A decade ago, four young men changed the way the world works. They did this not with laws or guns or money but with software: they had radical, disruptive ideas, which they turned into code, which they released on the Internet for free. These four men, not one of whom finished college, laid the foundations for much of the digital-media environment we currently inhabit. Then, for all intents and purposes, they vanished.
Earlier this week, CNET ran an article critical of the permission model of the Android Market. Google’s response to the criticism was that “each Android app must get users’ permission to access sensitive information”. While this is technically true, one should not need a PhD in Computer Science to use a smartphone. How is a consumer supposed to know exactly what the permission “act as an account authenticator” means? The CNET opinion piece “Is Google far too much in love with engineering?” is quite relevant here.
Google does far too little curation of the Android Market, and it shows. Unlike Apple’s App Store, the Android Market has few high quality apps. A study by Larva Labs (the developers of the excellent Slidescreen app) estimates that Apple has paid out 50 times more money to developers than Google has. While the Android Market is available in 46 countries, developers can only offer paid apps in 13 countries (for instance, Canada has only had access to paid apps since March 2010). In addition, the price for foreign apps is not displayed in the user’s local currency and developers do not have the option of customizing pricing by country. To make matters worse, you can’t pay for foreign apps using your Amex card or carrier billing. There’s also no support for in-app payments and changelogs (to communicate app changes).
Below are just a few examples of what’s wrong with the Android Market. Those 144 spam ringtone apps (which are clearly infringing copyright) are currently cluttering the top ranks of the Multimedia category. I was not surprised to find that they were being monetized through Google Ads.
Trademark and copyright infringement is widespread in the Android Market:
The music downloading app “Tunee” (one of many such apps) is one of the Top Free apps in the Multimedia category with more than 250k downloads. While some would dishonestly try to pretend that such apps are meant for downloading public domain classical music, the developers of Tunee are very clear about their intent. Their screenshot shows copyrighted music by the band Muse (Warner Music Group) being illegally downloaded.
These apps are damaging to companies that are building legitimate Android music apps (e.g Rdio, Spotify and MOG), not to mention Amazon whose MP3 store comes bundled with most Android phones in the U.S. Is Google’s strategy to turn a blind eye to illegal music downloading until they launch their own music store?
Developers and users are getting fed up and it’s time for Google to clean up the house.
Palm media sync is a feature of webOS that synchronizes seamlessly with iTunes, giving you a simple and easy way to transfer DRM-free music, photos and videos to your Palm Pre.(2) Simply connect Pre to your PC or Mac via the USB cable, select “media sync” on the phone, and iTunes will launch on your computer desktop. You can then choose which DRM-free media files to transfer.
Reading about this on blogs I’ve seen two clueless arguments being repeated:
Palm must be doing this in co-operation with Apple.
That must be why in Palm’s demo iTunes says “Syncing iPod” instead of “Syncing Pre” and Palm investor Roger McNamee called Apple a monopolist when Walt Mossberg asked how Apple is going to feel about this.
This is nothing new. RIM and Nokia have been doing iTunes sync for a while.
No, RIM and Nokia have offered their own software which reads the iTunes XML library file and syncs to their devices. That’s nothing like the Palm Pre which identifies itself to a PC as an iPod and syncs with iTunes directly instead of 3rd party software.
The following is worth noting in Palm’s press release:
(2) Compatible with iTunes 8.1.1 on Windows XP/Vista and Mac OS X version 10.3.9-10.5.7
That’s called covering your rear Translated from PR-speak we get: “Don’t expect this to necessarily work with iTunes 8.1.2”.
So how is Palm doing this? It’s pretty simple, really. We’ll start with the most basic question that doesn’t even involve the Pre: To a PC, what’s the difference between an iPod and a Kingston memory stick? The iPod has a specific USB Vendor Id that identifies it as being an Apple product and a USB Product Id that identifies it as being a specific iPod model. In addition, the iPod’s filesystem has a specific folder and file structure. Modern iPods also respond to a custom USB command that returns an XML file with information about the device.
So how has Palm most likely enabled the Pre to sync directly with iTunes? By doing the following:
- When you select “Media Sync” on the Pre, it will switch its USB interface to use Apple’s Vendor Id and the Product Id for a specific iPod model
- The Pre exposes a filesystem through Mass Storage Class that mimics the structure of an iPod
- The Pre responds to Apple’s custom USB command and returns XML info about the device
What can Apple do about this? When two parties implement an open standard, there’s usually some differences. In this case, there’s two implementations of a proprietary standard and it’s almost guaranteed that there will be differences. Apple will analyze the Pre and find out what those are. They will then be able to update iTunes to tell a real iPod apart from the “PrePod”.
Update: some people are linking to this Apple support article, claiming that’s how the Pre is able to sync with iTunes (of course, these people don’t actually explain the “how” since that would require them to know something about the subject). I didn’t even bother linking to that originally since I thought nobody would be technologically inept enough to use that as an argument: 1) That article has been archived and is no longer updated by Apple, 2) It applies to Mac OS X only, 3) The listed players are over half a decade old, 4) The reason those players were supported was because iTunes included CUSTOM CODE to support those players, 5) The Palm Pre’s iTunes sync capability works without installing any Palm software/plugins, 6) If the Palm Pre was using an iTunes API for 3rd party devices, then iTunes would be identifying the Palm Pre as a Pre, not as an iPod
Update: The issue has been resolved. See update at the bottom of the post.
In August 2004, I reverse engineered Apple’s AirTunes protocol and released JustePort, the first non-Apple application to enable streaming to the AirPort Express. Because of my work, Rogue Amoeba was able to develop their $25 AirFoil application – a much more user friendly tool for streaming to the AirPort Express. I didn’t have any problems with this – I released JustePort as open source so that others could build similar applications by learning from my source code. What I did not particularly like though was the product page for Airfoil, claiming “It’s not just for iTunes anymore”. This misleading statement, suggesting that Airfoil was the first tool of its kind and that Rogue Amoeba did the hard work to enable non-Apple streaming to the AirPort Express, has since been removed from the Airfoil product page.
I was reading Rogue Amoeba’s blog today and noticed that they’ve released a Linux version of their Airfoil Speakers application. Airfoil Speakers is a complimentary application to AirFoil that implements the server part of the AirTunes protocol. By installing Airfoil Speakers on a computer (e.g. your home theater PC) you can stream audio to it using Airfoil from another computer. The release of the Linux version of Airfoil Speakers piqued my curiosity so I downloaded it and had a look. It uses .NET and requires mono. I downloaded the Windows version as well and it shares the core with the Linux version.
I ran AirfoilSpeakers.exe (MD5: 82b7ef8c05958ccb6e24289c8b21a27c) from the Windows version through monodis to see if I could find anything interesting. I came across this:
.class private auto ansi beforefieldinit Utility
// method line 853
.method public static hidebysig
default void LeReverse (unsigned int8 arr, int32 index, int32 length) cil managed
// Method begins at RVA 0x104b6
// Code size 16 (0x10)
IL_0000: ldsfld bool [mscorlib]System.BitConverter::IsLittleEndian
IL_0005: brfalse.s IL_000f
IL_000a: call void class [mscorlib]System.Array::Reverse(class [mscorlib]System.Array, int32, int32)
} // end of method Utility::LeReverse
// method line 854
.method public static hidebysig
default void LeReverse (unsigned int8 arr) cil managed
// Method begins at RVA 0x104c7
// Code size 11 (0xb)
IL_0005: call void class AirfoilServer.AirTunes.Utility::LeReverse(unsigned int8, int32, int32)
} // end of method Utility::LeReverse
// method line 855
.method public static hidebysig
default void RijndaelDecrypt (unsigned int8 Buf, int32 Offset, int32 Count, unsigned int8 Key, unsigned int8 IV) cil managed
// Method begins at RVA 0x104d4
// Code size 80 (0x50)
.locals init (
class [mscorlib]System.Security.Cryptography.Rijndael V_0,
class [mscorlib]System.IO.MemoryStream V_1,
class [mscorlib]System.Security.Cryptography.ICryptoTransform V_2,
class [mscorlib]System.Security.Cryptography.CryptoStream V_3)
IL_0000: call class [mscorlib]System.Security.Cryptography.Rijndael class [mscorlib]System.Security.Cryptography.Rijndael::Create()
IL_0008: callvirt instance void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Mode(valuetype [mscorlib]System.Security.Cryptography.CipherMode)
IL_000f: callvirt instance void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Padding(valuetype [mscorlib]System.Security.Cryptography.PaddingMode)
IL_0014: newobj instance void class [mscorlib]System.IO.MemoryStream::.ctor()
IL_001c: ldarg.s 4
IL_001e: callvirt instance class [mscorlib]System.Security.Cryptography.ICryptoTransform class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::CreateDecryptor(unsigned int8, unsigned int8)
IL_0027: newobj instance void class [mscorlib]System.Security.Cryptography.CryptoStream::.ctor(class [mscorlib]System.IO.Stream, class [mscorlib]System.Security.Cryptography.ICryptoTransform, valuetype [mscorlib]System.Security.Cryptography.CryptoStreamMode)
IL_0031: ldc.i4.s 0x10
IL_0034: ldc.i4.s 0x10
IL_0037: callvirt instance void class [mscorlib]System.IO.Stream::Write(unsigned int8, int32, int32)
IL_003d: callvirt instance void class [mscorlib]System.IO.Stream::Close()
IL_0043: callvirt instance unsigned int8 class [mscorlib]System.IO.MemoryStream::ToArray()
IL_004a: callvirt instance void class [mscorlib]System.Array::CopyTo(class [mscorlib]System.Array, int32)
} // end of method Utility::RijndaelDecrypt
// method line 856
.method public hidebysig specialname rtspecialname
instance default void .ctor () cil managed
// Method begins at RVA 0x10530
// Code size 7 (0x7)
IL_0001: call instance void object::.ctor()
} // end of method Utility::.ctor
} // end of class AirfoilServer.AirTunes.Utility
That Utility class looks very familiar. Where have I seen those exact functions before? Oh, that’s right, it’s the Utility class licensed under the GPL from my DeDRMS and SharpMusique source code packages.
I can’t say I’m surprised. GPL’ed code is frequently used in violation of the license. MacTheRipper, a popular DVD ripper for MacOS X, has been violating the GPL for years by using libdvdcss and refusing to release the source code.
I’m not going to be too hard on Rogue Amoeba though. Unlike many Mac users, they are against closed platforms. See their blog post about the iPhone SDK as well as the future of code signing in MacOS X.
Update: Quentin from Rogue Amoeba got in touch via email. The code ended up in Airfoil Speakers due to an honest mistake. Quentin writes:
We use a lot of open source software in our products, could not make them as good as we do without it in fact. And as such, we do our best to make sure the licenses are followed. All our commercial software is GPL-free, some use LGPL’ed libraries, and some BSD/MIT code in places. We try to make sure all the code we use is correctly acknowledged, and give back when we can (http://rogueamoeba.com/sources/, www.rogueamoeba.com/utm/2008/01/12/perian-is-awesome/).
So we’ve put together Utility.cs-less versions of Airfoil Speakers to fix our GPL compliance. The Linux version we are pushing out immediately (it’s still in beta technically) here: http://bigblueamoeba.com/tmp/airfoilspeakerslinux/. The Windows version will be officially pushed out this week after testing, but is available right now here: http://bigblueamoeba.com/tmp/airfoilspeakerswindows/
A friend sent me this quote:
No way that “the market” forced Apple to do anything. Steve Jobs is the undisputed master of all reality. Surely Mac loyalists will find some way to spin this… I know! Steve didn’t want all that money anyway, so he decided to lower prices of his own volition. Surely he will soon lower prices on the iPhone and the iPod, right?
— Posted by Ed
We have an opening for an experienced C# developer at DoubleTwist:
You will be tasked with working on both our client software as well as server backend code. Besides coding, you will be responsible for assisting with documentation, building test plans, debugging software, providing design input, and helping in every way to ensure the successful rollout of each phase of the project.
Location: San Francisco
Opening: Reverse Engineering Monkey
We’re looking for a code monkey to work on our DRM interoperability technology. Must possess strong skills in the areas of cryptography, reverse engineering,
AJAX, code disassembly, code protection/obfuscation and software optimization. Experience domesticating penguins and eating apples is a plus.
Required skills include C, C++, x86 ASM, DRM and Windows APIs. Strong mathematical knowledge of algorithm analysis and implementation is desired. Minimum of 3 years of directly related experience.
Your favorite number is 0x90.
Location: Antarctica or your home country.
Opening: Senior Software Monkey
We’re looking for a senior code monkey to work on our audio/video products. Must have strong experience designing, implementing, debugging and optimizing userland applications. Multi-platform experience is desired.
Required skills include C, C++, C# and Windows APIs. Requirements include strong experience with current digital audio/video technology (MPEG4, H264 and AAC). Minimum of 5 years of directly related experience.
Location: San Francisco or Norway.
Steve Jobs has written an article titled “Thoughts on Music” in which he blames DRM entirely on the labels. Steve claims Apple wants to sell DRM-free music but the labels won’t let them. This of course flies in the face of reality. From an article in the NYTimes last month:
Among the artists who can be found at eMusic are Barenaked Ladies, Sarah McLachlan and Avril Lavigne, who are represented by Nettwerk Music Group, based in Vancouver, British Columbia. All Nettwerk releases are available at eMusic without copy protection.
But when the same tracks are sold by the iTunes Music Store, Apple insists on attaching FairPlay copy protection that limits their use to only one portable player, the iPod. Terry McBride, Nettwerk’s chief executive, said that the artists initially required Apple to use copy protection, but that this was no longer the case. At this point, he said, copy protection serves only Apple’s interests .
Josh Bernoff, a principal analyst at Forrester Research, agreed, saying copy protection “just locks people into Apple.” He said he had recently asked Apple when the company would remove copy protection and was told, “We see no need to do so.”
Apple’s statement is a detailed treatise on the subject, compared with what I received when I asked the company last week whether it would offer tracks without copy protection if the publisher did not insist on it: the Apple spokesman took my query and never got back to me.
It should not take Apple’s iTunes team more than 2-3 days to implement a solution for not wrapping content with FairPlay when the content owner does not mandate DRM. This could be done in a completely transparent way and would not be confusing to the users.
Actions speak louder than words, Steve.
The Financial Times has an article out about some of the movie studios trying to force Apple to increase the FairPlay restrictions.
But the studios are concerned about growth of digital piracy, which currently costs the film industry $3.2bn a year. They want Apple to make changes to the way iTunes works before they do a deal.
Specifically, they object to the fact that you can sync to an unlimited number of iPods.
Currently, content on iTunes can be uploaded to an unlimited number of iPods. This means people can freely copy music content by “synching” their iPods with their friends’ computers.
The studios are putting pressure on Apple to limit the number of iPods that can be used by iTunes on a particular computer. Limiting the number of video iPods used by any one computer to four or five will, they believe, deter professional content pirates.
That’s a huge vehicle for piracy! If it was actually true, that is. The notion that professional pirates (or any pirates for that matter) rely on this iTunes capability is ludicrous.
An iPod is paired with a single iTunes library. If I sync my iTunes library to your iPod, that content will get wiped out as soon as you sync your own library to your iPod.
Two facts conveniently ignored by the FT journalist:
1. iTunes doesn’t let you sync files from an iPod to a computer except for FairPlay files and you need the username and password for the account the FairPlay files were purchased under.
2. The fact that 3rd party tools exist to let you sync any file from any iPod to any computer does not matter. Why? Because a copy of a FairPlay file is useless without the username and passord for the account the file was purchased under.
To share a FairPlay file you also have to share the username and password. I doubt this happens to any measurable extent:
1. Your credit card is linked to your username and password (meaning someone else will be buying Britney Spears songs with your money, and more importantly, in your name).
2. Someone else will be using up one of your 5 computer authorizations.
Some people are upset about the Microsoft-Universal deal that gives Universal $1 for each Zune sold. Some are calling for a boycott. The controversy stems from the reasoning behind the deal. Doug Morris, the CEO of Universal Music Group, has been quoted saying:
These devices are just repositories for stolen music, and they all know it. So it’s time to get paid for it.
If you don’t like being accused of being a thief, you should obviously buy an iPod instead of a Zune.
This sticker is present on every iPod sold:
For comparison, the Zune sticker:
Hey, wait a minute… Let’s get started doing WHAT?