Posts by thames

Re: x5 Speed Increase on Server Side with Swift?

That article in the link you provided is an excellent analysis. The author of the benchmarks cited in the Reg story was comparing apples to oranges from multiple different perspectives.

I suspect the reason for this was benchmark author didn't really know much if anything about many of the frameworks he was "testing" and just googled some tutorial examples. The result was numbers that were measuring very different things in each case.

This is such a common problem that it might make for a good series of articles for El Reg to publish if they can get someone (or a series of people) to write it for them.

If you buy Huawei kit you can either cherry pick bits and pieces that you want and then combine with kit from other manufacturers, or you can buy a complete turn key system from them.

The UK's mobile operators want to pick the best technology from a variety of suppliers and combine it into a system using their own engineering staff, or to contract companies in the UK (or elsewhere in Europe) to do it. There's already loads of Huawei kit in the UK's existing 4G networks because of this and it isn't going away regardless of 5G.

In many third world countries however the mobile operators simply buy a complete turn key system from a single supplier, and unlike many other companies Huawei is capable of doing this. It's not what UK companies want to do however.

Security comes down to system design, not the individual bits and pieces. When you buy a label there are no guarantees of security coming with it.

And in the end, the alternatives may be headquartered in Europe, but the actual kit is made is made in places like India, who have their own ambitions for being a world power.

Oh, and a lot of Huawei's software is written in India. The world is a much more complicated place than it was in the 19th century, which is where a lot of people who put national labels on multi-national businesses seem to have their minds stuck in.

Re: maybe

No, I want to see Google crush Oracle, to drive their salesmen before them, and to hear the lamenting of their shareholders.

Actually, I'd be happy to just see Android purged of all traces of Java, just to see the look on Larry's face when he realises that he's managed to knock yet another reason to learn Java out from under the pool of potential developers for "his" platform.

At this point you would have to be mental to develop a phone app using Java, given that if Oracle somehow wins, Google will almost certainly deprecate Java and phase it out, leaving you high and dry.

Re: More lazyness than anything

What you describe as being difficult with handing bytes is the situation in version 2. Strings could be 8 bit ASCII bytes or they could be unicode, depending on what any particular function decided to return, which in turn could depend on your OS locale settings, the phase of the moon, or any number of other factors. A "string" of bytes could change into a string of unicode unexpectedly if you weren't careful.

In version 3, strings were made to be purely unicode all the time, and new "bytes" and "bytearray" types were added which were purely intended as arrays of raw bytes and not to be interpreted as unicode strings.

There was also however added a full set of byte formatting and manipulation functions added which let you do string-like operations on bytes and bytearrays (searching, replacing, justifying, padding, ASCII case changes, formatting, etc.). So now you can write out bytes to image files and the like an be sure that what you are getting is bytes.

So now with version 3 strings are text and are unicode all the type, while bytes are bytes and not to be confused with text strings.

This change ironically is what the biggest complaints were about, mainly originating with people who only ever used 8 bit American ASCII and were not happy about having to change their code to better accommodate people who wanted to use funny looking accented characters as part of their alphabet.

In version 2 I was initially very uncomfortable using the "struct" module in the standard library (used to format packed binary data - very useful, have a look at it) because of it's use of strings when it wasn't clear when a string was an array of bytes or when it was a sequence of unicode characters. With version 3 it uses bytes and bytearrays and there can be no confusion with inadvertent unicode.

Re: So reassuring

SPPA-T3000 is basically a big Java program that runs on a set of MS Windows servers, with operator access being via Windows client workstations. The "highways" are the networks connecting them together and to the plant equipment. It shows equipment status, records performance for analysis, and allows operators to change equipment settings as needed.

Given that software systems based on similar technologies in more routine business environments seem to have security vulnerabilities being reported all the time, it shouldn't be too surprising that we are seeing some here, even if Siemens goes to great lengths to obfuscate just what their system is.

Basically though, the security challenges here are in essence the same as in any piece of big enterprise software and there's no reason to expect it to be immune from the same vulnerabilities.

There's "Redis Cluster Proxy", but that's still in alpha state. I've never tried it, but it's under development on Github.

Re: No, the UK was never in the running

According to news reports in Canada (CBC), locating the plant in Berlin seems to be a quid pro quo for Germany's new electric vehicle subsidies announced a couple of days ago. The timing between that and the Tesla announcement is unlikely to be coincidental.

Germany couldn't offer a direct subsidy to build the plant, but they could offer broader electric vehicle subsidies which Tesla will benefit from to a large degree. Tesla depends heavily on such subsidies for sales, and they tend to be in places with the largest subsidy programs. They have a high enough profile in the industry that they can negotiate subsidies directly with governments. They were almost certainly consulted by the German government on the new subsidy program, hence the coordinated announcements.

If the UK wanted to bid for the new Tesla assembly plant, then they would have had to do so by topping Germany's subsidies. I suspect that the current government in the UK has no intention of getting in a subsidy war with Germany.

Re: Were previous medical reports wrong?

Yes, Canada never bought into the "high tech sonic weapon" story, regarding it as fantasy. As noted in the PS, current Canadian detailed medical investigation points to over use of fumigants to kill mosquitoes in the embassy building and diplomatic staff residences. The fumigants were also detected in the bodies of people affected by the symptoms. The insecticide fumigants are based on on neurotoxins, and so have a direct effect on the nervous system, including the brain.

At the time fumigants were being used excessively due to panic over Zika virus, which was spreading throughout South America. As a result, embassies were having their diplomatic buildings sprayed as much as five times more frequently than is normal. I suspect the Americans were doing the same in their embassy buildings.

Canadian researchers also feel that any psychological effects of tension or pressure would have played at best a minor role in the effects seen.

Any "mass hysteria" that is involved in this seems to be affecting people in Washington who seem to think the Cubans have some unimaginably advanced new high tech weapon and are testing it out on multiple embassies in Havana before presumably using it to engage in world conquest.

It will be a very useful feature in list comprehensions, where it offers the potential for performance improvements as you no longer have to repeat an operation in order to use the result several times in the same expression.

Here's an example directly from PEP 572.

results = [(x, y, x/y) for x in input_data if (y := f(x)) > 0]

Without it you would have to write

results = [(x, f(x), x/f(x)) for x in input_data if f(x) > 0]

The other alternative would be to unroll the comprehension into a for loop, but comprehensions (of various types) are generally faster as they have less loop overhead. This means they are a common optimisation method, and anything which makes them even faster is generally a good thing.

I run into this type of problem on a regular basis and look forward to using it once version 3.8 percolates out into the common Linux distros.

Re: Language question

@Kristian Walsh - Just to address your point about how Python handles integers, what you describe is how Python version 2 did things. Starting with version 3 all integers are "long" integers, there are no more "short" (native) integers.

What this means is that there are no longer unexpected results caused by integers getting promoted to long (this wasn't a problem for the actual integer value at run time, but more one of the type changing causing complications when inspecting types in unit tests). Eliminating the need for Python to check whether an integer was a "short" or "long" integer each time an object was accessed meant that there was no performance penalty to simply making them all long.

For the sake of those who don't know what the above means, with Python it is impossible for integers to over flow because they are not restricted to the size of native integers but can be infinitely large. This is a big help as you don't have to add integer overflow checking to your own code.

Re: Out of curiosity ...

There was a spam email campaign a few months ago operating from a set of ".eu" domains, but I haven't seen anything from them for a while. I don't know whether they have moved on or whether the spam is just getting filtered better upstream from me now.

There is a good chance that whomever is using VirtualBox in this application may be using it as part of an automated test setup. I use it to test software on multiple operating systems. I can control the VM through VBoxManage and then run all the tests via SSH. The whole thing is orchestrated automatically via a bash script.

None of that requires the VirtualBox Extension Pack however, which adds some rather niche features, mainly related to USB device pass through. The problem in this case is with the VB EP, which you can download from the VB web site, but only for personal use and evaluation.

There is the distinct possibility that whomever is using VM in this application may not actually need or be using the Extension Pack, but only installed because it was there for download.

That problem was anticipated and allowed for. The British Commonwealth Air Training Plan (BCATP) was set up in Canada at the start of WWII to train pilots and other air crew for the UK, Canada, Australia, and New Zealand. Over 130,000 air crew, mainly pilots but also navigators, wireless operators, and others, were trained through this program in Canada during the war. Smaller numbers of aircrew from a number of other countries and colonies were trained through the program as well.

Canada's aircraft industry produced thousands of training aircraft to equip it.

At the end of the war Canada wrote off the UK's share of the costs along with the rest of the UK war debt to Canada.

A similar but much smaller program was run in South Africa and Southern Rhodesia.

Production of arms, vehicles, ships, and aircraft, as well as training training and other activities was coordinated in the Commonwealth, but it's not something you will read much about in pop culture.

It's rather simple. If the US has that sort of access then every other country will demand (and get) the same or else block the messaging service from their territory. After all, what honest and law abiding person would want to provide a safe haven to "terrorists, hackers, and child predators" by not being able to decrypt messages on their territory?

And of course there can't be a different phone backdoor for each country or else "terrorists, hackers, and child predators" would just use a messaging service from another country so that the country they are resident in can't open the backdoor.

If we follow the logic of this argument, then every country needs equal access to the same backdoor. Because if you don't do that then you either don't have a messaging service that works internationally or you have to admit that the whole "we need backdoors to protect against "terrorists, hackers, and child predators" is specious. Unless of course you are going to claim that only Americans are "terrorists, hackers, and child predators" and so only Americans need monitoring to stop them doing such things.

So the only logical end state is that every country eventually has access to every phone everywhere. And that of course will be "Totally Secure" (add spiffy logo and branded web site as required).

Re: panic and recover functions.

@eldakka said: "Personally I've never understood the point of 'try'. "

Exception handling is a feature that is very useful in certain types of applications. If you need to use it you really appreciate it.

Where it is especially useful is when you have a long sequence of things to do, each of which must be checked for errors, but where the exact nature of the error doesn't really matter in terms of what you will ultimately do about it.

If you check for errors through a series of "if/else" statements, then the code ends up almost unreadable and likely containing several new errors of its own.

With exception handling you put an exception block around the code that has to be checked and it bails out automatically for you without all the repetitive boilerplate. The code becomes much more readable as you can follow the main flow without getting tangled up in the error handling. It's particularly useful in libraries where you allow the exceptions to bubble up to the higher levels where they can often be handled more sensibly in the given context.

Without exception handling what tends to happen in practice is that people forget to check for errors, especially those rising up from lower levels, and the errors manifest themselves as crash reports from users.

There can be cases where manual error handling using if/else can be the better way, but not in most cases. I would compare it to automatic memory management versus manual memory management. The latter is better in some cases, but in most cases is a notorious source of bugs and memory leaks.

With 'C' exception handling is sometimes emulated using a programming convention that uses goto (yes, C has goto). I've used this convention in a few applications, but it's not as clear or as readable as actual exception handling.

So to sum up, "proper" exception handling is better at putting the programmer's intent clearly and concisely while being less prone to creating new errors because the intent is inherent in the syntax. There are many application domains where it is very useful and helps eliminate entire classes of common programmer errors.

Re: Interesting

And in the latest update to the story, it appears that Canonical are doing exactly what I suggested they would. They will talk to developers and find out which 32 bit libraries they are actually using and support those.

It turns out to have been a tempest in a teacup.

Re: Bloat for bloat's sake

Most of the 32 bit desktop hardware which is still out there now would be things like netbooks with only one or two gigabytes of RAM. You could probably still run a Gnome desktop (which is what Ubuntu desktop ships with), but it would be sub-optimal.

Re: Mystified; how will they force it?

How will the Germans force it? They will just count on most chat they want to monitor taking place over phones, and banning secure chat apps from the Android and Apple app stores being enough to prevent the targets from using it. If Apple doesn't offer it to you, then you're out of luck if you own one of their phones. It's possible to load whatever you want on some Android phones, but most of the targets won't know how or otherwise won't do it.

The Germans aren't counting on it being completely impossible to end to end encrypt a message. They are just counting on making it so difficult that most people won't bother. They aren't after Bond film super-villains with this, just run of the mill malefactors who bumble along from day to day.

It will be interesting to see how the chat app vendors handle this. One way may be to simply have Google and Apple geo-fence their app stores to make their encrypted chat apps unavailable in Germany (and Australia) and add a "terms of service" clause telling their users to not use the app in banned locations. That is a quick solution that doesn't water down security for the rest of the world. The Germans (and Australians) won't be happy, but their government would have got what they asked for.

Re: From a previous ElReg article

Three months! That would be record fast for the new system under Capita. I have regularly been talking to people in the UK whose sons have been waiting over a year just to get a reply back.

All too often the potential recruit has moved away or is too deep into an alternate career to be interested any more by the time Capita get back to them. It takes an unusual degree of persistence and drive to fight your way past Capita and join the army.

Everyone who has had any contact with it thinks the new system is an unmitigated disaster.

Re: Russians under every bed?

Well since the media have definitely established that it's a military while, then obviously it must be an American military whale. He's just returning from a dangerous special forces mission behind enemy lines where he infiltrated the Russian herring fishery and uncovered their devious plans.

Medals, book, movie rights, and line of sports clothing to follow after his hero's welcome in Washington.

Re: Just waiting for the inevitable

One of the major political controversies in Canada in recent years has been the large numbers of people crossing the border from the US into Canada and claiming refugee status. Bogus refugee claims have much less chance of success in Canada than in most countries, so most eventually have their claims rejected and get kicked back out. However, the recent large numbers have resulted in a backlog in the processing system, so that may take a few years.

Under treaty between Canada and the US, anyone who tries to enter Canada from the US at a normal border crossing and claim refugee status will have their claim automatically rejected. If they cross anywhere else however, then their claim must go through the normal process, with all the appeals, etc. as defined under official international refugee conventions. Canada cannot amend the treaty with the US unilaterally to try to address this loophole.

The US claim they are powerless to stop the large organised groups (let's call them "caravans") of people who pay to be taken to roads adjacent to the border and dropped off in a very few well known specific spots to make a short tramp through the woods and make their crossing where Canadian immigration officials collect them. The Canadian border officials tell right at the border to stop and turn back, that they are crossing illegally, but of course they don't listen. The Americans are apparently not given to introspection about how their utterly supine response to this problem contrasts with their vigorous complaints about Mexico not doing enough about stopping people entering the US.

The main centre for this illegal border crossing is in the southeastermost part of Quebec, with a lesser amount happening in southern Manitoba. Both are land borders (unlike with Ontario) and close to major cities in the US where these "refugees" originate.

Some political elements in Canada have been demanding that we build a wall (or at least a fence) to try to stop them. Nobody so far has suggested that we make the Americans pay for it, but it would seem only fair if they did.

Canada will sign a trade agreement with the UK duplicating existing terms (CETA) as soon as the UK figures out what it is going to do, whether it is in or out. Any "gap" will be filled by temporary arrangements to make the transition seamless. This was a commitment given by both PMs following a meeting in Ottawa a year or so ago. It was also announced at the same time that this would be followed up by beginning negotiations on a newer trade deal which was more comprehensive than the existing one.

The UK has already signed a series of treaties with Canada in matters which affect trade but which fall outside of the EU's exclusive trade jurisdiction in preparation for a no-deal Brexit, and I know the same has been done with a number of other countries (e.g. Japan and others).

Canada doesn't care whether the UK is in the EU or out of the EU and has no interest in getting involved in EU-UK playground squabbles. We just know that almost half of our trade with the EU is with Britain and we want that trade to continue without interruption. I would imagine that most other countries feel the same way.

Whether you Brexit or don't Brexit, that's all up to you, we don't care. Just let us know when you've made up your minds and we'll figure out how to deal with it.

Re: Really?

VBScript is not the same as VB. The syntax is similar, but the former is a scripting language which can be embedded into other software, or as a shell scripting language via WSH (Windows Scripting Host). Plain VB is an application programming language, with the "classic" version producing "exe" files and using loads of COM and ActiveX objects, and the later versions being another Dot Net language (with the Dot Net version not being backwards compatible with the "classic" versions). VBScript was also used by IIS, so if you have a legacy IIS installation it may be in there somewhere.

VBScript was used as an extension language in various applications. It may be hard to get rid of simply because some legacy business applications such as accounting systems may make use of it to tailor the application for the customer. It's one of those Microsoft zombie technologies that stagger on devouring victims long after everyone thought they were dead.

Some Windows propeller head is probably going to nit pick at the details, but that's it in a nutshell.

I used it for some simple shell scripting years ago. It was absolutely wretched to try to do anything useful with.

Re: I suspect its a clone of Android

@Jaybus: The arrest of Meng in Canada was due to an extradition request by the US made just before the start of US-China trade negotiations. Trump has said that if he gets a good enough trade deal out of China he will consider dropping the charges against her. Canada itself has no complaint against her and would very much prefer not to have been dragged into the affair at all. One of the issues that has already been raised in the extradition hearing process is what is seen as the obvious political nature of the charges given what the US has already said about it.

I'm not sure that citing this case is exactly helping your argument.

Re: Nope!

Ubuntu Phone was in the game early as well, but Canonical gave up on it a little while ago. They said the reason they gave up was that having the technology working was the easy part.

The big problem was getting key app developers and phone manufacturers on board. Those demanded large up front payments before they would consider it and Canonical wasn't in a position to fork over that kind of money. That's why they binned the whole phone project, including the Unity GUI.

The whole thing is really more of a marketing and developer relations problem than a technology problem, and it requires very deep pockets. Google has both the deep pockets and the existing business connections to make it work.

I can see this rendering the Chromebook market obsolete, where instead of a Chromebook you would simply get an external screen and keyboard for your phone, possibly in the form of a folding dock. I don't think it would completely take over the traditional laptop market, but it may chew around the edges of it more than Chromebooks were able to.

Re: Sounds a tad pointless?

Heap-leaching works on very large piles of waste rock to recover low concentrations of minerals economically. That is, you just pile up the rock in huge piles on a packed clay or plastic leach pad, spray the leach solution on it, and recover the water draining off the bottom. The recovered water will contain dissolved minerals which you then recover and process further to extract the desired minerals.

The process is already widely used in the mining industry for copper, gold, and other minerals. The main difficult is that if the leaching agent is an environmental hazard then you have a big problem when (if) it leaks out to somewhere else.

The process proposed here uses an organic acid which will naturally decay, meaning that leaks are less of a problem, making the mining process less risky.