I once took over 30,000 lines of code that had been written by a subcontractor and trimmed it to around 4000 LOC. And you better believe it ran faster! Not because refactoring is magic, but because once all the mind-numbing almost-repetition was mucked out you could actually see what the code was doing and notice that a lot of it wasn't really necessary. Ever since then I have always maintained that coders should never ever copy and paste code. I've had people disagree, saying that a little bit of copying and pasting won't hurt, but I say if it's really such a little bit then you shouldn't mind re-typing it. Of course if you do that very soon you start putting more effort into devising ways to stop repeating yourself, which is exactly the point. Repeating yourself should be painful.

That's I think a reliable litmus test for whether you should refactor a piece of software. If it's an area of code that's been receiving a lot of maintenance, and you think you can reduce the size significantly (say by 1/3 or more) without loss of features or generality you should do it. If it's an area of code that's not taking up any maintenance time, or if you're adding speculative features nobody is asked for and the code will get larger or remain the same size, then you should leave it alone. It's almost common sense.

I don't see why anyone would think that refactoring for its own sake would necessarily improve anything. If an automotive engineer on a lark decided to redesign a transmission you wouldn't expect it to get magically better just because he fiddled with it. But if he had a specific and reasonable objective in the redesign that's a different situation. If you have a specific and sensible objective for reorganizing a piece of code, then it's reasonable to consider doing it.

Your argument would carry more weight if the government who'd be trying Snowden weren't the same one he outed for violating its own laws, with the active collaboration of its judicial branch. Not to mention all of the recent fully-public sidestepping of due process for hundreds of other enemy combatants. Oh, and the torture, including of US citizens. And... do I really need to go on?

Snowden has extremely good reason to be skeptical of the fairness of a trial... or if he'd even get a real trial.

I see no evidence that Snowden didn't hand everything over to the Guardian et al, all at once, as he said he did. On what do you base your claim that he's still got something left?

In most cases these days it's a distinction without a difference.

I see this differently. Obj-C has the objects I need to interact with the framework. C++ has the speed, compatibility and expressive power I want. C has speed and compatibility, but lacks expressive power, which creates a lot of tedium and loses a lot of safety.

We agree on something :-)

I haven't really done much on Macs, but I did a lot of work on NeXTstep back in the day, and C++ was quite common in scientific computing there. Actually, what I saw a lot of was "Objective-C++"... they may have grown further apart, to the degree that this no longer works, but in the early 90s gcc allowed you to mix Objective-C and C++ constructs freely in the same code. So a common approach was to build everything in an OO fashion, but to choose between Objective-C and C++-style classes based on performance and flexibility tradeoffs. The result required you to be fluent in both, but that really just means being fluent in C++ because a C++ programmer can learn Objective-C in a day (which is something I respect about the language).

I misread the the article's title as "Douche Telecom Call for Google and Facebook to be Regulated like Tacos." I'd misplaced my computer glasses.

Well, this is the thing about civil disobedience. The classic formula is to keep up awareness of your issue by forcing the government to go through the embarrassing and drawn-out process of prosecuting and punishing you. I'll bet they had to drag Thoreau kicking and screaming out of that Concord jail cell when some joker finally came along and paid his poll tax for him. Holding court for his admirers in the town pokey no doubt suited his purposes nicely.

In that spirit, this announcement is very effective. When was the last headline you read about Edward Snowden? If he comes back for a long and drawn out trial that'll show he's pretty hard core about this civil disobedience thing -- if leaving a cushy, high paying job in Hawaii with his pole-dancing girlfriend to go to fricken' Russia wasn't enough.

It occurs to me, though, that this situation is a lot like what I always say about data management systems: the good ones are easier to replace than the bad ones. Likewise the better governments, the ones with at least some commitment to things like due process, are much easier to face down with civil disobedience than ones where being a political threat gets you a bullet in the head, like Ninoy Aquino or Boris Nemtzov. If Snowden *does* come back, and if he ends up "detained" in limbo somewhere, then it'll be time for everyone to go into the streets and bring the government down.

Everyone likes getting paid. And all things being equal, everyone likes getting paid *more*.

But one thing I've noticed is that the people who are most dissatisfied with their current pay also happen to be the most dissatisfied with their working conditions overall, particularly how they feel treated. The feeling seems to be that if they ought to get more pay to put up with this shit.

Now I wouldn't suggest to any employer, particularly in tech, to economize by offering low salaries. You want to attract and retain the best people you can. But this suggests to me that many employers would do themselves a favor by paying a little more attention to worker happiness. If you're paying people approaching (or even more than) $100,000, there's bound to be a lot more cost effective ways to goose worker morale than handing out raises they'll perceive as significant.

But oddly many employers seem to think paying someone's salary is a license for handing out indignities. This doesn't even qualify as penny wise pound foolish.

What is gasoline if not a liquid? And what is liquid but a fluid? Therefore I should be able to run my car on hot air. So not all fair use is parody, nor is everything an author has to put up with fair use.

Fan fiction falls into that last category. Some authors encourage it, which is gracious; others are paranoid about it, which is understandable. But ultimately no matter how they feel about fan fiction they're going to have to put up with it. A successful work of fiction fires peoples' imaginations, and in the Internet era that means they're going to share their imaginings with like-minded people. Trying to police fan-fiction in a world where anyone can set up a blog or social media account to share it is like spitting into a hurricane force wind.

But even though a successful author pretty much has to put up with fan fiction whether he likes it or not, it's ridiculous to think that any author is somehow obligated to promote it. That just a fan-fiction author's fantasy. Authors have lives too, and there is not enough hours in the day for an author to police the stuff, much less to negotiate business deals for the people who write it. It's considered bad manners to even ask an author for the name of his literary agent, because an agent is supposed to work for an author, which he won't be able to do if he's swamped with requests from wannabes.

Cross-platform compatibility of C++ code is excellent these days, C++ can call low-level Apple APIs exactly as well as C, and there is no performance cost to C++ unless you choose it.

Unless you're concerned that you may need to target a platform not supported by a decent C++ compiler (which is really rare, given that gcc is basically everywhere), the only reason to choose C over C++ is personal preference or concern that some of the users of the code may not know C++.

It's not separate. In stock Lollipop there is only one password, and it's used both for FDE and for screen unlock. Some customized ROMs (e.g. CM) have separated it, which allows you to choose a strong boot password and a more convenient unlock password. Stock Android didn't go that direction because too many users would set a strong boot password which they only use once every few weeks and therefore forget, losing all of their data.

As mentioned by Gaygirlie, a big factor is the AES-NI instruction in the ARMv8 instruction set supported by your Nexus 6. It dramatically reduces the performance and power hit of AES operations.

(I'm a member Android Security team who worked on bits of Lollipop FDE)

This isn't completely true on Lollipop devices that have hardware-backed credential storage. (Well, it's not really "hardware-backed", but it's in a Trusted Execution Environment, typically ARM TrustZone.)

For Lollipop, a big change to FDE was the inclusion of a hardware-backed key in the key derivation function (KDF) for the FDE master key encryption key. This provides two benefits:

1) It means that a dump of the contents of your encrypted flash is useless without the device.

2) It means that brute force search of your PIN/pattern/password space is serialized and rate-limited by the performance of the device. In a way this means that faster devices are less secure, though we also apply a device-tuned scrypt function as part of the KDF, which compensates in the case of an attacker who tries to perform the entire attack on-device.

The best attack against Lollipop FDE, on a device with HW-backed credentials, is to dump the data from the device flash, then flash a custom OS which makes calls into the HW crypto to create an oracle, processing a stream of requests and returning the responses. Then you do a brute force attack with a mixture of on-device and off-device resources, computing the first scrypt function offline, then performing the on-device crypto operation, then taking the results of that and performing the second scrypt function offline, which you then use to try to decrypt the FDE master key, offline.

The fastest devices on the market today will perform the HW-backed crypto operation in about 50 ms. Assuming everything is pipelined properly, this is the brute force attempt rate: 20 attempts per second. With a four-digit PIN, this is negligible: the entire space can be searched in 8 minutes. However, a six-character alphanumeric password (random, all lowercase) would take 630 days, on average, to break. That's pretty reasonable security.

In theory. In practice it would take much longer than that. I tried running this test on a Nexus 9 and found the device kept throttling itself because it got too hot, plus even with a 2A charger it consumed more power than was being provided to it, so I had to stop when the battery died and wait for it to recharge.

Pre-Lollipop, and even on Lollipop devices that lack HW-backed crypto, you can conduct the entire attack off-line, parallelized, on however much hardware you care to throw at it. I can't make any promises about the future, but I will say that I, personally, really want to significantly improve Android FDE in the future. I have changes in mind that will make brute force essentially impossible, unless you can break into the Trusted Execution Environment.

Bah. Outright falsehood-pushing "journalism" is as old as journalism, and the online version of it as old as online journalism. Wikipedia has been abused as long as it has existed, and the Woozle Effect is also nothing new -- indeed the name and awareness of the phenomenon predates the existence of ARPANET, much less the Internet.

Well, it's an open question of who's living in a fantasy world. I'm actually old enough to remember these people. Show me a Republican today who'd be as aggressive as Nixon on regulation. Who would sign the Clean Water Act, or the Fair Credit Reporting Act, or appoint someone like Elliot Richardson the head of HEW. Nixon also took the single most intrusive act of economic intervention ever by an American president (including FDR): the wage-price freeze. It's fair to say that there's nobody in national politics anywhere on the spectrum that would undertake a step like that. For one thing it was hopeless; there is no way to stop incipient runaway inflation without restricting the money supply and reducing government deficit spending so as to induce a temporary contraction of the economy.