Tech on C&P

I cannot understand the resistance in the USA against a National ID card. The USA already has it, they cannot seem to accept that.

I’d like to start by pointing out that Foreigners to the USA get fingerprinted and photographed — like an accelerated Booking Procedure at the local police station — upon entry to the country. Did you know they have to check-in when they leave? Americans are often surprised to hear that — the US-VISIT program is more invasive than they think. Visitors get tracked.

In Canada, it’s actually illegal (common-knowledge, I should verify) to use the Social Insurance Number for anything other than Salary/tax, and Retirement. Due to this, the Military needed to get new numbers — like the USA still does, the Canadian Military used to use this national tax number (NTN) as the unique ID for a soldier as well. They had to change, and actually adopted a format that fits the same spaces, involves a checksum digit (like credit cards and ISBNs do) and is unique to the military. My Service Number makes no sense outside the military.

India recently announced that the issues they’re having providing healthcare will be addressed by a National ID card. Done correctly, this could very well be an isolated “this is my national health number” (NHN) that is useless outside the providing of healthcare.

Updating a “has healthcare until XXX date” via a bonded notable entity onto the NHN would isolate the NHN from the bearer’s credit and financial data. That would allow a healthcare giver to immediate gauge the healthcare status of a patient while in the ambulance, allowing the “busy: next hospital” issue that some hospitals are accused of doing. I don’t agree with that — Canada’s healthcare is geared to “how do I fix the patient?” before “what’s the patient’s healthcare provider, and credit card?” — but resistance to any such plans has to address the hidden agenda, even if the long-term goal may support eliminating such.

The USA has adopted standard such as FIPS-201 (wikipedia) for federal employees, yielding a Common Access Card for any government employee; this is a Smartcard which acts as both a physical access card that is digitally read as well as a military ID satisfying Geneva Conventions.

The USA already has a National ID Card, but only for government employees. The Social Security Number was originally intended for taxation, and is mis-used. Even though the employment status may affect the Commercial Healthcare Status of a patient, adopting a NTN separation from NHN would allow for streamlined healthcare in the USA, while protecting the bearer’s privacy for non-healthcare topics.

In How To Sync Your iPhone To Multiple Computers, iSmashPhone quotes cuts-n-pastes an article by Andrew Grant describing how to copy the two ID markers from one iTunes install to another to avoid having to change over your iTunes when you connect your iPod/iPhone to both (one at a time, though).

Andrew does a great job, go take a look.

I’m posting it here to send both of my readers (you know who you are) to his blog to get the straight facts rather than repost them here. Mind you, the side-effect is that I know where to find this in future

I was called an Apple Fanboy, in a dismissive way; it was the second time this week, and it’s only halfway through.

I was on my usual rant promoting reliability, predictability, the fact that I like OSes that are ready within seconds (3-4) of opening the cover on a laptop. I was bemoaning apps that don’t work together, and cobbled-together bits of the OS that, well, just don’t play nice nor go to the same parties. There’s no accounting for taste.

That’s when I was called an Apple Fanboy.

The odd thing was, I hadn’t mentioned Apple yet, and I really wasn’t going to.

Is the difference between WinXP (don’t tell me someone still uses Vista) and MacOSX, is that difference so huge and obvious that everyone knows the difference?

So I was trying to find a receipt that was emailed to me (sending receipts by random channels — great way to get them lost).

Of course, I thrashed on Microsoft’s email client. I would have had better luck watching cricket. Microsoft is stuck in the ’80s of search. Zero hits, didn’t check subfolders (despite any settings to the contrary — it’s only a request to check subfolders, remember)

So I tossed the info into Apple’s Mail.app; I got a dozen hits, but all cold. Oh, and it took a second, and all were valid, but the term I wanted to search on wasn’t indexed. This was after choosing the Spotlight, and finding no good hits of the 12, and fiddling a bit to get the right header field looked at.

So without really planning, I just tossed the term into Gmail’s search: no structure, no thought, no limits, no markup: cut-paste-go. Less than a second, it had the result. One result, the right result.

Give up; Gmail wins this decade of email.

Granted, search is no email, but with the level of data we receive (I get over a hundred non-spam emails daily, and over a thousand spam daily), search is everywhere, including email.

Released MySQLfs: 0.4.0. Two days early so that I can do some commits of what I’m working on.

• mysqlfs-0.4.0.tar.gz (354.2k)
• mysqlfs-0.4.0.tar.bz2 (261.3k)
• mysqlfs-0.4.0-55.src.rpm (265k)
• mysqlfs-0.4.0-55.i386.rpm (19.8k)

I was reading back through the Symas Blog, where they respond To Veracode: Thanks, but no thanks…. The quick summary is that the Static Code Analysis tool lists false-positives that it should know are not flaws, and lists them multiple times in order to inflate its error-count.

I would add that these tools not only add labour once, but incur a considerable additional effort to re-check after any code maintenance.

In past, I’ve used a variant of Klocwork before. Apparently, our version needed a lot of customization in order to be used, since we had a guy dedicated to Klocwork: .14% of the product was solely drained by Klocwork, but that’s not the big drain. I’m actually a fan of one guy making a tool easier so that it saves more than 0.15% of a developer’s time.

Developers edit code. That code editing often inserts or removes lines.

Klocwork accepts markers for “yeah, it looks like a flaw, but we know it’s OK, we checked”. This is done by marking the line to ignore in a cross-reference list. I’m told this isn’t actually a feature of Klocwork, but a bolt-on we did, but I mention here just in case.

Klocwork requires a very powerful machine to run — roughly 6 times what we needed to simply build the code.

Code edits mean that all the Klocwork exceptions have to be re-audited — all lines of code after the part edited need to be re-checked.

Requiring a clean Klocwork Report blocked code merges.

Blocked code-merges further blocked our development progress.

Most — almost all — Klocwork flaws were false-positives.

We spun our wheels in code-inspections, check-ins, audits, for flaws which were known-OK, repeatedly. That was wasted effort in all teams, by all engineers, every single time. Much more than 0.15% wasted, and the few gains we got (the engineers were mostly skilled, or well-mentored) were overshadowed by spending entire days in the administrative burden of re-registering/inspecting/approving Klocwork exceptions.

The obvious answer is a #pragma KLOCWORK_EXCEPTION that identified the following code-block as “OK”. This is similar to a #pragma warm -NNN used in EDG compilers to silence a warning. The actual could refer to a bugreport or authorization code (of which, we might count the total permitted to detect re-use), or an opaque Klocwork signature on the block itself, allowing edits to the block be detected, but allowing cut-n-paste of that block (including those defined in headers, which appear in multiple code blocks) to be equally excepted/ignored.

If the tool was opensource, we could give a patch the Klocwork representative in our company to make a change to the tool to make it easier.

Alas, I agree with Symas Blog: it’s proprietary, opaque, a stovepipe. All we can do is point a finger and say “FAIL”.

Style of writing sourcecode must be one of the largest religious turfwars in hackerdom; seriously, consider the following for its subtle differences; I’ll tell you the difference at the end:

int main (int argc, char *argv[])
{
    if (0 == argc) {
        do_something();
    }
    return 0;
}

int main (int argc, char *argv[])
{
    if (0 == argc)
    {
        do_something();
    }
    return 0;
}

int main (int argc, char *argv[])
  {
    if (0 == argc)
      {
        do_something();
      }
    return 0;
  }

int main (int argc, char *argv[]) {
    if (0 == argc) {
        do_something();
    }
    return 0;
}

It’s all about where the brackets are, and coders from one style don’t like another’s.

Personally, I have zero support for:

1. “Tiger Woods wears Omega watches, so that means they’re the best” (as opposed to actual analysis)
2. “Daniel Craig wears Armani, so I should wear Armani”
3. “Dennis Ritchie writes like this, so I should”

K&R format is inconsistent (compare the first and last examples: opening brace always at the end of the previous line?)

K&R is more difficult for new engineers to recognize their mistakes without formatting tools to show them. This is fine if their tools show them, but they cannot always have all the tools. The “bracket hidden at the end of the line” caused a number of students I personally interacted with to have predictable errors, and those errors went away with a coding style change.

For many, it’s simply a case of K&R style used in the examples of the first ever coding text the new engineer reads; lacking an alternative, the engineer simply keeps doing the same thing (such as when the master mechanic shows you “the trick for pulling out that #1 spark plug” and you never make that error again). Some engineers don’t evaluate other options, others are being constrained by the lead engineer, who has K&R ingrained.

Engineers will always have differing levels of experience; I’m a fan of techniques and trends which reduce human error occurrences. It’s not a rite of passage to do things in the more difficult way, and it’s no loss of respect to use a simpler, easier, less-error-prone style.

The argument I hear for K&R is “there’s less whitespace, it’s more compact” — and somehow, this is better; obviously I disagree. There are bigger screens, and smaller font sizes, and conventional limits on how big each functional block of code should be.

…but that’s why I code in Borland C style: benefits, and a weak drawback. It’s the second style I saw, not the first.

You do your style, I’ll do mine, let’s just get some work done, OK?

My work on WUSB11 was lost when my backup drive was replacing my primary drive, and it failed.

see also http://tech.chickenandporn.com/2009/07/05/hello-world/

Be reminded that I made the content online for only a temporary time because my server was overloaded. It would supposed to be moved off. That didn’t happen. Now it’s gone.

I Create RPMs for my work so that they are easy to install, and it’s a self-contained way of noting down what I has to do to make something work in my system. Do it once, it works the next time, and it keeps its worknotes with it.

My list of RPMs choked when my server did — let’s call that Reload Day. I lost a lot more than just RPMs.

Incidentally, have you put your hand on your backup disks recently? And have you verified that the backups are really storing a valid usable backup image? Please go do that now. I’ll wait.

The RPMs I create are in the category RPM on this feed, and all tend to use my specific URL (http://www.chickenandporn.com/r/rpm) that you followed.

The RPM Category has its own RSS feed if you just want to get updates that way.

I’ve been working on MySQLfs as a replacement for the decade or so of meandering work into the SantaSack. Currently, in this release-candidate that’s been waiting as a version X.Y.Z-rcA-preB-alpha-mchammer for quite a while. (OK, that’s not the version, but nearly)

In order to close a few bugs, address a feature-request, and get this ready for a release 0.4.0 (ie 0.4), I added code documentation (my benefit), regression-testing (including start/stop the daemon), and a few tests to confirm proper behavior.

The idea behind SantaSack was to toss things at a storage device, and have it figure out how it should be found. OK, I know that’s vague, but it’s a response to the ever-increasing size of storage and the “hoarding” that we’re doing more and more on that massive storage. For that reason, I’m going with plugins post-0.4.

While I’m working, I push the Doxygen docs out to Sourceforge: http://mysqlfs.sourceforge.net/html/

The simplified version 0.3.99.2 is available for download:

• mysqlfs-0.3.99.2.tar.gz (354k)
• mysqlfs-0.3.99.2.tar.bz2 (261k)
• mysqlfs-0.3.99.2-54.src.rpm (264k)
• mysqlfs-0.3.99.2-54.i386.rpm (19k)