While I agree that certain constructs, like "goto" should not be used, I will point out that the full title of the 2004 version of the MISRA C document is:
MISRA C:2004 Guidelines for the use of the C language in critical systems
Note the word "Guidelines".
Also note section 4.3.2, which discusses deviation procedures. In summary, it recognizes that full compliance is not always practical. And when deviations are made, they must be documented, justified and reviewed. Sometimes, such reviews involve showing 2 versions of the code in question: One without the deviation and the other with, so that the relative risks can be analyzed and discussed. Sometimes this process can result in an alternative with either a "less serious" deviation or no deviation. And sometimes the deviations are approved as-is.
At the consulting company I work for, how strictly the various guidelines (not just MISRA, as only a few of our clients are automotive) deviations are approved depend on the customer. We certainly make great effort to only deviate from the various guidelines when the risks of compliance outweigh the risks of non-compliance. Sometimes business considerations override engineering considerations.
Had I bought a machine specifically with the intention of running Linux on it, then I might have a better experience, as I could verify that all the hardware is compatible before loading on the operating system. But using the machines I just happened to own, it's pretty hit or miss as far as what hardware will have good drivers.
Hardly surprising. FWIW, most people buying MS Windows PCs buy them with Windows pre-installed. The only time I ever installed "retail box" MS Windows was (over 10 years ago) when helping a friend who was "building" his own PC. We had to do a lot of searching and visit several component vendors' websites to find all the drivers needed. I can't speak to the current situation.
From comments made by the IT people at most of the companies I've worked for, there is a similar situation for "business" PCs running MS Windows. These comments came from me making the observation that PCs from a certain PC vendor were the most common (at the companies I've worked for). Their responses were to the effect that that vendor made it very easy for them to create custom system images. (So easy that they could create different images for different (groups of) departments - Administration, Finance and HR PCs got a system image "optimized" for office tasks. Engineering PCs got an image optimized for engineering needs, likewise, Logistics and Manufacturing PCs got an image for L&M needs.) They also said that PCs from other vendors required significantly more effort to create custom system images.
A friend of mine works for an automotive electronics supplier, so knows how in-service software updates are performed.
One of the ECUs also functions as a "diagnostic gateway" (DG). The DG is connected to the vehicles "diagnostic link connector" (DLC). To update the software in an ECU, a service technician plugs a reprogramming tool into the DLC and talks to the DG. The DG forwards the commands and data from the tool to the ECU being reprogrammed. It also forwards the ECU's responses to the tool.
Many new vehicles also have a remote assistance feature, like GM's OnStar, that uses a cellphone radio to communicate with a help center. An additional feature provided by these remote assist (RA) ECUs is reporting diagnostic messages from the other ECUs to the vehicle vendor.
To enable OTA software updates of any ECU in a vehicles requires only to upgrade the RA to be able to receive and buffer an entire file and to incorporate the "tool side" of the ECU reprogramming protocol (in vehicles that support OTA updates to the infotainment system, this has already been done). Also, the DG would need to be enabled to forward commands and data from the RA to ECUs not on the same network bus as the RA.
You mean the odometer. It shows the number of miles drivern, but not where you drove them.
While road fuel tax can be accounted to the location of purchase, it still doesn't tell where you drove the miles. As a result, there are other means to measure traffic on roads.
And yes, I know that today's new cars have GPS built in.
Just because GPS data would make it easier to apportion road taxes to the roads being driven doesn't mean it's a good idea.
Except that those fines are levied against the corporation, not the responsible people. While the corporation could recuperate that from the responsible people, it usually doesn't because the responsible people based their decision on advice from experts, then chose what sounded "good enough" while minimizing the implementation cost. So the blame gets transferred to the experts - the one for giving bad advice and the others for failing to adequately counter the one - who then get fired. Then the corporation then passes the costs through to its customers - and gets to deduct the costs from its taxable revenue.
A few of my friends were in the US military. Based on things they said at various times, my understanding is that commanders have a lot of discretion when prescribing punishment. In many cases, purely administrative discipline can be sufficiently obfuscated that it has no long term - or even medium term - effect.
Tokens can also retain some of the original data. So if we tokenized SSN 123-45-6789, we could generate a token that kept the same last 4 digits, 541-30-6789. If customer support uses the last four digits of SSN to verify customers on the phone, they can now do it without being exposed to the real sensitive data.
While it is very common practice in the US to verify customers using the last 4 digits of their SSN, this practice is actually poor security.
If you know someone's place and date of birth, you can determine the first 5 digits. This is because SSN assignment was done by regional offices, each assigned a block from which to allocate SSNs.
Even though centralized SSN assignment is now used, vast numbers of US citizens were assigned their SSNs from the regional blocks.
an educational environment with the offspring of other parents is an irreplaceable (at times, admittedly unpleasant) lesson that all young people should be exposed to. It's not always pretty, but it grounds a young human in dealing socially with others for the rest of his/her life.
Which was why my parents sent me to preschool and kindergarten. And then tried to send me to public school. Then, ultimately, to the private school. And, while not exactly "educational", the various extra-curricular activities contributed to this as well.
The home schooling they did was because I needed the academic challenges that the public schools refused to provide.
It really depends on the child. I was starting to read and do addition/subtraction at age 3. I wasn't pushed, but as my parents realized my potential, they supported and encouraged me. That support evolved into home schooling.
I did go to public preschool and kindergarten (half day sessions, home schooled the other half). There, the teachers accepted my ability and appreciated my willingness to read stories to and help the other kids.
After that, even though the school's officials acknowledged I was performing at a 3rd grade level, they insisted that I had to be placed according to my age. Being 6, that meant 1st grade. The teacher quickly determined that I always had all the correct answers, so stopped calling on me - not even calling me last, after the other kids gave up. And while I was allowed to participate in group "reading aloud", he was irritated by the fact that I had finished reading whatever story before the other kids were even ready to start the reading session. Also, I was not allowed to help my classmates. While he could not mark down my workbook, quiz and homework scores, he did give me zeros for class participation and "citizenship". When my parents complained, the teacher demanded the school officials assign me to a different teacher. After a week of only slightly better treatment by the other teacher, my parents decided to pull me out and resume home schooling me.
3 years later, a new private school opened. My parents arranged an interview for me. Near the end of the interview, the teacher looked at the public school records and commented "I'm sorry about what the public school did to you. But don't worry, you're the kind of overachieving trouble-maker we want," making my parents laugh. She excused herself, then returned a few minutes later, telling my parents that no further review was necessary and I would be accepted on full scholarship.
I think I got the best of both worlds. Home schooling provided the academic challenge I needed (and wanted). Preschool, kindergarten, Cub Scouts and other activites provided the social development opportunities. Then the private school continued both.
While a bit of strife may help build character, being held back academically is a lot more than a bit of strife. Being home schooled was not easy. My parents gave me lots of challenges, allowed me to meet those challenges, then setting new ones.
Do your kids a favor. Help them set achievable goals. Provide guidance (not easy answers). And don't be afraid to say "I don't know. Let's learn together."
A few years ago, I was presented with a covenant-not-to-compete which included an NDA that stipulated that I mustn't ever tell anyone about the covenant -or- the NDA.
NDAs and non-compete covenants have been a part of every consulting and employment contract for every job I've ever had. As best I can determine, everyone who has every employed me in some form has assumed that I've signed such contracts previously.
Legally, the non-compete covenants can only prevent me from directly soliciting customers and suppliers of a past employer for one year. However, businesses that find me either via my jobsite postings or via a recruiter can hire/contract me with no penalty to me.
The NDAs only prevent me from discussing things my current and future employers already assume I'm not allowed to discuss. And if said employer legally possesses information or data potentially covered by an NDA, I'm only restricted from discussing how it applied to past employers. Again, already assumed to not be discussable.
Once a NSL, warrant or other court order is leaked, the secrecy is broken. The leaked copy is itself the evidence of the leak. The "unspeakable places" are only needed to motivate the recipient to accept a plea deal.
At least in the US, until the SCOTUS issues a ruling about this, it is a gray area. Obviously, the companies doing this are betting that "not making a false statement" is not the same as "making a true statement" even if the underlying information communicated is the same in either case.
The government would hold the recipient of said NSL accountable for failing to enact adequate security measures to prevent said NSL from leaking. Similar to any other crime of willful negligence.
The bomb squad did better than than -- one of their members was put in a fire truck's basket and lifted up to be right next to the device/pinhole camera.
Now that was stupid. They should have strapped a bomb robot to the truck's lift and raised that to the device.
I remember back when my GF and I first got broadband in our house. Some of our friends who had it before we did had gotten in trouble with the cable company for using their own router. The cable company was able to detect this because the modem would report the MAC address of the connected device to the cable company. Our friends were forced to rent and use a supplied router, then charged based on the number of PCs that router reported (or for 2, if the router reported
When our subscription started, after getting the service working using a PC directly connected to the modem, we then set our router's "up stream" MAC address to the same as the PC we used for setup. We still keep that PC for when there is a problem. Just before calling the cable company, we disconnect the router and connect that PC. Otherwise, the person at the cable company will just say "The problem is that you have Windows Firewall turned on. Turn that off and the problem will go away."
Yes, the portability is a very good thing. Using a cover with a built-in Bluetooth keyboard, I mostly use it like a netbook that has a touch screen. The touch screen allows me to include simple drawings with my notes and provides easy (2D) navigation of PDF "prints" of complex diagrams. Some things, I still need a full laptop, but most meetings, the tablet is much more convenient.
You could always use several layers of encryption, written by different groups
Encrypting something already encrypted has to be done very carefully, otherwise the data is less secure, not more. In the widely known 3DES, which was used as an interim upgrade to DES before AES, the second encryption is actually done with the DES decryption function, while the first and third encryptions are done using the DES encryption function.
And when layering different algorithms, it is possible for the weaknesses of one algorithm to exacerbate the weaknesses of another algorithm. This requires understanding how the algorithms effect each other.
Also, to choose algorithms wisely requires understanding the weaknesses of the algorithms.
The vast majority of potential users of encryption will have to trust more than a few experts and other third parties.
Slashdot Mirror
Were you intending to reply to ShanghaiBill's post?
If me, I was only curious how he would write the subfunctions into which he deferred the lower level parts of the error handling.
There is a fork of Debian without systemd. Don't remover the spelling, but is pronounced "dev one".
And how would you write acquireResources?
While I agree that certain constructs, like "goto" should not be used, I will point out that the full title of the 2004 version of the MISRA C document is:
MISRA C:2004 Guidelines for the use of the C language in critical systems
Note the word "Guidelines".
Also note section 4.3.2, which discusses deviation procedures. In summary, it recognizes that full compliance is not always practical. And when deviations are made, they must be documented, justified and reviewed. Sometimes, such reviews involve showing 2 versions of the code in question: One without the deviation and the other with, so that the relative risks can be analyzed and discussed. Sometimes this process can result in an alternative with either a "less serious" deviation or no deviation. And sometimes the deviations are approved as-is.
At the consulting company I work for, how strictly the various guidelines (not just MISRA, as only a few of our clients are automotive) deviations are approved depend on the customer. We certainly make great effort to only deviate from the various guidelines when the risks of compliance outweigh the risks of non-compliance. Sometimes business considerations override engineering considerations.
My pigeons have NFC implants. Packets are automatically down/up-loaded from the implants as the pigeons arrive/depart.
Had I bought a machine specifically with the intention of running Linux on it, then I might have a better experience, as I could verify that all the hardware is compatible before loading on the operating system. But using the machines I just happened to own, it's pretty hit or miss as far as what hardware will have good drivers.
Hardly surprising. FWIW, most people buying MS Windows PCs buy them with Windows pre-installed. The only time I ever installed "retail box" MS Windows was (over 10 years ago) when helping a friend who was "building" his own PC. We had to do a lot of searching and visit several component vendors' websites to find all the drivers needed. I can't speak to the current situation.
From comments made by the IT people at most of the companies I've worked for, there is a similar situation for "business" PCs running MS Windows. These comments came from me making the observation that PCs from a certain PC vendor were the most common (at the companies I've worked for). Their responses were to the effect that that vendor made it very easy for them to create custom system images. (So easy that they could create different images for different (groups of) departments - Administration, Finance and HR PCs got a system image "optimized" for office tasks. Engineering PCs got an image optimized for engineering needs, likewise, Logistics and Manufacturing PCs got an image for L&M needs.) They also said that PCs from other vendors required significantly more effort to create custom system images.
A friend of mine works for an automotive electronics supplier, so knows how in-service software updates are performed.
One of the ECUs also functions as a "diagnostic gateway" (DG). The DG is connected to the vehicles "diagnostic link connector" (DLC). To update the software in an ECU, a service technician plugs a reprogramming tool into the DLC and talks to the DG. The DG forwards the commands and data from the tool to the ECU being reprogrammed. It also forwards the ECU's responses to the tool.
Many new vehicles also have a remote assistance feature, like GM's OnStar, that uses a cellphone radio to communicate with a help center. An additional feature provided by these remote assist (RA) ECUs is reporting diagnostic messages from the other ECUs to the vehicle vendor.
To enable OTA software updates of any ECU in a vehicles requires only to upgrade the RA to be able to receive and buffer an entire file and to incorporate the "tool side" of the ECU reprogramming protocol (in vehicles that support OTA updates to the infotainment system, this has already been done). Also, the DG would need to be enabled to forward commands and data from the RA to ECUs not on the same network bus as the RA.
You mean the odometer. It shows the number of miles drivern, but not where you drove them.
While road fuel tax can be accounted to the location of purchase, it still doesn't tell where you drove the miles. As a result, there are other means to measure traffic on roads.
And yes, I know that today's new cars have GPS built in.
Just because GPS data would make it easier to apportion road taxes to the roads being driven doesn't mean it's a good idea.
there are HUGE fines for allowing PHI to leak out
Except that those fines are levied against the corporation, not the responsible people. While the corporation could recuperate that from the responsible people, it usually doesn't because the responsible people based their decision on advice from experts, then chose what sounded "good enough" while minimizing the implementation cost. So the blame gets transferred to the experts - the one for giving bad advice and the others for failing to adequately counter the one - who then get fired. Then the corporation then passes the costs through to its customers - and gets to deduct the costs from its taxable revenue.
A few of my friends were in the US military. Based on things they said at various times, my understanding is that commanders have a lot of discretion when prescribing punishment. In many cases, purely administrative discipline can be sufficiently obfuscated that it has no long term - or even medium term - effect.
Tokens can also retain some of the original data. So if we tokenized SSN 123-45-6789, we could generate a token that kept the same last 4 digits, 541-30-6789. If customer support uses the last four digits of SSN to verify customers on the phone, they can now do it without being exposed to the real sensitive data.
While it is very common practice in the US to verify customers using the last 4 digits of their SSN, this practice is actually poor security.
If you know someone's place and date of birth, you can determine the first 5 digits. This is because SSN assignment was done by regional offices, each assigned a block from which to allocate SSNs.
Even though centralized SSN assignment is now used, vast numbers of US citizens were assigned their SSNs from the regional blocks.
an educational environment with the offspring of other parents is an irreplaceable (at times, admittedly unpleasant) lesson that all young people should be exposed to. It's not always pretty, but it grounds a young human in dealing socially with others for the rest of his/her life.
Which was why my parents sent me to preschool and kindergarten. And then tried to send me to public school. Then, ultimately, to the private school. And, while not exactly "educational", the various extra-curricular activities contributed to this as well.
The home schooling they did was because I needed the academic challenges that the public schools refused to provide.
Root the phone, remove Google apps, use alternative apps.
Is that sufficient? Can you be sure that the vendor's build of Android doesn't phone home?
Unfortunately, installing the alternative, Cyanogen, requires your phone be supported.
And the other 6 convictions should be good enough to add at least another 50 years to that.
(I can only offer anecdotal commentary.)
It really depends on the child. I was starting to read and do addition/subtraction at age 3. I wasn't pushed, but as my parents realized my potential, they supported and encouraged me. That support evolved into home schooling.
I did go to public preschool and kindergarten (half day sessions, home schooled the other half). There, the teachers accepted my ability and appreciated my willingness to read stories to and help the other kids.
After that, even though the school's officials acknowledged I was performing at a 3rd grade level, they insisted that I had to be placed according to my age. Being 6, that meant 1st grade. The teacher quickly determined that I always had all the correct answers, so stopped calling on me - not even calling me last, after the other kids gave up. And while I was allowed to participate in group "reading aloud", he was irritated by the fact that I had finished reading whatever story before the other kids were even ready to start the reading session. Also, I was not allowed to help my classmates. While he could not mark down my workbook, quiz and homework scores, he did give me zeros for class participation and "citizenship". When my parents complained, the teacher demanded the school officials assign me to a different teacher. After a week of only slightly better treatment by the other teacher, my parents decided to pull me out and resume home schooling me.
3 years later, a new private school opened. My parents arranged an interview for me. Near the end of the interview, the teacher looked at the public school records and commented "I'm sorry about what the public school did to you. But don't worry, you're the kind of overachieving trouble-maker we want," making my parents laugh. She excused herself, then returned a few minutes later, telling my parents that no further review was necessary and I would be accepted on full scholarship.
I think I got the best of both worlds. Home schooling provided the academic challenge I needed (and wanted). Preschool, kindergarten, Cub Scouts and other activites provided the social development opportunities. Then the private school continued both.
While a bit of strife may help build character, being held back academically is a lot more than a bit of strife. Being home schooled was not easy. My parents gave me lots of challenges, allowed me to meet those challenges, then setting new ones.
Do your kids a favor. Help them set achievable goals. Provide guidance (not easy answers). And don't be afraid to say "I don't know. Let's learn together."
A few years ago, I was presented with a covenant-not-to-compete which included an NDA that stipulated that I mustn't ever tell anyone about the covenant -or- the NDA.
NDAs and non-compete covenants have been a part of every consulting and employment contract for every job I've ever had. As best I can determine, everyone who has every employed me in some form has assumed that I've signed such contracts previously.
Legally, the non-compete covenants can only prevent me from directly soliciting customers and suppliers of a past employer for one year. However, businesses that find me either via my jobsite postings or via a recruiter can hire/contract me with no penalty to me.
The NDAs only prevent me from discussing things my current and future employers already assume I'm not allowed to discuss. And if said employer legally possesses information or data potentially covered by an NDA, I'm only restricted from discussing how it applied to past employers. Again, already assumed to not be discussable.
NSLs are served to third parties. Courts have upheld compelling third parties to provide evidence.
Once a NSL, warrant or other court order is leaked, the secrecy is broken. The leaked copy is itself the evidence of the leak. The "unspeakable places" are only needed to motivate the recipient to accept a plea deal.
At least in the US, until the SCOTUS issues a ruling about this, it is a gray area. Obviously, the companies doing this are betting that "not making a false statement" is not the same as "making a true statement" even if the underlying information communicated is the same in either case.
The government would hold the recipient of said NSL accountable for failing to enact adequate security measures to prevent said NSL from leaking. Similar to any other crime of willful negligence.
The bomb squad did better than than -- one of their members was put in a fire truck's basket and lifted up to be right next to the device/pinhole camera.
Now that was stupid. They should have strapped a bomb robot to the truck's lift and raised that to the device.
Personally, I would not be attending a maw-and-paw diner
Neither would I, but my cats would probably love it.
I remember back when my GF and I first got broadband in our house. Some of our friends who had it before we did had gotten in trouble with the cable company for using their own router. The cable company was able to detect this because the modem would report the MAC address of the connected device to the cable company. Our friends were forced to rent and use a supplied router, then charged based on the number of PCs that router reported (or for 2, if the router reported
When our subscription started, after getting the service working using a PC directly connected to the modem, we then set our router's "up stream" MAC address to the same as the PC we used for setup. We still keep that PC for when there is a problem. Just before calling the cable company, we disconnect the router and connect that PC. Otherwise, the person at the cable company will just say "The problem is that you have Windows Firewall turned on. Turn that off and the problem will go away."
Yes, the portability is a very good thing. Using a cover with a built-in Bluetooth keyboard, I mostly use it like a netbook that has a touch screen. The touch screen allows me to include simple drawings with my notes and provides easy (2D) navigation of PDF "prints" of complex diagrams. Some things, I still need a full laptop, but most meetings, the tablet is much more convenient.
You could always use several layers of encryption, written by different groups
Encrypting something already encrypted has to be done very carefully, otherwise the data is less secure, not more. In the widely known 3DES, which was used as an interim upgrade to DES before AES, the second encryption is actually done with the DES decryption function, while the first and third encryptions are done using the DES encryption function.
And when layering different algorithms, it is possible for the weaknesses of one algorithm to exacerbate the weaknesses of another algorithm. This requires understanding how the algorithms effect each other.
Also, to choose algorithms wisely requires understanding the weaknesses of the algorithms.
The vast majority of potential users of encryption will have to trust more than a few experts and other third parties.