Author: Brian Carnell

Mirror an Android Device on a PC with scrcpy

scrcpy is a free, open-source application that allows Android devices to be mirrored to computers running Linux, Windows, and macOS. It supports mirroring using either a direct USB connection or over TCP/IP.

I needed to do some recording of an Android application recently, and was impressed by how easy it was to install and configure scrcpy. After just a few minutes–most of which was spent figuring out to enable USB debugging on my device–I was up and using my phone on my Windows PC.

The only prerequisites are that it requires an Android device with at least Android 5.0, and to take advantage of all its features it requires Android 11+.

But oh what a feature set:

It focuses on:

  • lightness: native, displays only the device screen
  • performance: 30~120fps, depending on the device
  • quality: 1920×1080 or above
  • low latency: 35~70ms
  • low startup time: ~1 second to display the first image
  • non-intrusiveness: nothing is left installed on the Android device
  • user benefits: no account, no ads, no internet required
  • freedom: free and open source software

    Its features include:
  • audio forwarding (Android >= 11)
  • recording
  • mirroring with Android device screen off
  • copy-paste in both directions
  • configurable quality
  • Android device screen as a webcam (V4L2) (Linux-only)
  • physical keyboard/mouse simulation (HID)
  • OTG mode
    and more…

Dropbox Details Its Shift to SMR Drives

Dropbox posted an analysis of its adoption of shingled magnetic recording (SMR) drives in its data centers.

SMR is a storage method that writes data to overlapping magnetic tracks. The technique allows for higher storage density and lower power consumption but generally results in slower write speeds, as multiple tracks may have to be overwritten to write new data to the drive.

The adoption of SMR got Western Digital into legal trouble a few years ago after it surreptitiously began shipping SMR drives as part of its Red NAS line of hard drives without informing consumers.

In its analysis of its adoption of SMR, Dropbox notes that as of 2023, about 90 percent of the hard drives in its data centers are SMR.

The advantages are a roughly 20 percent increase in density while leading to large declines in power usage requirements,

The energy required to operate our hard drives is measured in power consumption per terabyte (TB/watt). Since our first 4 TB deployment, TB/watt has decreased by around 5-6x—largely because our SMR drives can cram more terabytes into the same physical and energy footprints as conventional PMR drives.

Our very first 14 TB SMR drive almost cut our power footprint in half for idle and random read workloads compared to its PMR predecessor. Our latest 18 TB and 20 TB drives show an amazing ~.30 watts per 1 TB in idle and ~.50 watts per 1 TB for random read workloads. Data from our vendors suggests this trend will continue, even as capacities increase.

Even as it is extolling the virtues of SMR, however, Dropbox is already preparing for the future, which it believes is heat-assisted magnetic recording (HAMR). HAMR is a technique that heats the hard drive to 450 degrees Celsius for a nanosecond as it writes data. This allows data to be stored in smaller areas on the disk, allowing overall disk density to be much higher. HAMR promises future 3.5″ hard drives with 50TB capacities.

In anticipation of this next jump in areal density, our focus has shifted from increasing the number of HDDs in our enclosures to minimizing the impact that physical vibrations can have on the I/O performance of higher density drives. While there was much more margin for vibrations in prior designs, that margin is now much less as HDD data tracks become smaller and spaced more closely together. It’s common to see high frequency vibrations cause head positioning errors, which can, in turn, cause performance degradation. Vibration can come from fans, the rotational forces and seek actions of nearby HDDs, even the HDD itself—or, when frustrated enough, a yelling engineer. ?

Our focus in the future will be to minimize HDD performance degradation from system vibrations by suppressing structural vibration of the system chassis and reducing fan noise. Putting more focus into this area will be critical as we onboard next generation HDDs, and it’s great to see some efforts already underway in the Open Compute Project (OCP) community. We are planning to leverage the OCP’s HDD Acoustical Surrogate—a new industry-standard specification for vibrational testing—in our seventh generation designs.

Reddit, Twitter and 2FA

On February 9, 2023, Reddit announced that it had become aware of a phishing campaign that successfully targeted its employees.

After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).

Among other things, Reddit recommended that users enable 2FA for their accounts. Reddit currently only supports TOTP 2FA, and to my knowledge, the company has never indicated how many of its users have ever enabled the security option on their accounts.

A 2021 transparency report from Twitter reported that only 2.3 percent of users had enabled any 2FA option on their accounts, and of those, 79.6 percent opted for SMS 2FA (which Reddit doesn’t support).

To its shame, Twitter, under Elon Musk, recently announced it would make SMS 2FA a premium feature. Twitter tried to make this change appear as if it were designed to help users,

While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier.

If Twitter were eliminating SMS 2FA altogether, the line about SMS-based 2FA being used by bad actors might make sense. But turning around and making it available to its premium subscribers gives the game away.

On February 18, 2023, Elon Musk complained, “Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages.” For a company that reported $4.4 billion in revenue before Musk’s acquisition, that represented only about 1.5 percent of its revenues.

But Musk has proven uniquely capable of driving away revenue and turning Twitter’s precarious financial situation into outright desperation. Removing SMS 2FA from non-paying users–knowing full well that very few of those users will switch to a TOTP application–is precisely the sort of short-sighted thinking that has characterized the service since Musk’s acquisition.