My answer hovers between two choices, "not a lot" and "no idea". The reason for this is that the translation code should be generally rather straightforward. There is a bigger cost for buffer allocation and destruction, and a smaller cost with frame update.
Each time a buffer is created or destroyed, libhybris will need to do some internal bookkeeping to match the Wayland buffers with Android buffers. Some of the under-the-hood memory allocations may be more expensive than others, so I can't say where the bottlenecks will be. For frame updates, there should be little more than simply copying and re-associating geometry values and memory handles (basically integers), since the actual buffer holding the visual content is not touched.
At least that's how I understand it. I trust we'll get benchmarks eventually.
Phoronix article is quite low on information, and even the original post at http://mer-project.blogspot.fi/2013/04/wayland-utilizing-android-gpu-drivers.html assumes some technical knowledge of graphics stack. The basic idea is actually pretty simple. I'll try to break it down.
The SoC vendors are willing to target only Android
Android GPU drivers are built against Bionic libc
The GPU drivers talk to hardware, and expose themselves via EGL and GLESv2
EGL is basically a common API for GPU memory management, buffer (region of memory used for rendering) allocation and display updates
GLESv2 stands in for the functionality we commonly associate with OpenGL
GPU drivers form a combination of EGL and GLESv2 libraries, each GPU vendor providing their own
This is where libhybris comes into play. The GPU driver libraries don't work without Bionic libc - so libhybris, while running on top of regular linux (and thus [e]glibc), keeps a private Bionic libc open for the GPU drivers' use, and redirects all the EGL/GLESv2 calls to the GPU driver libraries. These libraries run in their own Bionic universe, and tell the actual display hardware what to do.
The new part about Wayland support is just a logical extension of the same behaviour. Wayland already depends on EGL for buffer management, so "all" it really needs is a native display handler. Now as it happens, the native Android display structure can be mapped to the Wayland-EGL display structure. It's not trivial, but it's certainly doable. Thanks to libhybris, the Wayland libraries see a correct native display type and operate on that, while the Android GPU libraries see their respective native display type and thus can drive the hardware as ever before. After all, it's still the SAME hardware regardless of what operating system we may be running. Registers are registers and memory is still memory. From the GPU drivers' point of view nothing has changed.
So what has happened? In addition to just redirecting graphics stack calls to Android drivers, we are now also translating the display subsystem between two somewhat different systems.
If all of the above sounds eerily familiar, you are correct. In networking this kind of design is called a proxy, or if we're talking about link layer, it would be a multi-protocol label switch. Logically there's not much difference.
Let me get this straight, so I know we're on the same page.
There is a major vulnerability in basically ALL Postgres installations in the world. That means it has not been introduced by any recent commits. The patch(es) are not yet public, and the repositories have been made non-public while the fix is in the works.
The fix is likely delayed somewhat by the occurrence of Easter holidays. Lots of people have taken extended weekends - probably a good number of Postgres devs included. There is probably no sane way to deploy the fixed versions until after the holidays. Not everyone can afford 24/7 admins.
And you want to complain about the developers being irresponsible when dealing with this?
(For the record: I'm pretty much a full-disclosure guy, but a slightly delayed disclosure with NO IN-THE-WILD EXPLOITS for a vulnerability that is discovered just ahead of a major holiday weekend... I can live with that.)
There was a pretty good write-up on the topic more than a year ago: Who killed videogames?
It's a long read, but most of the important points are made in the first page. The rest (sadly) qualifies for TL;DR - it simply rehashes and expands on the same ideas from different angles and in more depth.
Why not offer two "phone gateways" for your support? One for customers with existing support contract, and another for those without.
For support contract line, have a robot switchboard system that requires a valid support contract code. All other callers would have to go through a premium rate number. Sure, it adds one extra step for customers who have contracts but they probably don't need to call you too often anyway.
Keep the distinctions clearly visible in your help screen. The premium rate probably discourages useless support calls, and those who perceive a need for more frequent support can easily crunch the numbers and decide which option they prefer.
Bit of background: Finland has pretty strict privacy laws, and compiling personal detail lists, such as this, is subject to regulation. Very few care about that. What really matters is that storing such lists has certain requirements - and disseminating them is explicitly unlawful.
The leaked list is apparently a compilation of 10 (or more) smaller lists. Criminal Bureau are going after the person who compiled and published the list, and the morons who compiled the original lists will probably get off with less than a slap on their wrists.
The original compilations have been passed around via mailing lists. I'll let that sink in.
[Puts on the cynic hat] What should be a wake-up call to enforce the collection and dissemination rules will be used to drum up the threat of Anonymous and increased possibility to get spammed. The real problem, namely the near-criminal negligence with which this type of data is handled, will be ignored.
In a nutshell: someone who had access to multiple lists exposed a systematic indifference to privacy laws and the utter ignorance of decent practices. The leak itself will be vilified, while the practices which allowed this to happen with such trivial effort are unlikely to be addressed.
Anecdotally I've found that after cooking for female friends they show a greater interest in me regardless of relationship status. Women like men who can cook.
Incidentally, cooking is the best thing one can do with their pants on.
The Microsoft patent uses partial licenses, consisting of both a public and a private key, to provide customers with the right to decrypt the content they access over the peer-to-peer network.
I quote the team from memory (I just returned from CCC):
Removing or disabling all certificates where a MD5 signature was used somewhere in the chain (or was that just for those that had intermediate CA's signed with MD5? - anyhow...), would cripple approximately 30% of the entire internet.
Oh yes, and it works with wine. Tried the demo and was impressed enough to actually buy the game.
What really brings Aquaria together is the marvelous soundscape. Factor in some good voice acting (one exception in very late game) and the way the story is built, it's definitely worth the price.
I just wish the authors would release a soundtrack soon.
I believe there is already a precedent. See SATA driver information for nvidia's SATA/NCQ support. The trick here seems to be that the developers accept an NDA and in return get access to specifications. Any implementation written from those specs will be unencumbered, but the full contents of the specifications are not.
My guess: the specs for most chipsets are monolithic and contain all kinds of stuff, not just certain subsystems.
Bugger that, he already signed a law that made it illegal for credit card companies to process online casinos' transactions. Yeah, the law was lobbied by all the casino moguls and, surprisingly, some quite powerful religious groups, but it shows that with suitably motivated people driving an agenda, you can make anything illegal.
How about giving the same kind of shaft to those entities whose products are spamvertised? "Endorse or use spam, and your bank will ensure that you won't do any more business." If you could eliminate money from the spamming equation, at least some of it would go away. I also understand that this wouldn't to squat to penny stock scamming, which is a shame.
From the article: What's smart about this attack is that it doesn't matter if you get a file "out of step" - if you start off with a particular file out of sequence, you'll just end up somewhere else in the chain instead. There is no right or wrong place to start with this one - the hackers will make sure you get your fill of infection files!
The basic idea of using multiple, completely unrelated vulnerabilities and attacks to achieve total control is not exactly that new. In fact, the ideas that feel so obvious to us today were quite novel back in the turn of the century. Michael Zalewski described a worm prototype that worked in somewhat similar manner more than six years ago.
On the occasions that I get to give lectures about computer security, I try to illustrate these very ideas. The rule #1: There are no local exploits; All vulnerabilities are remote, some may just require a piggy-bag step of first delivering extra code via other holes.
Poppler is getting better, but it's not quite there yet. Xpdf may be fugly as hell (it's a motif/lesstif app), but there really isn't any replacement for it yet.
Bingo. Poppler, a rendering library developed as an off-shoot of xpdf, somehow manages to perform worse than the original.
Case in point:
Create a PDF file with embedded graphics (figures, charts, sequence diagrams,...)
Open the PDF with evince.
Note, how some of the images are rendered wrong on the screen. (In fact, they render as black boxes that have only a vague resemblance to the major outlines of the original images.)
Print the document. The print will result in the same misrendered images being printed in the same black box fashion.
Resize evince's window back and forth until the image is rendered properly.
Print the document. The print will now have the image as it should appear.
To add insult to injury, there are some rare cases when the on-screen render and printout of an image are different. A mangled image may print properly, but also a properly shown image may be printed as a black box.
The absolutely worst part is that if you print directly from LyX, the printing and rendering routines usually go through poppler. And what does that do to your images? Yep, well guessed. Effecfively the only way to print PDF's in a way that ensures their final outcome is to use xpdf. For LyX documents, this involves the extra step of exporting to PDF and printing from an external program.
I start like this: Pen/Pencil -> Image Mockup in Photoshop -> XHTML/CSS mockup with real structure.
I know (from personal experience) that GIMP takes some time to learn, and creating graphics from scratch with it is not exactly easy. But for the image mockup stage I have a somewhat unorthodox suggestion. Try Scribus. Since you are doing visual layout anyway, why not use a software that actually is designed to create and manipulate such? Different elements are not tied to graphical layers, and dropping sample texts into them is dead simple.
The really interesting part is that if you end up doing the layout this way, you already have a visual model for CSS box elements. Of course, for the final mockup and image spots you may need some heavy-handed image manipulation (also known as "cheating") but then again, you're selling a project and sales material usually only approximates the truth... (And CSS provides the tricks to pull the same stunts off in any case.)
Personally I have changed to using Scribus when creating diagrams. Takes a little longer than with dia, but the results are damn good-looking and certainly worth the effort. Combine that with some good clip art and you have near-professional quality results.
Once a tiered pricing thing is in place, how easy would it be for ICANN to keep constantly changing the rules?
Such as require renewable domain names to go through a competetive bidding process? ICANN wouldn't even need to monitor or assess the potential market value the domain names - the bidders would do this on their own and ICANN could just reap the profits.
So if the rules are subject to change, this will be likely abused and will eventually take on a nasty tone.
... dive into [...] recommended practices [...], without getting bogged down in the theoretical underpinnings, if the reader is in a hurry to implement encryption...
Scary thought. If you are implementing encryption (or any security measure, for that matter), the last thing you should be in is hurry.
Hopefully then they will also implement a good set of password rules and enforce them...
I have a suggestion. Dump the password based access altogether. These are Debian developers, who by their position already NEED to both know and understand how to use GPG for signing their uploads. The concept of public-key access control/validation is their bread and butter.
Allow only public-key SSH access to Debian machines. Period.
That way, to compromise Debian server(s), any potential attacker would need to daisy-chain their targets. Break a developer's home or work box first, get their keys and their passphrases. Only then can they proceed to bigger targets.
On a more serious note, I'm honestly surprised it has taken this long for this kind of operation to emerge. The very idea of a Patch Day[tm] is to A) appease to corporate types who think they understand what "unscheduled downtime" means but are too detached from reality to understand what significance it carries; and B) assume that people outside the company can't discover holes in your software.
Slashdot Mirror
That is a good question.
My answer hovers between two choices, "not a lot" and "no idea". The reason for this is that the translation code should be generally rather straightforward. There is a bigger cost for buffer allocation and destruction, and a smaller cost with frame update.
Each time a buffer is created or destroyed, libhybris will need to do some internal bookkeeping to match the Wayland buffers with Android buffers. Some of the under-the-hood memory allocations may be more expensive than others, so I can't say where the bottlenecks will be. For frame updates, there should be little more than simply copying and re-associating geometry values and memory handles (basically integers), since the actual buffer holding the visual content is not touched.
At least that's how I understand it. I trust we'll get benchmarks eventually.
Phoronix article is quite low on information, and even the original post at http://mer-project.blogspot.fi/2013/04/wayland-utilizing-android-gpu-drivers.html assumes some technical knowledge of graphics stack. The basic idea is actually pretty simple. I'll try to break it down.
GPU drivers form a combination of EGL and GLESv2 libraries, each GPU vendor providing their own
This is where libhybris comes into play. The GPU driver libraries don't work without Bionic libc - so libhybris, while running on top of regular linux (and thus [e]glibc), keeps a private Bionic libc open for the GPU drivers' use, and redirects all the EGL/GLESv2 calls to the GPU driver libraries. These libraries run in their own Bionic universe, and tell the actual display hardware what to do.
The new part about Wayland support is just a logical extension of the same behaviour. Wayland already depends on EGL for buffer management, so "all" it really needs is a native display handler. Now as it happens, the native Android display structure can be mapped to the Wayland-EGL display structure. It's not trivial, but it's certainly doable. Thanks to libhybris, the Wayland libraries see a correct native display type and operate on that, while the Android GPU libraries see their respective native display type and thus can drive the hardware as ever before. After all, it's still the SAME hardware regardless of what operating system we may be running. Registers are registers and memory is still memory. From the GPU drivers' point of view nothing has changed.
So what has happened? In addition to just redirecting graphics stack calls to Android drivers, we are now also translating the display subsystem between two somewhat different systems.
If all of the above sounds eerily familiar, you are correct. In networking this kind of design is called a proxy, or if we're talking about link layer, it would be a multi-protocol label switch. Logically there's not much difference.
Let me get this straight, so I know we're on the same page.
There is a major vulnerability in basically ALL Postgres installations in the world. That means it has not been introduced by any recent commits. The patch(es) are not yet public, and the repositories have been made non-public while the fix is in the works.
The fix is likely delayed somewhat by the occurrence of Easter holidays. Lots of people have taken extended weekends - probably a good number of Postgres devs included. There is probably no sane way to deploy the fixed versions until after the holidays. Not everyone can afford 24/7 admins.
And you want to complain about the developers being irresponsible when dealing with this?
(For the record: I'm pretty much a full-disclosure guy, but a slightly delayed disclosure with NO IN-THE-WILD EXPLOITS for a vulnerability that is discovered just ahead of a major holiday weekend... I can live with that.)
Social games aren't supposed to be *fun*.
There was a pretty good write-up on the topic more than a year ago: Who killed videogames?
It's a long read, but most of the important points are made in the first page. The rest (sadly) qualifies for TL;DR - it simply rehashes and expands on the same ideas from different angles and in more depth.
Scott Adams nailed the tunnel-visioned focus on nothing but metrics.
'nuff said.
Why not offer two "phone gateways" for your support? One for customers with existing support contract, and another for those without.
For support contract line, have a robot switchboard system that requires a valid support contract code. All other callers would have to go through a premium rate number. Sure, it adds one extra step for customers who have contracts but they probably don't need to call you too often anyway.
Keep the distinctions clearly visible in your help screen. The premium rate probably discourages useless support calls, and those who perceive a need for more frequent support can easily crunch the numbers and decide which option they prefer.
Bit of background: Finland has pretty strict privacy laws, and compiling personal detail lists, such as this, is subject to regulation. Very few care about that. What really matters is that storing such lists has certain requirements - and disseminating them is explicitly unlawful.
The leaked list is apparently a compilation of 10 (or more) smaller lists. Criminal Bureau are going after the person who compiled and published the list, and the morons who compiled the original lists will probably get off with less than a slap on their wrists.
The original compilations have been passed around via mailing lists. I'll let that sink in.
[Puts on the cynic hat]
What should be a wake-up call to enforce the collection and dissemination rules will be used to drum up the threat of Anonymous and increased possibility to get spammed. The real problem, namely the near-criminal negligence with which this type of data is handled, will be ignored.
In a nutshell: someone who had access to multiple lists exposed a systematic indifference to privacy laws and the utter ignorance of decent practices. The leak itself will be vilified, while the practices which allowed this to happen with such trivial effort are unlikely to be addressed.
Anecdotally I've found that after cooking for female friends they show a greater interest in me regardless of relationship status. Women like men who can cook.
Incidentally, cooking is the best thing one can do with their pants on.
From the article:
So it's a combination of two things:
And for this they have been granted a patent? *le sigh*
I quote the team from memory (I just returned from CCC):
Removing or disabling all certificates where a MD5 signature was used somewhere in the chain (or was that just for those that had intermediate CA's signed with MD5? - anyhow...), would cripple approximately 30% of the entire internet.
Oh yes, and it works with wine. Tried the demo and was impressed enough to actually buy the game.
What really brings Aquaria together is the marvelous soundscape. Factor in some good voice acting (one exception in very late game) and the way the story is built, it's definitely worth the price.
I just wish the authors would release a soundtrack soon.
SETI - The result of having failed to find intelligent life on Earth.
In the words of Monty Python:
Your search for "rwanda genocide" returned no pages. It never happened.
I believe there is already a precedent. See SATA driver information for nvidia's SATA/NCQ support. The trick here seems to be that the developers accept an NDA and in return get access to specifications. Any implementation written from those specs will be unencumbered, but the full contents of the specifications are not.
My guess: the specs for most chipsets are monolithic and contain all kinds of stuff, not just certain subsystems.
Bugger that, he already signed a law that made it illegal for credit card companies to process online casinos' transactions. Yeah, the law was lobbied by all the casino moguls and, surprisingly, some quite powerful religious groups, but it shows that with suitably motivated people driving an agenda, you can make anything illegal.
How about giving the same kind of shaft to those entities whose products are spamvertised? "Endorse or use spam, and your bank will ensure that you won't do any more business." If you could eliminate money from the spamming equation, at least some of it would go away. I also understand that this wouldn't to squat to penny stock scamming, which is a shame.
I'll top that - with a nightmare, no less. Imagine a recording of your life, edited and complete with a laugh-track.
On pay-per-view.
Controversial? I thought everyone agreed that SCO didn't have a case.
Exactly. I believe the only controversy has been whether this lawsuit should exist in the first place.
From the article: What's smart about this attack is that it doesn't matter if you get a file "out of step" - if you start off with a particular file out of sequence, you'll just end up somewhere else in the chain instead. There is no right or wrong place to start with this one - the hackers will make sure you get your fill of infection files!
The basic idea of using multiple, completely unrelated vulnerabilities and attacks to achieve total control is not exactly that new. In fact, the ideas that feel so obvious to us today were quite novel back in the turn of the century. Michael Zalewski described a worm prototype that worked in somewhat similar manner more than six years ago.
On the occasions that I get to give lectures about computer security, I try to illustrate these very ideas. The rule #1: There are no local exploits; All vulnerabilities are remote, some may just require a piggy-bag step of first delivering extra code via other holes.
Poppler is getting better, but it's not quite there yet. Xpdf may be fugly as hell (it's a motif/lesstif app), but there really isn't any replacement for it yet.
Bingo. Poppler, a rendering library developed as an off-shoot of xpdf, somehow manages to perform worse than the original.
Case in point:
To add insult to injury, there are some rare cases when the on-screen render and printout of an image are different. A mangled image may print properly, but also a properly shown image may be printed as a black box.
The absolutely worst part is that if you print directly from LyX, the printing and rendering routines usually go through poppler. And what does that do to your images? Yep, well guessed. Effecfively the only way to print PDF's in a way that ensures their final outcome is to use xpdf. For LyX documents, this involves the extra step of exporting to PDF and printing from an external program.
I start like this: Pen/Pencil -> Image Mockup in Photoshop -> XHTML/CSS mockup with real structure.
I know (from personal experience) that GIMP takes some time to learn, and creating graphics from scratch with it is not exactly easy. But for the image mockup stage I have a somewhat unorthodox suggestion. Try Scribus. Since you are doing visual layout anyway, why not use a software that actually is designed to create and manipulate such? Different elements are not tied to graphical layers, and dropping sample texts into them is dead simple.
The really interesting part is that if you end up doing the layout this way, you already have a visual model for CSS box elements. Of course, for the final mockup and image spots you may need some heavy-handed image manipulation (also known as "cheating") but then again, you're selling a project and sales material usually only approximates the truth... (And CSS provides the tricks to pull the same stunts off in any case.)
Personally I have changed to using Scribus when creating diagrams. Takes a little longer than with dia, but the results are damn good-looking and certainly worth the effort. Combine that with some good clip art and you have near-professional quality results.
Unorthodox, or outright heretic? You decide.
Once a tiered pricing thing is in place, how easy would it be for ICANN to keep constantly changing the rules?
Such as require renewable domain names to go through a competetive bidding process? ICANN wouldn't even need to monitor or assess the potential market value the domain names - the bidders would do this on their own and ICANN could just reap the profits.
So if the rules are subject to change, this will be likely abused and will eventually take on a nasty tone.
Scary thought. If you are implementing encryption (or any security measure, for that matter), the last thing you should be in is hurry.
Hopefully then they will also implement a good set of password rules and enforce them...
I have a suggestion. Dump the password based access altogether. These are Debian developers, who by their position already NEED to both know and understand how to use GPG for signing their uploads. The concept of public-key access control/validation is their bread and butter.
Allow only public-key SSH access to Debian machines. Period.
That way, to compromise Debian server(s), any potential attacker would need to daisy-chain their targets. Break a developer's home or work box first, get their keys and their passphrases. Only then can they proceed to bigger targets.
Of course now that I've typed it up, I can find no reference to the story.
No wonder. You mixed the person. That story is usually associated with Columbus. Hell, there's even a Wikipedia entry of the thing.
You would need a Reader's Digest anecdote to find something older :)
Thesaurus to the rescue: imbeciles
On a more serious note, I'm honestly surprised it has taken this long for this kind of operation to emerge. The very idea of a Patch Day[tm] is to A) appease to corporate types who think they understand what "unscheduled downtime" means but are too detached from reality to understand what significance it carries; and B) assume that people outside the company can't discover holes in your software.
For point B, see first paragraph.