Posts by thames

Re: Probably not a big deal, if you already have reasonably solid code.

I suspect that developers who target the Apple Mac product line specifically will now have to buy two Apple PCs instead of just one. You don't know if something works until you've tested it, and testing means having a running system.

Re: H-1B visas [ ... ] Silicon Valley to fill engineering departments with top international talent

From what I've just read in the CBC, part of the plan is to switch H-1B visas from being awarded by lottery to awarding them to whichever companies are willing to pay the highest wages. That is, the jobs with the highest salaries get preference over the lower paid ones, and presumably these well paid ones are exactly the highly qualified and valuable skills which the visa is supposed to be intended for.

The way the current lottery system works, large outsourcing companies vacuum up all the visas for lower skilled routine jobs, leaving little for the companies the visa is actually intended for.

If this change from lottery to pay level priority does indeed happen as described, the companies who genuinely want to bring in highly qualified people will be better off as they will be able to get the people they need by simply paying enough money to them. The highly qualified people will also be better off as their employer will be forced to pay them more money.

The losers will be the handful of large outsourcing companies who have been abusing the visa system.

Re: Based on language translation

As I understand it the main interest in converting from COBOL to a more recent language is due to the limited and shrinking pool of COBOL programmers available.

The old code can be kept running, but as a business changes and evolves, the software must evolve along with it. It's hard to find programmers who want to learn COBOL, because specialising in that field limits themselves to maintaining old COBOL programs, and that sort of work can be feast or famine.

The interest in converting from Java to some other language (e.g. Python) is driven by a determination by some companies to get as far away from Oracle as possible. It's all down to Oracle being Oracle, rather than anything about the language itself.

In either case if the original program had a really good set of unit tests, then you could run the original source code through a translator, run the unit tests, fix what fails, and you would have a working system. You could then gradually re-write the machine translated code to something more understandable by humans to make it more maintainable.

Unfortunately, those sorts of programs rarely if ever have any unit tests at all, let alone have comprehensive ones. That means the first thing you would need to do is analyse the original code and write unit tests manually. And if you're going to do that, you may as well just re-write the source code by hand while you're at it.

Re: Python !?

The reason that there's no one language to do everything is because every useful language includes some sort of assumptions about the problem domain built into it. The more closely that language's assumptions match what it is you need to do, the better optimised it is for your purposes. Conversely, the more optimised a language is for some purpose other than your own, the less likely it is to be suited for what you want to do.

Consider for example industrial ladder logic. It's fantastically optimised for expressing logic for and debugging industrial machinery. It would be spectacularly crap however if you tried to use it to write an ERP system. Java and other similar languages would be similarly crap at doing the sorts of jobs that ladder logic is used for.

So if you need to connect your factory floor to your ERP system, then what you need is ways to connect different systems together, not try to use one language to do both.

Re: Modula-2

With Modula-2 import statements went along the following lines:

FROM InOut IMPORT ReadCard, WriteCard, WriteString, WriteLn;

You imported everything you wanted to use explicitly. If you find that you have "too many" imports, then there is a problem with how your code is organised. Modula-2 programs are supposed to be broken up into modules, that's the whole point of the language. The greatly improved module system was one of its big advances over Pascal. The explicit imports were also an improvement over C, as it greatly reduced the chances of naming collisions. You could look at the import list and see exactly where each imported reference came from.

I'll put it another way, think of Modula-2 modules as being like objects in newer languages. Wirth was trying to solve the same problems as object oriented programming, but in a different way, and it was not obvious at that time that objects were the future of language design. Modules were not supposed to be huge with loads of imports any more than modern objects are supposed to be huge. If they were/are, your program design was/is wrong.

Comparing Modula-2 to C++ is pointless, as it came well before C++ and experience had been gained in the mean time.

Cardinal numbers (unsigned integers) were also greatly welcomed at the time, as most people programming with Modula-2 were doing so on 16 bit computers and in many cases were struggling to get enough positive range out of a 16 bit integer to do what they wanted.

If your loop termination condition contained an error, then a bug is a bug and it's the programmer's error. I personally would much rather have a bug that failed in a way that was impossible to miss than to have a subtle off by one error that produced slightly wrong results.

The actual thing that most experienced Modula-2 programmers complained about can be seen in the import example that I used above, which was the I/O routines. They didn't have the degree of flexibility that Pascal's I/O had, but instead were very simple functions that did one thing with one type. As a result you needed more functions to do mixed I/O than the equivalent Pascal program. Of course those I/O functions were really fast because they did just one thing and one thing only, but drawing forms on screens or printers took more work than I would have liked.

Re: China really shouldn’t have

Riiight. Let's had her over to a regime whose head has openly admitted to wanting to use her as a bargaining chip in trade negotiations.

Canada just wants the whole problem to go away instead of being used as a pawn in the global dominance game between great powers.

Re: Missing the point, maybe

I don't have any arguments with the general thrust of the article itself. Bad security is probably worse than no security, as it gives the illusion of security and may lead to people assume they don't need to take further measures. We need more articles of this sort to raise awareness. I am just saying that this will be far from the worst problem present, and I gave an example of how poor to non-existent password security really is in many cases.

Security in the industrial automation field tends to range from the bad to the farcical. The main thing which probably prevents more problems from being reported is the relative obscurity of the field and the high cost of the proprietary technology which discourages researchers who don't have the niche background or the budget to probe into it. For example the Schneider M221 is at the extreme budget end of their product line, but things don't get any better from the security perspective with the larger and more expensive kit.

I originally came from the industrial automation field and started reading The Register years ago in order to get a better understanding of what was going on in the IT sector, as I realised that what the industrial automation field needs is a greater injection of IT knowledge and technology.

If I communicated my point poorly, then I apologise. What I am trying to say is that in the scale of IA security problems this is at the lower end and there are far worse things to be found and proven. By all means, keep up publishing stories such as this, as the steady drip, drip, drip, of bad news is the only thing that will spur people and companies into action. The only problem is that I think not enough people in the IA field are reading publications like The Register in order for the message to get through to the people it needs to. An easier way of finding past stories which were connected with industrial automation might be handy, as at present they are simply lumped in with all the other security stories. I don't think your site is set up for stories to have multiple tags however.

In my opinion, the field needs an injection of security technology from the IT industry. The problem is that the major vendors are so focused on vendor lock-in that they continually re-invent the wheel badly, particularly when it comes to security. From their perspective inviting "the wrong type" of IT industry tech risks watering down vendor lock-in such that they can't extract the maximum amount of money possible from customers.

SCADA systems are a subset of industrial automation, much like web servers area subset of the wider IT industry. They tend to get more attention in security news lately because of their use in critical infrastructure such as electric power, petroleum, water, and the like. However most people working in the industrial automation field can go through an entire career without ever laying eyes on a SCADA system.

SCADA systems also tend to get more attention because they use (badly, usually) more IT industry technology such as MS Windows, databases, and the like. In most cases they got an injection of IT tech in the 1990s to replace their previous proprietary platforms but haven't moved on much since then other than to maintain compatibility, and more recent ideas have largely passed them by.

PLCs such as the Schneider M221 may be used in a complete system in conjunction with a SCADA system (e.g. to control a pump the SCADA system is monitoring), but in most general manufacturing they're stand alone. In some ways this is a blessing because they never get networked, but just work quietly running stand alone machines in a factory somewhere. It also means though that they are probably a rich field for finding security vulnerabilities because not as many people have been looking for them, and they are starting to get networked more now for a variety of reasons.

So to sum up, I'm sorry if my earlier post came across differently than I intended. My real point is that in the grand scheme of things though things this example is just barely cracking open the lid on a very large can of worms.

What proportion of Apple's user base are still dual-booting Windows? It's something that I read about as being possible but rarely hear about people actually making use of these days. I doubt that Apple are going to cripple the future development of their product line by maintaining a legacy use case that most of their users don't care about.

There's also nothing preventing Apple from keeping a few legacy x86 versions of their laptop line around for those customers who have a genuine use case for them, at least for a while. I say 'x86', because these could quite as easily be AMD and Intel.

Technology changes, the market changes, the economics change, and software tools need to change along with them.

In the end, decisions have to make sense from a business perspective so you have to balance hardware costs with development costs and time to market. As more and more computing devices have come into use in more and more places, the number of niches which need to balance those factors in different ways has also increased. The result has been newer languages which fit those application niches better.

There has also been a general trend away from the proprietary languages or language dialects of a few decades ago to open source languages. I'm sure you remember for example the proprietary 4GL languages which were supposed to, if you believed the salesmen, take over the market, but which faded from the scene along with the companies that owned them. The proprietary languages have been nearly entirely replaced by open source alternatives as the latter have nearly frictionless adoption paths which lead directly to the people who use them.

Re: Where are the benchmarks?

Common math libraries such as Numpy (used with Python) are available on ARM as well as x86. ARM also have an ARM specific SIMD math library.

If you use GCC, then using SIMD vector code via built-ins (pseudo-functions which patch in SIMD instructions into C code) is pretty straightforward and actually much easier and better documented with ARM than it is with x86. If you can write GCC SIMD on x86, then doing it on ARM is a breeze in comparison. The main thing is to have a good set of unit tests to automate the testing process on multiple architectures and that's something you really ought to have anyway.

If you are using LLVM, then the SIMD situation is not as good, as their built-in support is very limited. Auto-vectorisation (letting the compiler try to do it itself) on LLVM can help to only a very limited degree. It can work on very simple things, but often with SIMD you need to use a different algorithm than you would with generic C code and there's really no obvious way to express that in C.

If Apple suddenly start making major commits to LLVM relating to ARM support to fill in some of these gaps in compiler support (as compared to GCC), then it might indicate they have something up their sleeves with respect to future hardware releases.

Re: Efficiency

Reportedly their "antenna kit", which is how most reports describe it (I think they mean RAN) has better technology than their competitors and can support more users with less equipment, saving costs on purchasing. Probably more importantly, it also apparently requires fewer base stations in areas with lower density of subscribers (i.e. anywhere outside of major cities, which accounts for a lot of base stations if a carrier is to provide coverage nearly everywhere). This is apparently why mobile operators are so keen on buying Huawei's RAN kit, even if they plan on buying the rest of their kit elsewhere.

In third world countries, which account for a big share of the global market, Huawei also provide complete, pre-engineered, turn key systems which saves a fair bit of money on engineering costs. In Western countries carriers tend to mix and match kit from different companies. This however is not the practice everywhere, and the carriers often just want to go to a vendor and buy a complete mobile network, something I understand only Huawei have a credible offering for.

In military terms it's far less of a sitting duck than a satellite. In a war with an advanced opponent your satellite communications network will be gone within days or even hours of the start of the war, while a HALE like this can be kept well back from the front lines while still acting as a communications relay and so be difficult to see or hit. This is why there is so much military interest in these. The UK are the leaders in this field.

Re: x5 Speed Increase on Server Side with Swift?

That article in the link you provided is an excellent analysis. The author of the benchmarks cited in the Reg story was comparing apples to oranges from multiple different perspectives.

I suspect the reason for this was benchmark author didn't really know much if anything about many of the frameworks he was "testing" and just googled some tutorial examples. The result was numbers that were measuring very different things in each case.

This is such a common problem that it might make for a good series of articles for El Reg to publish if they can get someone (or a series of people) to write it for them.

If you buy Huawei kit you can either cherry pick bits and pieces that you want and then combine with kit from other manufacturers, or you can buy a complete turn key system from them.

The UK's mobile operators want to pick the best technology from a variety of suppliers and combine it into a system using their own engineering staff, or to contract companies in the UK (or elsewhere in Europe) to do it. There's already loads of Huawei kit in the UK's existing 4G networks because of this and it isn't going away regardless of 5G.

In many third world countries however the mobile operators simply buy a complete turn key system from a single supplier, and unlike many other companies Huawei is capable of doing this. It's not what UK companies want to do however.

Security comes down to system design, not the individual bits and pieces. When you buy a label there are no guarantees of security coming with it.

And in the end, the alternatives may be headquartered in Europe, but the actual kit is made is made in places like India, who have their own ambitions for being a world power.

Oh, and a lot of Huawei's software is written in India. The world is a much more complicated place than it was in the 19th century, which is where a lot of people who put national labels on multi-national businesses seem to have their minds stuck in.

Re: maybe

No, I want to see Google crush Oracle, to drive their salesmen before them, and to hear the lamenting of their shareholders.

Actually, I'd be happy to just see Android purged of all traces of Java, just to see the look on Larry's face when he realises that he's managed to knock yet another reason to learn Java out from under the pool of potential developers for "his" platform.

At this point you would have to be mental to develop a phone app using Java, given that if Oracle somehow wins, Google will almost certainly deprecate Java and phase it out, leaving you high and dry.

Re: More lazyness than anything

What you describe as being difficult with handing bytes is the situation in version 2. Strings could be 8 bit ASCII bytes or they could be unicode, depending on what any particular function decided to return, which in turn could depend on your OS locale settings, the phase of the moon, or any number of other factors. A "string" of bytes could change into a string of unicode unexpectedly if you weren't careful.

In version 3, strings were made to be purely unicode all the time, and new "bytes" and "bytearray" types were added which were purely intended as arrays of raw bytes and not to be interpreted as unicode strings.

There was also however added a full set of byte formatting and manipulation functions added which let you do string-like operations on bytes and bytearrays (searching, replacing, justifying, padding, ASCII case changes, formatting, etc.). So now you can write out bytes to image files and the like an be sure that what you are getting is bytes.

So now with version 3 strings are text and are unicode all the type, while bytes are bytes and not to be confused with text strings.

This change ironically is what the biggest complaints were about, mainly originating with people who only ever used 8 bit American ASCII and were not happy about having to change their code to better accommodate people who wanted to use funny looking accented characters as part of their alphabet.

In version 2 I was initially very uncomfortable using the "struct" module in the standard library (used to format packed binary data - very useful, have a look at it) because of it's use of strings when it wasn't clear when a string was an array of bytes or when it was a sequence of unicode characters. With version 3 it uses bytes and bytearrays and there can be no confusion with inadvertent unicode.

Re: So reassuring

SPPA-T3000 is basically a big Java program that runs on a set of MS Windows servers, with operator access being via Windows client workstations. The "highways" are the networks connecting them together and to the plant equipment. It shows equipment status, records performance for analysis, and allows operators to change equipment settings as needed.

Given that software systems based on similar technologies in more routine business environments seem to have security vulnerabilities being reported all the time, it shouldn't be too surprising that we are seeing some here, even if Siemens goes to great lengths to obfuscate just what their system is.

Basically though, the security challenges here are in essence the same as in any piece of big enterprise software and there's no reason to expect it to be immune from the same vulnerabilities.

There's "Redis Cluster Proxy", but that's still in alpha state. I've never tried it, but it's under development on Github.

Re: No, the UK was never in the running

According to news reports in Canada (CBC), locating the plant in Berlin seems to be a quid pro quo for Germany's new electric vehicle subsidies announced a couple of days ago. The timing between that and the Tesla announcement is unlikely to be coincidental.

Germany couldn't offer a direct subsidy to build the plant, but they could offer broader electric vehicle subsidies which Tesla will benefit from to a large degree. Tesla depends heavily on such subsidies for sales, and they tend to be in places with the largest subsidy programs. They have a high enough profile in the industry that they can negotiate subsidies directly with governments. They were almost certainly consulted by the German government on the new subsidy program, hence the coordinated announcements.

If the UK wanted to bid for the new Tesla assembly plant, then they would have had to do so by topping Germany's subsidies. I suspect that the current government in the UK has no intention of getting in a subsidy war with Germany.

Re: Were previous medical reports wrong?

Yes, Canada never bought into the "high tech sonic weapon" story, regarding it as fantasy. As noted in the PS, current Canadian detailed medical investigation points to over use of fumigants to kill mosquitoes in the embassy building and diplomatic staff residences. The fumigants were also detected in the bodies of people affected by the symptoms. The insecticide fumigants are based on on neurotoxins, and so have a direct effect on the nervous system, including the brain.

At the time fumigants were being used excessively due to panic over Zika virus, which was spreading throughout South America. As a result, embassies were having their diplomatic buildings sprayed as much as five times more frequently than is normal. I suspect the Americans were doing the same in their embassy buildings.

Canadian researchers also feel that any psychological effects of tension or pressure would have played at best a minor role in the effects seen.

Any "mass hysteria" that is involved in this seems to be affecting people in Washington who seem to think the Cubans have some unimaginably advanced new high tech weapon and are testing it out on multiple embassies in Havana before presumably using it to engage in world conquest.

It will be a very useful feature in list comprehensions, where it offers the potential for performance improvements as you no longer have to repeat an operation in order to use the result several times in the same expression.

Here's an example directly from PEP 572.

results = [(x, y, x/y) for x in input_data if (y := f(x)) > 0]

Without it you would have to write

results = [(x, f(x), x/f(x)) for x in input_data if f(x) > 0]

The other alternative would be to unroll the comprehension into a for loop, but comprehensions (of various types) are generally faster as they have less loop overhead. This means they are a common optimisation method, and anything which makes them even faster is generally a good thing.

I run into this type of problem on a regular basis and look forward to using it once version 3.8 percolates out into the common Linux distros.