The Ouya is an Android-based games console design that's been floated on Kickstarter. It's done spectacularly well, garnering over $2.3MM in the first day (now closing in on $4MM), far in excess of its target of $950,000. So much money has been raised, in fact, that the project's founders are now asking supporters for ideas on what to do with all the extra: "The biggest thing for us right now: we are working on our stretch goals, what we can do if we raise more money. It might take us a few days to figure that out, and we want your help."
Ouya's pitch is pretty awesome: a handsome, blobjecty console that is built on free/open source software, free SDKs to level the playing field to developers, with no publishing, licensing or retail fees. They promise easy-to-root hardware, and warranty support for rooted systems, and openness to hacker-designed peripherals.
Have at it: It's easy to root (and rooting won't void your warranty). Everything opens with standard screws. Hardware hackers can create their own peripherals, and connect via USB or Bluetooth. You want our hardware design? Let us know. We might just give it to you. Surprise us!
* Tegra3 quad-core processor
* 1GB RAM
* 8GB of internal flash storage
* HDMI connection to the TV, with support for up to 1080p HD
* WiFi 802.11 b/g/n
* Bluetooth LE 4.0
* USB 2.0 (one)
* Wireless controller with standard controls (two analog sticks, d-pad, eight action buttons, a system button), a touchpad
Police Tape is an Android app from the American Civil Liberties Union that is designed to allow citizens to covertly record the police. When activated, it hides itself from casual inspection, and it has a mode that causes it to send its recording to an ACLU-operated server, protecting against police seizure and deletion.
Citizens can hold police accountable in the palms of their hands with "Police Tape," a smartphone application from the ACLU of New Jersey that allows people to securely and discreetly record and store interactions with police, as well as provide legal information about citizens' rights when interacting with the police. Thanks to the generosity of app developer OpenWatch, the ACLU-NJ is providing Police Tape to the public free of charge.
The ACLU says that an iPhone version is "coming soon," though it remains to be seen whether something so potentially controversial passes muster with the App Store.
PGP creator Phil Zimmerman has launched Silent Circle, an encrypted phone-call app for Android and iOS. The service will likely cost $20/month, for which Zimmerman does not apologize: "This is not Facebook. Our customers are customers. They're not products. They're not part of the inventory" (from CNet).
Silent Circle's planned debut comes amid recent polls suggesting that Internet users remain concerned about online data collection (or at least are willing to tell pollsters so), with Facebook topping health insurers, banks, and even the federal government as today's No. 1 privacy threat. Yet even after a decade of startups that have tried to capitalize on these concerns, consumers spending their own money remain consistently difficult to persuade that paying for privacy is worth it.
Zimmermann hopes to overcome this reluctance by offering a set of services designed from the start to be simple to use: encrypted e-mail, encrypted phone calls, and encrypted instant messaging. (Encrypted SMS text messages are eventually planned too.)
A court filing from an FBI Special Agent reports that the Bureau's forensics teams can't crack the pattern-lock utility on Android devices' screens. This is moderately comforting, given the courts' recent findings that mobile phones can be searched without warrants. David Kravets writes on Wired:
A San Diego federal judge days ago approved the warrant upon a request by FBI Special Agent Jonathan Cupina. The warrant was disclosed Wednesday by security researcher Christopher Soghoian,
In a court filing, Cupina wrote: (.pdf)
Failure to gain access to the cellular telephone’s memory was caused by an electronic ‘pattern lock’ programmed into the cellular telephone. A pattern lock is a modern type of password installed on electronic devices, typically cellular telephones. To unlock the device, a user must move a finger or stylus over the keypad touch screen in a precise pattern so as to trigger the previously coded un-locking mechanism. Entering repeated incorrect patterns will cause a lock-out, requiring a Google e-mail login and password to override. Without the Google e-mail login and password, the cellular telephone’s memory can not be accessed. Obtaining this information from Google, per the issuance of this search warrant, will allow law enforcement to gain access to the contents of the memory of the cellular telephone in question.
Rosenberg, in a telephone interview, suggested the authorities could “dismantle a phone and extract data from the physical components inside if you’re looking to get access.”
However, that runs the risk of damaging the phone’s innards, and preventing any data recovery.
Vlad Savov reviews Sony's Xperia S for The Verge. With a 1280x720 display, 12 megapixel camera and a dual-core CPU, it's the company's first major new design since buying out Sony-Ericsson. How does it do?
The Xperia S isn't a bad phone, it's just not particularly good at any one thing. I find this disappointing because Sony's brand ethos has always been about conquering the heights of technology, not settling for a moderately good device in the middle of the pack.
Dead on arrival, in other words. You can tell Sony is trying hard to catch up, however, because the edition of Android on it is only 14 months old.
My latest Locus column is "What’s Inside the Box," a discussion of whether owners, users or third parties should be able to know and/or control what their computers are doing:
The answer to this that most of the experts I speak to come up with is this:
The owner (or user) of a device should be able to know (or control) which software is running on her devices.
This is really four answers, and I’ll go over them in turn, using three different scenarios: a computer in an Internet cafe, a car, and a cochlear implant. That is, a computer you sit in front of, a computer you put your body into, and a computer you put in your body.
Writing in the NYT's BITS section, Brian X. Chen and Nick Bilton describe a disturbing design-flaw in Android: apps can access and copy your private photos, without you ever having to grant them permission to do so. Google says this is a legacy of the earlier-model phones that used removable SD cards, but it remains present in current versions. To prove the vulnerability's existence, a company called Loupe made an Android app that, once installed, grabbed your most recent photo and posted it to Imgur, a public photo-sharing site. The app presented itself as a timer, and users who installed it were not prompted to grant access to their files or images. A Google spokesperson quoted in the story describes the problem, suggests that the company would be amenable to fixing it, but does not promise to do so.
Ashkan Soltani, a researcher specializing in privacy and security, said Google’s explanation of its approach would be “surprising to most users, since they’d likely be unaware of this arbitrary difference in the phone’s storage system.” Mr. Soltani said that to users, Google’s permissions system was ”akin to buying a car that only had locks on the doors but not the trunk.”
I think that this highlights a larger problem with networked cameras and sensors in general. The last decade of digital sensors -- scanners, cameras, GPSes -- has accustomed us to thinking of these devices as "air-gapped," separated from the Internet, and not capable of interacting with the rest of the world without physical human intervention.
But increasingly these things are networked -- we carry around location-sensitive, accelerometer-equipped A/V recording devices at all times (our phones). Adding network capability to these things means that design flaws, vulnerabilities and malicious code can all conspire to expose us to unprecedented privacy invasions. Unless you're in the habit of not undressing, going to the toilet, having arguments or intimate moments, and other private activities in the presence of your phone, you're at risk of all that leaking online.
It seems to me that neither the devices' designers nor their owners have gotten to grips with this yet. The default should be that our sensors don't broadcast their readings without human intervention. The idea that apps should come with take-it-or-leave-it permissions "requests" for access to your camera, mic, and other sensors is broken. It's your device and your private life. You should be able to control -- at a fine-grained level -- the extent to which apps are allowed to read, store and transmit facts about your life using your sensors.
Here's a good brief look at the state of CyanogenMod, a free/open fork of the Android operating system that lets you do a lot more with your tablet/phone. I really like the way that CyanogenMod exerts force on the Android ecosystem: back when Google was unwilling to ship a tethering app (even for "Google Experience" phones like the Nexus One), CyanogenMod gave users the choice to tether. I think that the number of users who went to the fork freaked out both Google and the carriers, and in any event, tethering quickly became an official feature of Android.
Now CyanogenMod is toying with the idea of a Banned Apps store, consisting of apps that were banned from Google Marketplace for "no good reason" (generally because they threatened Google or the carriers in some way). It's hard for users to get upset about functionality restrictions that they don't know about, but once their friends get the ability to do more, they'll clamor for it, too.
And Google has a strong incentive to keep up with CyanogenMod's functionality: once you've rooted your device and installed a new OS on it for the first time, it's pretty easy to keep on doing it for future devices. I know I worried a lot the first time, and laughed through subsequent installs -- and the process just keeps getting easier. It's really in Google's interest that Android users not get the CyanogenMod habit, and the best way to prevent that is to keep up with CyanogenMod itself, even if it means sacrificing a little profitability, and that's good for users.
Given the success of CyanogenMod, it should be no surprise that the project is continuing to evolve and grow into new areas. Koushik Dutta, one of the CyanogenMod team members, would like to see an App Store for root apps and apps that are "getting shut down for no good reason." The idea seems pretty handy from a user perspective, and as Dutta points out, could even help fund the CyanogenMod project.
Apparently, Dutta approached Amazon with his idea of bundling their AppStore in CyanogenMod with the provision that Amazon would give CyanogenMod a portion of the sales. Sadly, Amazon brushed Dutta off, so it would appear that this isn't going to happen in the short term. Still, it appears there are a number of users on Google+ that are excited about the project, so hopefully it will come to fruition. Dutta's proposed store would be open-source so it would be available to any custom ROM, not just CyanogenMod.
Wuffabet is a new Android app for small kids: an ABC book with great illustrations and music and really cute animations (it also has some very good nonstandard animal choices, like U for Urchin (sea urchins), F for Flying Squirrel, N for Narwhal, O for Octopus, and Y for Yaffle!). It was created by Chad Essley, who's done animations for Sesame Street. A nice option for post-present-opening lulls and new phones/tablets.
Alan sez, "TechCrunch and others are reporting that a program called "Carrier IQ" that comes pre-installed on Sprint phones has some pretty amazing spyware capabilities, right down to keylogging everything you do on the phone."
Note the careful use of the words “record,” “provide,” “inspect,” and “report.” It’s obvious from this video that the application has access to the information in question, and whether it records, provides, inspects, or reports it is simply a setting they can choose. The purposes for which CIQ says their software is installed — identifying trending problems in the fleet, for instance — don’t seem to me to require the level of access the software has granted itself. Add this to the fact that users are not informed at any step of the fact that their information is passing through “quality assurance” layer (sometimes before the user layer itself is aware of it), and their indignant denial begins to ring hollow.
Furthermore, as many developers have pointed out, the mere presence of the software is detrimental. Removing the software has reportedly improved performance and battery life. Furthermore, secure handshake information over wifi is passed through the software unencrypted, something that has little to do with carrier quality assurance. And if that information is cached even temporarily, that’s a security risk.
CarrierIQ, makers of the rootkit/spyware, threatened legal action against Trevor Eckhart, the researcher who reported on this, and backed down after EFF took up his case.
iFixIt tears down the Galaxy Nexus, the latest "Google Experience" phone (a phone that ships with a stock Android installation and no telco/manufacturer crapware installed) and finds it to be admirably tinkerer/repair-friendly. The device is held together with standard screws, and very few of the components are glued together, meaning that it will be fairly straightforward to repair.
The phone is meant to ship next week, and I've already pre-ordered mine (I'll let you know how it works out). I've owned two other Google Experience phones (the Nexus One and the Galaxy S) and been very happy with them.
Twitter has bought a company called Whisper Systems, who make a secure version of the Android operating system as well as suites of privacy tools that are intended to protect demonstrators, especially participants in the Arab Spring. Many speculate that the acquisition was driven by the desire to hire CTO Moxie Marlinspike, a somewhat legendary cryptographer.
At first blush, the move is a bit baffling. Twitter, the quintessential consumer internet service, would seem to have little need for a company that has revamped Android security from the ground up for business use. But the micro-blogging site may simply be acquiring Whisper Systems for its talent — including Marlinspike, who serves as the startup’s chief technology officer, and roboticist Stuart Anderson — and the two companies do have a certain affinity. Both pride themselves on the support they’ve provided to protesters in the Middle East.
Security and privacy guru Chris Soghoian believes Twitter may have brought Moxie Marlinspike into the fold because the micro-blogging site has developed a reputation for not having the best security. Marlinspike is an expert in SSL (secure sockets layer) encryption, and Twitter — which has yet to turn on SSL by default for all users — could use his skills to lock down its services and make life harder for phishers.
I've been worried lately about the crumbling infrastructure of the SSL system, and what it means for our ability to communicate in private, to conduct banking and ecommerce, and to have any assurance of identity online. I've been asking all the security/crypto supernerds I know about this for a few months, and to a one, they've mentioned Marlinspike's Convergence and said, effectively, "I'm not sure if it'll solve this, but there's nothing else I have any hope for."
Twitter Buys Some Middle East Moxie (Thanks, Larry!)
This LG mobile phone ad "event" projected a startling and well-conceived montage of 3D effects onto a building's facade in Berlin. It's all very spectacular and beautiful -- pretty amazing for an ad (though I can imagine that if a whole city were taken over by this sort of advertising every night, it would be rather tedious). Meanwhile, I seriously covet that projector, which is blasting out enough lumens that I wonder if it incinerates small insects that stray into the path of the beam. I could get into serious mischief with one of those.
LG Optimus Hyper Facade in Berlin - Long Version (Thanks, Dad!)
The Electronic Frontier Foundation has been investigating Silk, the web browser built into Amazon's new Android-derived Kindle Fire. Silk is billed as being a very fast browser, thanks to acceleration achieved by funneling all requests through Amazon's cloud servers. This may speed up network sessions, but it creates many privacy questions, since it means Amazon gets a view into your network sessions that it wouldn't otherwise have -- a copy of all the web-pages you receive.
But as Dan Auerbach reports, Amazon made some very good privacy choices in the design of Silk. First, the "acceleration" is user-configurable, and you can just turn it off if you're worried. Further, SSL connections are never intercepted, and Amazon only lightly logs your network sessions, and expires those logs after 30 days. The service isn't perfect, but it's got a lot to recommend it.
It is good that Amazon does not receive your encrypted traffic, and does not record any identifying information about your device. And there are other benefits to user privacy that can result from cloud acceleration mode. For one, the persistent SPDY connection between the user’s tablet and Amazon’s servers is always encrypted. Accordingly, if you are using your tablet on an open Wifi network, other users on that network will not be able to spy on your browsing behavior.
Amazon does not act like an anonymizing proxy, because it does not shield your IP address from the websites you visit or strip unnecessary information out of the outgoing request. Indeed, because the XFF header is set for HTTP requests, your IP is still passed through to the websites you visit. Other headers, such as the HTTP referer header, are set as normal. Thus, the website you are visiting using Silk has access to the exact same information that it would if you were using a normal browser.
Shares of beleaguered Blackberry maker Research In Motion dropped more than 5 percent today after the company tried to make up for a four-day BlackBerry outage by offering customers $100 worth of free apps and technical support. That outage was a quiet killer. But what should they have offered their loyal users? Other than an iPhone or an Android phone, I mean. Your suggestions welcomed in the comments.
I use Android because I don't trust Google. Sure, I trust and like individual googlers, and admire many of the things the company has managed – but I don't for one moment think that Google's management is making its decisions in order to make me happy, fulfilled and free.Android and iOS both fail, but Android fails better
I think there are good days when Google's management might believe that helping me attain those ends will make it more money, but if it were to believe that making me miserable would enrich its shareholders without alienating too many of its key personnel and partners, my happiness would cease to matter in the slightest.
So why use Android? Because it requires less trust in Google than using iOS requires that you trust Apple. iOS has one official store, and it's illegal in most places to buy and install apps except through this store. If you and Apple differ about which apps you need, you have to break the law to get your iPhone or iPad to run the app that Apple rejected.
Nielsen reports on market share for smartphones in the US, with an interesting split between domination for OS and domination by actual device. Google Android is currently the top operating system, at 39 percent, with Apple’s iOS at 28 percent, and the RIM Blackberry at 20 percent. "However, because Apple is the only company manufacturing smartphones with the iOS operating system, it is clearly the top smartphone manufacturer in the United States." iPhone has 28% of the market. All of this is based on June, 2011 data.
But Samsung's tablets – for no discernible reason – use a custom tip that isn't any of the standard mini- or micro-USB ends. Instead, it's a wide, flat connector, like the one Apple uses, but of course, it's not compatible with Apple's cables, either. I've already lost mine, run down the battery and now I can't use the tablet again until I find another one. I passed through three airports recently, and none of them had a store that stocked them.BTW, I did find a store that sold the Galaxy Tab proprietary cable, eventually, in the Miami airport. The wire cost $70, while standard USB cables were going for $3. What a rip-off.
I have phone charger cables in my office, my travel bag, my backpack and beside the bed. The very last thing in the entire world that I need right now is to have to add another kind of USB cable to all those places. The decision to use a proprietary connector in a device whose major selling point is that it is non-proprietary is the stupidest thing about the Galaxy Tab 10.1 – even stupider than calling it the "Galaxy Tab 10.1."
Likewise disappointing was the decision to omit the microSD card slot on the Wi-Fi-only version of the tablet. The 3G-equipped models come with a built-in microSD reader (handy to have, especially if you need to load some data onto the device and you've mislaid the stupid proprietary cable). This is integrated into the Sim assembly used by the 3G devices, and rather than leaving the empty Sim assembly in place and leaving the card-reader intact, Samsung removed the whole thing.