Forgot your password?
typodupeerror

Comment: Re:Disengenous (Score 1) 162

by swillden (#47572125) Attached to: Amazon's eBook Math

in the long term, the book stores go out of business now its harder to find interesting books.

Nonsense.

Look at Baen's model... the first few chapters of all of their books are available for free, all on-line, all trivially easy for you to browse and sample, at no risk, wherever and whenever it's convenient to you. For that matter, they offer full novels from their top authors for free. So you can read the first book of a 15-novel series at no cost, hooking you for the other 14.

How can book stores, with their limited shelf space and immobility, compete with that?

Of course, that's Baen, not Amazon. Because Baen is a publisher, they have the freedom to do things like offer the first ~50 pages free, while Amazon has to obey the publishers' rules. But in a world where browsing bookshelves is gone, Baen's approach, or something like it, will be necessary to generate sales, so it will be done.

Just because you're accustomed to one way of finding good reading material doesn't mean it's the only one, or even the best one.

Comment: Re:Appalling (Score 5, Informative) 125

by swillden (#47562755) Attached to: Old Apache Code At Root of Android FakeID Mess

I don't know the fine details of this bug, but am I the only one appalled at how obvious this bug sounds? It doesn't even properly check the certificate? I mean buffer overflows and such are one thing, but not properly testing your certificate code seems unforgivable.

No, it's not that it doesn't check certificates generally, it's that if there's an additional, extra certificate of a particular form in the list that forms an app's certificate chain (but isn't actually in the chain) then that extra certificate gets included in the list of signatures associated with an app... making other apps that query the signature list believe that the app is signed by a certificate it's not. This doesn't, for example, fool the Play store into believing an app is from developer A when it's really from developer B. But it can fool other apps. There are some apps that load others as plugins, and make decisions about which plugins to load based on whether they're signed by a particular key. This flaw allows malicious apps to subvert that, convincing the plugin-loading apps to execute them, thereby giving the malicious app the same permissions as the plugin-loading app.

It's a serious security flaw, no doubt. But it's a little more subtle and less obvious than the summary makes it appear. Also, it appears that no app in the Play store, nor any of the other apps that Google has scanned, attempt to exploit the flaw. It's very easy to identify them by scanning the certificates in the package.

I've implemented tests for certificate chain validation code several times (not in Android), and it never once occurred to me to test for this particular odd construction, nor, I think, would anyone else think to test for it without some specific reason. This sort of bug requires inspection of the code.

(Disclaimer: I'm a member of the Android security team, but I'm not speaking in an official capacity, just summarizing what I've read of the vulnerability -- which isn't a great deal. Others on my team are well-informed, but I haven't followed this issue closely.)

Comment: Re:Trivial observation (Score 1) 133

by swillden (#47556973) Attached to: A Fictional Compression Metric Moves Into the Real World

some bullshit "universal compresser"

Not a universal compressor, a standard compressor, such as gzip. The metric is ultimately just a comparison between the compressor being evaluated and the compressor chosen as the standard, and it is unitless.

That said, I agree with you that the scaling constant has no reason to be present. As for using the logs of times... I don't know. It's essentially a base change, expressing the time of the compressor being evaluated in the base of the standard compressor, which is then multiplied by the ratio of the compression ratios. Handling the time relationship as a base change may have some useful properties, but I can't see what they would be.

Comment: Re: What alternative could be built? (Score 2) 143

The internal "SD Card" is formatted with a Unix-style file system that provides access controls to keep apps from being able to access one anothers' data. External SD Cards are formatted with FAT32, because that's what the whole world expects. Unfortunately, FAT has no concept of ownership or permissions, so the path-based restriction is necessary to ensure that apps can't muck with each others' data.

Comment: Encrypt your devices (Score 1) 112

by swillden (#47553639) Attached to: Ask Slashdot: Preparing an Android Tablet For Resale?

It's too late now, but if this device had been encrypted before it was broken, you'd have a lot less to worry about.

OTOH, it's worth pointing out that if the level of effort required to find the storage on the broken device so you can wipe or destroy it is too much to bother with, it will almost certainly be too much effort for anyone to go through the same effort in order to retrieve your data, on the off chance there might be something of value in there somewhere.

Comment: Re:Even better, reflect true cost of cell phones (Score 2) 77

by swillden (#47536091) Attached to: Compromise Struck On Cellphone Unlocking Bill

And are you seriously telling me if she gets an iphone 64 GB 5S it's the same price as if she gets the $20 special?

In many cases... yes. The most expensive phones have an up-front cost in addition to the two-year commitment, but if you get the most expensive phone you can without an up-front fee, then there is no price difference between that one and the cheapest phone.

Yes, this is ridiculous.

Comment: Re:Not news (Score 1) 327

Hallam said it best: there has never been a time when humanity has successfully and peacefully coexisted with nature.

That would be a nice quote, but it contains an implicit assumption which is seriously wrong: That there is any distinction between humanity and nature.

It's not surprising that we tend to see ourselves as distinct from the rest of nature, because we are dramatically different from all other forms of life around us, and not just because we're self-centered, or even because we're objectively hugely more successful than any other species. We're dramatically different because we're the only species we know of that is capable of creating explanatory knowledge, of conjecturing and criticizing ideas, individually and in collaboration, to understand how and why things work. Many species on Earth are capable of learning, but as far as we can tell it's all "behavioral" learning; understanding merely that specific behaviors cause specific results. Sometimes the results of that level of understanding can be quite sophisticated, as in the animals who can create and use tools in complex sequences to accomplish goals, but it's still on a completely different level from the ability that humans have to deduce deep explanations of the structure and nature of the universe, and how to manipulate it.

Regardless of the temptation to view ourselves as separate from nature, though, we're not. That doesn't mean we won't benefit from applying our understanding of the rest of nature to maintain the elements of it that are beneficial to us. Obviously, we're better off if we don't make the world a worse for ourselves -- the flip side of that is that we are better off if we make the world a better place for us, so stasis is not the goal. That's really good because stasis (aka "sustainability") is impossible.

Comment: Re:That's great, but ... (Score 3, Interesting) 120

practical long distance EVs at a reasonable price and/or can recharge in less than half an hour

The price may or may not be reasonable, depending on your budget, though it definitely is for a non-trivial number of people, but the Tesla Model S fulfills the other requirements today.

My Nissan LEAF doesn't, though it's still a very practical car that easily manages all but a small fraction of my driving.

Comment: Re:Astronomy, and general poor night-time results. (Score 1) 543

by swillden (#47526497) Attached to: Laser Eye Surgery, Revisited 10 Years Later

shooting which requires both close-up vision (to see the signs) and long range vision (to see the target)

Unless your distance vision is *really* bad, to the point where you can't make out the target at all, distance vision doesn't have much impact on shooting. In a proper sight picture you should be focused on the front sight, and you also need the rear sight to be clear enough that you can verify precise alignment. The target will always be blurry, so having it a little blurrier because of nearsightedness isn't typically a problem.

I often tell the older shooters I teach to wear their reading glasses. Not only does the improved sight alignment help, but I think the inability to see the target clearly strongly discourages them from trying to focus on it, which helps even more.

In case of injury notify your superior immediately. He'll kiss it and make it better.

Working...