This piece was originally posted on AVnation.tv in July of 2017.
A frequent topic for me is reacting to challenges. The reason for discussing these topics is that from my experience, things going wrong is what impacts projects and people the most. These issues cause extra costs and possibly impact project deadlines. Obviously, problems will happen, the key concept is to understand the cost of a problem. While some things are intangible, such as opportunity cost, the perception of the company, and customer satisfaction. There are costs that are measurable, the cost of the employees time, the cost of travel, expedited shipping fees for replacements, and the overhead costs for these tasks.
At times not all of these costs are considered when evaluating solutions. Several years ago I was traveling for a project when my laptop had a hard drive failure. I thought about the cost that this failure could be under different circumstances. There were multiple solutions I evaluated:
Take the laptop to a service center to have the laptop fixed
Replace the hard drive and reinstall the operating system and all of the applications
Have a laptop shipped from the office
Purchase a computer
Which one would you pick?
I decided to purchase a low-cost computer, The reason was considering the other costs involved an extra day in the field costs more than a computer. There would not be a delay waiting for the laptop to be serviced or be shipped from the office. There would not be the time taken to install the operating system.
The calculation to come up with that solution was looking at all the impacted items. I started thinking about travel costs, I would need an additional hotel night (US$150). There would be additional costs of meals (US$40). The charge of an extra day of the rental car (US$40). The dollar amount to change the flights (US$150 service fee & ~$125 fare difference). The one that was hard to quantify, the cost to the relationship with the customer. The other key one, my time away from home. The cost was over US$500 from the travel impact alone. Of course, these numbers vary quite a bit. I purchased a computer with Windows installed and the level of processing power needed for under US$500. for the curious, it was an Intel Next Unit of Computing or NUC. The other item I thought about is that buying a NUC meant that I would have a spare computer after the project instead of spending the same amount of money for travel.
I now travel with a second computer the vast majority of the time. It could be the NUC or my personal laptop.
The cost of US$500 for a one-day solution of buying a new computer was the most practical option. It would not appear at first glance to be that way. It could be another scenario such as purchasing a product at a local store instead of going back to the shop to get the same product. The cost of time and mileage might be more than the difference in price between paying the retail price instead of the dealer price. Truly understanding the complete cost of a solution may change the solution that is chosen.
Thanks for reading and I hope this helps you be aware of the true costs. Now if you will excuse me, I need to backup work I did today while traveling…
Note: This column in no way, shape, or form, provides legal advice or counsel; neither implied or otherwise. It is highly encouraged and recommended that you consult an attorney or legal authority for advice.
The topic of who owns the code used to control a system has been covered quite often by various people and in various circumstances. The question is basically this, “If someone configures a computing system using various commands, who owns the sequence of commands?” Yes, I phrased it that obliquely on purpose. Part of these discussions are based on the idea that computer code can be considered the same as other text, books, magazines, plays … etc and as such can be protected by copyright. At the same time that approach to code means that it can be considered a work for hire and owned by the person commissioning the work. The opinion of code being equal to text was put forth August 30, 1983 under the case of “Apple Computer, Inc. v. Franklin Computer Corp.” This illustrates just how long this debate has gone on. This topic has been discussed on AVNation™ multiple times, Controlling the Code for instance, the Association of Software Professionals has posted an opinion, Mark Coxon has opinions, and many others as well.
I believe that there are additional items to be considered. The courts have ruled that the user interface and operation is not protected under copyright. This case took place in 1996 between Lotus Development Corp.and Borland International, Inc. about porting macros between competing software packages, this required using the same menu structures. The fact that one may copy the operation of an interface is an important item as well. The design and look of software interfaces can be protected, but not the actual operation. This case law means that one cannot copyright the process of pressing play, but can copyright the look of the play button itself. A minor but important distinction, one can copyright the appearance.
These topics get more interesting with the proliferation of open source code and code sharing. Various manufacturers use Microsoft and Linux products as part of a basis for their software. Then there is also code covered under the GNU General Public License that also requires companies to make available the code that they used and modified to the general public.
There are also usage rights to consider as part of this discussion. If one programs a control system for a single conference room or classroom, does the end user have the right to redeploy that code multiple times into other hardware? One of the common approaches is to license the software, specifically outlining how the software may be used. There are others that feel the software is a work for hire, as such the person paying can use it however they want. It is a tangled web of questions and opinions.
I can continue to go on about all the different items to consider, but I am confident that there will never be a solution that works for all situations. Even within AVNation we disagree over how to handle code ownership and licensing.
There is one solution that I can recommend without hesitation. Define and document the ownership and usage rights for the software as part of the scope of work and pricing negotiations. If it isn’t documented before any questions occur it is much more difficult to evaluate and understand.
Thanks for reading, I am off to go read some End User License Agreements. Oh look Bose, Crestron, Harman, TiVo, Microsoft, Apple … ad infinitum all use code that is open source. I wonder how that impacts this discussion.
Recently Tim Albright, of AVNation, and I were debating about the grammar of a sentence. Yes, that is what we do when looking at the website and looking for challenges that can be improved. While I might be cranky quite often, I do not want to berate and attack people with incomplete data. I took the sentence in question and ran it through the Grammarly service. It is one of the highest rated online grammar checking sites. Sure enough, Grammarly indicated that the phrasing of the sentence was correct. The sentence in question is, “Fall of 2015 Josh Srago, Kirsten Nelson, and I was attending the national sales meeting for AVI Systems, an integrator headquartered in Minneapolis.” Grammarly indicated the word ‘was is correct, both of us thought it should be ‘were’. Changing the sentence to, “During the fall of 2015 Josh Srago, Kirsten Nelson, and I were attending the national sales meeting of AVI Systems, an integrator headquartered in Minneapolis.” changed the results. The word ‘were’ is now correct.
How does this story relate to audio, video, lighting, or control? The point of this parable is that software is very fallible. To trust software without checking the validity or sensibility of a result can often be a problem. Many of us have heard tales of GPS based computer directions gone wrong, the same thing can happen in almost any piece of software.
Many AV technicians use software packages designed for making room measurements. These are great tools to help with compensating for room acoustics and speaker performance. I have seen and heard people watch the screen of the software while measuring the room response. They then adjust the digital signal processor to compensate, using all the filter points to get the line looking like they want. It looks like it sounds great. Then comes the listening.
The results are not very pleasing. But the software says it is right, so it must be. All of the available 256 filters were used. Does it sound good? That can be subjective but we all know that things can sound good or bad. There is the answer that one must consider the variable of where the measurements are being taken. To overly simplify, the phrasing of the overall sentence is the same as the location of a test microphone.
To me it comes down to something Steve Greenblatt and Brock McGinnis have been discussing on Twitter, experience. The software will not always give the desired result. Every so often one should step away from behind the software and listen in the run. Do not be afraid to trust your ears, eyes, and brain to verify what the software is indicating. Now if you will excuse me, my time measuring software says it is time for playoff hockey. Based on the position of the sun, I find that it is showing a reasonable time value.
A version of this post was orignally published on AVNation.tv
Once again, the Federal Communications Commission is changing the way that Internet traffic will be handled within the United States. FCC Chairman Ajit Pai at the Newseum in Washington, D.C. on April 26, 2017, gave a speech entitled, “The Future of Internet Freedom.” During this speech (transcripts) Chairman Paj put forth the idea that Internet Broadband communication should not be covered under Title II. This statement means that the broadband or Internet Service Providers can treat different data, differently.
Currently, under Title II many of the services we use as part of the AV Industry are covered and protected as it prevents service providers from throttling the speed of connections for most traffic. Virtual Private Networks (VPN) and other services are not part of this protection. What this means is that your local Internet provider must deliver all the network traffic with limited traffic shaping or control, it is called the common carrier principle, and it is what applies to the phone system. That principle is what allows one to dial from an AT&T connection to a Sprint connection. Through the suggested repeal of Title II for Internet traffic, that is no longer the case. The service provider can change the rates of data and which data gets through based on almost any criteria they chose. Now comes the question that everyone is thinking, “Sure Bradford, you and Josh talk quite often about Net Neutrality and Privacy quite a bit. How does this impact me? Why do I care?”
am glad you asked. Allow me to provide a simple real world example. Comcast offers packages of bundling certain applications and services with their high-speed Internet connectivity. For example, if you look at the Comcast Business Internet pages you will see packages for some services that they offer. I am going to use the backup services in this model as it is something I have done already for myself. On the product page, they talk about “Cloud Based Solutions℠ – Online Backup and Storage.” The services that they offer packages with for Online Backup are Carbonite and Mozy; I can not find Comcast’s storage solutions. There is a difference between backup and storage. Backup indicates that the data on a device will be regularly copied to a separate location. If the original is deleted, it will also be removed from the archive or backup after a period of time. Online storage means the storing of data whether deleted from the original or not. A user may remove it manually, but it will not be purged automatically if the original is removed.
For that reason, as well as others such as data durability, I decided not to use either of these services; I use JungleDisk. I have a single account and application that supports both data backup and data storage. I place files that I need easy access to on the JungleDisk Storage; I configured JungleDisk Backup software to backup my computer once a day.
Here is where Net Neutrality comes into play. Under the Title II ruling that Internet connectivity is a utility, most Internet traffic is processed equally. However with the repeal of the Title II that would change. It would mean that Comcast would have the ability to throttle or slow my communication with JungleDisk, reducing my success with the service. At the same time, they could prioritize traffic to their partners at Mozy and Carbonite. I am not indicating that they have or that they would, I am saying that they can. It would basically force me to use one of Comcast’s partners’ service instead of the one that I chose if I want an efficient process.
Without the protection of Title II, it would fall to me to prove that my traffic is impacted. One would also have to document that it violates the agreed upon terms of service from the Internet provider. After those two hurdles, it would be up to the Federal Trade Commission to investigate if the issue is an unfair trade practice.
All of these items are retroactive, except for Title II engagement. Under Title II it is proactively indicated that the favoring of traffic has a much more stringent set of guidelines and is designed to prevent the problem from happening in the first place.
The post originally appeared on AVNation.tv April 27, 2017
At the time I wrong this piece I was employeed by Harman Professional which was a competitor of Bose. Harman has similar policies I disagree with. As a result while I have both brands’ products I do not run their software – September 13, 2020
This time last week (April 18, 2017) a class action lawsuit was being filed in the United States District Court for the Northern District of Illinois, Eastern Division claiming that Bose collected data without telling their users that they were. You can read the complaint (17-cv-2928) on the Sribd service. My previous writings have shown my preference for privacy in the digital age. I do not like that Bose is collecting that much information about its users. It might be legal and an accepted business practice at the moment, I still don’t like it. [Bradford’s note: I do work for a competitor. This discussion is about data tracking not products. I don’t use some of my employer’s software because of the data tracking policies.]
When I started this piece, I indicated that I was going to come out supporting Bose and their situation. However, in doing research for the column, I have changed my mind. Bose was very close to having done the right thing, telling people what they were monitoring. However, they did not quite get it right as they had inconsistent information available. What they are currently collecting through Bose Connect is your listening habits; what are you listening to, how long are you listening for, when are you listening, where are you listening and other things. The crux of the case in my opinion is this statement in the filing: “Bose Connect collects and record the titles of the music and audio files its customers choose to play through their Bose wireless products. They also transmit such data along with other personal identifiers to third-parties—including a data miner—without its customers’ knowledge or consent.” In my view that last sentence is false completely and should be removed from the conversation. Bose does indicate that they use a third-party.
Something to consider as you examine this issue is that this application is just one part of the entire digital media playback system. Using iTunes one can know the last time a media file was accessed and if it was listened to completely, that information is shared with Apple. There is a massive part of me that says, as soon as one became part of the digital media ecosystem one must work to stay private. The amount of data about customers that is available can be mind boggling. All of the information that the plaintiff is worried about is likely available already from other sources. Additional information such as where and when was the content was acquired is easy to gather if one uses the typical online services.
After I finished reading the filing, I started reading was on the Bose website. There is a link to their privacy policy at the bottom of basically every page within their website. I clicked the link in Bose’s footer and was directed to here; it is confusing as they do not directly indicate or discuss the Bose Connect App. However reading through I found this section that would have caused me pause:
"If you use a Bose SoundTouch system or the SoundTouch software or mobile app, Bose also collects additional information about you, including technical information (such as your IP address, computer attributes and system ID); location information derived from your IP address; and product usage information (such as system presets and recently played content)."
While reading the document, I started getting confused. Is the Bose Connect App the “mobile app” listed in the policy? It is a mobile application, but they don’t call it out explicitly. Other hardware and software is listed by name. More research was required. I figured the best way to understand the experience and information provided to the user is to install the Bose Connect application and read the documentation.
I went to the Google Play store to look at the Android version. That was interesting as the information provided there was minuscule. There was the Google Permission information that indicated the application is granted access to:
bind to an accessibility service
view network connections
pair with Bluetooth devices
access Bluetooth settings
full network access
There was also a link to the Privacy Policy, https://downloads.bose.com/ced/bose_connect/privacy_policy.html. I created a PDF of it to read later. I next went to the iTunes/App Store to do the same thing. I am traveling with an iOS device, so that was a more realistic experience. On the iTunes product page there is a link to the privacy policy and the license agreement. The privacy policy also directs one to the same location as the Google Play store. iTunes embeds the license agreements within the application window, so I have simply combined captures (click here) so I could read it all.
I was now ready to review all of the documentation. I started with the privacy policy. This section quickly jumped out at me [yes there are errors, I took this section verbatim from the Bose site]:
“What Information We [Bose] Collect About You
The app does not collect any information that Bose or our service providers can use to identify you personallyAs discussed below, however, the app does automatically collect certain information from the mobile phone, tablet, or other device that you use to access the app.
Log data. When you use the app, we or our service providers may automatically receive and record certain information from your mobile phone, tablet, or other device. This may include such data as your software and hardware attributes (including device OS version and hardware model information), the date and time you use the app, whether and when you update the app and your Bose products, and certain other tracking information. To do this, we may use web logs or applications that recognize your device and gather information about its online activity.
Analytics and related tracking mechanisms. We may use mechanisms to track and analyze how you use the app. We also may partner with third parties who do so on our behalf (see below in the section entitled “How We Share Information with Third Parties”). These mechanisms can be used, for example, to collect information about your use of the app during your current session and over time, when and why the app crashes on your device, and a variety of information about the mobile phone, tablet, or other device that you use to access the app. Such mechanisms may include software developer kits (“SDKs”), pixels, scripts, or other tracking mechanisms. Some of these mechanisms involve storing small files on your mobile phone, tablet, or other device. Others involve transmission of information to a third-party server through other means.”
That was when my opinion changed from Bose educated the user about data collection to they made a mistake. I believe that Bose clearly documented for the end user that a third-party is being used to analyze the data. The fact they listed incompletely what items they are collecting is where the problem occurs in my mind. In the general privacy policy they spelled out more clearly what they are collecting. The Bose Connect policy differs from the general privacy policy so it would appear that there are different conditions of data collection for each software. Whether the user was informed correctly now comes down to the question, “What conclusion would a reasonable person create from this information?”
That moment was also when Josh Srago and I started to disagree. Initially, we agreed that we thought Bose was in the clear, not necessarily right but had met their obligations to inform. We both still believe tracking the information is bad and should be stopped. We both think that clearly spelled out that they are using a third-party service. The disagreement started when Josh referred to the End User License Agreement (EULA) and pointed out a paragraph that states the user consents to Device Data Usage collection.
Josh indicates that he believes Device Data Usage includes what content or data you are using on your device. I do not think that most people, i.e. not me or Josh, would consider that approach. Most people would process that phrase as if they transferred or use 2GB of data or 3GB of data that month. Josh and I both agree that tracking is wrong. We both know EULA and privacy policies are purposely written to be as vague as possible. Collecting usage information has value to product development, such as is there enough battery life for the person to use the headphones in a typical day. We also agree it is very rare for a user to read the EULA or Privacy Policy. What we disagree on is what amount of information was provided to the user. That is something for the courts to decide.
A few notes I want to include that just didn’t flow in writing:
The use of the application is not required as indicated in this video from the Bose site. Yes, you get more functions, the payment is Bose gets more data about you. Think of it as a frequent shopper card or a Starbucks registered card.
If you want to review the documents of the case yourself and you don’t like the privacy policy used by Scribd, you may also view the filing at https://ecf.ilnd.uscourts.gov/doc1/067119015846p.
This article owas originally posted on AVNation.tv on April 6, 2017.
Let me start with the basics, defining that three-letter acronym, Virtual Private Network. I have a rule that one cannot use a TLA (Three Letter Acronym) unless they know what it is short for. VPN allows a more secure connection between two computers via a public network. Typically, this connection is made via encrypted packets using an agreed upon scheme. The exact method is not relevant for the most part, what is important is that it is one that is trusted.
I participated in JoCo Cruise 2017. As part of that was a land excursion that included JoCoChella as a festival. I did some basic recordings and filming. When I say basic, I mean basic. I strapped a GoPro Hero 4 Black to my head. Really. The video is coming soon. Continue reading “JoCoChella Recordings”→
Previously I wrote about the protection I am adding to my mail by using PGP or GPG. You can find the article by clicking here. My involvement with the EFF and AVNation have also included comments about privacy: AVNation Privacy & EFF Mail Links.
Something I realized while thinking about this subject is that if one sends very few encrypted e-mails, the ones that are encrypted will stand out in the mail being sent. Now you might wonder what I am doing that requires encrypting. The previous blog post explains why I am encrypting my mail.
“So how come you weren’t on Xnet last night?” I was grateful for the distraction. I explained it all to him, the Bayesian stuff and my fear that we couldn’t go on using Xnet the way we had been without getting nabbed. He listened thoughtfully. “I see what you’re saying. The problem is that if there’s too much crypto in someone’s Internet connection, they’ll stand out as unusual. But if you don’t encrypt, you’ll make it easy for the bad guys to wiretap you.” “Yeah,” I said. “I’ve been trying to figure it out all day. Maybe we could slow the connection down, spread it out over more peoples’ accounts –“ “Won’t work,” he said. “To get it slow enough to vanish into the noise, you’d have to basically shut down the network, which isn’t an option.” “You’re right,” I said. “But what else can we do?” “What if we changed the definition of normal?” And that was why Jolu got hired to work at Pigspleen when he was 12. Give him a problem with two bad solutions and he’d figure out a third totally different solution based on throwing away all your assumptions. I nodded vigorously. “Go on, tell me.” “What if the average San Francisco Internet user had a lot more crypto in his average day on the Internet? If we could change the split so it’s more like fifty-fifty cleartext to ciphertext, then the users that supply the Xnet would just look like normal.” “But how do we do that? People just don’t care enough about their privacy to surf the net through an encrypted link. They don’t see why it matters if eavesdroppers know what they’re googling for.” “Yeah, but web-pages are small amounts of traffic. If we got people to routinely download a few giant encrypted files every day, that would create as much ciphertext as thousands of web-pages.”
This action is a relatively small action and is rather simple to do. However, the fact that it will change the traffic view could be helpful for others. It will prevent other PGP/GPG encrypted traffic from being such an outlier as to be noticed. As EFF posted on Data Privacy Day, privacy is a team sport. There are additional directions for how to do this task at https://ssd.eff.org/, hover over the tutorials section. If you want to test if it worked, My public key identifier is C93A52C6. You can download my public key from https://www.bradfordbenn.com/BradfordBenn-C93A52C6.asc
I also will freely admit, I am not sure if it will make a difference, but it could not hurt.
