade.  If we cared about security, our browsers would have the ability to encrypt and decrypt files built right in and we’d carry certificates and keys around on a smartcard or USB device.  When we wanted our documents, we’d plug in the card or device, use a certificate to authenticate to Google Docs and download the document. Then it would be automatically decrypted. If we cared, we’d use a product like the USB devices from MXI Security that can validate the user’s fingerprint right on the device before giving access. If we cared, we’d demand that Google and other software-as-a-service (SaS) providers apply sound engineering practices so that software bugs don’t result in security breaches.  And, if we really cared, we’d be willing to pay at least a bit more to get it.

But, for the most part, we don’t care.  And, until we do, these security breaches will continue.

The interview I did last month is now availible as a podcast at:

http://www.cfra.com/audio/podcast/tcs/tcs-2007-02-10.mp3