Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Which Android Devices Sacrifice Battery-Life For Performance?

swillden Re:Who cares about performance? (47 comments)

Besides gamers, who cares if it takes a few more milliseconds to launch a web browser or process an image?

I do... because that's a few less milliseconds my CPU isn't idle, which reduces battery life.

Seriously, does anyone understand this benchmark? I see pairs of performance and battery life numbers which seem to have no real-world meaning, so it's not at all clear to me why it makes sense to compare them. In addition, it's common that for a given set of tasks, a device with better performance will use less power because it spends more time in an idle state. The notion that devices trade off performance against battery life makes little sense in the ARM world.

Maybe this actually does say something useful, but if so I'm too dense to see it.

1 hour ago
top

Google Releases Android 5.0 Lollipop SDK and Nexus Preview Images

swillden Re:Android (77 comments)

The structure varies from device to device, yes. On the Nexus devices I'm most familiar with, which don't have SD card slots, there is no real sdcard partition. There is an /scdard, but it's a symlink. The advantage to not having a separate partition is not having to create a hard decision about how much to allocate to /data and how much to /scdard. This is one of the benefits of MTP over UMS that I mentioned, and it means that in terms of storage allocation you need only talk about /data, since it's the only r/w partitiion (except for actual SD cards, of course).

7 hours ago
top

The Largest Ship In the World Is Being Built In Korea

swillden Re:864 million bananas (245 comments)

It is a convenient standard unit. Inexpensive and tasty. Can be used for measuring mass, volume, friction (obviously), and radiactivity (due to its high potassium content). A chest X-ray is equivalent to 70,000 bananas.

Given the other sub-thread asking about the conversion to Libraries of Congress, apparently it can be used to measure data content as well.

13 hours ago
top

Google Releases Android 5.0 Lollipop SDK and Nexus Preview Images

swillden Re:Android (77 comments)

I don't understand your comment as my Android phone from a few years back was recognised as a USB Mass storage device.

Yes, it was. The problem with UMS is that it's a block-level protocol, not a file-level protocol. This means that when storage is mounted via UMS, the host has no way to coordinate with the target device, which is a big problem if the target device is actually operating on the file system. Basically, it's not safe to have two operating system simultaneously using the same block device.

Because of that, when Android acted as a UMS target, it had to unmount the file system, which had all sorts of unpleasant effects on the system design. Among them, it forced the user-writable data to be partitioned into the portion that could be accessed via UMS and the portion that could not, which required guessing how large each should be. That enforced separation also added all sorts of subtle complexities to the OS, which had to take into account when /data was available and when it was not. SD cards have this same complexity, but core OS operational data isn't stored on them. Finally, it also forced the UMS-mountable data partition to be vFAT, which created many limitations around both functionality and (especially) security. /data could be ext3, or f2fs, or whatever, but MTP support is better across desktop OSes than support for random Linux file systems.

MTP is a file-level protocol. It leaves the Android Linux kernel in charge of managing the file system and just provides an API for browsing and manipulating the files, without exposing details of the file system representation.

UMS is like attaching your hard drive directly to another machine. MTP is like running an FTP server.

13 hours ago
top

The One App You Need On Your Resume If You Want a Job At Google

swillden Re:Who wants to work for Google nowadays? (197 comments)

Quite a few are downright geniuses that could move anywhere and ask for a fortune, yet they're T4-T6, often making a lot less money than me, even though I couldn't dream of doing their job.

So, why don't they move, if they're underpaid and there isn't anything different about Google?

13 hours ago
top

The One App You Need On Your Resume If You Want a Job At Google

swillden Re:Who wants to work for Google nowadays? (197 comments)

ie: the promotion process, which has a lot in common with how big banks do it for engineers...and thats not a good thing

I don't think so, and I spent 15 years working in and around large banks. I've never seen a self-nomination/promo-committee process anything like Google's. I'm not saying Google's is especially good (though I do think it's better than many alternatives I've seen, especially the ones which depend mostly on your manager's political clout and the ones that are all about checking all the right boxes), but I don't think it's comparable to anything in the financial industry or anywhere else outside of Silicon Valley (most of Google's processes are modelled on Intel's).

For the pay, its because the tiers are shifted. An engineer lvl 2 (making up titles, read between the line) at Google is paid the same as a lvl 2 engineer elsewhere... but a lvl 2 at Google could be a lvl 3 or more elsewhere, and thus be paid a heck of a lot more.

Again, I don't see this. If that were true, all of my colleagues and I should be able to get a significant raise by moving, and as far as I can see that isn't the case. I've made a habit throughout my career of maintaining good ongoing relationships with a few headhunters and always being willing to talk about opportunities... and as soon as I tell them what I'd have to have to leave Google, they start talking about management positions, not individual contributor positions (what I am) or even team lead positions (what I've been and likely will be again soon). Granted that I'm not in SV; but Google would give me a raise if I agreed to move there, so I think I'd still be in more or less the same position.

Of course, I only have detailed knowledge of my own situation, but I don't see many (any, actually) colleagues leaving for better pay. In fact, everyone I know who has left has done it for personal reasons (location), or to go to a startup where they usually take a hefty short-term pay cut in exchange for heavy equity that they hope will someday explode. The latter happens mostly because Google pays so well, actually. After a few years of accumulating Google stock grants, most people can afford to take some financial risk, shooting for big rewards.

yesterday
top

Google Releases Android 5.0 Lollipop SDK and Nexus Preview Images

swillden Re:Android (77 comments)

That makes no sense what so ever. Tell me again how USB Mass Storage is magically different from the myriad of devices out there which have SD cards?

I was talking about the phone as a target device, and my explanation as to why it changed to use MTP for that purpose is correct. You and the GP were talking about it as a host. I don't know why stock Android doesn't acts as a USM host.

yesterday
top

The One App You Need On Your Resume If You Want a Job At Google

swillden Re:Shash-job-vertisement (197 comments)

I don't. Not really my area of expertise.

2 days ago
top

The One App You Need On Your Resume If You Want a Job At Google

swillden Re:Who wants to work for Google nowadays? (197 comments)

You also don't have to worry TOO much about them hiring a few retards that never get fired (at least not on the engineering side).

This is the reason I like working for Google. I've worked with dozens, perhaps even low hundreds, of engineers over my four years with the company and in that time I only ran into one idiot.

I also have to disagree somewhat with the GP's characterization of Google. I spent 20 years working in ordinary large enterprises (as a consultant I saw many), and Google is dramatically different. Oh, there is some amount of bureaucracy creeping in. I think that's unavoidable in a company with tens of thousands of employees. But the company fights it really hard, and with a fair amount of success. It's not perfect, but it's the best place I've been, large or small.

Regarding pay, seems pretty good to me, particularly when you include bonuses and stock grants. I don't hear a lot of complaints from my colleagues, either.

2 days ago
top

The One App You Need On Your Resume If You Want a Job At Google

swillden Re:Shash-job-vertisement (197 comments)

(Disclaimer: I work for Google, not as a statistician, but I do have an interest in statistics, subscribe to internal stats discussion mailing lists, and occasionally talk to Google statisticians.)

R syntax is a lot better. In Matlab, the dimensions of a 3D array are Y,X,Z. That's just one of the many papercuts that makes Matlab difficult and unintuitive to use. R makes a hell of a lot more sense to me.

From what I can see R is a lot more heavily used in Google than Matlab. The article's focus on Matlab is odd. Personally, I mostly use Mathematica. That's less because it's ideal (I haven't learned R so I can't compare, really) than because I already know it.

That said, Google definitely is interested in people who can extract knowledge from data, using whatever tools.

2 days ago
top

Google Releases Android 5.0 Lollipop SDK and Nexus Preview Images

swillden Re:Android (77 comments)

CM has ad-hoc wifi and usb mass storage support. Will I get that with this new version of Android, or is Google still ignoring those issues?

I'm sure no version of Android from Google will include USB mass storage. Doing that requires unmounting /data to remount it as USB mass storage, which creates all sorts of issues. That's why Android switched to using MTP -- back in J, IIRC. It was something of an issue back then because MTP support wasn't very good on the major desktop OSes, but it is now so I'm not sure why anyone would care for the inferior solution. I'm also somewhat surprised that CM still manages to offer it and suspect that continuing to offer it will become increasingly difficult, requiring increasingly deep modifications of the OS and breaking more and more apps, because the assumption that /data is never unmounted is getting deeply ingrained in the system.

Now that Lollipop has SELinux enabled in enforcing mode I think CM will have to start hacking out SELinux rules to support UMS, or disable SELinux altogether.

I don't believe L includes ad-hoc Wifi. I'm curious to hear what you use it for. I've never felt any need for it, and it's not obvious to me how it would be useful if you aren't running servers on your mobile device, which would require a rooted OS anyway. If you're going to break the security model by rooting you might as well go all the way and install CM or similar. I expect the CM guys will have an L-based version not too long after release, so if CM is what you need, you should use it.

2 days ago
top

Google Releases Android 5.0 Lollipop SDK and Nexus Preview Images

swillden Re:Android (77 comments)

I bought a Nexus 7 2012 in the assumption Google would update the OS as long as the hardware could handle it. Luckily CyanogenMod still fully supports it.

If you didn't have CM on it, you'd get 5.0 on November 3rd. Android has announced that N7 (2012 and 2013) will be in the first group of Nexus devices to get it.

3 days ago
top

Bill Gates: Piketty's Attack on Income Inequality Is Right

swillden Re:This looks like a nasty trick. (830 comments)

Penalizing investment tends to push capital out of the US economy and into overseas economies, for one thing. Forcing US capital abroad is good for the rest of the world, but not for the US economy.

The problem with trying to attack capital is that it is mobile. This is like the whole Apple-and-Google-pay-no-taxes issue; there is a jurisdiction which allows them to avoid taxes so they sensibly move their capital there. You can try to tax it when it moves, but the movement just gets disguised as a business transaction. If you tax international trade (aka tariffs) you end up damaging the economy by impeding trade.

Barring international treaties which establish common taxation regimes worldwide, this will always be a problem for governments of wealthy countries trying to tax capital, because it is in the interest of less wealthy countries to offer very low tax rates in order to attract capital. Ireland has announced they're ending their practice of doing this, but someone else will offer it.

The brilliant thing about taxing consumption is twofold. First, consumption is tied to people while capital can live in all sorts of places and forms, and people have a physical location and a legal tie to a government. People are mobile, too, but less mobile than capital. People like to live primarily in their own culture, near their own family, business partners, etc., and even if they're willing to move to another country changing their nationality is a big deal, with all sorts of repercussions. And even if they're willing to do that, they're rarely willing to move to and become a citizen of a third-world dump of a country in order to get low taxes. Moving to France isn't going to reduce your tax bill.

Second, consumption is easy to identify. You can try to hide your consumption by having corporations purchase all of your homes, cars, toys, etc., and then let you "use" them, but the IRS already handles that sort of thing very effectively, even under an income tax regime. Use of such things is income. With a consumption tax approach it becomes even easier; you don't bother figuring out what percentage of that jet is used by which person and at what value to count it as income, you just tax the purchase of the jet. Doesn't matter if they try to work around that with lease agreements, or whatever, someone has to acquire ownership of the jet, and regardless of who that someone is, you tax them, which means the taxes are built into the lease, or whatever.

The remaining dodge here is for wealthy people to do all of their consumption overseas. I have my overseas shell corporation buy the jet in Barbados, where there are no consumption taxes, then allow me to use it. This puts us back in the position of having to figure out what portion of the jet's time is allocated to me and then having the US assess the relevant consumption tax to me, via random audits plus the threat of prison time if I fail to report and pay what I should. Same with foreign homes, etc.

But to the extent the wealthy can dodge consumption taxes with foreign consumption, it only works for foreign assets. Real estate, cars, caviar, etc., that are purchased in the US are easily taxed. Same with anything that is imported into the US. So unless the wealthy decide to spend most of their time overseas they'll do most of their consuming here.

I should mention that for many of the same reasons I think corporate income taxes are a bad idea. Corporations have lots of flexibility to relocate money to avoid taxes, and given the complexities of business it's non-trivial even to determine what the income is, and it's in that complexity where most of the loopholes live, and in any case, what's the point? All money ultimately belongs to people, even corporate money, and it has to leave the corporation before any person can use it. People are easier to tax, whether via income or consumption taxes. There's also the fact that corporate income taxes are effectively a hidden tax on customers (who pay more), employees (who make less) and shareholders (who make less), and I'm opposed to hidden taxes.

3 days ago
top

VeraCrypt Is the New TrueCrypt -- and It's Better

swillden Re:Wow, that's a lot of iterations (220 comments)

Umm, no. The iteration count change has nothing to do with encryption or key scheduling.

This is about how the encryption is is produced. What's needed is a mechanism for turning the password you type in into a key that can be used with a block cipher (in some appropriate mode). Any cryptographic hash will do that, so let's suppose that you use SHA256. You hash the password, then use the resulting bits as a key to encrypt data with AES128. Even though the hash is strong and the encryption is strong, the system is almost certainly weak because the password is probably not very strong. Suppose it has 30 bits of entropy. This means there are 2^30 possible hashes and 2^30 possible encryption keys.

The best solution is to pick a stronger password, but we can do better even without requiring the user to get a better memory and type more.

The reason the system is weak is that SHA256 is fast. An attacker can try all 2^30 possible passwords fairly quickly, because a common desktop machine can perform millions of operations per second. Let's assume it's only a million per second. 2^30/1000000/60/2 = ~9 minutes, on average (the division by 2 is because on average the attacker only has to search half of the space).

Suppose instead that you iterate SHA256 a million times and use the result of that as the AES key. That means on your machine it takes you one second to compute the key before you can start decrypting. Assuming there's no defect in SHA256 that allows the attacker to shortcut those iterations, he has to do the same thing when trying to search the password space. Now instead of being able to test a million passwords per second, he can only test one per second, so brute forcing your password takes about 9 million minutes, which is about 17 years.

Well, assuming the attacker uses only one computer, and assuming that it's no more powerful than yours. In reality, the attacker is going to use a big stack of GPUs, each of which can perform SHA256 thousands of times faster than a desktop machine because they're vector machines. And, given the scheme described, he's going to store the results of those password hashing attempts, constructing a table so he can skip the hashing step when he attacks someone else's data.

To address the first problem, the solution is to use an iterated function that also uses a lot of RAM (to increase hardware costs for the attacker), and perhaps to increase the iteration count some more. To address the second problem, add salt.

It's worth pointing out that the PBKDF2 password hash used by both TrueCrypt and VeraCrypt does not use a lot of RAM. You need to upgrade to scrypt or newer hashing functions for that. I'm not sure why VeraCrypt didn't do that, since they were breaking compatibility anyway.

3 days ago
top

Bill Gates: Piketty's Attack on Income Inequality Is Right

swillden Re:This looks like a nasty trick. (830 comments)

You probably do need to make it somewhat progressive, taxing luxury goods at a higher rate.

4 days ago
top

Court Rules Parents May Be Liable For What Their Kids Post On Facebook

swillden Yawn (319 comments)

Haven't parents always been liable for the actions of their children? I've always figured I was. If my kids made some mess they couldn't clean up, I knew I was on the hook for it. I suppose I shouldn't speak in the past tense, because I still have two who aren't yet legal adults.

4 days ago
top

Bill Gates: Piketty's Attack on Income Inequality Is Right

swillden Re:This looks like a nasty trick. (830 comments)

That's a problem with the particular way they've chosen to balance it, not an inherent flaw in the concept.

4 days ago
top

Android On Intel x86 Tablet Performance Explored: Things Are Improving

swillden Re:Why should I care? (97 comments)

I have no affiliation with Intel, but here's your answer: Most Android apps are written in DALVIK and, for those, it really doesn't matter. It does, however, matter for native C/C++ apps, or apps utilizing native C/C++ components; if there's only an ARM build for the app you use, you don't want an x86 CPU.

This is mostly an issue with games, since they're the apps that push the performance boundaries enough that it makes sense to write native code.

So a less-technical but almost as correct answer is: If you buy an Intel tablet some games won't run on it until the game developers get around to building for Intel. How long that takes depends in large part on how many Intel tablets are sold.

4 days ago

Submissions

top

Details of iOS and Android Device Encryption

swillden swillden writes  |  about two weeks ago

swillden (191260) writes "There's been a lot of discussion of what, exactly, is meant by the Apple announcement about iOS8 device encryption, and the subsequent announcement by Google that Android L will enable encryption by default. Two security researchers tackled these questions in blog posts:

Matthew Green tackled iOS encryption, concluding that at bottom the change really boils down to applying the existing iOS encryption methods to more data. He also reviews the iOS approach, which uses Apple's "Secure Enclave" chip as the basis for the encryption and guesses at how it is that Apple can say it's unable to decrypt the devices. He concludes, with some clarification from a commenter, that Apple really can't (unless you use a weak password which can be brute-forced, and even then it's hard).

Nikolay Elenkov looks into the preview release of Android "L". He finds that not only has Google turned encryption on by default, but appears to have incorporated hardware-based security as well, to make it impossible (or at least much more difficult) to perform brute force password searches off-device."
top

Google Wallet now works with any card

swillden swillden writes  |  more than 2 years ago

swillden writes "Google posted on Wednesday: 'we’re releasing a new, cloud-based version of the Google Wallet app that supports all credit and debit cards from Visa, MasterCard, American Express, and Discover. Now, you can use any card when you shop in-store or online with Google Wallet. With the new version, you can also remotely disable your mobile wallet app from your Google Wallet account on the web.'"
Link to Original Source
top

Google+ for Google Apps Released

swillden swillden writes  |  more than 2 years ago

swillden (191260) writes "Finally addressing a problem with the new Google+ social network that has generated a great number of complaints from long-time Google users, Google has announced the availability of Google+ for users with Google Apps accounts. The feature isn't enabled automatically for all Google Apps domains, though, it's necessary for the domain administrator to turn it on."
Link to Original Source
top

Real-world RAID0 performance

swillden swillden writes  |  more than 5 years ago

swillden writes "I recently got the opportunity to play with some fairly high-end hardware and I was very surprised at the poor I/O performance. The machine was a 4-way Xeon with a high-end RAID controller and five 300GB SCSI Ultra-320 15,000 RPM drives, to be configured as a very high-performance database server. I didn't care so much about the real database workload, though, I just wanted to see what kind of data rate I could get, for fun.

Given that each of these drives individually can sustain over 100 MB/s, and given that I'd expect RAID0 to scale roughly linearly with the number of drives, I was expecting in the neighborhood of 500 MB/s. What I got (according to bonnie++) was about 200 MB/s, less than half the expected data rate. Disappointed, I decided to give Linux MD RAID a try, which got me up to about 240 MB/s, 20% faster than the hardware RAID, but still disappointing.

My question for the slashdot geeks that play with this kind of stuff all the time is: What kind of performance should I expect out of a system like this? Does RAID0 always scale so poorly? And, just for good nerdish fun, what's the fasted storage I/O you've ever seen?"
top

What examples of Security Theater have you seen?

swillden swillden writes  |  more than 6 years ago

swillden writes "Everyone who pays any attention at all to security, both computer security and "meatspace" security, has heard the phrase Security Theater. For years I've paid close attention to security setups that I come in contact with, and tried to evaluate their real effectiveness vs their theatrical aspects. In the process I've found many examples of pure theater, but even more cases where the security was really a cover for another motive.

Recently, a neighbor uncovered a good example. He and his wife attended a local semi-pro baseball game where security guards were checking all bags for weapons. Since his wife carries a small pistol in her purse, they were concerned that there would be a problem. They decided to try anyway, and see if her concealed weapon permit satisfied the policy. The guard looked at her gun, said nothing and passed them in, then stopped the man behind them because he had beer and snacks in his bag. Park rules prohibit outside food. It's clear what the "security" check was really about: improving park food vending revenues.

So, what examples of pure security theater have slashdotters noticed? Even more interesting, what examples of security-as-excuse have you seen?."
top

swillden swillden writes  |  more than 7 years ago

swillden writes "I've come across an increasing number of GPL programs lately that display an EULA-style click-wrap agreement during installation. While not exactly wrong, this seems like a bad idea to me, since it perpetuates the idea that you must agree to some arbitrary set of conditions in order to install and use a piece of software. In this case the conditions are very liberal (there are none, really), but still it reinforces the notion that you can't install a package unless you agree.

The FSF says that such click-wrapping is neither required nor forbidden but it seems like a bad idea to promote the click-wrap meme, even if the license is user-friendly. What do slashdotters think?"

Journals

top

10 seconds that can help boot Orrin Hatch out of office

swillden swillden writes  |  more than 8 years ago

I'm sure all of you have seen the many articles about various wacko things Senator Orrin Hatch has done to support the RIAA and MPAA. Among other things, he'd like to empower the media industry to remotely destroy the computers of people they suspect of illegally sharing files.

Wouldn't be great to give him the boot? You can help, by doing nothing more than voting on a web site.

See, for the first time in quite a few years Hatch has a serious contender for his seat. Pete Ashdown is a smart, tech-savvy businessman who's taken a year off to run his campaign. Ashdown is the sort of moderate Democrat who has a chance to win in Utah, and Utahns have expressed their opinion in polls that Hatch has been in office long enough and they'd like a change.

However good Ashdown's chances in theory, though, campaigning is about money, and he needs it.

That's where this vote comes in. Barbara Boxer has some campaign cash she's going to give to one of the Democrats running against a long-term incumbent senator. If Ashdown can win that vote, he'll have a great warchest to start the campaign with. It won't be enough, but it will give him a good start and will hopefully prime the pump for other large democratic contributions.

So go vote, and get all of your friends and neighbors to do the same! Even if they're Republicans, they still have to appreciate that an utterly one-sided race like Hatch has had in the past is not good for democracy. Get them to vote!

Slashdot Login

Need an Account?

Forgot your password?