Profile

Cover photo
Elliott Hughes
Works at Google
Lives in California, USA
564 followers|139,995 views
AboutPostsPhotosVideos

Stream

Elliott Hughes

Shared publicly  - 
 
Wait... ATMs don't encrypt all their network traffic? In 2016?

http://krebsonsecurity.com/2016/02/skimmers-hijack-atm-network-cables/
If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad ...
7
3
Wayne May's profile photoKarim Yaghmour's profile photoDrew Fustini (pdp7)'s profile photoMadhu Gurnani's profile photo
2 comments
 
Apparently a lot of them still run Windows XP too.
Add a comment...

Elliott Hughes

Shared publicly  - 
 
One late change to the dynamic linker in M that turns out to be harder to debug than we'd realized (because we no longer log the warning, and it turns out app developers are still catching and swallowing the helpful UnsatisfiedLinkError that would include the dlerror(3) message that would explain their problem)...

Text Relocations Unsupported for API level >= 23

Previous versions of Android would warn if asked to load a shared library with text relocations: "libfoo.so has text relocations. This is wasting memory and prevents security hardening. Please fix.". Despite this, we'd load the library anyway. In M, we'll actually reject this library if your app's target SDK version is >= 23. We no longer log this because we assume that your app will log the dlopen(3) failure itself, and include the text from dlerror(3) which does explain the problem. Unfortunately, lots of apps seem to catch and hide the UnsatisfiedLinkError throw by System.loadLibrary in this case, often leaving no clue that the library failed to load until you try to invoke one of your native methods and the VM complains that it's not present.

You can use the command-line scanelf tool to check for text relocations. You can find advice on the subject on the internet; for example https://wiki.gentoo.org/wiki/Hardened/Textrels_Guide is a useful guide.
20
5
Steve Jones (Trevor Drake)'s profile photoPaschalis Mpeis's profile photo
Add a comment...

Elliott Hughes

Shared publicly  - 
 
The interesting thing to me in this table isn't actually explicitly stated in the table... The Snapdragon 410, 615, and 808 all have ARM's aarch64 cores, the Exynos 7420 likewise, and the A8 has Apple aarch64 cores. For the high-end devices in the table this isn't surprising: everyone wants to slap "64-bit" on the box for marketing reasons. But it is interesting to me that the "low end" Moto G has A53s too. So -- for one fairly high-end manufacturer at least -- even 2015's low-end devices are 64-bit.

I don't know any better than anyone else how long it will be until the 32-bit ABI is irrelevant, but it does look like we might be getting the "sooner" scenario rather than the "later" one. I wonder how long until we have a similar generation of watches?

http://www.theverge.com/2015/7/28/9058333/moto-x-style-play-g-comparison-iphone-galaxy
Motorola announced three impressive phones this morning, with options ranging from a surprisingly appealing low-cost device to a surprisingly inexpensive high-end device. It started off with the...
24
3
Elliott Hughes's profile photoAdnan Begovic's profile photomohammed khan's profile photoMuhammad Refa Utama Putra's profile photo
5 comments
 
There's still higher memory consumption of 64-bit apps. Plus devices with 64-bit processors but 1GiB of RAM aren't going to want to waste space running two zygotes (one for 32-bit apps and the other for 64-bit). Especially as long as there are no compelling 64-bit apps.
Add a comment...

Elliott Hughes

Shared publicly  - 
 
ndk-gdb or ndk-gdb-py?

I'd like to remove ndk-gdb (the shell script) in favor of ndk-gdb-py (the trivial shell script/batch file that runs the python version of ndk-gdb). If you have to use ndk-gdb for some reason, leave a comment.

#androiddev
11 votes  -  votes visible to Public
ndk-gdb
0%
ndk-gdb-py
100%
1
Add a comment...

Elliott Hughes

Shared publicly  - 
 
Q: Is clang the default compiler in M?

A: No. The default compiler is still GCC, and you can't successfully build the whole M tree with clang yet. AOSP master, though, can now be built with clang. And we have continuous clang builds to ensure that it stays that way.

(Note that "built with clang" doesn't mean "built without GCC"... There are projects using "LOCAL_CLANG := false" to force GCC even in an otherwise clang-built build. On the flip side, if you grep the tree for "LOCAL_CLANG := true" you can see that there are now some projects that are always built with clang.)

Other than source compatibility and performance problems (plus one instance of compile-time performance) the main clang stumbling block right now is the inability to implement _FORTIFY_SOURCE for clang. But we -- and the relevant SoC vendors -- are looking into these issues.

(Kernels are still built with a separate GCC 4.8 toolchain, different from the platform GCC toolchain. That's a problem for another day.)
32
5
Steve Jones (Trevor Drake)'s profile photoZoran Jovanovic's profile photoKarim Yaghmour's profile photoAnmar Oueja's profile photo
2 comments
 
We're definitely interested in hearing feedback from NDK users though. I didn't mention it, but at some point we'd prefer to only offer clang in the NDK too, and it's a lot harder for us to judge the point at which clang is good enough for/actively preferred by NDK users. (There are Google products that use the NDK, but that's a drop in the ocean of all NDK users.)
Add a comment...

Elliott Hughes

Shared publicly  - 
 
Android M command-line improvements.

toybox replaces much of toolbox.

The tools from http://landley.net/toybox/ replace most of the old toolbox tools in M. SELinux support and a few other things that were better in toolbox have been pushed upstream, and the following tools have been switched over (or added if they weren’t previously in toolbox):

    acpi
    basename blockdev bzcat
    cal cat chcon chgrp chmod chown chroot cksum clear comm cmp cp cpio cut
    date dirname dmesg dos2unix
    echo env expand expr
    fallocate false find free
    getenforce getprop groups
    head hostname hwclock
    id ifconfig inotifyd insmod
    kill killall
    load_policy ln logname losetup lsmod lsusb
    md5sum mkdir mknod mkswap mktemp modinfo more mountpoint mv
    netstat nice nl nohup
    od
    paste patch pgrep pidof pkill pmap printenv printf pwd
    readlink realpath restorecon rm rmdir rmmod route runcon
    sed seq setenforce setprop setsid sha1sum sleep sort split stat strings swapoff swapon sync sysctl
    tac tail tar taskset tee time timeout touch tr true truncate
    umount uname uniq unix2dos usleep
    vmstat
    wc which whoami
    xargs
    yes

The grep family remains the NetBSD grep, and dd and du are still from NetBSD.

For a variety of reasons, the following are still using the toolbox implementations: df, getevent, iftop, ioctl, ionice, log, ls, lsof, mount, nandread, newfs_msdos, ps, prlimit, renice, sendevent, start, stop, top, uptime, watchprops.

Other tools like mksh and strace have been upgraded to the current upstream versions.

#androiddev   #io15   
27
9
Karim Yaghmour's profile photoShaka Huang's profile photoTed Chien's profile photoKivava Chang's profile photo
4 comments
 
+Elliott Hughes I was mostly just curious, for the sake of completeness.  My initial implementation of transparent file compression used xattrs.  I've since switched to using an ext4 inode flag, so I'm not using them anymore.
Add a comment...
Have him in circles
564 people
Dan Poulsen's profile photo
Josh Brown's profile photo
Martin Wei's profile photo
Sahry El Nouby Medcale's profile photo
Tony Guo's profile photo
Kiran Mudiam's profile photo
Michael Bailey's profile photo
Saish Kakodkar's profile photo
Etienne Caron's profile photo

Elliott Hughes

Shared publicly  - 
 
"If Google really is serious about making its own hardware, a $700 riff on the Pixel would be a fascinating product. It would instantly be the best computer to buy for anyone who doesn't really want to screw around with tech."

Funnily enough, I read this story on the very computer the author wishes for. The Dell Chromebook 13.

I've been buying my mum Chromebooks for years now, albeit down the cheap end of the spectrum, and for a while now I've been mainly a Chromebook user myself. The Acer C720, for example, was a great device for the price, and it's great now that I'm old enough that I don't even want to have to deal with my own tech problems, let alone my parents'.

But despite their other virtues, the cheap Chromebooks always did feel cheap. And honestly, I never liked the Chromebook Pixel either. It's surprisingly heavy, and although it looks like it's made of expensive materials, it looks like no design took place at all --- it's just a cuboid. Which is another kind of cheap. (Plus it's a visual reminder of how heavy the thing is.) Oh, and it costs $1k for the base model, which I think of as an upper bound for a laptop.

But Dell's Chromebook 13 looks great. I started seeing it at work. One woman from the ChromeOS team in particular always had one in meetings. After the fourth time that I caught myself thinking "nice laptop; what is that?" before realizing it was a Chromebook I decided maybe it was time to retire the C720...

The Dell Chromebook 13 it's a lot cheaper than the Pixel. I won't mention any specific price because probably the worst thing about Dell is that everyone pays a different price; there are always offers and coupons and if you work for a large enough corporation you can probably get a discount from them. The next worst thing about Dell is that they always offer too many options. There's actually a wide range of machines they'll sell you called "Dell Chromebook 13", and they all have different prices. But mine was about $600, has (iirc) an i3, 4GiB of RAM, and a touch screen.

I wish it was a bit lighter, and I wish it had one of those fancy new Dell screens that goes right to the edge (like the current XPS13), but it's still by far the best Chromebook I've ever used (including the Pixel), and even people who aren't existing Chromebook fans have said "that's nicer than my laptop".

I paid a bit extra for the touchscreen mainly on a whim, but I've found it surprisingly useful. Despite the fact that "desktop" sites really aren't designed for touchscreen use and this screen has a high enough resolution to make some of the targets pretty small.

I worried a little about getting the 4GiB model rather than the 8GiB one, especially because the processor is "only" an i3 rather than the i5 or i7 in the Pixel, but this is the first Chromebook I've owned where I never worry about performance. It's significantly faster than my work laptop and even my work desktop --- though to be fair the latter tends to have 32 clang processes rebuilding AOSP any time I'm surfing the web on it :-)

Anyway, yeah, the Dell Chromebook 13 might not be a cheap as the average Chromebook, but if a "$700 Pixel" sounds interesting, you should definitely check it out.

http://www.theverge.com/2016/2/1/10884918/i-bought-my-mom-a-chromebook-pixel-the-divergence
13
Elliott Hughes's profile photoChris Lynch's profile photo
3 comments
 
I hate the matte screens that most Chromebooks have.  I had a C720P for like 2 days before the display died and i had to return it... Loved the touch/glossy display!
Add a comment...

Elliott Hughes

Shared publicly  - 
 
A non-marketing reason for wanting a 64-bit device:

"Above we used the phrase “good ASLR” and it is debateable whether “good ASLR” is possible at all in the browser context for 32-bit processes, but we include this bypass for completeness and because in practice it is practical."
  -- http://googleprojectzero.blogspot.com/2015/08/three-bypasses-and-fix-for-one-of.html
11
Add a comment...

Elliott Hughes

Shared publicly  - 
 
Of all the cars this typically terrible Bay Area driver could have rear-ended, they picked the one that can draw its own sketch of the incident for the insurance folks...

I look forward to the day when the self-driving cars automatically report the remaining human drivers driving badly. It's a rare journey where I don't see anything to make me wish there had been a police car watching. Where's my distributed https://en.wikipedia.org/wiki/Robocar_Poli ?

https://www.youtube.com/watch?v=WtLp2f-vM14
12
10
Diogo Custodio's profile photoKumaran Thillainadarajah's profile photo
Add a comment...

Elliott Hughes

Shared publicly  - 
 
If you're a Windows adb.exe user who's been having trouble with the "Allow USB debugging?" dialog showing up all the time with r23,  you should find that this is fixed by r23-rc3 (https://dl.google.com/android/repository/platform-tools_r23_rc3-windows.zip), released earlier this week.

Sorry for the inconvenience. (This bug "only" affected Windows, so I didn't notice when I introduced it.)
20
3
Ali Muzaffar's profile photoKeegan Jacobson's profile photoAman Upadhyaya's profile photoLuka Jerkovic's profile photo
5 comments
 
Lol! Yes, Linux and Mac boxes its not an issue on. Even Nexus devices are not problematic as there is a universal driver that works well with them. Was just wondering if there was a solution for windows that was a little more universal (works on all Android phones not just the nexus phones). 
Add a comment...

Elliott Hughes

Shared publicly  - 
 
Android M C++ improvements.

libc++ replaces stlport for the platform.

stlport served us well for many years, but it hasn’t seen any updates in a long time and has fallen far behind current standards. In M, we've switched to libc++ (http://libcxx.llvm.org/) and are removing stlport. If you’re an OEM building code for the platform, libc++ is available by default. You don’t need to add anything to your makefiles. (We’ve also bumped the compiler’s default C++ standard to C++11.) What you do need to do as an OEM is stop referencing stlport; this shouldn’t require any more work than simply removing any line containing “stlport” from your makefiles.
35
7
Dominik Helleberg's profile photoZoran Jovanovic's profile photoKarim Yaghmour's profile photoFelix Homann's profile photo
6 comments
 
You should probably consider them deprecated already, but there are enough legacy users that we're not likely to be able to remove them any time soon.
Add a comment...

Elliott Hughes

Shared publicly  - 
 
Android M fastboot improvements.

Images no longer decompressed into RAM.

In M (and since SDK Tools 24.2.0), fastboot no longer decompresses into RAM. If you’ve had trouble in the past with the apparently infamous (but no one told us until we fixed this for unrelated reasons) “update package missing system.img”, that should now be a thing of the past. (For Mac OS and Linux users at least; from the comments there's another bug that affects Windows users, not yet fixed.)

  target reported max download size of 536870912 bytes
  archive does not contain 'boot.sig'
  archive does not contain 'recovery.sig'
  fastboot(43183,0xa04921d4) malloc: * mach_vm_map(size=1981542400) failed (error code=3)
  * error: can't allocate region
  * set a breakpoint in malloc_error_break to debug
  failed to allocate 1979559444 bytes
  error: update package missing system.img


fastboot reboot bootloader.

You also no longer need to remember whether it’s “fastboot reboot-bootloader” or “fastboot reboot bootloader”. Both work now, just like in adb.

#androiddev   #io15   
52
6
JD Thayn's profile photoDave Smith's profile photoSteve Jones (Trevor Drake)'s profile photoGabriel Gattringer (GGab)'s profile photo
44 comments
 
+Fedor von Bock my Nexus 9 running the developer preview shows the same warning 
Add a comment...
People
Have him in circles
564 people
Dan Poulsen's profile photo
Josh Brown's profile photo
Martin Wei's profile photo
Sahry El Nouby Medcale's profile photo
Tony Guo's profile photo
Kiran Mudiam's profile photo
Michael Bailey's profile photo
Saish Kakodkar's profile photo
Etienne Caron's profile photo
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
California, USA
Previously
England - Switzerland - Germany
Work
Occupation
Software Engineer
Employment
  • Google
    Software Engineer, present
  • BlueArc
  • GeneData
Basic Information
Gender
Male
Relationship
Married