Profile

Cover photo
Dianne Hackborn
Works at Google (Android)
Attended Oregon State University
Lives in California
29,403 followers|3,416,165 views
AboutPostsPhotosVideos

Stream

Dianne Hackborn

Shared publicly  - 
 
Good to know!
 
Secure those bits!

The Android security team has been hard at work building new tools to help developers protect user data in transit.  :)  Yesterday Alex posted about two great features that shipped last year in M:

https://security.googleblog.com/2016/04/protecting-against-unintentional.html

I'm particularly proud of the strategy I came up with to help detect any plaintext traffic leaving an app using a complex pile of iptables rules.  It's super easy to enable detection in your app with just one method call to this new StrictMode API:

https://developer.android.com/reference/android/os/StrictMode.VmPolicy.Builder.html#detectCleartextNetwork()

And here's the guts of where the iptables rules are generated using the powerful u32 module to do "shallow" packet inspection, both IPv4/v6 and TCP/UDP are supported:

https://android.googlesource.com/platform/system/netd/+/master/server/StrictController.cpp

Since it does bit banging to sniff out the explicit SSL 3.1 (TLS 1.0) signature, I don't recommend shipping it enabled in production, as that version number might increment in the future.
6 comments on original post
75
12
Ian Lake's profile photo
 
Great to see how it works under the covers! I talked about it in our recent StrictMode video (https://www.youtube.com/watch?v=BxTfwT7mkB4&t=91) and blog post (https://medium.com/google-developers/strictmode-for-runtime-analysis-on-android-f8d0a2c5667e)
Add a comment...

Dianne Hackborn

Shared publicly  - 
 
Kickstarter for a Frank Zappa documentary!
16
2
Alison Chaiken's profile photoDianne Hackborn's profile photoJac Goudsmit's profile photoKris B's profile photo
5 comments
Kris B
 
Q: Name the two actors in Bill and Ted's Excellent Adventure.
A: Keanu Reeves and the other guy.
Add a comment...

Dianne Hackborn

Shared publicly  - 
 
This is great vanilla, and great people.  If you do any kind of cooking, consider getting something on their kickstarter -- you won't regret it.

(Or if you don't cook, they have a tier to get their baked goods, which I can verify are wonderful!  And the smoked vanilla caramel?  Good lord that is good.)

There is no risk, no wait once the kickstarter is over, they have already been making these products, this kickstarter will help support their company.

Also the patches are pretty awesome. :)
10
Shane Bugbee's profile photoayearat thewheel's profile photo
2 comments
 
Thank you so much Dianne! I truly appreciate your support and encouraging words! Thanks!
Add a comment...

Dianne Hackborn

Shared publicly  - 
 
This is really, really good vanilla: http://www.worldsgreatestvanilla.com/
 
It cost's you nothing to share this video. thanx in advance for your support.
View original post
9
1
Christian Kopp's profile photoChristopher Tate's profile photoMatthew Runo's profile photo
3 comments
 
What makes it good? I've been buying my extract from Amazon (good quality, no suger, etc)... Thoughts on difference?
Add a comment...

Dianne Hackborn

Shared publicly  - 
30
10
Andrew Oplinger's profile photoRichard Vowles's profile photo
2 comments
 
Tears for Fears really came up with some gems.
Add a comment...

Dianne Hackborn

Shared publicly  - 
 
These are hilarious.  I can't decide which is my favorite.  Is it "don't take a selfie and wave a gun around at the same time (two stupidities don't make a smart!)"?  Is it "don't take a selfie while falling down stairs"?  So many choices!
 
From the "Selfies kill" brochure by Russia's Interior Affairs Department.

Full PDF over at https://mvd.ru/upload/site1/folder_page/006/158/477/Selfie2015.pdf
9 comments on original post
79
15
Shane Passmore's profile photoRonaldo Pace's profile photoMalachi de Ælfweald's profile photoScott Paterson's profile photo
5 comments
 
hi
Add a comment...
Have her in circles
29,403 people
Rildo Zavaleta Hancco's profile photo
tieu ho's profile photo
dickson asiamah's profile photo
Junaid Shaikh's profile photo
zainab bukhari's profile photo
Sándor Berkes's profile photo
Brian Gotte's profile photo
Chris Schofield's profile photo
Lenny Espinosa's profile photo

Dianne Hackborn

Shared publicly  - 
 
Also, awesome new version of Strictly Genteel.  I totally missed this had been done.
3
Alison Chaiken's profile photo
 
"Watermelon in Easter Hay" is my favorite.
Add a comment...

Dianne Hackborn

Shared publicly  - 
 
:)
 
Rock, Paper and Scissors don’t have much in common, but that won’t stop them. Be Together. #NotTheSame https://youtu.be/UYxpX3N20qU
179 comments on original post
70
14
Steven Thurgood's profile photoewhac's profile photoTristan Fillmore's profile photoAndy Bohm's profile photo
11 comments
 
WTF?!?!? Did that first bully remove a part of his own body, chew it up and spit it out through a straw?!?!? Or worse?!?! Did he tear a chunk off of another person???

That's just twisted.
Add a comment...

Dianne Hackborn

Shared publicly  - 
 
This joke would be impossible to execute on Twitter, where replies quickly get clogged with the usernames of everyone involved, or on Facebook, where all it takes is one "lol you guys are nuts" from someone's mom to derail all the fun.

It worked well on Usenet, too! :p
It starts with a confession: "I have no idea who Scalia was." Then a joke, to deflect attention from a failure on the part of public education: "Isn't that the thing that people call themselves...
24
Matt McIrvin's profile photoShawn Willden's profile photoMoshe Brevda's profile photoJohn Ruble's profile photo
4 comments
 
I see this kind of thing on Reddit too. I guess it needs to 1) be threaded, and 2) display the route from trunk to leaf, without any sibling branches
Add a comment...

Dianne Hackborn

Shared publicly  - 
 
Psychonauts 2?!? YES PLEASE!
Psychonauts is a classic action/adventure platformer from acclaimed developers Double Fine Productions (that’s us!) and written by industry legend Tim Schafer, who created Broken Age, Full Throttle, and Grim Fandango amongst many other things. We want to make a sequel!
26
4
Dianne Hackborn's profile photoVladimir Shabanov's profile photoahmad azhar's profile photo
5 comments
 
dianne hi, I was one of android users, please give me some info of what application should i download for android and what applications are inappropriate or not useful to an android, tQ
Add a comment...

Dianne Hackborn

Shared publicly  - 
 
PSA: The new requirement to immediately finish an activity if using Theme.NoDisplay is not a regression, this has always been a requirement of it (see https://developer.android.com/reference/android/R.style.html#Theme_NoDisplay for example).

The reason the platform in M is now crashing the app if it doesn't use this is because not using it would previously break in very subtle and mysterious ways.  For example, you would sometimes end up with your app ANRing for no reason.

Why is this?  Because what Theme.NoDisplay actually does is completely prevent the window for the activity from being shown.  That is, the activity gets launched, but a window for it is never displayed.

If you don't immediately finish the activity in this situation, the app is in a bad state: it has an activity being launched that the system is waiting for a window to be displayed for, but no window will ever appear.  So depending on how the timing goes, you can end up with the system sitting there waiting to see the window appear, which it never does, and bam you have ANRed.

We realized we were repeatedly debugging reports from developers of their apps ANRing when they shouldn't be, tracking those problems down to misuse of Theme.NoDisplay causing their random ANRs.  It is better for all of us if the platform catches this consistently, early, with a clear message about what the app did wrong.

If you really need to have a transparent activity that doesn't immediately finish, you can use Theme.Translucent.NoTitleBar to have a window that is completely transparent.
161
42
Marius Gedminas's profile photoDianne Hackborn's profile photoLiran Barsisa's profile photomeng wang's profile photo
8 comments
 
top
Add a comment...

Dianne Hackborn

Shared publicly  - 
 
This is a pretty good overview in Ars on Marshmallow.  While looking through it, I saw some things that could use more explanation so thought I'd share my comments.

Extended Voice Actions:
http://arstechnica.com/gadgets/2015/10/android-6-0-marshmallow-thoroughly-reviewed/4/

The discussion about how applications work with the new voice interaction service may be a little misleading.  As with Now on Tap, applications here don't directly interact with Google; rather they go through a platform API (https://developer.android.com/reference/android/app/VoiceInteractor.html for those who care) which interacts with the back-end speech recognition service.  So I wouldn't describe this as developers plugging in to the Google App -- they are using the platform API, which has a back-end plugged in to it (by default via the Google App) that does the recognition.

This is very much how Now on Tap is integrated into the platform, as described in the previous section.  In fact, it isn't very much like, it is it!  Now on Tap and the new voice interaction are all part of the currently enabled VoiceInteractionService, which is what you are selecting when you select which assistant you want.  (This is also why voice actions can now use the context of what you are currently looking at to help with the recognition, because it is also the assistant so it that can do that.)

So, it wouldn't make sense for this to move to a Google Play Services API, because it is a very well-defined platform API.  This also isn't really the first time this pattern has appeared: it is basically how input methods work, where platform APIs arbitrate interaction between the application and the current back-end input method.  More closely, speech-to-text and the old simple speech recognizer are both pluggable components, which applications interact with through a (simple) platform API to whatever back-end implementation the user has selected.

Permissions:
http://arstechnica.com/gadgets/2015/10/android-6-0-marshmallow-thoroughly-reviewed/5/

On the topic of organization of "permissions," while I would agree there is some further cleanup that can happen in the UI, in many cases things are deliberately not simple runtime permissions.  For example, the new "Draw over apps" and "Modify system settings" controls actually correspond to existing permissions, which we explicitly didn't want to turn into simple runtime permissions.  We want to discourage apps from using them unless they have a really good reason, and they don't have anything to do directly with specific personal data access so are really hard to explain to users.

You'll note there is a warning dialog that appears when enabling an app's access to one of these, giving more information about what is happening.  This is also a pattern followed by other existing dangerous access controls like accessibility services and usage access.

Speaking of accessibility, if anything we'd like to see that made less easy for apps to get to.  This feature really is intended for accessibility services, and you should be skeptical about any other kind of app asking for access to it -- it gives that app almost complete control over your device and the ability to see everything you do on it!

Also fwiw, the new runtime permissions implementation makes use of app ops for applying permissions restrictions to pre-M applications.  You can basically see this as the long desired UI for app ops, and app ops' basic behavior remains the same where turning off access means the app simply sees no data (no location, zero contacts, etc).  We never create fake data.

Doze:
http://arstechnica.com/gadgets/2015/10/android-6-0-marshmallow-thoroughly-reviewed/9/

Abuse of high priority messages have a special difference from other things like notifications: they must go through Google servers, so Google can monitor and modify what is being sent to devices.  If apps abuse these for other things besides their intended use, we will be able to stop that abuse without touching any software on the device.  (Also "abuse" here is much less subjective than for notifications, where there is a large gray area of things some users care about and some don't.  For high priority messages, if it isn't something that is time critical to go to the user immediately, it is not appropriate.)

Chrome Custom Tabs:
http://arstechnica.com/gadgets/2015/10/android-6-0-marshmallow-thoroughly-reviewed/10/

This isn't really tying an app to Chrome.  It is defining an extended API with the browser than an app can use to get the behavior.  The standard implementation used by apps should work with any browser as long as it supports the API, regardless of what the default browser is.  So Firefox and others should be able to implement the same API as Chrome and get the same behavior from the same apps.
Marshmallow brings a lot of user-requested features but still has no update solution.
328
151
Cuihtlauac Alvarado's profile photoDianne Hackborn's profile photoTimur Calmatui's profile photo
30 comments
 
+Dianne Hackborn I take back my comment about users not being able to see all the permissions! I found the option in the permissions screen in the overflow menu which allows to see all the old-style permissions. So I wanted to clarify this for potential future readers.

Also I've watched the "Mother, May I?" talk on YouTube https://www.youtube.com/watch?v=5xVh-7ywKpE

It really clarifies some things. It does talk about READ_PHONE_STATE permission and how you can avoid requesting that (in addition to what Dianne suggested above regarding audio focus APIs).

Unfortunately they didn't talk about GET_ACCOUNTS permission. Hopefully AccountManager.newChooseAccountIntent really helps with avoiding that (I still need to investigate on this more).

I've started to understand Marshmallow approach better and I think I'm changing my mind and I think we're on the right track. We just need more developers embrace the new model and request less permissions if they don't really really need them.
Add a comment...
People
Have her in circles
29,403 people
Rildo Zavaleta Hancco's profile photo
tieu ho's profile photo
dickson asiamah's profile photo
Junaid Shaikh's profile photo
zainab bukhari's profile photo
Sándor Berkes's profile photo
Brian Gotte's profile photo
Chris Schofield's profile photo
Lenny Espinosa's profile photo
Work
Occupation
Write code and manage people who write code.
Employment
  • Google (Android)
    Android Framework Engineer, 2005 - present
  • PalmSource
  • Be Inc.
  • Lucent Technologies / AT&T
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
California
Previously
Naperville, IL - Corvallis, OR - Meridian, ID
Story
Tagline
Google (Android Framework)
Education
  • Oregon State University
    Computer Science, 1989 - 1996
Basic Information
Gender
Female
Relationship
Married