Wednesday, May 19, 2010

Google Android: When is free not free?

Free isn't free once it's become fodder for the IP patent trolls. HTC who is building an Android phone, now has to pay Microsoft for patent rights on that phone. And after Apple's lawsuit against HTC ends up getting resolved, I bet that they'll be making payments to Apple as well. Software patents give Microsoft and Apple the ability to punish Google for its audacity of entering the growing smartphone market. It's ironic that the only people who won't get paid for the HTC Android are the people who wrote the code in the first place.

I remember the first patently stupid patent I heard about was for an xor cursor (#4,197,590), when it was already in such common use everywhere it seemed ridiculous and offensive to patent it. Patents aren't supposed to be covering prior art, nor "obvious" inventions. That is one serious thing wrong with the software patent system. People who do open source development leave all their code out there to be examined and combed through. Combed through by lawyers for similarities to an existing patent arsenal.  When a developer is clearly ripping off someone else's work, then a software patent makes sense. But if it's already floating around in the either or its obvious, it shouldn't get patented. Neither of those things is anywhere near possible for the patent office to determine with any amount of rigor. It seems fundamentally unfair that the only people who get to profit from software inventions are the ones with the cash and the time to pursue the patent process: big sharks, not little fish.

I'm not arguing on the validity of Microsoft nor Apple's patents. They could all be great inventions and 100% absolutely legit. And it's not Google that I'm worried about for protection against patent lawsuits. They're plenty big enough to take care of themselves. And I'm sure that HTC can just bump up the cost of their phones by a few bucks to pay for all the patents they're now licensing or will have to license. It's all the other hordes of software developers creating open source software on their spare time using their goodwill.  Developers that don't have the time or resources to patent everything they've done. Developers who wouldn't know that what they're creating in the dead of night is accidentally similar to something in someone else's IP portfolio.

Watch out if your little pet open source project gets noticed. Patents aren't protection--they're a weapon in a software arms race. It's a minefield out there.

Thursday, May 13, 2010

Response to “Thoughts on Flash”

Steve Jobs’ recent comments about the refusal to use Adobe Flash on Apple mobile platforms have gotten some notoriety in the technical world.  Although Adobe CEO Shantanu Narayenhas has provided a response, the debate has led to some QNX customers asking if there are issues that would impact their embedded system designs that use Adobe Flash or the QNX Aviage HMI Suite.  There are not.  This letter will address the concerns raised by Mr. Jobs about the suitability of using Adobe Flash.

  • “Flash is a closed system.”

Mr. Jobs describes Adobe Flash as being “100% proprietary”, “only available from Adobe, and Adobe has sole authority as to their future enhancement, pricing, etc.”, and further comments about Adobe being closed.  However, that language would also describe the situation created by Apple. Apple controls the OS, the development tools, the development machines, the app store, the application approval process, and even the language used to create applications.  Objective-C is not used in any other environment besides Apple and is defined by Apple, just like ActionScript from Adobe. In itself, these facts are not an issue, since both companies develop and promote both proprietary and open portions of their technology portfolio.

However, Mr. Jobs goes on to talk about how Adobe Flash products are “available only from Adobe.” Whereas this statement is in fact true for Apple’s development products, it is not true for Adobe.  Adobe has published the definitions of the language, APIs, file formats and more.  In addition to the Adobe tools, there are a number of open source tools that are created and used by Flash developers, like the Adobe Flex SDK and Flash Develop (Flash IDEs), MTASC (Flash compiler), Ming (Flash library), Gnash (a GNU swf player) and Tamarin (a Flash VM with JIT).  Unlike the Apple environment, developers are able to do Flash development using open source and community tools, which is contrary to the “closed” stance that Mr. Jobs has mistakenly communicated.

  • “Symantec recently highlighted Flash for having one of the worst security records in 2009.”

Contrary to Mr. Job’s statement, the referred to report from Symantec does not claim that Flash has one of the worst security records.  Rather, it points out that the broader the software availability, the more likely that exploits will be attempted against that software.  More specifically the report notes:

“Because [IE and PDF] technologies are widely deployed, it is likely that attackers are targeting them to compromise the largest number of computers possible. Of the Web browsers analyzed by Symantec in 2009, Mozilla® Firefox® had the most reported vulnerabilities, with 169, while Internet Explorer had just 45, yet Internet Explorer was still the most attacked browser. This shows that attacks on software are not necessarily based on the number of vulnerabilities in a piece of software, but on its market share and the availability of exploit code as well.”

Analysis of the actual report is needed to explain what is being claimed by Mr. Jobs.  Symantec lists the five top web vulnerability targets as:
1)      Microsoft Windows SMB Remote Code Execution
2)      Adobe Reader and Flash Player Remote Code Execution
3)      Microsoft IE 7 Uninitialized Memory Code Execution
4)      Microsoft Windows ActiveX Remote Code Execution
5)      Adobe Reader Collab Javascript Remote Code Execution

Only vulnerability #2 might apply to an embedded deployment of the Adobe Flash Player, since #5 refers to PDF files using the Acrobat reader. However, the details of vulnerability #2 affect browser plug-ins only and not embedded systems, since it requires running a maliciously crafted .swf file (the compiled Flash binary) hosted on an attacker’s web site.  On an embedded system the .swf file content is completely static, and .swf files are created and controlled by the developers. Even in embedded environments that use a browser, the system would be protected from potential malicious execution by virtue of QNX’s microkernel architecture. Under the QNX Neutrino RTOS, the browser process is completely isolated from every other system process, and exploits like memory overruns that can be used to gain kernel privilege in a monolithic operating system are not possible.
Most importantly, the attacks in question have been patched for some time.  The number of attacks reported by Symantec in 2009 is actually not related to existing vulnerabilities, as the report further explains:

“Many of the vulnerabilities observed through Web-based attacks in 2009 have been known and patched for some time. For example, the Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness was published on August 23, 2003, and fixes have been available since July 2, 2004, yet it remains the second-ranked Web-based attack. This is likely because of the use of Web attack kits like Fragus, Eleonore, and Neosploit. These kits come bundled with a variety of different exploits, including some exploits for older vulnerabilities. Because an older vulnerability is likely to be included in more kits, it will probably be seen in more attacks than many of the newer vulnerabilities.” 

The number of attacks is not a correlation of actual vulnerability, as Mr. Jobs incorrectly assumes. There are no reports of Flash vulnerabilities when Flash is being deployed in an embedded system.

  • “Flash is the number one reason Macs crash.”

The idea underlying this statement comes from reports about process failures that users choose to send back to Apple.  It is worthwhile to note that these are not instances where the Mac OS itself is crashing, but instead are Mac programs that crash.  Those user reports identify browser plug-ins as the most frequent source of process exceptions.  Further information that details the specific errors that are received has not been divulged by Apple.  Since Flash is the most pervasive software platform, reaching 99% of Internet-enabled desktops, and the assumption that Flash is the most popular and widespread plug-in, then it stands to reason that it will be responsible for a larger frequency of plug-in failure reports.  If a crash occurred once out of a thousand times an application was run, but it was run one thousand times more often, it would show up with identical crash statistics as a piece of software that crashed every single time it was run.  This is not an indicator of software quality, but of the depth of software deployment.

Adobe’s chief technology officer Kevin Lynch says in an interview with PC Magazine that “Regarding crashing, I can tell you that we don't ship Flash with any known crash bugs, and if there was such a widespread problem historically Flash could not have achieved its wide use today."  Flash is deployed on many embedded devices that do not experience the crash results that Mr. Jobs has claimed.

  • “Flash has not performed well on mobile devices.”

This statement is not accurate, and reflects an outdated understanding of Flash. Current versions of Flash and FlashLite perform very well, and the Flash rendering engine can use hardware accelerated graphics on many platforms.  QNX has analyzed the performance of hardware accelerated Flash, observing a substantial speed up in most cases. External assessments of Flash 10.1 and HTML5 show that Flash compares nicely:

"When it comes to efficient video playback, the ability to access hardware acceleration is the single most important factor in the overall CPU load," concludes Jan Ozer, "On Windows, where Flash can access hardware acceleration, the CPU requirements drop to negligible levels. It seems reasonable to assume that if the Flash Player could access GPU-based hardware acceleration on the Mac (or iPod/iPhone/iPad), the difference between the CPU required for HTML5 playback and Flash playback would be very much narrowed, if not eliminated."

  • “Fourth, there’s battery life.”

Mr. Jobs provides little evidence that Flash’s battery consumption is poor.  He instead explains the problem as fundamentally related to how people host their video content. Even this unrelated assumption is based on an incorrect understanding of Flash capabilities, namely that the Flash player does not support H.264 video format (which has been supported in Flash since 2007).

Video playback aside, most embedded Flash execution that concerns itself with battery life will be under control of the developer. FlashLite has been used for the user interface for mobile phones from Samsung, Sony Ericson, and LGE, shipping on over a billion phones, and is very capable of performing with optimal battery life.

  • “Flash was designed for PCs using mice, not for touch screens using fingers.”

This is true, but it is also true for Apple’s technology.  However Adobe Flash, just like Apple’s development environment, was easily retrofitted to handle touch screens.  QNX has demonstrated many Flash based systems that employ a touch screen.

In summary, the claims levelled by Steve Jobs towards Flash are either not substantiated or untrue.  Adobe is fundamentally a cross-platform tool, which is noted by Mr. Jobs himself several times, and as a cross-platform tool it enables leveraging development effort across multiple platforms.  This means that developers using Adobe Flash would not be locked into the iPhone or iPad development target, and would be able to use their software efforts across a broad base of devices. It would appear that Mr. Jobs’ stance against Flash is for business reasons, not technical ones. Gartner research vice president Ray Valdes provides a similar assessment towards the purpose of this attack:
"This is not about technology. The criticisms from Apple about Flash can also be applied to many other systems that Apple has not directly opposed. Therefore Apple's stance appears driven by their business need to protect the iPhone platform against the threat of a cross-platform competitor."

Friday, May 7, 2010

ARM wrestling with Intel

I got passed this very interesting article by a colleague. It talks about the uphill battle Intel faces breaking into the smartphone space, primarily due to being a big monopolistic company that can survive only on high profit margins. Just as interesting is the huge variety of primarily well-thought-through comments below the post.

Why Intel Will Be a Mobile Loser

Tuesday, May 4, 2010

RIM breaks into top 5 cell phone makers

Now that I'm part of RIM, I'm a lot more sensitive to RIM-related news as you might guess. Like this: Reuters analysis of Smartphone market: RIM makes top 5. This happy little tidbit explains how RIM has finally broken into the top 5 cellphone makers, edging out Sony Ericsson.

Software is the key thing that differentiates the top smart phones from the rest of the pack. That puts the pressure on LG and Samsung, who haven't been traditionally strong in that area. And HP just acquired Palm to get the Pre software. It's going to be an interesting summer...

What's the newest Blackberry going to look like? Take a peek at this, announced last week at WES 2010:
Blackberry OS 6 preview video. One of my smart-alec coworkers said that apparently you have to learn how to dance to use the phone. Naw. You just have to like the Black Eyed Peas.

Atmel OS Survey

If you're using an Atmel board with QNX, please take this OS survey from Atmel.
Atmel Community Page, middle right-hand side, and vote for QNX.

I think the fact that the survey requires a registration may be putting people off, but I know you're out there.  Come on, show your support!

QNX at ESC 2010

Not an especially inspiring blog title, but maybe I'm still adjusting to the time zone change.  I just got back from the Embedded Systems Conference in San Jose last week, and it was a good show for us.  We showed the LTE Connected Car, based on our QNX CAR Application Platform. That was interesting enough that we got included in a video montage for the keynote on the third day.

ESC Keynote video, Day 3

(forward to 1:30 for my 15 seconds of fame :-)
Blue lighting for this show.  All... my... friends... know the Low Rider.

Also at this show was a demonstration of balancing an inverted pendulum.  Yes, we still do real-time.  Here's the shaky-cam version of it, with me giving it a couple pokes to show that it's really working.


Now, what went wrong? Nothing major, but end of the show was hectic. The fit between the lightboxes under the car was very tight. Enough air escaped from the tires where we had to manually lift the car to slide the boxes out during the show tear-down.  (Thanks Dave and Dave!)  We had to ship stuff from the show directly to Japan and Germany, which our shippers said they couldn't do, although our event coordinator Alison had checked with them first and they said they could.  So we had to literally run a bunch of stuff over to Kinkos.  (Thanks Kinko's crew!)  And ESC scheduled me for a presentation after the show ended. Yes, that's right. Right in the middle of the shipping and booth teardown was my presentation about Smart Screens. How completely stupid is that? Obviously, I didn't have great attendance--just a handful of diehards to hear me talk about solving design issues with Smart Screens, using our Smart Energy Reference Design as a use case. (Thanks to you who stayed for my talk!)

I rushed off right after the talk to attend the San Jose Sharks vs. the Detroit Red Wings, with just minutes to spare.  (Thanks Kroy and Ali!) I was one of the ten people in the stadium rooting for Detroit, but unfortunately we lost. There's still some time to make it up--go Wings!