Forgot your password?
typodupeerror

Comment: Re:Disengenous (Score 1) 195

by swillden (#47572125) Attached to: Amazon's eBook Math

in the long term, the book stores go out of business now its harder to find interesting books.

Nonsense.

Look at Baen's model... the first few chapters of all of their books are available for free, all on-line, all trivially easy for you to browse and sample, at no risk, wherever and whenever it's convenient to you. For that matter, they offer full novels from their top authors for free. So you can read the first book of a 15-novel series at no cost, hooking you for the other 14.

How can book stores, with their limited shelf space and immobility, compete with that?

Of course, that's Baen, not Amazon. Because Baen is a publisher, they have the freedom to do things like offer the first ~50 pages free, while Amazon has to obey the publishers' rules. But in a world where browsing bookshelves is gone, Baen's approach, or something like it, will be necessary to generate sales, so it will be done.

Just because you're accustomed to one way of finding good reading material doesn't mean it's the only one, or even the best one.

Comment: Re:I know you're trying to be funny, but... (Score 1) 715

by Lando (#47571989) Attached to: Linus Torvalds: "GCC 4.9.0 Seems To Be Terminally Broken"

And lets not forget you, since you have to been smart enough and knowledgable enough to evaluated all the work that these people do. You obviously are the best qualified to make that decision. And you have. And by pointing out that Linus is obviously not within even the remotest inkling of talent of these "REAL" smart people and is being an asshat, doesn't that just make you an asshat for calling him an asshat.

Screw off. I like my kernel worked on, Linus gets the job done, I'm willing to put up with him being an asshat at times.

My questions though, is what have you done for me lately?

Comment: Re:He just doesent' get it.. (Score 3, Insightful) 401

by metlin (#47569335) Attached to: Jesse Jackson: Tech Diversity Is Next Civil Rights Step

As an Indian American, while I agree with the spirit of your comment, please remember that we are just as badly affected by the H1B visas as any other Americans.

Unfortunately, we are all cast in the same light, our background, academic qualifications, or experience notwithstanding.

Comment: Re:Appalling (Score 5, Informative) 127

by swillden (#47562755) Attached to: Old Apache Code At Root of Android FakeID Mess

I don't know the fine details of this bug, but am I the only one appalled at how obvious this bug sounds? It doesn't even properly check the certificate? I mean buffer overflows and such are one thing, but not properly testing your certificate code seems unforgivable.

No, it's not that it doesn't check certificates generally, it's that if there's an additional, extra certificate of a particular form in the list that forms an app's certificate chain (but isn't actually in the chain) then that extra certificate gets included in the list of signatures associated with an app... making other apps that query the signature list believe that the app is signed by a certificate it's not. This doesn't, for example, fool the Play store into believing an app is from developer A when it's really from developer B. But it can fool other apps. There are some apps that load others as plugins, and make decisions about which plugins to load based on whether they're signed by a particular key. This flaw allows malicious apps to subvert that, convincing the plugin-loading apps to execute them, thereby giving the malicious app the same permissions as the plugin-loading app.

It's a serious security flaw, no doubt. But it's a little more subtle and less obvious than the summary makes it appear. Also, it appears that no app in the Play store, nor any of the other apps that Google has scanned, attempt to exploit the flaw. It's very easy to identify them by scanning the certificates in the package.

I've implemented tests for certificate chain validation code several times (not in Android), and it never once occurred to me to test for this particular odd construction, nor, I think, would anyone else think to test for it without some specific reason. This sort of bug requires inspection of the code.

(Disclaimer: I'm a member of the Android security team, but I'm not speaking in an official capacity, just summarizing what I've read of the vulnerability -- which isn't a great deal. Others on my team are well-informed, but I haven't followed this issue closely.)

Comment: Re:Trivial observation (Score 1) 133

by swillden (#47556973) Attached to: A Fictional Compression Metric Moves Into the Real World

some bullshit "universal compresser"

Not a universal compressor, a standard compressor, such as gzip. The metric is ultimately just a comparison between the compressor being evaluated and the compressor chosen as the standard, and it is unitless.

That said, I agree with you that the scaling constant has no reason to be present. As for using the logs of times... I don't know. It's essentially a base change, expressing the time of the compressor being evaluated in the base of the standard compressor, which is then multiplied by the ratio of the compression ratios. Handling the time relationship as a base change may have some useful properties, but I can't see what they would be.

Comment: Re: What alternative could be built? (Score 2) 143

The internal "SD Card" is formatted with a Unix-style file system that provides access controls to keep apps from being able to access one anothers' data. External SD Cards are formatted with FAT32, because that's what the whole world expects. Unfortunately, FAT has no concept of ownership or permissions, so the path-based restriction is necessary to ensure that apps can't muck with each others' data.

Comment: Encrypt your devices (Score 1) 112

by swillden (#47553639) Attached to: Ask Slashdot: Preparing an Android Tablet For Resale?

It's too late now, but if this device had been encrypted before it was broken, you'd have a lot less to worry about.

OTOH, it's worth pointing out that if the level of effort required to find the storage on the broken device so you can wipe or destroy it is too much to bother with, it will almost certainly be too much effort for anyone to go through the same effort in order to retrieve your data, on the off chance there might be something of value in there somewhere.

Comment: Re:Laziness (Score 1) 143

I think that HTML5 would make it far worse. Where do most of these bad programmers start? Where the barriers to entry are lowest-- javascript. You'd be making the problem worse, not better.

I do think that there's much improvement to be made with permissions on mobile phones. But that's a separate problem, and one a lot of the Android custom ROMs do well.

Comment: Re:Laziness (Score 5, Insightful) 143

Design guidelines are just recommendations. Frequently bad ones. A developer should design the best UI he can, not follow what Google says regardless of whether it fits. And most developer guidelines, Google and Apple both, are crap.

The problem is that the whole app movement has brought in a whole slew of crappy developers who's idea of coding is to search stack overflow or git for stuff to copy paste. They don't read it, don't understand how to use it right, and expect it to magically work. Worse half of the people writing that code fall into the same category, so its the blind reading the blind. If you pick a library off of github and assume it will work, you deserve what you get. Unfortunately your users don't.

These people have been around for a while (they used to be "web developers" and program by copy pasting big chunks of javascript). The problem is that on a phone they can do more damage. In a world where the number of quality programmers is fixed and far less than the demand for programmers, how do you fix it? Making it easier to program actually hurts, you end up with those crappy coders trying to do even more. Maybe its time to raise the barriers to entry for a while.

Comment: Re:No surprises here (Score 1) 119

by AuMatar (#47546699) Attached to: AP Computer Science Test Takers Up 8,000; Pass Rate Down 6.8%

Sure they are. My school had AP classes, but not everyone in the class takes the test- those who didn't think they would pass skipped it and save the 70 bucks. In each one the teacher suggested to a few people not to take the test because they didn't think they had the understanding to pass. In at least 1 case they talked someone into taking the test when they were borderline (I think he passed).

As for financial incentive- read the article. Google was paying teachers directly. It was going to the teachers, administrators not involved. With financial incentives I can easily see the teachers telling more/all of those tweeners to take it and see if they pass.

You've been Berkeley'ed!

Working...