UK motor factors Halfords are running adverts for their new “We Fit” service and I absolutely hate them. There’s one common message – that even the most basic of car maintenance tasks is beyond the ability of the average motorist. This annoys me intensely because I firmly believe that every motorist should be capable of such simple tasks as changing bulbs and windscreen wipers – it’s part of understanding the vehicle that you’re driving. What’s more these things aren’t difficult. They require very little actual skill, just care and attention to detail.
However there’s a calmer part of my mind that says these adverts are actually good. I’ve seen the results when people thought they knew what they doing too many times and some of them have been pretty horrendous. Now I know that large chains don’t have best reputation for quality of workmanship but I’d still rather that vehicles using our highways were maintained by someone who’d had some form of training. That way there’s slightly more chance that the oncoming light in the freezing fog is actually a motorcyclist, not a car with only one light working.
This is my mousemat. It’s about the same age as many of our students and it’s pretty much the only piece of computing technology from 1993 that’s still relevant today.
The 3.5 inch floppy was the standard way of supplying data and even software. Windows came on 6 to 8 of them depending on the edition.
Mice used to use a ball and rollers to track movement. They’re now optical.
Only cheap keyboards used membranes. Good ones were mechanical (switch) keyboards. These are now almost impossible to get hold of.
USB was unheard of. Peripherals either had to connect via an existing serial or parallel port or use their own interface card.
The Compact Disc was common, but the CD-ROM had not yet entered the world of computing (let alone DVD or recordable technology).
Monitors used Cathode Ray Tubes. This made anything bigger than 19″ heavy, awkward and expensive. If the office heating failed though they were good for that.
A myriad of interfaces have come and gone. ISA bus, VESA local bus, DIN style keyboard connections, PS/2, IDE, etc. etc.
There are a few things that haven’at changed that much.
Hard disks – the mechanical type – still use much the same physical technology. The data capacity now though is astounding. A “big” HDD in 1992 was 20Mb. It’s now 50,000 times that.
VGA was the latest and greatest in 1992. We still use it today, mainly for projectors although even this is fading in favour of DVI / HDMI.
Cases are still made of cheap steel and PSUs are still cheap switch-mode devices that fail every more often than any other component.
Having said all this it’s not so long ago I lifted the lid on a piece of equipment that had just been decommissioned from a fire service. I recognised the CPU instantly, it was a Zilog Z80 in a DIL40 package, placing its vintage firmly in the 1980s and possibly as early as 1976.
So the power company decided to schedule a 9 hour outage for today and not bother telling us. At 09:15 the power went off and we were suddenly in the dark. No power, no network and even the cordless house phone was off. Sure we have mobiles but we live in a dip and have minimal signal.
We’re screwed, right?
Not at all, because when I became a remote worker I spent some time working out exactly what I’d do if this happened. Dress this up in fancy clothes and a consultant will call it “disaster recovery planning” and relieve you of the contents of your wallet. The reality is that it’s just a bit of common sense, but it is important that any small business actually does it.
There’s an old phone I keep in the spare bedroom that doesn’t need external power so within a couple of minutes we have some form of communication. All the utility company phone numbers are on a board by the fridge so within 10 minutes I want someone’s head on a plate. At least I know the score though and it means we’re out of the office for the day. We both use (docked) laptops as our primary machines so we grab them, an external HDD and a bunch of other goodies and decamp to a nearby relative’s. All sorted.
If you are a small business, a remote / home worker or a contractor you need to think about what you’d do if something goes wrong. There are four things to look at.
What can go wrong?
How likely is it?
How severe it it?
What are you going to do about it?
There are 2 parts to the last one. One part is obvious, what you do when it happens but you should also consider how you can mitigate it – how you can make it less likely or its effect less serious if it does happen.
Oh, and a small piece of advice, always get the most efficient freezer you can. 9 hours of no power and not a hint of defrosting!
or C#’s Short-Circuit and Left-To-Right Evaluation
It’s all Rob Miles’ fault. Just before Friday lunch time he unleashed upon the world a work of unspeakable evil. There’s nothing wrong with the text of the article – Rob is his usual erudite self – rather that HDR-like picture of the Gulbenkian building. It nearly melted my face off.
It being Friday lunch time I thought I’d retaliate, not with more impossibly bright HDR photography but by doing unmentionable things to Anders Hejlsberg‘s wonderful language C#.
The challenge is this – the following is a reasonable enough piece of code but…
if (filmChoice == 1 && age >= 15)
Console.WriteLine("Enjoy the film");
When you’re just learning to program it’s easy to make mistakes…
if (filmChoice == 1 && age >= 15)
Console.WriteLine("Enjoy the film");
else
Console.WriteLine("Access denied - you are too young");
There are 3 combinations of filmChoice and age that will lead you down the else path, not just when the customer is too young to see film 1.
So you need to break up the condition… or do you? Could you actually do it with just 1 if statement? Oh yes.
string film = "the other film", message = ", but you could see looper";
if ((filmChoice == 1 && (film = "Looper") != null && (message = "") == null)
|| age < 15 && ((message = "") != null)
&& filmChoice == 1)
Console.WriteLine("Access denied to " + film);
else
Console.WriteLine("Enjoy " + film + message);
I'm actually practising my evil laugh right now. Later I will be uttering phrases like "No Mr Bond, I expect you to die!" and leaving the room allowing one of your dashing heroes to perform an improbable escape and ultimately foil my dastardly plan for world domination.
Seriously though, that code has been totally marinated in wrong sauce. Do anything like that in production code and your head will be on a spike in traitor's cloister faster than you can blink. Nevertheless it actually reveals some interesting and useful language features.
C# always evaluates left-to-right
C# always short-circuits evaluation
Assignments have a result
You can write some mind-bogglingly awful stuff in C# (not very useful)
Let's take a look at these one-by-one and by the end you should be able to work out how that particular atrocity manages to produce the right results.
Assignments Have a Result
The first thing we really need to understand is that assignment operations return a value. I know that appears to make no sense but it's true. The value they return is the value that's assigned. So variable = Math.PI for instance assigns the value of PI to the variable and also returns the value of PI. Usually the runtime just throws this return value away.
Want to test this? It's easy enough to prove.
//let's be explicit about creating 2 doubles with values 0.
double first = 0, second = 0;
//assign the first to a constant
first = Math.E;
Console.WriteLine(String.Format("First [{0}], Second [{1}]", first, second));
//assign the second then assign the result of the assignment to first
first = second = Math.PI;
Console.WriteLine(String.Format("First [{0}], Second [{1}]", first, second));
//Output...
//First [2.71828182845905], Second [0]
//First [3.14159265358979], Second [3.14159265358979]
What's the practical use of this? Beyond being a handy syntax for assigning multiple variables the same values (or derivatives thereof) I'm not sure. Using the feature in conditional statements is convoluted, confusing and should definitely by avoided - even if the values are boolean. if( bool1 = bool2 ) can easily be read as if( bool1 == bool2 ) but the two pieces of code do very different things. Conditional statements are not intended to modify things, they're intended to test them. Best to keep it that way.
Guaranteed Left-To-Right Evaluation
C# always looks at the left hand side of a conditional expression first, then it works its way towards the right. This might seem obvious but C did not guarantee this.
What use is it? Well it has a few uses on its own but they're mostly quite specialised. It's main use is when combined with the last language feature.
Short-Circuit Evaluation
Let's look at a simple if statement...
int a=5,b=7
if(a == 0 && b == 7)
do_something();
We know it will be evaluated left-to-right so the term the runtime will look at first is a == 0. We know that we set a to 5 so this will evaluate to False. The other term of the if statement, b == 7 is ANDed with the first - the entire expression can only evaluate to True if both sides evaluate to True.
The left hand side evaluates to False so it doesn't matter what the right hand side evaluates to, it can't affect the outcome of the entire expression.
So the runtime doesn't bother with it. It can't affect the result so why bother wasting CPU cycles evaluating it?
The same is true of OR conditions.
int a=5,b=7
if(a == 5 || b == 7)
do_something();
This time we've set a to 5 so the first term of the expression evaluates to True. This time though the second term is ORed with the first. TrueOR anything is always True so there's no point in the runtime evaluating the rest of the expression - so it doesn't.
What use is this? Well null checks are a really obvious one.
If myObject is null then the right-hand side will never execute. I must add a note of caution at this stage: some developers really don't like this construct. I think their main fear comes from C where the neither the order of evaluation nor short-circuiting were guaranteed by the language, so it could have evaluated this right-to-left or evaluated all the terms regardless, both of which would be pretty terminal.
There's also an argument that it's not clear. It is true that if badly written it can rather obfuscate the actual tests, but any badly written code can obfuscate the functionality (see the terrible if statement at the top of this article). My advice would be that if the relationship between the "gateway" test and the one that it's shielding is not immediately obvious then split it out into multiple if statements. Here's an example of something that's unclear :-
You might know that if SomeMethod() doesn't return 37 then mySecondObject will be null but someone else reading your code probably won't and could easily break it. This should be more explicitly coded and properly commented.
Another use - and this one requires some thought - is optimisation. If you have a relatively expensive test and a relative cheap one, you might want to order your conditional statement carefully to save a few CPU cycles.
Square roots are quite expensive to calculate whereas the boolean is easy to test. So we put the boolean test in first and if this is False then we won't bother evaluating the more expensive right hand side.
Conclusion
If you didn't know before you now have the tools to work out how my little abomination toward the top of the article works. It uses 3 language features.
Guaranteed left-to-right evaluation means we can be sure what order an expression is going to be evaluated in.
Short-circuit evaluation means that we know the runtime won't even run a test unless its outcome can affect the entire expression. We can use this fact to optimise code and even to stop the runtime executing tests that might throw an exception.
The fact that assignments have a result isn't very useful and can cause a lot of problems. It's probably best avoided.
It’s depressing – the end of September has gone and the nights are drawing in. Soon we will be getting up in the dark. I think most of us find it a little harder to get motivated in the winter, perhaps not to the stage where we would say we were actually depressed or suffering from SAD, just a bit “meh”.
Thankfully there are things we can do to alleviate that somewhat. Here are 2 that I do…
1 – Get a “Dawn Simulator” Alarm.
I’ve got a Lumie Bodyclock Starter 3o (there are much cheaper alternatives). Half an hour before the alarm goes off it starts to turn the light on. It steadily increases the brightness so that when the alarm finally does go off it’s actually quite light in the room.
The effect is relatively subtle – I don’t wake up full of the joys of spring as the marketing material for these things implies. What I find is that I’m alert when I wake up instead of half asleep and that actually makes a big difference to the start of the day, which in turn makes a big difference to the rest of the day.
2 – Use Daylight Coloured Lights
It may be a stereotype that programmers like to sit in the dark but not all of us are like that. I’m lucky – my office environment is under my control. I’ve replaced all the lights with daylight coloured LED units. This makes a big difference too – the office is bright and cheerful even on a grey winter day. It just makes putting in a day’s work that little bit easier.
If you’re not as lucky as me you can always put a request in to your building manager to get the light colour changed. Often “daylight” units are the similar prices to other colours so you can usually get them swapped out, if not immediately then when the units fail.
You can also try getting a daylight desk light – be aware though that when using a desk light you have to make sure that you look away from your desk a lot. It’s rather easy to get zoned in for hours and that won’t do your eyesight any good at all.
These are 2 really simple and easy things that can make a big difference in the middle of December when you start and finish work in the dark.
2 people tried on tricks on me when I was recently in Paris – the first was blindingly obvious but the second was a little more subtle. Neither were particularly offensive or likely to cost a lot of money however.
1 – The Fake Charity
A chap approached me speaking bad English – this was immediately odd as most people in France spoke French to me. He asked for “Just a signature – to support the children – it’s for UNICEF” and showed me a page on a clipboard (the sort of thing that looks like a sponsor form). Part of the clipboard was carefully covered by his hand.
The page was badly photocopied, didn’t mention UNICEF and the chap had nothing that looked even vaguely like proper charity apparel. More out of curiosity than anything else I took the clipboard and pen and of course, under the part that he had been covering it said “Donation” and, apparently, several people had donated €5 or €10.
I pondered for a second whether I should throw the clipboard a good distance, deface the page entirely, tear it off or simply hand it back on the grounds that he might get a bit stabby if I did any such thing. In this moment he grabbed it back and ran as a security guard was rapidly approaching.
2 – Is This Your Ring?
This one is much better – I was walking along the Seine when a chap bent down a couple of metres in front of me and apparently picked up a ring. “Is this yours?” he asked (in French). “No”, I replied (in French, with a Gallic shrug) and carried on walking but he walked with me. “It looks expensive” he said (in English) and was suspiciously insistent about it being mine and expensive. I figured it was a distraction trick and wondered what the distraction was from. He went away though and I still had wallet, phone, keys, rings etc.
Later I saw the same guy chatting to some girls – he was asking for a small contribution – a “finder’s fee” to let them keep the ring that he had apparently just found on the floor near them.
I didn’t get a good look at the ring – so I couldn’t tell whether it was extremely cheap or stolen. I like this trick because it plays or your own dishonesty and greed which is something we all have whether we like it or not.
I’m not on a diet. Historically I’ve been more than averagely careful about what I eat anyway. However I have noticed that of late I have become a little lazy about it and that’s had an effect on my body. So I did a bit of an audit and came to a few simple conclusions.
Most of the food I eat is pretty healthy but I have a bit of a psychological problem with eating everything on my plate. I was therefore eating too much.
There were a few horrors – a couple of common evening meals provided enough calories for the entire day.
Alcohol has calories in it. Who knew?
So I’ve addressed those three things in easy simple ways.
I put less on my plate. If I’ve cooked too much (common) I put the remainder in the fridge and eat it for lunch the next day. I just had a lovely bean curry burrito with last night’s left-overs.
Some of the recipes were easily modified, others taken out of regular rotation so they’re now occasional treats.
I’ve stopped drinking midweek.
One recipe particularly surprised me – a smoked salmon tagliatelle. By reducing the amount of pasta slightly, switching from double cream to single + cornflour and using a “low calorie” garlic bread I could all but halve its calorie count.
The really surprising element is that I prefer the lower calorie version of the recipe, the full fat version was always a bit sickly. It goes further than that though, I’ve fallen back in love with food. When I was a kid – in fact right up until I moved to Hull and became a sedentary office worker I used to get hungry about half an hour before a meal, then I used to really enjoy the meal. The tastes and textures were really vibrant. That’s happening again now, I’m appreciating what’s on my plate which feeds back into the care and attention I’m paying to putting it there.
It just occurred to me that SQL’s geometry type can be used like a canvas to visualise nonspatial data in SQL Server – to make graphs etc.
Sure there are other tools, more appropriate tools (like Excel) but you don’t always have them to hand or set up. For instance all I wanted was a quick visualisation of the number of calls one of our customers was taking over time.
declare @result nvarchar(max)=N'select geometry::STGeomFromText(''LINESTRING('
select @result=@result+convert(nvarchar(14),convert(float,dy))+' '+CONVERT(nvarchar(14),ct)+', '
from
(select DATEADD(Day, DATEDIFF(Day, 0, timestamp),0) dy,COUNT(*) ct from dummydata.call
group by DATEADD(Day, DATEDIFF(Day, 0, timestamp),0)) T1 order by dy asc
select @result=substring(@result,1,LEN(@result)-1)+N')'',0)'
exec sp_executesql @result
Which produces, using SQL Server Management Studio’s Spatial visualiser…
This is perfectly good enough to give me a general idea of what the data looks like.
The reason for the shape is that what is shown is test data – one can clearly identify the periods where testing was taking place!
Point data is, of course, easier – one can simply select the points directly out of the data set.
select geometry::STGeomFromText('POINT('+CONVERT(varchar(14),CONVERT(float,dy))+' '+CONVERT(varchar(14),ct)+')',0)
from
(select DATEADD(Day, DATEDIFF(Day, 0, timestamp),0) dy,COUNT(*) ct from dummydata.call
where timestamp>'2011-01-01'
group by DATEADD(Day, DATEDIFF(Day, 0, timestamp),0)) T1 order by dy asc
Or if we want to get really silly, we can visualise the data as the number of calls taken for each day of the week in a nice bar chart…
select geometry::STGeomFromText('POLYGON(('
+CONVERT(VARCHAR(14),dow)+' 0,'
+CONVERT(VARCHAR(14),dow)+' '+CONVERT(varchar(14),ct)+','
+CONVERT(VARCHAR(14),dow+99)+' '+CONVERT(varchar(14),ct)+','
+CONVERT(VARCHAR(14),dow+99)+' 0,'
+CONVERT(VARCHAR(14),dow)+' 0))',0),dnam
from (select (DATEPART(dw,timestamp)-1)*100 dow,LEFT(DATENAME(dw,timestamp),3) dnam, COUNT(*) ct from cnc.call
group by DATEPART(dw,timestamp),DATENAME(dw,timestamp)
) T1 order by T1.dow
Most people are rubbish at picking secure passwords – “pr0gn0s1s”, for instance, is a crap password. Taking an English word or a name and then changing a few of the letters just doesn’t cut it. Why? Well, the complex explanation is given in XKCD Comic but if “bits of entropy” means nothing to you, it works like this.
Most hacking attempts aren’t a done by a smart but misguided geek, they’re done by other computers and they’re dictionary based. That doesn’t always mean an English dictionary, rather a list of words that are commonly used in passwords. A computer program works through the dictionary trying each phrase in turn. Unsurprisingly hackers are well aware that people change O to zero etc. so all those combinations are tried too. Using the password “pr0gn0s1s” will take maybe a millisecond more to crack than simply “prognosis”. Changing letters to numbers is almost no help in making a password more secure.
So how do we avoid this?
1. Use Multiple Unrelated Words
XKCD makes a good point, you can just use multiple unrelated words, spelt entirely normally. By unrelated I mean that “DavidBeckham” is 2 words but would be a monumentally terrible password. “hollowpoolbutton” is much better and much easier to remember. “The Hollow Crown” is a series of Shakespeare plays on BBC TV, “Crown Pools” is a swimming pool in Ipswich, “Poole” is the town where Jenson Button (a racing driver) wasn’t born (but I thought he was until I just Googled him). So this is an easy password for me to remember.
This might not sound like it’s better than “pr0gn0s1s” but it is, massively so. There are more than 200,000 words that could follow “hollow” and another 200,000 that could follow “pool”. That’s more than 40 billion possibilities. A bit better than the handful of different substitutions that can be made in “prognosis”.
Adding some capital letters, a number, a special character may make it slightly better still, but the main strength of the password comes from it being made up of three unconnected sequences.
2. Insert Something Foreign Into a Word
Another way that sounds rather counter-intuitive but is surprisingly effective is to add something into the middle of a word. Instead of “pr0gn0s1s” you could use “progn9osis”. Now it’s not an English word any more and it’s not an obvious change. Personally I’m not happy with a single insertion, there aren’t that many letters on the keyboard or letters in “prognosis”. Dump an entire other word in, however, and it makes a big difference. It is very improbable that “prognmintosis” would ever be tried by a hacker.
Although, point of order, now I’ve written that exact phrase on a web page about choosing a strong password, you probably shouldn’t use “prognosis” and “mint” in the same password any more.
3. Use The First Letters of a Passage of Text
The last simple method I’ll mention is to find a phrase, a bit of poetry, prose or song fragment and take the first letter of each word. So if you’re a big Samuel Taylor Coleridge fan you might select;
“The naked hulk alongside came, And the twain were casting dice;”
from the most excellent (but rather scary) Rime of the Ancient Mariner. This would make a password of “tnhacattwcd” which scores well on all levels. It feels like a secure password, it actually is a secure password and it’s easy to remember.
Why Do Systems Insist On Password Rules?
We’ve all been there, “Sorry, you can’t use this password because it doesn’t contain a capital letter, a lowercase letter, a special character a number and a fractal equation.”
XKCD clearly demonstrates that this is a bag of arse. You can do all those things (except maybe the fractal equation) and still have a rubbish password, or you can do none of those things and have a really strong one.
One reason is that some people really are unbelievably crap at passwords. They’ll use their own names, pet names or other information that a lot of people would know and could easily guess. At least if they’ve got a number or some punctuation in the password they stand some chance of their new credit card not being immediately hacked by their 5 year old kid.
A second reason is that, although the world of computers contains some of the cleverest people on the planet, it also contains a lot of people who aren’t. Some people who really should know better actually believe that these things are required for a strong password.
Then there are managers who just want to feel safe. Despite having the situation explained to them multiple times, they still feel that a password needs to have these elements to be strong. At an emotional level we can have some sympathy, it does feel like “pr0gn0s1s” is a stronger password than “PencilDaquiri” but it isn’t. Unfortunately, when a manager has those emotions, the wrong password rules tend to propagate into systems.
The last thing I want to mention is user expectation. There are situations where everyone in the production of the system is fully aware of the facts, but they’re producing a system that the users need to trust. We’ve established already that people have an emotional connection, if they feel a password is complicated they also feel it is secure.
People might feel, because they had to try 3 times to meet the password strength requirements, that because there are fancy traffic lights telling them how “strong” their password is, that a web site must be really secure. Behind that, the password might written in plain text into a database that itself has poor security and is directly exposed to the entire Internet.
It doesn’t matter if the a rival site has a much better password policy and a much better and more secure way of storing those passwords, if the user doesn’t feel that the site is secure, they’ll use the one that it is actually less secure.
Sadly, I think that all adds up to us being stuck with these rather silly password rules. Fortunately if you’re in the habit of setting secure passwords then it doesn’t actually make them much more difficult to remember. It’s just irritating.
Reading Time: 2minutesMe: So what sort of order of magnitude are we looking at for pricing?
Exhibitors: Oh well I see you’re British I can put you in contact with our reseller in London…
This is just not good enough for any business that thinks itself truly international. I didn’t ask for a quote I asked for the order of magnitude, something roughly in the area. If a company can’t provide any idea then there’s something very wrong…
It implies that the company has no direct presence in the UK, the further implication being that UK is not a core region hence support will be lacking and any UK specific portions of the product will be poorly maintained or just plain poor fullstop.
It implies geographical pricing. Today’s business is global, I can and have bought COTS software from other regions. This business model doesn’t work, get over it.
When a quick Google of the resellers also fails to reveal pricing one wonders if the product is actually available boxed, or whether it always comes with a cheesy sales drone and a whack of “consultancy” or “project management” attached. Further, there is an implication that without value added services it won’t actually work.
Nobody likes talking to cheesy sales drones, not even IT Professionals.
So this is how it should go :-
Me: So what sort of order of magnitude are we looking at for pricing?
Exhibitor: Err, well, in the USA we either licence per device at $5pa each or you can buy a server licence for $2000pa. Obviously there will be some regional variation in the UK but they’re the sorts of figures you’ll be looking at. We have a number of partners in the UK, some just ship boxes but if you really want to get the most out of our software I’d recommend talking to blah… blah…