GNOME

I’ve been working on Music for the past three months, adding support for remote sources. The work included adding support for dLeyna and DMAP source for Music. Why is this project needed: Music currently list and plays songs only from the local ... [More] filesystem (that are indexed by Tracker), there is no way to browse and play songs from remote sources such as DLNA and DAAP. Most of the users have their media on media servers and not on file-system, right now if there are no songs on the computer an empty search view is created notifying you that no songs are present on the computer. Some frameworks important to the project Grilo is a framework focused on making media discovery and browsing easy for application developers, and Music uses grilo-plugins for media discovery. Grilo plugins support tons of sources such as Tracker, Jamendo, UPnP, etc. Grilo-plugins also supports dLeyna(for DLNA) and DMAP(for DAAP) sources, so I’ll be using grilo-plugins for media discovery from DLNA and DAAP servers. dLeyna-server is a high-level media content API that allows client applications to discover, browse, and search UPnP and DLNA media servers and is implemented over the GUPnP library. This takes care of all the communication between the server and the grilo-plugins. When we make any request to the server, grilo-plugins relay the request using dLeyna-server, and dLeyna-server uses GUPnP to actually make requests to the media server. Libdmapsharing is a library that allows programs to access, share, and control the playback of media content using DMAP. My project includes the following tasks: Adding support for dLeyna sources Adding support for DAAP sources Customizing search view to support various sources dLeyna Support Related Issue: #396 Related Merge Request: !713 dLeyna source is based on UPnP protocol that allows us to use media server with no configuration i.e. a zero-conf server, it is also the most commonly used media server, as it is easy to set up. This feature will not require any additional configuration, to see media hosted on the home network, just shoot up the Music application and the media from the dLeyna source will be added to the respective views. DAAP Support Related Merge Request: !740 Problem: The DAAP(or DMAP) protocol is built and used by Apple devices, so they haven’t released the specifications publically, but it has been reverse-engineered to the extent that media can be discovered and played on the other platforms(other than macOS). It really restricts us with the level of support, the media we get often do not contain enough data. Right now a minimal support is provided in Music, this just list songs from DAAP server and can play them, but this doesn’t have all the media metadata such as artist, date, genre, etc.(it only displays the information given by the server) This feature also doesn’t need any configuration, just connect to your home network that already has a DAAP server, and Music will list all the songs hosted and you will be able to play them. What Works Music can fetch media from dLeyna sources and play them. Search works for dLeyna sources. Music can fetch media from DAAP sources and play them, but it doesn’t have all the information that should be associated with a media. Future Plans Search Redesign and customization to take in and filter the media from different sources. Addressing some of the issues with dLeyna sources. GNOME Community This is the first time I’ve ever worked on a proper open source project, GNOME as a community has taught me a lot on how to work on a project, and I’ve to hand it to Jean Felder and Marinus Schraal, who have always been there to help me. I’ve also had encounters with Victor Toso and Jens Georg and these guys were really helpful, especially Jens listening to me patiently and helping me with very simple things. GUADEC GUADEC is the GNOME community’s conference, which brings together users, developers, and community members for a week-long package of events. Each talk very informative and I learned a lot from these talks. GUADEC had an event for GSoC and Outreachy interns where we got to present our projects (HOW COOL IS THAT!!). Conclusion GSoC may have come to an end, but this doesn’t mark an end to my journey with GNOME, I would still be around contributing to Music and other projects. At last, I would like to thank Jean and Marinus with all my heart for their support and guidance. [Less]

Recently Miguel de Icaza wrote a blog post arguing that closed computing platforms where a major US corporation decides what software users are allowed to install are a good thing. This has, naturally, caused people to become either confused ... [More] , disappointed or angry. Presumably many people are writing responses and angry comments. I almost started one writing one pointing out all the issues I found in the post.Doing that would probably create a fairly popular blog post with followups. It might even get to the reddits and hackernewses and generate tons of comments where people would duke it out on issues on user choice vs the safety provided by a curated walled garden. There would be hundreds, if not thousands, of snarky tweets that make their poster feel superior for a while but are ultimately not productive. To quote Star Trek Deep Space Nine:Spare me please-think-of-the-children speech and I'll spare you the users-must-have-control-over-their-own-devices speech [1].Having us, the user and developer community, argue about this issue is pointless, unproductive and actively harmful. This particular phenomenon is not new, it even has a name. In fact this approach is so old that the name is in latin: Divide et impera. Divide and conquer. All the time and energy that we spend on arguing this issue among ourselves is time not spent on working towards a solution.The actual solution to this issue is conceptually so simple it could be called trivial. The entire problem at hand is one that has been created by Apple. They are also the ones that can solve it. All they have to do is to add one new piece of functionality to iOS devices. Specifically that users who so choose, can change an option in the device they own allowing them to download, install and use any application binaries freely from the Internet. Enabling this functionality could be done, for example, in a similar way to how Android phones enable developer mode. Once implemented Apple would then make a public statement saying that this workflow is fully supported and that applications obtained in this way will, now and forevermore, have access to all the same APIs as official store apps do.This is all it takes! Further, they could make it so that IT departments and concerned parents could disable this functionality on their employees' and children's devices so that they can only obtain apps via the app store. This gives both sets of users exactly what they want. Those who prefer living in a walled curated garden can do so. Those with the desire and willingness to venture outside the walls and take responsibility of their own actions can do so too and still get all the benefits of sandboxing and base platform security.Apple could do this. Apple could have done this at launch. Apple could have done this at any time since. Apple has actively chosen not to do this. Keep this is mind if you ever end up arguing about this issue on the Internet. People who have different priorities and preferences are not "the enemy". If you get into the flaming and the shouting you have been divided. And you have been conquered.[1] Might not be a word-for-word accurate transcription. [Less]

Welcome, in the past months I’ve been working on an EteSync module for Evolution so EteSync users can add their account to Evolution and mange all their data from there. EteSync, it is a secure, end to-end encrypted and FLOSS sync solution for ... [More] your contacts, calendars and tasks.Evolution is a personal information management application that provides integrated mail, calendaring and address book functionality.You can see all my past posts from here if you want to know more about the module. This is basically a tutorial on how to use the EteSync module in Evolution. It should be simple and covering all of the important stuff that you’ll need to do to manage your data in your EteSync account. You can play around with the module to do other thing that aren’t mentioned, try to right click on a existing journal to find more options as deleting. Also you can modify existing entries by double clicking on it or delete by right clicking and choose to delete. Contents Installing the module. Adding EteSync account. Adding data inside a journal. Adding a new journal. Rename or change a journal color. Setting up newly created account. Running your own instance (self-host). Installing the module First things first, you’ll need to install the EteSync module for Evolution, you can simply do this by following the installation guide found here. Adding EteSync account After installing the module, obviously you’ll need an EteSync account, if you don’t have one, you can create one from EteSync website. The steps are very simple. click on the arrow next to “New” button choose “Collection Account” Enter your email/username. Choose “Look up for an EteSync account” Enter your password. After that you’ll be asked to enter your Encryption password and all your data will be loaded successfully. Adding data inside a journal In this example I am adding an appointment to a calendar of mine. Adding new journal EteSync supports only three types of journals (Address-book, Calendars and Task lists).There are two ways to add new journals in Evolution. First is from “New” menu Second is choosing category from the bottom-left area (here it is Contacts), right clicking on the account and choose “New address-book/calendar/task list” Rename or change a journal color Just right click on the journal (address-book, calendar or task list), select properties then you can rename or change color, then click ok. Setting up newly created account This section is for new users who just created an EteSync account and haven’t set an encryption password for their account (first time to use the account). Simply follow the adding account steps normally. A new dialog will pop up asking you to set an encryption password. Enter your encryption password twice to set it up and then your account will be initialized with 3 default journals (My Contacts, My Calendar and a My Tasks). Press Ok, and that’s it. Running your own instance (self-host) This part is a little advanced. Since EteSync has it’s code open-source so anyone can use the server code to easily self-host his own server but it comes with less benefit, however, if you wish to do so, please follow the instructions here. After you have successfully set up your own instance, and verified it works by connecting to it from the browser, you can follow the steps do add an account while hosting your own server. In this example I am self hosting the server with my localhost url on port 8000 (http://127.0.0.1:8000) [Less]

Motivation Last Friday at Red Hat we have another “Day of Learning”, the third one now. As will all repeated things, as an engineer I want to automate things – so this time I wanted to look into machine learning 😉. This was also an excuse to ... [More] finally learn about NumPy, as that’s such a generic and powerful tool to have on one’s belt. At school in my 11th grade, I worked on speaker dependent single word speech recognition as my scientific project. [Less]

Work till now After the translation debacle in my previous post, I started working on the back-end that will be used by later UI (I’ll be talking about one place where this back-end is used in this post) in a manner such that, when translations ... [More] start functioning, they can easily be implemented by addition of a few lines of code. This back-end work involves methods that will be used to add or remove firmware, checking whether the firmware being added is acceptable/supported etc. Update The goal of adding drag n drop support would allow addition of firmware through, well, drag n drop. Which would be an added bonus to the firmware UI that will be implemented after translations are taken care of after 3.38 release. My work here is to write a widget that can be easily added almost anywhere allowing that area to accept drops and install firmware. Not only that, but also give visual feedback of whether the dropped firmware has been successfully added or not. The ideal way to do this would be by writing a widget that’s an overlay. Because the widget is an overlay, it would have the area presented to the widget it’s being attached to and would be able to give visual feedback through the shared real estate for better UX. For any widget to accept drag, Gtk.drag_dest_set (widget, dest_default, targets, actions); line must be used. Here widget, is the widget surface that’s going to experience drag. The documentation for each parameter here can be read here. The argument being passed as dest_default must be chosen carefully in my opinion. That is because, if the dest_default is Gtk.DestDefault.MOTION, whenever something is being dragged on the surface of the widget, this argument will forcefully emit drag_motion signal. But if drag_motion is connected to some other callback, that callback will be called twice due to it being connected to the default signal which would be emitted during a drag motion, and again by the destination default flag. Same with Gtk.DestDefault.DROP. In my widget, the dest_default flag was making the experience very clunky, so I simply passed a 0. After setting the whole widget surface to accept drag, drag_motion was connected to a callback. This callback checks the target of the drag context. If the target is a list of uris, then the drag data is requested with a checking flag. Otherwise the drag_status is set to 0. Then in the callback for drag_data_received (which is called when drag data is requested) when the checking flag is active, the files being dragged on the widget surface are checked for their compatibility. To do this, a function was written in the name space of FirmwareManager class, which takes a File as parameter, and runs for a match for checksums of accepted firmware that are not installed yet, or if they are installed, whether these installed firmware files are corrupt or not. If all these checks are clear the function returns true and the file being dragged is an acceptable file, then the overlay is activated and the drag_status is set to Gdk.DragAction.COPY. Otherwise the function returns false, and the drag_status remains 0. If the data is not dropped and simply leaves the widget surface, drag_leave signal is triggered. This activates a callback that deactivates the overlay if active and the surface reverts back to normal. If the data is dropped instead, then drag_drop signal is triggered, which again requests for drag data, but this time with a dropped flag. This way, when drag_data_received signal is emitted, the callback rather than checking the file again, simply tries to install the file that was dropped. After the dropped file installed, drag_finished is called. drag_finished is important as it tells the system that the drag n drop action has ended. When drag action ends, the overlay shows the results of the drag process. If it was a success it shows a 1.5 sec success overlay after which all flags otherwise it shows an error message. After the overlay ends messages and flags are reset to prepare for the next drag. With drag n drop implemented, the last things that needs to be done is the firmware page in the preferences UI in the user interface. But that needs to wait till the 3.38 release is over, after which translations will be implemented and work on firmware preferences page could be continues. [Less]

Work till now After the translation debacle in my previous post, I started working on the back-end that will be used by later UI (I’ll be talking about one place where this back-end is used in this post) in a manner such that, when translations ... [More] start functioning, they can easily be implemented by addition of a few lines of code. This back-end work involves methods that will be used to add or remove firmware, checking whether the firmware being added is acceptable/supported etc. Update The goal of adding drag n drop support would allow addition of firmware through, well, drag n drop. Which would be an added bonus to the firmware UI that will be implemented after translations are taken care of after 3.38 release. My work here is to write a widget that can be easily added almost anywhere allowing that area to accept drops and install firmware. Not only that, but also give visual feedback of whether the dropped firmware has been successfully added or not. The ideal way to do this would be by writing a widget that’s an overlay. Because the widget is an overlay, it would have the area presented to the widget it’s being attached to and would be able to give visual feedback through the shared real estate for better UX. For any widget to accept drag, Gtk.drag_dest_set (widget, dest_default, targets, actions); line must be used. Here widget, is the widget surface that’s going to experience drag. The documentation for each parameter here can be read here. The argument being passed as dest_default must be chosen carefully in my opinion. That is because, if the dest_default is Gtk.DestDefault.MOTION, whenever something is being dragged on the surface of the widget, this argument will forcefully emit drag_motion signal. But if drag_motion is connected to some other callback, that callback will be called twice due to it being connected to the default signal which would be emitted during a drag motion, and again by the destination default flag. Same with Gtk.DestDefault.DROP. In my widget, the dest_default flag was making the experience very clunky, so I simply passed a 0. After setting the whole widget surface to accept drag, drag_motion was connected to a callback. This callback checks the target of the drag context. If the target is a list of uris, then the drag data is requested with a checking flag. Otherwise the drag_status is set to 0. Then in the callback for drag_data_received (which is called when drag data is requested) when the checking flag is active, the files being dragged on the widget surface are checked for their compatibility. To do this, a function was written in the name space of FirmwareManager class, which takes a File as parameter, and runs for a match for checksums of accepted firmware that are not installed yet, or if they are installed, whether these installed firmware files are corrupt or not. If all these checks are clear the function returns true and the file being dragged is an acceptable file, then the overlay is activated and the drag_status is set to Gdk.DragAction.COPY. Otherwise the function returns false, and the drag_status remains 0. If the data is not dropped and simply leaves the widget surface, drag_leave signal is triggered. This activates a callback that deactivates the overlay if active and the surface reverts back to normal. If the data is dropped instead, then drag_drop signal is triggered, which again requests for drag data, but this time with a dropped flag. This way, when drag_data_received signal is emitted, the callback rather than checking the file again, simply tries to install the file that was dropped. After the dropped file installed, drag_finished is called. drag_finished is important as it tells the system that the drag n drop action has ended. When drag action ends, the overlay shows the results of the drag process. If it was a success it shows a 1.5 sec success overlay after which all flags otherwise it shows an error message. After the overlay ends messages and flags are reset to prepare for the next drag. With drag n drop implemented, the last things that needs to be done is the firmware page in the preferences UI in the user interface. But that needs to wait till the 3.38 release is over, after which translations will be implemented and work on firmware preferences page could be continues. [Less]

Hello again ! This is my GSoC final project report blog, so this is going to be a very simple and straightforward post without pictures(..but just one !) and jokes ! It will give you all the information about what work we did during GSoC and point ... [More] you towards code and documentation produced during the project. Project WorkFlow This will describe how the code written and modified by me eventually ends up in the master branch of the project through a careful process of code-review and testing and rebasing. Both GNOME/Nautilus and myself maintained a seperate feature branch for GSoC. the project workflow Work Branch –apoos-maximus/nautilus : wip/apoosmaximus/gsoc2020 GSoC-Staging Branch – GNOME/nautilus : wip/apoosmaximus/gsoc2020 The work I did was performed on the work branch which is obtained from my fork of GNOME/nautilus : master. A pull request was opened from my work branch to the GSoC-Staging-Branch maintained by GNOME/nautilus. After code-review and testing by my mentor Antonio, the code was merged into the staging branch. Later on when the main project goal was achieved the staging branch was rebased appropriatly and merged into GNOME/nautilus : master.The GSoC-Staging-Branch was updated weekly, with Merge Requests which represented the goals for the particular week. What work was done ? Building the Basic Page : UI building code in the function create_basic_page () was ported to use GtkBuilder template. Building the Permissions Page : UI building code in the function create_permissions_page () was ported to use GtkBuilder template. Building the Open-With Page : UI building code in create_open_with_page () was ported to use GtkBuilder template. Code Cleanup : the functions who lost their functionality to GtkBuilder were dropped from the codebase Code Refactoring : Here we made use of modern GLib utilities for dynamic memory management, to prevent memory leaks. Finishing Properties Dialog : Making use of coding best-practices, and modifying the UI to stick to the GNOME-HIG guidelines, and fixing existing bugs in the properties-dialog. Stretch Goals : * porting Ctrl+S dialog to GtkBuilder porting list columns dialog : It was planned in the proposal but cancelled later as porting it to GtkBuilder offered no advantages over the current Implementation. What was merged ? Given below is a list of Merge Requests which were merged into the GSoC-Staging-Branch and eventually into the master as well :- Inherit GtkWindow instead of GtkDialog : GSoC week 1 Building Basic Page using GtkBuilder template : GSoC’ 20 Week 2 & 3 & 4 Building Permissions Page using GtkBuilder template : GSoC’ 20 Week 5 & 6 Finishing Basic, Permissions page, and Start porting Open-With Page : GSoC ’20 week 7 Code Clean-up : GSoC ’20 week 8 Building Open-With Page and dropping NautilusMimeApplicationChooser class : GSoC ’20 Week 10 Basic styling, Restoring Esc to close property of properties-window : GSoC ’20 Week 11 Restyling of UI based on GNOME-HIG : GSoC ’20 Week 9 Code Refactoring and Modernization : GSOC ’20 week 11 part-II Merge GSoC feature branch into master branch : Port Properties to GtkBuilder What hasn’t been merged ? Building Ctrl+S dialog using GtkBuilder : WIP: Porting Ctrl+S dialog to use GtkBuilder Current Status : It’s still under review and expected to get merged soon. What’s Left to do ? Well, Everything that was planned during the project proposal has been achieved and merged into the master branch, nevertheless we do have future plans for the properties-window’s design. The Blog posts I wrote for each deliverable are summarised below in the form of a table Milestone Merge Request Blog Post GSoC Begins – The first Contribution, GNOME & GSoC Building the Basic Page and inheriting GtkWindow Inherit GtkWindow instead of GtkDialog, Building Basic Page using GtkBuilder template The First Milestone Building the Permissions Page Building Permissions Page using GtkBuilder template The Second Milestone Completing Basic and Permissions Page Finishing Basic, Permissions page Revisiting Basic and Permissions Page Building the Open-With Page Building Open-With Page The Final Piece Code Cleanup Code Clean-up Celebration is in Order Code Refactoring Code Refactoring and Modernization Celebration is in Order Finishing Properties Dialog Restoring "Esc" to close,HIG Restyling Celebration is in Order Stretch Goals Port Ctrl+S dialog to GtkBuilder (under review) (under review) GNOME Conference – GUADEC – My First GUADEC What are Future Plans ? The future plans involve a complete redesign of the properties-window with the help of our new-found powers of UI modification which this project offers us. We are going to begin with dropping the GtkGrid widget and using GtkListBox instead. The design mockups which would be used for the same could be found here : Modernize the appearance of Properties [Less]

Overview My GSoC 2020 internship project was improving the usability of Pitivi’s Render dialog. Below is a detailed summary of the work done during the last three months. Refactoring the Render Presets’ selection The previous UI for selecting a ... [More] render preset was being constructed dynamically. The same mechanism is used to also construct the audio and video selection preset UI in the project settings dialog. Can you even notice where the render Preset option is in all the clutter? Old Render Dialog-1 We decided to move forward with a button which shows the current preset. When clicked, it opens a Gtk.Popover which lists the available presets. The presets listed in the popover include a relevant icon and an informative summary, making it an easy choice for the user. Thus I fixed issue #1813. We mostly cared about rendering a project to be uploaded to an online sharing service such as YouTube, Vimeo, etc., so there are not many other options at the moment. A custom icon is used for Custom profiles. Updated Render Dialog with popover Through multiple iterations, we fine-tuned the UI so it looks nice and clear, improving the User Experience. MR: link MR status: Merged. Addition of path property in Gstreamer Encoding-Target Previously when a render profile was deleted, it was just marked as such. While at it, I took the opportunity to properly delete them. Unfortunately the path of the file where a GstPbutils.EncodingTarget object originates was not available. I added a new path property to GstPbUtils.EncodingTarget and populated it when the object is saved or loaded. MR: link MR status: Merged. Hiding the advanced render UI in a new “Advanced” expander The many settings displayed on the render dialog were intimidating to both new and seasoned users. Since many will never be interested in the advanced settings, I introduced an expander which hides the detailed settings of rendering dialog, at the same time keeping them easily accessible. Also, I moved the Folder and Filename sections at the bottom, to give more prominence to the render preset which is now at the top. I made the UI follow the GNOME Visual layout for an attractive and intuitive design. MR: link MR status: Merged. Addition of Quality selection for supported encoders In the video rendering process, there is a tradeoff between quality of the rendered video and the size of the video and the time it takes to render. If the user requires the video to be in high quality then the size of the video also increases. To simplify the user’s choice, a Gtk.Scale widget has been introduced for specifying the desired render quality. The quality setting affects different parameters for different encoders, but this is done in the background. Updated Render Dialog with Quality Scale. Updated Render Dialog with Quality Scale -2. MR: link MR status: Work in Progress. Work to be done Merge request !323 is still being reviewed in the final stages, and shall be merged soon. We can add more presets, such as high-quality archiving to be able to dispose of the original video material. We can show a summary of the render settings so the user can quickly check them and enter in the Advanced settings expander if something looks bad. [Less]

This post is a summary of the work that has been completed during the GSoC 2020 period for my project, Object Tracking. The project consisted of implementing an Object Tracking UI in Pitivi and the associated tracking functionality in GStreamer. ... [More] cvtracker GStreamer element flatpak: add opencv_contrib I began by adding the opencv_contrib module to the opencv installation for the Pitivi development environment. opencv_contrib contains the library with the tracking algorithms. OpenCV Tracker Element for Object Tracking This merge request introduces the tracking functionality in the gst-plugins-bad package. Previously the opencv plugin was not being built due to the unavailability of the headers. This patch fixes the problem, ensuring that the headers are detected for the correct version of opencv and the plugin is built. In the next commit: opencv: add cvtracker plugin, I implement the cvtracker element as part of the opencv GStreamer plugin and set up the associated tests to ensure correct working. The next commit: meson: add opencv/tracking header requirement ensures that the tracking library is available before building the plugin. I implemented an additional feature to draw a rectangle over the tracked object. This will come in handy during the testing phase and for live tracking in Pitivi. opencv: cvtracker: add draw property A brief explanation of the cvtracker element can be found on my blog post: cvtracker: OpenCV object tracking plugin Tracker Perspective With the GStreamer element for tracking completed, the next stage was to implement a user-friendly UI for object tracking. The new Tracker Perspective replaces Pitivi’s main window, allowing to select an object on the viewer and track it. If the chosen tracking algorithm fails to track the object correctly, the tracking can be redone from a corrected position. The work done on the Pitivi side currently resides in the Merge Request A brief explanation of tracking objects can be found on my blog post: Pitivi: Object Tracking As the project progressed, we iterated and made a lot of UI improvements. A demo with the explanation can be found here: Pitivi: Edit Object Tracking Screenshot of the TrackerPerspective UI Selecting an object from the viewer Live tracking in TrackerPerspective Processing the tracked objects `Cover Object` button to add effects and track objects Cover Object Popover Cover effect on clip A tracked object can be covered with a colored rectangle on a clip in the timeline. This can be done easily through the “Cover Object” button in the “Clip Properties” middle pane shown when a clip is selected. When an Asset from the Media Library is dragged and dropped on the timeline, it becomes a Clip. A user can create multiple Clips from a single Asset. The tracked objects belong to the Asset. That means if an object is tracked, it’s available to all the Clips backed by the particular Asset. The tracked data is then applied to the properties of an Effect applied to the Clip to obtain the ‘cover rectangle’. Clips can have object effects independent of each other. If a tracked object is deleted from the Assed in the TrackerPerspective, the effects associated with that object will be deleted from all the Clips of that Asset. The below figure shows the situation when ‘Object 2’ is deleted. Technical Note: Taking advantage of Assets being MetaContainers, we store the Objects’s tracking data as a pitivi::tracker_data metadata item. The tracking data is saved in the Project’s .xges file by GES when the Project is saved. Project Status The tracker element and Pitivi UI are complete, as demonstrated in my blog posts. However, there are 2 major bugs in the feature for adding effects to the tracked objects. The first bug is when the user adds the effect for two objects, one with more tracking data than the other, the video track of the clip gets disfigured. This might be due to no available tracking data before the start, which causes the tracking box (red box in this case) to be shown at the bottom-right corner until it receives its first tracking data point. Here’s a small demo of the bug: YouTube The fix for this bug is to add a zorder property to the gescompositor element of the effect and to set the tracking data point to some random far away point before the beginning of the actual tracked data points. The second bug is when the user adds the effect for an object and then resizes the clip in the viewer, the effect doesn’t follow. Here’s a demo for the bug: YouTube The currently discussed solution is to re-adjust the tracking data every time the user makes a change to the clip video track in the viewer, by resetting the ControlSource. [Less]

Apple versus Epic Games: Why I’m Willing to Pay a Premium for Security, Privacy, and Peace of Mind In the legal battle over the App Store’s policies, fees, and review processes, Epic Games wants to see a return to the good old days – where software ... [More] developers retained full control over their systems and were only limited by their imaginations. Yet those days are long gone. Granted, in the early 90s, I hailed the Internet as humanity’s purest innovation. After all, it had enabled a group of global developers to collaboratively build the Linux operating system from the ground up. In my X years of experience as a developer, nothing has come close to the good will, success, and optimistic mood of those days. Upon reflection, everything started to change the day I received my first spam message. It stood out not only because it was the first piece of unsolicited email I received, but also because it was a particularly nasty piece of spam. The advertiser was selling thousands of email addresses for the purposes of marketing and sales. Without question, I knew that someone would buy that list, and that I would soon be on the receiving end of thousands of unwanted pieces of mail. Just a few months later, my inbox was filled with garbage. Since then, the Internet has become increasingly hostile – from firewalls, proxies, and sandboxes to high-profile exploits and attacks. Hardly a new phenomenon, before the Internet, the disk operating system (DOS) platform was an open system where everyone was free to build and innovate. But soon folks with bad intentions destroyed what was a beautiful world of creation and problem solving, and turned it into a place riddled with viruses, trojans, and spyware. Like most of you alive at the time, I found myself using anti-virus software. In fact, I even wrote a commercial product in Mexico that performed the dual task of scanning viruses and providing a Unix-like permission system for DOS (probably around 1990). Of course, it was possible to circumvent these systems, considering DOS code had full access to the system. In 1993, Microsoft introduced a family of operating systems that came to be known as Windows NT. Though it was supposed to be secure from the ground up, they decided to leave a few things open due to compatibility concerns with the old world of Windows 95 and DOS. Not only were there bad faith actors in the space, developers had made significant mistakes. Perhaps not surprisingly, users began to routinely reinstall their operating systems following the gradual decays that arose from improper changes to their operating systems. Fast-forward to 2006 when Windows Vista entered the scene – attempting to resolve a class of attacks and flaws. The solution took many users by surprise. It’s more apt to say that it was heavily criticized and regarded as a joke in some circles. For many, the old way of doing things had been working just fine and all the additional security got in the way. While users hated the fact that software no longer worked out of the box, it was an important step towards securing systems. With the benefit of hindsight, I look back at the early days of DOS and the Internet as a utopia, where good intentions, innovation, and progress were the norm. Now swindlers, scammers, hackers, gangsters, and state actors routinely abuse open systems to the point that they have become a liability for every user. In response, Apple introduced iOS – an operating system that was purpose-build to be secure. This avoided backwards compatibility problems and having to deal with users who saw unwanted changes to their environment. In a word, Apple managed to avoid the criticism and pushback that had derailed Windows Vista. It’s worth pointing out that Apple wasn’t the first to introduce a locked-down system that didn’t degrade. Nintendo, Sony, and Microsoft consoles restricted the software that could be modified on their host operating systems and ran with limited capabilities. This resulted in fewer support calls, reduced frustration, and limited piracy. One of Apple’s most touted virtues is that the company creates secure devices that respect user’s privacy. In fact, they have even gone to court against the US government over security. Yet iOS remains the most secure consumer operating system. This has been made possible through multiple layers of security that address different threats. (By referring to Apple’s detailed platform security, you can get a clear sense of just how comprehensive it is.) Offering a window into the development process, security experts need to evaluate systems from end-to-end and explore how the system can be tampered with, attacked, or hacked, and then devise both defense mechanisms and plans for when things will inevitably go wrong. Consider the iPhone. The hardware, operating system, and applications were designed with everything a security professional loves in mind. Even so, modern systems are too large and too complex to be bullet-proof. Researchers, practitioners, hobbyists, and businesses all look for security holes in these systems – some with the goal of further protecting the system, others for educational purposes, and still others for profit or to achieve nefarious goals. Whereas hobbyists leverage these flaws to unlock their devices and get full control over their systems, dictatorships purchase exploits in the black market to use against their enemies and gain access to compromising data, or to track the whereabouts of their targets. This is where the next layer of security comes in. When a flaw is identified – whether by researchers, automated systems, telemetry, or crashes – software developers design a fix for the problem and roll out the platform update. The benefits of keeping software updated extend beyond a few additional emoji characters; many software updates come with security fixes. Quite simply, updating your phone keeps you more secure. However, it’s worth emphasizing that this only works against known attacks. The App Store review process helps in some ways; namely, it can: Force applications to follow a set of guidelines aimed at protecting privacy, the integrity of the system, and meet the bar for unsuspecting users Reduce applications with minimal functionality – yielding less junk for users to deal with and smaller attack surfaces Require a baseline of quality, which discourages quick hacks Prevent applications from using brittle, undocumented, or unsupported capabilities Still, the App Store review process is not flawless. Some developers have worked around these restrictions by: (1) distributing hidden payloads, (2) temporarily disabling features while their app was being tested on Apple’s campus, (3) using time triggers, or (4) remotely controlling features to evade reviewers. As a case in point, we need look no further than Epic Games. They deceptively submitted a “hot fix,” which is a practice used to fix a critical problem such as a crash. Under the covers, they added a new purchasing system that could be remotely activated at the time of their choosing. It will come as no surprise that they activated it after they cleared the App Store’s review process. Unlike a personal computer, the applications you run on your smartphone are isolated from the operating system and even from each other to prevent interference. Since apps run under a “sandbox” that limits what they can do, you do not need to reinstall your iPhone from scratch every few months because things no longer work. Like the systems we described above, the sandbox is not perfect. In theory, a bad actor could include an exploit for an unknown security hole in their application, slip it past Apple, and then, once it is used in the wild, wake up the dormant code that hijacks your system. Anticipating this, Apple has an additional technical and legal mitigation system in place. The former allows Apple to remotely disable and deactivate ill-behaved applications, in cases where an active exploit is being used to harm users. The legal mitigation is a contract that is entered into between Apple and the software developer, which can be used to bring bad actors to court. Securing a device is an ongoing arms race, where defenders and attackers are constantly trying to outdo the other side, and there is no single solution that can solve the problem. The battlegrounds have recently moved and are now being waged at the edges of the App Store’s guidelines. In the same way that security measures have evolved, we need to tighten the App Store’s guidelines, including the behaviors that are being used for the purposes of monetization and to exploit children. (I plan to cover these issues in-depth in a future post.) For now, let me just say that, as a parent, there are few things that would make me happier than more stringent App Store rules governing what applications can do. In the end, I value my iOS devices because I know that I can trust them with my information because security is paramount to Apple. Coming full-circle, Epic Games is pushing for the App Store to be a free-for-all environment, reminiscent of DOS. Unlike Apple, Epic does not have an established track record of caring about privacy and security (in fact, their privacy policy explicitly allows them to sell your data for marketing purposes). Not only does the company market its wares to kids, they recently had to backtrack on some of their most questionable scams – i.e., loot boxes – when the European Union regulated them. Ultimately, Epic has a fiduciary responsibility to their investors to grow their revenue, and their growth puts them on a war path with Apple. In the battle over the security and privacy of my phone, I am happy to pay a premium knowing that my information is safe and sound, and that it is not going to be sold to the highest bidder. [Less]