Posts by thames

Re: Apple and GPL

Only the copyright owner has the legal right to sue over license violations. If the FSF did not own any substantial copyrights in GCC then Apple/NeXT could have had the case dismissed as the FSF would not have had legal standing in court. This is the main reason the FSF set up the copyright assignment system.

Projects where the copyrights are widely dispersed are more difficult to enforce, as someone who has substantial copyright ownership has to be willing to volunteer to bring the complaint to court.

There is also the problem that there have been a few cases with dispersed license projects where one copyright owner sued when the majority don't want to, but instead wanted to continue negotiating licence compliance with the copyright violator.

By having the FSF hold the copyrights (with a license back to the creator to re-license as he wishes) the FSF got around this problem.

The FSF were pioneers of Free Software, and there was initially a lot of legal uncertainty as to whether any non-proprietary license could be legally enforced. There was also the issue of whether there would be the need to do a rapid change to license terms in case a loophole was found in the license.

After many years though there are enough legal precedents established that this is much less of an issue. The licenses have been tested in court and have stood up as enforcable, and Free Software has become the norm and is well understood from a legal perspective.

This is probably why they are now changing to allow for dispersed copyrights the same as most other Free Software projects do.

The main advantage of widely dispersed copyrights is that it becomes very difficult for any one person or any one organization to stage a takeover of a project, as was done with MySQL (by Oracle). The current environment is very different from the one which existed when the FSF were first starting out. In essence, by largely achieving their objective they have at least partially made themselves redundant.

Re: Or...

I've done plenty of real time embedded work in interpreted Basic running on an Intel 8052AH 8 bit chip with 32kb of RAM and clocked at around 10 MHz. Loads of other people have done the same. The market for this was big enough that several companies were making dedicated versions of this chip with the Basic interpreter masked into ROM on the chip itself. It's a variant of the 8031, which was a top selling micro-controller CPU/SOC.

All of the major industrial control vendors (Siemens, AB, Schneider, etc.) sold them as modules for their control systems. Numerous single board computer vendors, whose market is entirely focused on embedded, sold them as well.

Loads of major industrial processes and equipment with more dedicated embedded control systems used this as part of their system, or as the complete thing.

Someone who genuinely knew more than a smattering about embedded control and had years of experience in the industry would know all this.

These days I would quite happily use a Raspberry Pi running a Python program in many types of real time embedded applications. People who have genuine experience in a wide range of embedded control applications would know that "real time" actually means "can meet the process deadlines".

And while we're on the topic of interpreted languages in real time applications, I should mention that I've used Python in PC based embedded industrial systems doing real time interaction with robots and measuring equipment.

I'll keep this short, but here's a list of other interpreted language systems that I've used or are familiar with which have seen widespread use in real time industrial control or test and measurement: Python, GWBasic, QBasic, HP Rocky Mountain Basic, UCSD Pascal, and a host of proprietary languages.

And I should add that until very recently most or all of the PLCs used to control factories around the world used interpreters.

I would suggest that you wind your neck in on this topic.

Re: Hardware dongles?

The main problem with the few CAPTCHAS that I see is that they tend to be ambiguous street scenes from American suburbia. If you happen to live in American suburbs, like say the sort of people at US tech companies do, then they may make sense.

If you're not an American living in an American suburb, then you end up having to ask yourself "how would an American answer this question?" based on what you know about the US from American movies.

What they need is less ambiguous CAPTCHAS, but I suspect they are afraid that people will then use image recognition and AI to solve them.

Not that I think the Cloudflare proposal is a better solution. In fact I think it's worse.

Re: python to the rescue

It's perhaps fortunate then that Python was created by a PhD mathematician. It uses Karatsuba arithmetic, which has been around since the early 1960s.

Python is also the only language that I am familiar with that does modulo operations in the mathematically correct manner in all cases. Every other language that I have tested (as well as spreadsheets) will produce mathematically incorrect answers under some circumstances because it was "faster" (because the CPUs produce incorrect answers). Python's creator insisted on mathematical correctness over performance in that case, so I'm pretty sure he did the same with other integer operations.

As a typical example, the sum of a large integer array in pure C is roughly 7 times faster than in Python (the exact amount in C will vary by integer size and type). In Python however the sum will never overflow while with C you are pretty much guaranteed to have an integer overflow even with a relatively "small" array.

You can do integer operations in Python without ever having to check for overflow. In typical languages using native integers people don't often check for overflows either, but then we get constant security notices about vulnerabilities due to unchecked integer overflows.

I can pretty much guaranty that the majority of programmers don't even know how to check for integer overflow correctly. There are many corner cases that will vary depending on operation and integer type. Several years ago I had reason to find all the integer overflow cases for all the integer types and operations, and I could not find a comprehensive single source for this. Not that it matters of course, since as I said the average programmer never checks anyway.

If you really need maximum numerical performance in Python, then you are almost certainly using a numerical library anyway, the most common ones are written in C or Fortran and operate on native integers or floating point numbers in native arrays. The libraries can take care of the details.

If however you just need to add two numbers together, then just do it in Python and you can be assured that the result will never overflow without you having to add multiple lines of code around each operation to prevent it. If you are just adding a couple of numbers the performance overhead is insignificant in practical terms.

With Python, pragmatism is the preferred course of action.

Re: C and then some

The main driving force behind adding optional type hints into Python has nothing to do with compilers. It's there strictly because people flogging IDEs want it so their static analysis algorithms in their IDEs can work better at code completion. The original "unofficial" version was ported in from an IDE by the maker (I can't remember which one), and the current "official" one was created to get rid of that one with something better. I was a case of "well if you're going to do it anyway we might as well make sure that it gets done properly".

Cython have their own type declaration system, but it's oriented just towards giving the C compiler more information. It isn't part of the Python language itself though, and Cython isn't backwards compatible with Python. This is why you add the type declarations as part of the final optimization process after you are satisfied your Cython program is working correctly.

Personally I do however think that the Cython approach is the one most likely to produce the greatest performance improvements, although I wouldn't do it exactly the way they did. The main issue with performance is actually related to how dynamic the language is. This requires constant run time type checking and all the baggage that goes with that. It lets you do things in far fewer lines of code than most other languages, but it comes at a price. If you could selectively sacrifice some dynamic features on a method by method basis to automatically generate C extensions then you could have the best of both worlds. There are some third party add-ins such as Numba which do this for numerical processing, but I think that much better could be done if it were part of the language.

Re: Not uncommon

Yes, well you'll notice that McDowell's statement was qualified as "above 10 tonnes". Europe was intentionally dumping spent 8 ton rockets into the general area of Canada and Greenland, including roughly a ton of highly toxic hydrazine into the atmosphere as recently as 4 years ago, and may still be doing it for all I know. Protests from Canada to Europe were met with a "do I look like I give a ****?"

Perhaps when he presented his "brilliant new plan" to the board one of them asked him "WTF? Are you on drugs or something?", to which he answered "why yes I am, how did you guess?"

Re: What ?

The only large scale reactors that have actually been built that can use thorium that I am aware of are heavy water moderated ones. Reactors of this sort are used around the world as major power producers. The main attraction of these reactors is that they can use natural uranium, and so countries can have a secure fuel supply without needing a uranium enrichment plant. Their very high neutron efficiency theoretically allows them to use thorium as fuel, but all currently use uranium fuel, as uranium is cheap enough that it isn't worth the bother to use thorium.

Canada is the leader in this field, and most of these types of reactors are based on Canadian technology. This has included experimental work on thorium fuel. India however have done the most work on using thorium fuel, as their thorium reserves are much larger than their uranium reserves and so they have the most interest in this.

There are other theoretical reactor designs which might use thorium, but so far as I am aware none have actually been built and demonstrated.

Iran are considering building heavy water reactors. However, these are precisely the type of reactors that the US are the most upset over. So, I don't think that this is the sort of solution you imagine it to be.

Precisely, that is exactly the issue. The problem is that a lot of developers are writing for mobile first, with desktop as a secondary target. Ubuntu are bowing to the reality that if they want to get more application developers to port their apps to Linux then they need to offer development tools that those developers are familiar with on phones and tablets rather than expect them to learn all new ones for desktop.

Right now a lot of cross-platform stuff is being written in things like Electron, which is rather sub-optimal to say the least. Flutter sounds better than Electron, although I haven't tried it yet.

Ubuntu have been writing a new installer using Flutter to replace the two separate ones they use for Server and Desktop. They will do the same for some of their other system management GUI tools.

I plan on giving it a try some time soon before passing actual judgment on it.

Re: Sanctions are messy, politics is worse.

The question of "double criminality" (whether there would have been a crime under Canadian law) was apparently always the weakest defence, even if that wasn't obvious to someone not familiar with how this works. The US framed the extradition request as "fraud" specifically to get around the issue of Canada not having sanctions in place (as we didn't pull out of the agreement with Europe like the US did).

At one point the judge basically just asked the crown (who are handling the extradition request from the US) whether he would prosecute this case as fraud, to which we shouldn't be surprised to hear that he said "yes".

Not an awful lot of thought seemed to go into it by the judge, and of course the Canadian court isn't concerned with the issue of whether any fraud actually occurred, just that "fraud" is a crime in Canada. The issue of whether Meng broke any US sanctions or whether she committed any fraud in doing simply isn't an issue that the court will have any interest in.

This is why her defence rests on procedural issues, as these are the only issues the court may have any actual interest in. This is why her strongest defences are whether there was abuse of process through the US providing false or misleading information to Canada or whether Canadian police and immigration abused their powers when questioning her and if they illegally handed information over to the US.

Re: Ronacher's Rant

I normally apt install the packages that I use, including libraries. The distro maintainer takes care of ensuring that dependencies are consistent.

This way I don't have to manually keep track of which version of which third party library had an unpatched security bug which the author couldn't be bothered to fix because he fixed it in another release three versions later. Once you start doing your own mix-and-match of different library versions you take a huge security testing and maintenance burden upon yourself which few developers have the resources to do properly.

I do use projects that I pipped from Pypi and I have projects on Pypi, but when I use libraries from there I am very selective about which ones I use, and only use them when I have assured myself that they aren't in the distro repository.

Bloomberg were laughed at throughout the technical press in 2018, even if the general media took them at face value. The one person they were willing to cite as a "source" was interviewed by a security podcast and said that he didn't find Bloomberg's claims credible and that they had misrepresented what he had said. They were pretty comprehensively discredited back then, at least among the segment of the audience who would form Supermicro's customer base. There wasn't a lot of reason for Supermicro to sue then.

Since 2018 not a single solid piece of evidence has emerged to support Bloomberg's claims. Back in 2018 Bloomberg relied on second hand information from various unnamed officials in Washington and their one named source said he had been misrepresented and that he didn't believe Bloomberg's story.

This time their story is once again various unnamed officials in Washington, and their one named source just turns out to be someone who heard the same second hand story they did. In other words, it's just 2018 all over again with even less evidence this time.

Where's all these Supermicro boards that have hidden chips in them? If they're out there and been discovered, why aren't we hearing any first hand reports? If the US really had any of these boards they would be holding the biggest IT security press event of the decade with one, rather than feeding stories anonymously to compliant reporters. They're not shy about showing off Russian rootkits to the public, so where's the evidence in this case?

I'll believe it when I actually see some credible evidence in the hands of a neutral party who has a convincing chain of custody for it. Until then, I'll just put it down as Bloomberg being their usual less than credible selves again.

Re: Nothing to hide

Tying it together with the reports of court proceedings in Canada, Meng's lawyers are arguing that the US government presented false, misleading, and incomplete evidence with regards to Meng's dealings with HSBC, but HSBC are required by the US to obey their orders (they are under a "cooperation" order from the US).

The US case revolves entirely around whether HSBC was aware of the full nature of Huawei's relationship with Skycom. If they were, then any US complaints have to be directed to HSBC. If they weren't, then this is what the fraud claim is based on.

The problem for the US case is that one of the important elements of their case is that they claimed that only junior HSBC employees were aware of Huawei's relationship with Skycom. Legal discovery in Vancouver has shown that these supposedly "junior employees" held the position of VP at HSBC.

The US also presented copies to the court of Meng's Powerpoint presentation with critical bits which might absolve her edited out. Some might call this tampering with evidence, but not being a lawyer I won't speculate on that.

What Meng's lawyers appear to be trying to do in this case is get their hands on original copies of HSBC's own documents relating to this before the US applied their creative writing skills to them.

I suppose that if it turns out that if the extradition case gets tossed out in Vancouver then the US may take out their frustration on HSBC, so the bank may have something lo lose in this after all.

One of the key witnesses in the Canadian police or customs (I can't recall which) engaged in Meng's arrest is currently hiding out in Macau, has hired his own lawyer, and is refusing to testify in the case. This certainly caused a few eyebrows to be raised among people that I know. I supposed it's rather odd that he feels safer in Macau than in Vancouver, but there have been quite a few odd things about all this.

Recent speculation in Canada has been that Ottawa may get Washington to agree to drop charges against Meng personally and to charge Huawei as a corporation instead in return for considerations on other bilateral diplomatic issues (oil, climate change, electricity, or something else that Biden wants from Canada). That way Canada can escape from being a pawn in a fight which has nothing to do with it.

There's a saying that goes along the lines of "when two elephants fight, the grass gets trampled". We'll have to see how this all goes I suppose.

Why do you think that Microsoft bought LinkedIn for $26 billion if it wasn't to mine your information and used it to sell products and services to you? The same goes for buying Github for $7.5 billion. Combine this with MS Azure and it gives them a huge amount of data about you which they then link together to find all the connections which you thought you had kept isolated.

The whole point of social media is to mine your personal information, link together data from multiple sources, and use this to target you for sales and marketing efforts. If that sort of thing doesn't appeal to someone, then they shouldn't have Facebook, LinkedIn, or Twitter accounts.

Re: Wow

Ubuntu already have live kernel patching. They call it "Livepatch". When you install Ubuntu they ask you if you want to enable it. I never have because I don't see a personal need for it.

I don't think they have it for the Raspberry Pi yet however.

Re: They still don't get the issue with "stream"

I have an open source project which I test on about a dozen different distros, including a couple of BSD variants. I have a fully automated test system which cycles through all the supported platforms. When I make a new release I then give a list of platforms which it was tested on, including which version.

One of those distros is Centos. If Centos Stream is just a rolling release then there's not much point in testing on it, as I can't then say that a specific version is tested and supported.

I have no intention of signing up for a developer account as I have no desire to jump through their hoops and become one of their minions just so I can do free work for them.

I'll keep the current Centos VM in the test system so long as it remains relevant, but once it gets too old compared to their current Red Hat release however, then I'll just drop it. As someone running an open source project, It's really not worth the effort to support a distro that anyone puts hurdles in front of.

Re: The recent court procedings have been rather interesting.

I wouldn't jump to any conclusions about the outcome at this point. The legal standard for extradition seems to be much lower than for an actual criminal case, so the judge could decide to ignore issues that might cause the case to be thrown out in a criminal trial and sweep any police misdeeds under the carpet.

None the less, the American party requesting the extradition do not have reason to believe that everything is going their way on this.

Redis does a lot more than just act as a key-value store. There are numerous instructions for sorting, filtering, and manipulating data. There are message queues, sets, publish/subscribe channels, and even a built in Lua interpreter to run scripts.

If you are looking into using it for anything, it's worth reading the full documentation to find out all it can do. I'm working on a project which uses it, and I'm not aware of anything else that is similar.

Ruby has declined because it's main use was with the Rails web framework. As web applications have evolved and changed how they interact with servers and browsers, Rails has fallen out of favour and Ruby has fallen with it.

Python has a very broad range of uses and so is not dependent upon any particular one framework or application.

Re: Full fat desktop on a Pi is usable

I believe that people had Ubuntu desktop running on the Pi 3 as well, but it wasn't easy for non-technical people. What 20.10 is supposed to do is to make it more mainstream. I intend to give it a try.

Re: CSV?

The more important thing is that the data has to come from many different places and CSV may be the only lingua franca that exists for all of them. It's no good looking for the ideal solution if it would take a major overhaul of health IT system to accomplish it. By that time it would be too late and therefore pointless.

There's a CSV module as part of the standard library in Python. There are also modules which will write MS Excel compatible files if those are desired as the output. It should be possible to write a simple translation filter in a relatively short time. It could include whatever validation and error checking is considered desirable.

There are still unanswered questions such as why the CSV files had to be converted into the older XLS format rather than the newer one. There's a good chance that there is some other piece of software involved that will import XLS files but not newer formats or anything else useful. That is speculation, but it's a possible answer.

Re: From linked Reg article:

India want to develop their high tech industry, and giving their designers practice in designing chips is important in developing the sort of talent pool required to create a self-sustaining hardware industry.

They have an over-arching development program called "Make in India", encompassing a wide range of sectors, everything including automobiles, mining, electronics, IT (of course), pharmaceuticals, space, electric power, and many others.

The policy for the electronic sector is called the "National Policy on Electronics (NPE) 2019", and follows on the NPE 2012. Here's a direct quote from their website describing the scope "The Electronics System Design & Manufacturing (ESDM) industry includes electronic hardware products and components relating to information technology (IT), office automation, telecom, consumer electronics, aviation, aerospace, defence, solar photovoltaic, nano electronics and medical electronics. The industry also includes design-related activities such as product designing, chip designing, Very Large-Scale Integration (VLSI), board designing and embedded systems."

The main competitor for their new RISC-V chip will of course be ARM, and especially the Taiwanese and South Korean chip fabs which seem to make everything for everyone. However, as I understand it they are less concerned at this point about developing a chip which is competitive in performance, and more concerned about developing skills and a pool of talent which can be applied to other commercial projects, even if the actual chips are made elsewhere.

There is a political and diplomatic aspect to all of this as well. Ultimately India want to establish themselves as a world power and don't want to be dependent upon anyone. The US are as least as much of a threat as China in this respect, perhaps even more so given the US proclivity for weaponising the supply chain through indirect control of foreign companies and financial payments systems. For example see India's participation in the BRICS payment system (in cooperation with China among others) which has the explicit goal of reducing dependence on US dollar clearing in response to this.

To make a long story short, India have detailed long term ambitions to make themselves a world power and to not be beholden to any other nation from east or west. This is an ambition that spans multiple decades. As part of this however they have picked electronics as a key industry to develop capability in.

Re: RISC-V Raspberry Pi

A copy of the Rasberry Pi but with a RISC-V CPU instead of an ARM CPU would be great, but I don't know if off the shelf silicon exists for that. What made the Raspberry Pi practical was there was a chip already in existence which had a lot of stuff integrated into it, including graphics.

A lot of very difficult design work went into the Raspberry Pi to make it cheap, compact, and low powered. A lot of hard decisions about what to leave out and what to leave in had to be made to hit the price target. You can do anything if price is no object, it's when price is one of the design goals that the hard decisions have to be made. The Raspberry Pi was designed by setting a price target and then designing the hardware to fit into that target.

What the RISC-V backers have to do is start with a price target and see what they can fit into it. The Raspberry Pi has set the standard on that, so not many people are going to willing to spend $1000 on a RISC-V board just to expand the platform support for existing software.