Forgot your password?
typodupeerror

Comment: Re:Disengenous (Score 2) 279

by swillden (#47572125) Attached to: Amazon's eBook Math

in the long term, the book stores go out of business now its harder to find interesting books.

Nonsense.

Look at Baen's model... the first few chapters of all of their books are available for free, all on-line, all trivially easy for you to browse and sample, at no risk, wherever and whenever it's convenient to you. For that matter, they offer full novels from their top authors for free. So you can read the first book of a 15-novel series at no cost, hooking you for the other 14.

How can book stores, with their limited shelf space and immobility, compete with that?

Of course, that's Baen, not Amazon. Because Baen is a publisher, they have the freedom to do things like offer the first ~50 pages free, while Amazon has to obey the publishers' rules. But in a world where browsing bookshelves is gone, Baen's approach, or something like it, will be necessary to generate sales, so it will be done.

Just because you're accustomed to one way of finding good reading material doesn't mean it's the only one, or even the best one.

Comment: Re:Appalling (Score 5, Informative) 127

by swillden (#47562755) Attached to: Old Apache Code At Root of Android FakeID Mess

I don't know the fine details of this bug, but am I the only one appalled at how obvious this bug sounds? It doesn't even properly check the certificate? I mean buffer overflows and such are one thing, but not properly testing your certificate code seems unforgivable.

No, it's not that it doesn't check certificates generally, it's that if there's an additional, extra certificate of a particular form in the list that forms an app's certificate chain (but isn't actually in the chain) then that extra certificate gets included in the list of signatures associated with an app... making other apps that query the signature list believe that the app is signed by a certificate it's not. This doesn't, for example, fool the Play store into believing an app is from developer A when it's really from developer B. But it can fool other apps. There are some apps that load others as plugins, and make decisions about which plugins to load based on whether they're signed by a particular key. This flaw allows malicious apps to subvert that, convincing the plugin-loading apps to execute them, thereby giving the malicious app the same permissions as the plugin-loading app.

It's a serious security flaw, no doubt. But it's a little more subtle and less obvious than the summary makes it appear. Also, it appears that no app in the Play store, nor any of the other apps that Google has scanned, attempt to exploit the flaw. It's very easy to identify them by scanning the certificates in the package.

I've implemented tests for certificate chain validation code several times (not in Android), and it never once occurred to me to test for this particular odd construction, nor, I think, would anyone else think to test for it without some specific reason. This sort of bug requires inspection of the code.

(Disclaimer: I'm a member of the Android security team, but I'm not speaking in an official capacity, just summarizing what I've read of the vulnerability -- which isn't a great deal. Others on my team are well-informed, but I haven't followed this issue closely.)

Comment: Re:Trivial observation (Score 1) 133

by swillden (#47556973) Attached to: A Fictional Compression Metric Moves Into the Real World

some bullshit "universal compresser"

Not a universal compressor, a standard compressor, such as gzip. The metric is ultimately just a comparison between the compressor being evaluated and the compressor chosen as the standard, and it is unitless.

That said, I agree with you that the scaling constant has no reason to be present. As for using the logs of times... I don't know. It's essentially a base change, expressing the time of the compressor being evaluated in the base of the standard compressor, which is then multiplied by the ratio of the compression ratios. Handling the time relationship as a base change may have some useful properties, but I can't see what they would be.

Comment: Re: What alternative could be built? (Score 2) 145

The internal "SD Card" is formatted with a Unix-style file system that provides access controls to keep apps from being able to access one anothers' data. External SD Cards are formatted with FAT32, because that's what the whole world expects. Unfortunately, FAT has no concept of ownership or permissions, so the path-based restriction is necessary to ensure that apps can't muck with each others' data.

Comment: Encrypt your devices (Score 1) 112

by swillden (#47553639) Attached to: Ask Slashdot: Preparing an Android Tablet For Resale?

It's too late now, but if this device had been encrypted before it was broken, you'd have a lot less to worry about.

OTOH, it's worth pointing out that if the level of effort required to find the storage on the broken device so you can wipe or destroy it is too much to bother with, it will almost certainly be too much effort for anyone to go through the same effort in order to retrieve your data, on the off chance there might be something of value in there somewhere.

Comment: Re:Even better, reflect true cost of cell phones (Score 2) 77

by swillden (#47536091) Attached to: Compromise Struck On Cellphone Unlocking Bill

And are you seriously telling me if she gets an iphone 64 GB 5S it's the same price as if she gets the $20 special?

In many cases... yes. The most expensive phones have an up-front cost in addition to the two-year commitment, but if you get the most expensive phone you can without an up-front fee, then there is no price difference between that one and the cheapest phone.

Yes, this is ridiculous.

Comment: Re:Not news (Score 1) 333

Hallam said it best: there has never been a time when humanity has successfully and peacefully coexisted with nature.

That would be a nice quote, but it contains an implicit assumption which is seriously wrong: That there is any distinction between humanity and nature.

It's not surprising that we tend to see ourselves as distinct from the rest of nature, because we are dramatically different from all other forms of life around us, and not just because we're self-centered, or even because we're objectively hugely more successful than any other species. We're dramatically different because we're the only species we know of that is capable of creating explanatory knowledge, of conjecturing and criticizing ideas, individually and in collaboration, to understand how and why things work. Many species on Earth are capable of learning, but as far as we can tell it's all "behavioral" learning; understanding merely that specific behaviors cause specific results. Sometimes the results of that level of understanding can be quite sophisticated, as in the animals who can create and use tools in complex sequences to accomplish goals, but it's still on a completely different level from the ability that humans have to deduce deep explanations of the structure and nature of the universe, and how to manipulate it.

Regardless of the temptation to view ourselves as separate from nature, though, we're not. That doesn't mean we won't benefit from applying our understanding of the rest of nature to maintain the elements of it that are beneficial to us. Obviously, we're better off if we don't make the world a worse for ourselves -- the flip side of that is that we are better off if we make the world a better place for us, so stasis is not the goal. That's really good because stasis (aka "sustainability") is impossible.

Comment: Re:That's great, but ... (Score 3, Interesting) 120

practical long distance EVs at a reasonable price and/or can recharge in less than half an hour

The price may or may not be reasonable, depending on your budget, though it definitely is for a non-trivial number of people, but the Tesla Model S fulfills the other requirements today.

My Nissan LEAF doesn't, though it's still a very practical car that easily manages all but a small fraction of my driving.

Comment: Re:Astronomy, and general poor night-time results. (Score 1) 547

by swillden (#47526497) Attached to: Laser Eye Surgery, Revisited 10 Years Later

shooting which requires both close-up vision (to see the signs) and long range vision (to see the target)

Unless your distance vision is *really* bad, to the point where you can't make out the target at all, distance vision doesn't have much impact on shooting. In a proper sight picture you should be focused on the front sight, and you also need the rear sight to be clear enough that you can verify precise alignment. The target will always be blurry, so having it a little blurrier because of nearsightedness isn't typically a problem.

I often tell the older shooters I teach to wear their reading glasses. Not only does the improved sight alignment help, but I think the inability to see the target clearly strongly discourages them from trying to focus on it, which helps even more.

Comment: Re:Astronomy, and general poor night-time results. (Score 5, Insightful) 547

by swillden (#47524941) Attached to: Laser Eye Surgery, Revisited 10 Years Later

One common technique for people who are close to or have age-induced presbyopia is to perform the surgery on only one eye, or, depending on the prescription, to apply it in different amounts. The idea is to get one eye which is good for near vision and one that is good for far vision. Sort of the same notion as bifocals, but applied directly to the eyes. Apparently the brain adjusts quickly and effectively to this and you end up feeling as though you have good vision at all ranges as long as both eyes are open.

I'm considering doing that. I'm 45 and my eyes have just begun to change. I'm still generally myopic, but so far the change just requires me to take my glasses off when doing close work. I'm going to give it a couple more years to be sure my eyes have more or less settled, then get surgery on one or both, in whatever degrees will give me the best overall visual acuity and flexibility.

If your eyes haven't actually changed yet, then it's something of a crapshoot. The idea is to adjust your vision based on guesses as to how they're going to change. That said, my optometrist says that they can make very good guesses. The only reason he's recommended that I wait is because I'm not far from the point where guessing won't be required, based on my history of general visual stability and current rate of change.

"Trust me. I know what I'm doing." -- Sledge Hammer

Working...