I'm fascinated by the situation in Luxembourg, because of the similarities between it and the ACT (Australian Capital Territory), where I live. For USAians, the ACT is the equivalent of the District of Columbia - a territory just big enough to contain a city. Canberra's only got 300,000 people, so the ACT's only 4000 sq km or so ( vs 2800 sq km for Luxembourg).
Anyway, 12 months ago there were basically no good broadband options. Now we have 3 - I've got a package involving free local (ie anywhere on the network) phonecalls, a dozen or so cable channels, a 256 kbps 800 MB/month line, and an ISP with the usual website, e-mail etc for less than $50 US/month total. And despite a letter saying "we're going to actually slow you down to 256kbps real soon", I'm still getting 400 kbps+ according to various speed measurers.
It beats the heck out of my 56k modem. And it SURE beats the heck out of downloading stuff from Australia to a German server over a 300 Bd modem back in the late 80's. The international lines couldn't take 1200 back then, and 300 was iffy for large (multi kilobyte) data transfers. Geen Gouden Eeuw!
Ma, dann nach ee scheinen daag! Vlaams? I speak and write both Plattdeutsch and Nederlands so badly that I can even understand that. Interesting spelling (Ma instead of Maar for example). Maybe I'd even fit in with the Luxembourgeoisie. A Bientot, Tot Zeens, etc.
The context was that of software for an unmanned microsatellite, not the shuttle.
Crewed spacecraft have an even more strict set of rules attached to the software development process. Have a look at some of the articles on DO-178B, the software development standard for avionics. Similar issues apply, but even more so.
Look, people - not Geniuses - just normal, everyday programmers - have been making software you can bet your life on for a long time now. We know how to do it even more cheaply than the normal buggy commercial work (though testing is radically expensive and blows out the total cost). There's no need, and no excuse, for BSDs and security problems. None. You just have to have the right tools, the right training, and the right attitude. If you like, the Right Stuff. Here's a quote from that article:
It's strictly an 8-to-5 kind of place -- there are late nights, but they're the exception. The programmers are intense, but low-key. Many of them have put in years of work either for IBM ( which owned the shuttle group until 1994 ), or directly on the shuttle software. They're adults, with spouses and kids and lives beyond their remarkable software program.
That's the culture: the on-board shuttle group produces grown-up software, and the way they do it is by being grown-ups. It may not be sexy, it may not be a coding ego-trip -- but it is the future of software. When you're ready to take the next step -- when you have to write perfect software instead of software that's just good enough -- then it's time to grow up.
People like myself look upon any work over about 7 hours a day more than twice a month as signs that "I personally screwed up", because I'm the guy who sets the schedule, not some PHB. We have lives. We have kids. We have hobbies. And the stuff we do is hard, the systems do a lot more than most commercial apps, and with far fewer memory and CPU resources. It's both incredible fun "boldly going.." and all that, but also a crushing responsibility when we do safety-critical work. People's lives depend on us doing the best possible job we can.
One area I disagree with in the "Right Stuff" article is that the work doesn't involve creativity. This is balderdash - we're doing stuff no-one has ever done before under really tight resource constraints. To get a reliable architecture often requires significant smarts, lateral thinking. Anyone can make a complex solution to a complex problem, the really good guys and gals make solutions so drop-dead simple, obviously-correct and efficient that it's miraculous how much such simple, obvious and readable code actually accomplishes.
Looking at the general world of InfoTech, we see that most programmers out there would rather write the winning entry for the "Obfuscated C" contest than make some software that gets us around the solar system. And that people who make reliable software hit the unemployment queue on project completion, while those making buggy stuff have jobs-for-life in maintenance. Of course, they often have 80-hour weeks too, and are driven by PHBs who know b* all, and can't even take pride in the product, so there is some justice.
We're getting a free ride along with the ADEOS II megasat (the Japanese get access to some of the data in return), but we're still talking significant money for development. And you're right re funding: it's no exaggeration to say that the future of Australia's space programme is at stake.
As regards Microsoft doing space/embedded systems, another quote from the original article:
"The system must be ductile - bending, not breaking - when things go wrong. In space no one can press Control/Alt/ Delete."
Only 58 centimetres square and weighing 50 kilograms, the tiny FedSat satellite is packed with five scientific experiments and all of the instruments required to communicate with Earth during its anticipated three-year life. At the heart of the satellite is a 10MHz ERC-32 processor - a SPARC-based 32-bit RISC processor developed for high-reliability space applications.
The ERC-32 sacrifices processing power for durability and reliability. It uses three chips to process a modest 10 million instructions per second and two million floating-point operations per second - less than 1 per cent of a Pentium 4's capabilities.
The pay-off is reliability: the ERC-32 uses concurrent error-detection to correct more than 95 per cent of errors.
Power-hungry microprocessors such as the Pentium 4, which runs a standard office PC bought off the shelf today, would be an intolerable burden on the solar-powered satellite. The ERC-32 consumes less than 2.25 watts at 5.5 volts.
Designed to survive extreme radiation bursts from solar flares, the ERC-32 can tolerate radiation doses up to 50,000 rad. This is 100 times the lethal dose for humans.
...A team of Australian programmers developed FedSat's onboard software, building on work done in Britain. It is written in Ada-95, a programming language designed for embedded systems and safety-critical software. All it has to work with is 16MB of RAM, 2MB of flash memory for storing the program, a 128K boot prompt and 320MB of DRAM in place of a hard disk that would never survive the launch process. All essential data is stored in three physically different locations.
The software is built in a similar way - lots of internal checks, tell-me-thrice memory, soft-failure-bit-flip-correcting daemons etc. In this case, lives aren't at stake, but the people doing the programming are used to situations where they are.
Some data about FedSat, a Scientific R&D microsatellite that's due for launch on the next H-2A from Tanegashima:
Firstly, the on-board software is in Ada-95, using the 3.13p version of GNAT as the compiler and RTEMS as the Run-time Kernel. Both Open-Source, and the 'p' in "3.13p" means public, free-as-in-beer. The on-board software was developed mostly by Software Improvements, a bunch of software professionals who are heavily into SLCMs, CMM, etc. And lo, it worketh, on-time, under-budget.
The ground station is another matter. OASIS was tried, but couldn't do all that was required. In a spectacular case of less-than-wonderful-judgement, VB on Windows was used for development. After a while, they got some software pros to work on that one too, rather than the hack'n'slash electronics engineers. Well, it partially works - enough so that a few months or years after launch, it will do most of what's wanted.
Moral: if it's important, and has to work first time, every time, do it in Ada and open source, and use the principles described in the parent article. If it's not so important, and can be fixed up afterwards, you're still better off using Ada, though Java's a good second choice. The only reason Ada's so good is that it makes it easy to adhere to good software engineering principles, such as teamwork, smart design, and open standards.
Separate Public view and private view -> Interfaces between teams made easier
High-level (generics, tasks etc) and low-level (address clauses) features ease design task
Standardised - Ada-83 was standardised as Mil-Std-1815A in January 1983 and later as ISO/IEC 8652:1987, Ada-95 as ISO/IEC 8652:1995.Copies of the LRM (Language Reference Manual), style manual etc are all freely available on the web.
As mentioned here, if the diamond's pink or purple, it's almost certainly from the Argyle diamond pipe in Australia. There's a nice picture of one at the 247k site.
Actually, the odds of getting a sleaze-free coloured diamond are reasonably good. Quote from the 247 site:
Each year almost half of the world's total diamond production comes from Argyle making Australia the largest diamond exporting country and the only commercial source of these miraculous coloured stones.
As for Argyle being sleaze-free, a quote from the mine owner, Rio Tinto.
The entire diamond recovery operation is controlled by state of the art computer technology. In particular, ingenious x-ray technology identifies the diamonds and removes them from the concentrated ore.Argyle markets all its gem and industrial quality diamonds independently through its own sales office in Antwerp, Belgium.
So no slave labour or De Beers sleaze. Whether the price is a rip-off is another matter.
Funnily in the first part what you described is Eiffel contracts programming, now who is using Eiffel here?
Nobody!
The worst part is I don't know of any other language which use so heavily assertionw, pre-conditions, post-conditions, etc..
You spotted it. Yes, Eiffel has some excellent features here. Ada does essentially the same job by strong typing - no need to check if a value is between 0 and 23 if the variable is of a type that can't have values outside that range - and raises an exception if you try to put one in. Ada's strong typing is often better than Eiffel in that regard, but Eiffel's contracts are more useful in other circumstances. Ideally a language should be a cross between them, and also have some of the neatness of Java as regards inheritance, as opposed to Ada-95's rather clumsy syntax. Until that come along, my favourite's Ada, but I count Eiffel practitioners as being of like mind.
But having such features as part of the language just increases productivity and makes the programmer's life easier. You can get maybe 50% of the benefit by excellent practice with any language. In Theory, C programs written by a Genius can be almost as safe as Ada or Eiffel programs written by someone merely competent. Practice has shown that they never are, but that's because it takes so much more work in C. See the article Correctness by Construction in Crosstalk, the Journal of Defence Software Engineering. It still shouldn't stop programmers in C, C++, C#, Java or whatever from manually doing what the high-level languages provide automatically, and the really good ones know this. The result may not be good enough to fly a plane or run a railway safely, but good enough for non-safety-critical applications.
I would also add: use unitary test and non-regression tests. And if you're manager make sure that everyone is testing properly their software.
Damn straight. Wish there were more people like you around, BSDs and buffer overflows would be endangered species rather than being in plague proportions.
A.E.Brain's Tip of the day for Java programmers: Classes should have a main() that performs a self-test, a boolean-returning isSane() that weeds out obviously wrong values, and a fakeSomeTestData() constructor for other classes self-tests to use. Try it - development time will decrease, productivity increase, and maintenance is a doddle as anyone new coming in can run any class and see how it works.
Ductility - the ability to fail gracefully - isn't just essential in the area of security, it's true for reliable systems generally. All programmers who've worked on stuff like Combat Systems for ships, aircraft avionics, railway control systems etc should know this, and most do.
There are 2 ways of making things secure - either against outside attack, or internal failure. I call them the Battleship and the Blob. With the Battleship, you load up the Firewall, or put in 2048-bit encryption, or even have an air gap. You basically rely on a layer of "armour plate" that your predicted threat can't penetrate. But this often fails - the threat either goes around the armour, or the incoming shell is bigger than you'd bargained for, and penetrates. Far safer in practice, though not in theory, is the Blob. This has layer after layer of safety features, each of which is easily circumvented in isolation, but every one of which limits the damage. Bugs can exist, attacks get through, but it works anyway. You can shoot the Blob full of holes, but it keeps on oozing along... Terminator 2 not Terminator 1.
What does this mean for programmers? Use strong typing (if your language doesn't support it, fake it with explicit sanity checks, boolean isSane()), always check inputs for sanity, check your outputs are plausible at least, get good peer review on everything, KISS, basically all the techniques professional Software Engineers rather then 31337 haXOrs have been spouting on about for some time. The software equivalent of
"Wear belt, braces, keep a piece of string in your pocket, and then make sure your underwear's in good shape."
Modula-2 or Ada or Logo I have not seen a wisper about in years. from what I recall Logo was to be the teaching language of the future ( back in the mid 80's ), Ada was to be the next big thing is the 80's, and modula-2 was to replace C
The first language I programmed in was FORTRAN II back in the 60's, when I was under 10. The code had to be run at the Nuclear Research Establishment at Harwell in the UK. Remember, there weren't as many computers around back then, maybe 10 in the country. It made being a pre-teen 31337 haX0r difficult.:-)
The last time I programmed in FORTRAN - FORTRAN 77 in fact - was for the communications facilities for the State Electricity Commission of Victoria, a system to help restore power in case of emergency. That was in 1987.
I still use Ada - recently for the spaceflight avionics for a scientific research satellite, and will be teaching a course in it to some people doing the avionics for a helicopter in a couple of weeks. Though the use of Ada has shrunk, it's making a strong comeback in the field of avionics, where a crash in the program could mean the crash of an aircraft.
My advice to the original poster - by all means learn FORTRAN as a fifth- or sixth- language. Even the 95% Godawful languages(VB..) can teach you something. There are times I use Java and think "why the HECK can't it have feature X of Ada-95?". There are times with Ada-95 that I say "Damn, feature Y is so clumsy compared with Java." FWIW Matlab seems to be the way of the future for non-software engineers to quickly do calculations and display the results graphically, it's a pretty good FORTRAN replacement. What EXCEL is to accountants, Matlab is to scientists.
The Americans appear to have beaten the aussies in this race.
link to darpa press release [216.239.39.100]
Not quite. That was a Ground Test. DARPA and others - like the Uni of Queensland - have had scramjets in the labs for a while. This is the first time that one has been successfully flown. It may or may not have worked - we'll see in a day or two.
Perhaps HP - having stopped Bruce Perens from protesting against the DMCA via civil disobedience - is attacking it via a reductio ad absurdum method. i.e. Showing exactly how it violates the principles of Free Speech. It's officially illegal to state that the Emperor has no clothes.
It's worthwhile taking some lessons from history. Time was, there was a huge debate in the press - somewhat before George Washington - about whether Locksmiths should publish data about vulnerabilities of locks.
The answer that was eventually arrived at was "Of course, because the professional crooks already know the vulnerabilities, and to publish would reveal to the customers what shoddy goods some locks were, and help improve the state of the art." (sorry, I've been unable to find some quotes on the web). The parallels are obvious.
I can confirm the figures for Australia. I've had over 20 years experience in the IT field, including being Chief Designer or Systems Architect for Naval Combat Systems, Spacecraft Avionics, Java/XML B2B systems and other such expensive and/or rare ecological niches. I've had job offers of DM 180k (about 90k US) to work overseas, which I've turned down. I like it here.
I'm currently earning more money than anyone else in the company - more than the CEO. US 40k per year. Others, with only 3 years or so experience, earn $20k. And these people are Good. As good or better than I was at that age.
We recently had a look at outsourcing some work to a really cluey mob in Sri Lanka - but found out that that their price was within 2% of ours (2% higher in fact). Too bad, they had an impressive track record.
It's been said You get what you pay for. Not true in our experience. The difficulty is not paying $90k to USAians or $9k to Indians for equally mediocre crud, the problem is getting good quality from anyone at any price. Where they come from has a lot more to do with their cost than the quality of their work. Top Quality leads to a doubling or at most tripling in price, 3rd World (including Australia) vs US is a factor of 10.
What can people in the US do to protect their jobs then?
Put up artificial trade barriers - no visas for Gastarbeiters, 10,000% Tariff on imported software, legislation to ban imports using DMCA, have Microsoft just buy up the competitors etc. The USA has a history of doing this.
Lower wages in the USA so that the job's pay is less than you get flipping burgers in the US (though Riches Beyond the Dreams of Avarice in much of the rest of the world.). Funnily enough, this one doesn't work except in the short term - people just move into other, better-paid professions. Or leave the US and live like Kings in some tropical paradise on 1/10 of a US salary. Guess this is me, though Canberra's cold at this time of year, and I'm not USAian.
Get more efficient at what you do. The US has a history of doing this one, too. There are ways out there for doing a lot more work, producing better quality, with less effort - no 60 hour weeks, 40 hours tops. e.g. A recent, large avionics project reported a four-fold productivity and 10-fold quality improvement by adopting such methods - from Crosstalk. Be 4x as productive and 10x as good as your competition, you'll get actually be worth 4x and possibly 40x the salary.
Which to choose? Well, it's your country, not mine. But you've got to do at least one of em, or face the unemployment queue. Because IT has a Global market, not a national one. Bits ignore frontiers.
Perl is like a surgeon's kit. You can do all sorts of neat and clever things with it, but if you mess up even a little bit, you got a big mess. Ada is more like a construction worker's toolbelt. You have lots of little safety devices attached to keep you from maiming yourself, but it also precludes you from doing create or clever work. When even simple typecasting is a chore, then a language qualifies as anal.
Can't agree with the last two phrases. There's nothing to stop you making everything numeric FLOATs if you want. Then you can cast away to your heart's content. You won't be worse off than with Java or C++. You want seat belts, you pay the price, but they're optional. Highly recommended though.
As for not being able to do creative or clever work... Last year I had to do the programming for the mass memory of a scientific satellite. Memory-mapped IO. BUT it used a different memory-map from the rest of the hardware, different endianism, addresses 0 and 1 were valid, 2 and 3 weren't, 4 and 5 were valid, 6 and 7 weren't etc etc. It was bank-switched, with multiple threads of execution trying to access it simultaneously - so all request had to be queued. Oh yes, in a high-radiation environment, so everything had to be tell-me-thrice with error-correction for soft failures, self testing in an embedded thread of its own. etc. On an old CPU running at the glacial pace of 8 Mhz.
It was done in Ada - of course. I'm not a genius, I don't think I could have done it in the time available if I had to use C. And certainly not ar reliably, regardless of the time available. Just used representation clauses and a huge array of records, each of which was a word with only the top 2 bytes defined, the rest being don't-care. So it was 2 orders of magnitude faster than the original address-computing method. Impossible to address a byte that wasn't there, impossible to underflow or overflow, impossible to deadlock or miss a request due to Ada-95's protected objects.
Clever, creative - others can judge that. It was my code, so of course it was brilliant he says sarcastically.
Ada is designed to inherantly prevent a programmer who follows the appropriate standards from writing a program that can just crash and exit. As long as every possible exception has a handler, an Ada program can be written that will not crash.
In what way is Ada better than Java in this respect? I only know a little about Ada, so this is a serious question. My understanding is that Ada and Java have very similar safety goals (especially with respect to exceptions) so I'm curious about what you think Ada gets right and Java gets wrong.
Speaking as someone who's got nearly 20 years of Ada experience (started in 83) and about 3 years with Java... you're not quite right.
Exceptions and exception handling are just part of the issue. Java's exceptions are in many ways more informative than Ada's - which are basically "Exception of type X raised" rather than "Exception of type X thrown with the following additional information [blah blah]".
The more important issue is that with Ada it's trivial to make all sorts of checks that will raise exceptions. For example:
type SpeedType is new Float;
KPH:constant SpeedType:= 1_000.0/(60.0 * 60.0);
-- Kilometers per Hr in standard metres/sec form. In practice the two 60.0's above would be constants, MinsPerHour and SecsPerMin respectively
subtype LegalSpeedType is SpeedType range 0.0.. 1_000 * KPH;
Any time an object of type LegalSpeedType tries to take on a negative value, or one over 1,000 Kph, you'll get a CONSTRAINT_ERROR (a predefined exception).
With Java, you'd have to have a class for CSpeed, then a derived class for CLegalSpeed, with any sets triggering a check which would throw an exception if out of bounds. It can be done relatively easily, it's just more work with more opportunities to get wrong.
Ada's a language that, when in the hands of a competent programmer, prevents the expression in code of a lot of mistakes. They're picked up at compile, rather than run, time. A hopeless incompetent can write horrible code in it, but it's actually harder to write buggy code than correct code.
One other thing: the representation clauses of Ada allow you to make records where with each individual field, you know exactly what bits mean what - and simultaneously have a high-level view so that you know that bits 7..8 of word 11 mean STOPPED when 00,STARTING when 01 and RUNNING when 11, with any assignment of 10 raising an exception.
Two disadvantages of using Ada though. First, no-one much uses it, the products are too reliable to be commercial successes requiring lots of expensive maintenance - so a project that took 30 programmers to build only needs 1 part-time to keep it running. Forget job security, you're always doing something new, usually something really cutting-edge. Secondly, you're confined to such boring applications as spacecraft avionics, supersonic jets, medical applications, railway management, air traffic control systems, sonars, radars, missiles...:-)
A Fully Tested Open Source E-Voting GPL'd system is available on the web.
It was developed within 27 weeks for about $100,000 US. Multi-language, using standard COTS hardware and OS. (The compiler and OS had to be open-source too of course - Debian and gcc). It has been used in a state election in the Australian Capital Territory, the equivalent of the District of Columbia. There's an Executive Summary of how well it did, warts and all. A PDF of the full report is also available.
/. readers will be most interested in the technical description. Oh yes, the code's available as a Zip file here.
The whole point about e-voting software is that it has to be open-source. The hardware has to be available for inspection at any time too, along with the OS source and the compiler source as well. The situation as described in the original article has a strong piscine aroma.
Disclaimer I work for the mob that did the Aussie system - though I was busy making spaceflight avionics software rather than election software at the time, it was another team. They Did Good.
Muslims do NOT believe that 9/11 was murder, so who is right?
Sorry, can't let that one pass. Some Muslims believe that 9/11 was a righteous act. But then again, some Christians believe that those advocating abortion should be slain. The majority - however much they may disaprove of US Culture / Abortion respectively - see 9/11 and the shooting of Abortion advocates as murder most foul. Different in scale, but not in kind.
Try reading the Koran before saying things like this. OK, Troll fed, move along...
RAF Leuchars is where many of NATO's night flying exercises are conducted. There's a Map of RAF (Royal Air Force) bases, weapons ranges and radar stations in Scotland available - it's full of em.
Main users are Tornados from Lossie, making it the busiest weapons range in the UK. Other users include Jaguars, Harriers, American F-15 Eagles, MC-130 Hercules and when on detachment at Kinloss, Special Operations MH-53 helicopters.
It would be surprising if there wasn't a disproportionate number of Unidentified Flying Object sightings as the result. Black helicopters included.
Since at $5/burn is steep enough that anyone who doesn't already have a burner would probably come out ahead buying their own (about 20-30 disks worth should pay for it)
That's $5 Australian, between $3 and $2.50 US per burn. ($1 Aus this morning was 57c US, but it's been less than 55c US for most of last year). But since according to here CD writers in Oz are only about $125 Aus, then you're right.
A good link to the benefits of using Ada and SPARK on the C-130J and other projects is at Crosstalk, the Journal of Defence Software Engineering.
This is the umpteenth time I've quoted this link, or one like it. Maybe one day people will read the goddam literature and not keep on making the same mistakes in the same old way. The Facts - not religious opinions, unsubstantiated assertions or even unverifiable anecdotes - are out there.
Sorry, got carried away there. We need more light, less heat. But people - not some ubergeeks with Supernatural powers, just your standard geeks - have been making software that works first time, every time for years now. Every time you fly on a modern airliner, you bet your life on it. And it's a good bet. We know how to do it. We've proved it, repeatedly. It's just that no-one seems to listen when we tell them that they can do it too, just by doing things in a different way. One that (at least in manufacture) costs less too. Testing's another matter.
The problem is not exactly new. This link dated February 1999, gives a conservative estimate of how much the problem costed then.
More interestingly, I'm currently writing a report as an "Expert Witness" regarding the quality of a system. In simple terms, the maker of the system is suing the customer for payment, the customer is claiming that the system doesn't work, and counter-claiming. And that's about all I'm able to say about it (and no correspondence will be entered into).
Things like the validity of disclaimers are being thrashed out in various places round the world as I write. In my case, it's under Australian jurisdiction, so YMMV as regards its application to you. Litigation is happening, just maybe not in your part of the world, or not today. But there is now a demand, even here in Australia, for IT Experts to help explain to "naive users", Judges, Magistrates, Juries, and more importantly Lawyers and their clients, what all this IT stuff means.
The Australian Federal Court has given some guidelines for Expert Witnesses that basically state An expert witness's paramount duty is to the Court and not to the person retaining the expert. Again, YMMV on this one, but IMHO such guidelines are a good ethical road-map for anyone anywhere considering work as an IT Expert Witness to follow.
Anyway, gotta get back to it, they want the preliminary report pronto.
Now tell me, if the hard drive is going bad and intermittently returns bad data, including the the executable code itself, how are you supposed to deal with that?!? Do you write the code in multiply redundant code blocks, and tweak the machine code so that if the starting offset is set to a random location, including in the middle of a valid instruction, that your code can still recover?
Well, Yes, actually.
For some problem domains. e.g. Aircraft Avionics, Spaceflight Avionics (where Radiation and single-event-upsets (SEUs) are a fact of life that will cause glitches.
But of course, such military/safety-critical-spec software costs a hell of a lot more than a standard piece of COTS. Using Ada and other high-grade techniques can actually save money in manufacture, but it still costs heaps to test.
It's a matter of requirements - what does the customer need? If crashing once a week is acceptable, providing the cost is less than $X then provide that. If crashing anytime is unnacceptable, then they should be prepared to pay maybe six times that.
Note: I know whereof I speak - I've been chief architect for a Naval Combat System, lead a team on spaceflight avionics software development. And one system I had a small part in at one time had a hardware problem that caused unpredictable jumps to random locations in memory. It still worked - just slowly as 95% of the time was spent in error-recovery. Adequate to ensure no-one died as the result. But we fixed it before delivery anyway, was a problem caused by a 3rd party CPU design flaw.
As for literacy, Zimbabwe has the highest literacy rate, certainly in sub-saharan africa, and possibly in the entire continent.
Give it time. With Mugabe and his cronies in power, soon Zimbabwe will be in the same category as Rwanda and Mozambique. It's already half-way there, going from a food exporter that kept many of its neighbours alive to a country riddled with famine.
Zimbabwe is an example of how a country can go from one of the highest standards of living on the continent to being an economic basket-case in just a decade or two. All it takes is a populist Demagogue.
Telephone system:
general assessment: system was once one of the best in Africa, but now suffers from poor maintenance; more than 100,000 outstanding requests for connection despite an equally large number of installed but unused main lines
Slashdot Mirror
I'm fascinated by the situation in Luxembourg, because of the similarities between it and the ACT (Australian Capital Territory), where I live. For USAians, the ACT is the equivalent of the District of Columbia - a territory just big enough to contain a city. Canberra's only got 300,000 people, so the ACT's only 4000 sq km or so ( vs 2800 sq km for Luxembourg).
Anyway, 12 months ago there were basically no good broadband options. Now we have 3 - I've got a package involving free local (ie anywhere on the network) phonecalls, a dozen or so cable channels, a 256 kbps 800 MB/month line, and an ISP with the usual website, e-mail etc for less than $50 US/month total. And despite a letter saying "we're going to actually slow you down to 256kbps real soon", I'm still getting 400 kbps+ according to various speed measurers.
It beats the heck out of my 56k modem. And it SURE beats the heck out of downloading stuff from Australia to a German server over a 300 Bd modem back in the late 80's. The international lines couldn't take 1200 back then, and 300 was iffy for large (multi kilobyte) data transfers. Geen Gouden Eeuw!
Ma, dann nach ee scheinen daag! Vlaams? I speak and write both Plattdeutsch and Nederlands so badly that I can even understand that. Interesting spelling (Ma instead of Maar for example). Maybe I'd even fit in with the Luxembourgeoisie. A Bientot, Tot Zeens, etc.
You're correct, GNAT 3.13p. Anyone with mod points, please give this guy one for "Good Deduction"
The context was that of software for an unmanned microsatellite, not the shuttle.
Crewed spacecraft have an even more strict set of rules attached to the software development process. Have a look at some of the articles on DO-178B, the software development standard for avionics. Similar issues apply, but even more so.
Look, people - not Geniuses - just normal, everyday programmers - have been making software you can bet your life on for a long time now. We know how to do it even more cheaply than the normal buggy commercial work (though testing is radically expensive and blows out the total cost). There's no need, and no excuse, for BSDs and security problems. None. You just have to have the right tools, the right training, and the right attitude. If you like, the Right Stuff. Here's a quote from that article:
People like myself look upon any work over about 7 hours a day more than twice a month as signs that "I personally screwed up", because I'm the guy who sets the schedule, not some PHB. We have lives. We have kids. We have hobbies. And the stuff we do is hard, the systems do a lot more than most commercial apps, and with far fewer memory and CPU resources. It's both incredible fun "boldly going.." and all that, but also a crushing responsibility when we do safety-critical work. People's lives depend on us doing the best possible job we can.One area I disagree with in the "Right Stuff" article is that the work doesn't involve creativity. This is balderdash - we're doing stuff no-one has ever done before under really tight resource constraints. To get a reliable architecture often requires significant smarts, lateral thinking. Anyone can make a complex solution to a complex problem, the really good guys and gals make solutions so drop-dead simple, obviously-correct and efficient that it's miraculous how much such simple, obvious and readable code actually accomplishes.
Looking at the general world of InfoTech, we see that most programmers out there would rather write the winning entry for the "Obfuscated C" contest than make some software that gets us around the solar system. And that people who make reliable software hit the unemployment queue on project completion, while those making buggy stuff have jobs-for-life in maintenance. Of course, they often have 80-hour weeks too, and are driven by PHBs who know b* all, and can't even take pride in the product, so there is some justice.
We're getting a free ride along with the ADEOS II megasat (the Japanese get access to some of the data in return), but we're still talking significant money for development. And you're right re funding: it's no exaggeration to say that the future of Australia's space programme is at stake.
As regards Microsoft doing space/embedded systems, another quote from the original article:
A neat quote, even if I say so myself.A. Brain, Rocket Scientist
From an article in the Sydney Morning Herald .
The software is built in a similar way - lots of internal checks, tell-me-thrice memory, soft-failure-bit-flip-correcting daemons etc. In this case, lives aren't at stake, but the people doing the programming are used to situations where they are.
Some data about FedSat, a Scientific R&D microsatellite that's due for launch on the next H-2A from Tanegashima:
Firstly, the on-board software is in Ada-95, using the 3.13p version of GNAT as the compiler and RTEMS as the Run-time Kernel. Both Open-Source, and the 'p' in "3.13p" means public, free-as-in-beer. The on-board software was developed mostly by Software Improvements, a bunch of software professionals who are heavily into SLCMs, CMM, etc. And lo, it worketh, on-time, under-budget.
The ground station is another matter. OASIS was tried, but couldn't do all that was required. In a spectacular case of less-than-wonderful-judgement, VB on Windows was used for development. After a while, they got some software pros to work on that one too, rather than the hack'n'slash electronics engineers. Well, it partially works - enough so that a few months or years after launch, it will do most of what's wanted.
Moral: if it's important, and has to work first time, every time, do it in Ada and open source, and use the principles described in the parent article. If it's not so important, and can be fixed up afterwards, you're still better off using Ada, though Java's a good second choice. The only reason Ada's so good is that it makes it easy to adhere to good software engineering principles, such as teamwork, smart design, and open standards.
A.Brain, Rocket Scientist
As mentioned here, if the diamond's pink or purple, it's almost certainly from the Argyle diamond pipe in Australia. There's a nice picture of one at the 247k site.
Actually, the odds of getting a sleaze-free coloured diamond are reasonably good. Quote from the 247 site:
As for Argyle being sleaze-free, a quote from the mine owner, Rio Tinto.
So no slave labour or De Beers sleaze. Whether the price is a rip-off is another matter.You spotted it. Yes, Eiffel has some excellent features here. Ada does essentially the same job by strong typing - no need to check if a value is between 0 and 23 if the variable is of a type that can't have values outside that range - and raises an exception if you try to put one in. Ada's strong typing is often better than Eiffel in that regard, but Eiffel's contracts are more useful in other circumstances. Ideally a language should be a cross between them, and also have some of the neatness of Java as regards inheritance, as opposed to Ada-95's rather clumsy syntax. Until that come along, my favourite's Ada, but I count Eiffel practitioners as being of like mind.
But having such features as part of the language just increases productivity and makes the programmer's life easier. You can get maybe 50% of the benefit by excellent practice with any language. In Theory, C programs written by a Genius can be almost as safe as Ada or Eiffel programs written by someone merely competent. Practice has shown that they never are, but that's because it takes so much more work in C. See the article Correctness by Construction in Crosstalk, the Journal of Defence Software Engineering. It still shouldn't stop programmers in C, C++, C#, Java or whatever from manually doing what the high-level languages provide automatically, and the really good ones know this. The result may not be good enough to fly a plane or run a railway safely, but good enough for non-safety-critical applications.
Damn straight. Wish there were more people like you around, BSDs and buffer overflows would be endangered species rather than being in plague proportions.
A.E.Brain's Tip of the day for Java programmers: Classes should have a main() that performs a self-test, a boolean-returning isSane() that weeds out obviously wrong values, and a fakeSomeTestData() constructor for other classes self-tests to use. Try it - development time will decrease, productivity increase, and maintenance is a doddle as anyone new coming in can run any class and see how it works.
Ductility - the ability to fail gracefully - isn't just essential in the area of security, it's true for reliable systems generally. All programmers who've worked on stuff like Combat Systems for ships, aircraft avionics, railway control systems etc should know this, and most do.
There are 2 ways of making things secure - either against outside attack, or internal failure. I call them the Battleship and the Blob. With the Battleship, you load up the Firewall, or put in 2048-bit encryption, or even have an air gap. You basically rely on a layer of "armour plate" that your predicted threat can't penetrate. But this often fails - the threat either goes around the armour, or the incoming shell is bigger than you'd bargained for, and penetrates. Far safer in practice, though not in theory, is the Blob. This has layer after layer of safety features, each of which is easily circumvented in isolation, but every one of which limits the damage. Bugs can exist, attacks get through, but it works anyway. You can shoot the Blob full of holes, but it keeps on oozing along... Terminator 2 not Terminator 1.
What does this mean for programmers? Use strong typing (if your language doesn't support it, fake it with explicit sanity checks, boolean isSane()), always check inputs for sanity, check your outputs are plausible at least, get good peer review on everything, KISS, basically all the techniques professional Software Engineers rather then 31337 haXOrs have been spouting on about for some time. The software equivalent of "Wear belt, braces, keep a piece of string in your pocket, and then make sure your underwear's in good shape."
The first language I programmed in was FORTRAN II back in the 60's, when I was under 10. The code had to be run at the Nuclear Research Establishment at Harwell in the UK. Remember, there weren't as many computers around back then, maybe 10 in the country. It made being a pre-teen 31337 haX0r difficult. :-)
The last time I programmed in FORTRAN - FORTRAN 77 in fact - was for the communications facilities for the State Electricity Commission of Victoria, a system to help restore power in case of emergency. That was in 1987.
I still use Ada - recently for the spaceflight avionics for a scientific research satellite, and will be teaching a course in it to some people doing the avionics for a helicopter in a couple of weeks. Though the use of Ada has shrunk, it's making a strong comeback in the field of avionics, where a crash in the program could mean the crash of an aircraft.
My advice to the original poster - by all means learn FORTRAN as a fifth- or sixth- language. Even the 95% Godawful languages(VB..) can teach you something. There are times I use Java and think "why the HECK can't it have feature X of Ada-95?". There are times with Ada-95 that I say "Damn, feature Y is so clumsy compared with Java." FWIW Matlab seems to be the way of the future for non-software engineers to quickly do calculations and display the results graphically, it's a pretty good FORTRAN replacement. What EXCEL is to accountants, Matlab is to scientists.
No, not Ada, COBOL.
Ada - not ADA BTW - is named after Ada Byron, Countess of Lovelace, programmer of Charles Babbage's devices.
There's at least one good biography of "Amazing Grace" Hopper on the web. A google search using the keywords "Grace Hopper" COBOL will find you more.
Oh yes, GRACE in this case is Graduate Robot Attending a ConferencE.
Not quite. That was a Ground Test. DARPA and others - like the Uni of Queensland - have had scramjets in the labs for a while. This is the first time that one has been successfully flown. It may or may not have worked - we'll see in a day or two.
Perhaps HP - having stopped Bruce Perens from protesting against the DMCA via civil disobedience - is attacking it via a reductio ad absurdum method. i.e. Showing exactly how it violates the principles of Free Speech. It's officially illegal to state that the Emperor has no clothes.
It's worthwhile taking some lessons from history. Time was, there was a huge debate in the press - somewhat before George Washington - about whether Locksmiths should publish data about vulnerabilities of locks.
The answer that was eventually arrived at was "Of course, because the professional crooks already know the vulnerabilities, and to publish would reveal to the customers what shoddy goods some locks were, and help improve the state of the art." (sorry, I've been unable to find some quotes on the web). The parallels are obvious.
Another parallel : see the Associated Locksmiths of America's Code of Ethics.
I can confirm the figures for Australia. I've had over 20 years experience in the IT field, including being Chief Designer or Systems Architect for Naval Combat Systems, Spacecraft Avionics, Java/XML B2B systems and other such expensive and/or rare ecological niches. I've had job offers of DM 180k (about 90k US) to work overseas, which I've turned down. I like it here.
I'm currently earning more money than anyone else in the company - more than the CEO. US 40k per year. Others, with only 3 years or so experience, earn $20k. And these people are Good. As good or better than I was at that age.
We recently had a look at outsourcing some work to a really cluey mob in Sri Lanka - but found out that that their price was within 2% of ours (2% higher in fact). Too bad, they had an impressive track record.
It's been said You get what you pay for. Not true in our experience. The difficulty is not paying $90k to USAians or $9k to Indians for equally mediocre crud, the problem is getting good quality from anyone at any price. Where they come from has a lot more to do with their cost than the quality of their work. Top Quality leads to a doubling or at most tripling in price, 3rd World (including Australia) vs US is a factor of 10.
What can people in the US do to protect their jobs then?
- Put up artificial trade barriers - no visas for Gastarbeiters, 10,000% Tariff on imported software, legislation to ban imports using DMCA, have Microsoft just buy up the competitors etc. The USA has a history of doing this.
- Lower wages in the USA so that the job's pay is less than you get flipping burgers in the US (though Riches Beyond the Dreams of Avarice in much of the rest of the world.). Funnily enough, this one doesn't work except in the short term - people just move into other, better-paid professions. Or leave the US and live like Kings in some tropical paradise on 1/10 of a US salary. Guess this is me, though Canberra's cold at this time of year, and I'm not USAian.
- Get more efficient at what you do. The US has a history of doing this one, too. There are ways out there for doing a lot more work, producing better quality, with less effort - no 60 hour weeks, 40 hours tops. e.g. A recent, large avionics project reported a four-fold productivity and 10-fold quality improvement by adopting such methods - from Crosstalk. Be 4x as productive and 10x as good as your competition, you'll get actually be worth 4x and possibly 40x the salary.
Which to choose? Well, it's your country, not mine. But you've got to do at least one of em, or face the unemployment queue. Because IT has a Global market, not a national one. Bits ignore frontiers.Can't agree with the last two phrases. There's nothing to stop you making everything numeric FLOATs if you want. Then you can cast away to your heart's content. You won't be worse off than with Java or C++. You want seat belts, you pay the price, but they're optional. Highly recommended though.
As for not being able to do creative or clever work... Last year I had to do the programming for the mass memory of a scientific satellite. Memory-mapped IO. BUT it used a different memory-map from the rest of the hardware, different endianism, addresses 0 and 1 were valid, 2 and 3 weren't, 4 and 5 were valid, 6 and 7 weren't etc etc. It was bank-switched, with multiple threads of execution trying to access it simultaneously - so all request had to be queued. Oh yes, in a high-radiation environment, so everything had to be tell-me-thrice with error-correction for soft failures, self testing in an embedded thread of its own. etc. On an old CPU running at the glacial pace of 8 Mhz.
It was done in Ada - of course. I'm not a genius, I don't think I could have done it in the time available if I had to use C. And certainly not ar reliably, regardless of the time available. Just used representation clauses and a huge array of records, each of which was a word with only the top 2 bytes defined, the rest being don't-care. So it was 2 orders of magnitude faster than the original address-computing method. Impossible to address a byte that wasn't there, impossible to underflow or overflow, impossible to deadlock or miss a request due to Ada-95's protected objects.
Clever, creative - others can judge that. It was my code, so of course it was brilliant he says sarcastically.
In what way is Ada better than Java in this respect? I only know a little about Ada, so this is a serious question. My understanding is that Ada and Java have very similar safety goals (especially with respect to exceptions) so I'm curious about what you think Ada gets right and Java gets wrong.
Speaking as someone who's got nearly 20 years of Ada experience (started in 83) and about 3 years with Java... you're not quite right.
Exceptions and exception handling are just part of the issue. Java's exceptions are in many ways more informative than Ada's - which are basically "Exception of type X raised" rather than "Exception of type X thrown with the following additional information [blah blah]".
The more important issue is that with Ada it's trivial to make all sorts of checks that will raise exceptions. For example:
type SpeedType is new Float;
KPH :constant SpeedType := 1_000.0/(60.0 * 60.0);
-- Kilometers per Hr in standard metres/sec form. In practice the two 60.0's above would be constants, MinsPerHour and SecsPerMin respectively
subtype LegalSpeedType is SpeedType range 0.0 .. 1_000 * KPH;
Any time an object of type LegalSpeedType tries to take on a negative value, or one over 1,000 Kph, you'll get a CONSTRAINT_ERROR (a predefined exception).
With Java, you'd have to have a class for CSpeed, then a derived class for CLegalSpeed, with any sets triggering a check which would throw an exception if out of bounds. It can be done relatively easily, it's just more work with more opportunities to get wrong.
Ada's a language that, when in the hands of a competent programmer, prevents the expression in code of a lot of mistakes. They're picked up at compile, rather than run, time. A hopeless incompetent can write horrible code in it, but it's actually harder to write buggy code than correct code.
One other thing: the representation clauses of Ada allow you to make records where with each individual field, you know exactly what bits mean what - and simultaneously have a high-level view so that you know that bits 7..8 of word 11 mean STOPPED when 00,STARTING when 01 and RUNNING when 11, with any assignment of 10 raising an exception.
For more data about Ada, see the Ada Information Clearinghouse. Free, Open-source compilers available (GNAT).
Two disadvantages of using Ada though. First, no-one much uses it, the products are too reliable to be commercial successes requiring lots of expensive maintenance - so a project that took 30 programmers to build only needs 1 part-time to keep it running. Forget job security, you're always doing something new, usually something really cutting-edge. Secondly, you're confined to such boring applications as spacecraft avionics, supersonic jets, medical applications, railway management, air traffic control systems, sonars, radars, missiles... :-)
A Fully Tested Open Source E-Voting GPL'd system is available on the web.
It was developed within 27 weeks for about $100,000 US. Multi-language, using standard COTS hardware and OS. (The compiler and OS had to be open-source too of course - Debian and gcc). It has been used in a state election in the Australian Capital Territory, the equivalent of the District of Columbia. There's an Executive Summary of how well it did, warts and all. A PDF of the full report is also available.
The whole point about e-voting software is that it has to be open-source. The hardware has to be available for inspection at any time too, along with the OS source and the compiler source as well. The situation as described in the original article has a strong piscine aroma.
Disclaimer I work for the mob that did the Aussie system - though I was busy making spaceflight avionics software rather than election software at the time, it was another team. They Did Good.
Sorry, can't let that one pass. Some Muslims believe that 9/11 was a righteous act. But then again, some Christians believe that those advocating abortion should be slain. The majority - however much they may disaprove of US Culture / Abortion respectively - see 9/11 and the shooting of Abortion advocates as murder most foul. Different in scale, but not in kind.
Try reading the Koran before saying things like this. OK, Troll fed, move along...
RAF Leuchars is where many of NATO's night flying exercises are conducted. There's a Map of RAF (Royal Air Force) bases, weapons ranges and radar stations in Scotland available - it's full of em.
Quote from North East Scotland Air Danger Zones
It would be surprising if there wasn't a disproportionate number of Unidentified Flying Object sightings as the result. Black helicopters included.
That's $5 Australian, between $3 and $2.50 US per burn. ($1 Aus this morning was 57c US, but it's been less than 55c US for most of last year). But since according to here CD writers in Oz are only about $125 Aus, then you're right.
A good link to the benefits of using Ada and SPARK on the C-130J and other projects is at Crosstalk, the Journal of Defence Software Engineering.
This is the umpteenth time I've quoted this link, or one like it. Maybe one day people will read the goddam literature and not keep on making the same mistakes in the same old way. The Facts - not religious opinions, unsubstantiated assertions or even unverifiable anecdotes - are out there.
Sorry, got carried away there. We need more light, less heat. But people - not some ubergeeks with Supernatural powers, just your standard geeks - have been making software that works first time, every time for years now. Every time you fly on a modern airliner, you bet your life on it. And it's a good bet. We know how to do it. We've proved it, repeatedly. It's just that no-one seems to listen when we tell them that they can do it too, just by doing things in a different way. One that (at least in manufacture) costs less too. Testing's another matter.
The problem is not exactly new. This link dated February 1999, gives a conservative estimate of how much the problem costed then.
More interestingly, I'm currently writing a report as an "Expert Witness" regarding the quality of a system. In simple terms, the maker of the system is suing the customer for payment, the customer is claiming that the system doesn't work, and counter-claiming. And that's about all I'm able to say about it (and no correspondence will be entered into).
Things like the validity of disclaimers are being thrashed out in various places round the world as I write. In my case, it's under Australian jurisdiction, so YMMV as regards its application to you. Litigation is happening, just maybe not in your part of the world, or not today. But there is now a demand, even here in Australia, for IT Experts to help explain to "naive users", Judges, Magistrates, Juries, and more importantly Lawyers and their clients, what all this IT stuff means.
The Australian Federal Court has given some guidelines for Expert Witnesses that basically state An expert witness's paramount duty is to the Court and not to the person retaining the expert. Again, YMMV on this one, but IMHO such guidelines are a good ethical road-map for anyone anywhere considering work as an IT Expert Witness to follow.
Anyway, gotta get back to it, they want the preliminary report pronto.
Well, Yes, actually.
For some problem domains. e.g. Aircraft Avionics, Spaceflight Avionics (where Radiation and single-event-upsets (SEUs) are a fact of life that will cause glitches.
But of course, such military/safety-critical-spec software costs a hell of a lot more than a standard piece of COTS. Using Ada and other high-grade techniques can actually save money in manufacture, but it still costs heaps to test.
It's a matter of requirements - what does the customer need? If crashing once a week is acceptable, providing the cost is less than $X then provide that. If crashing anytime is unnacceptable, then they should be prepared to pay maybe six times that.
Note: I know whereof I speak - I've been chief architect for a Naval Combat System, lead a team on spaceflight avionics software development. And one system I had a small part in at one time had a hardware problem that caused unpredictable jumps to random locations in memory. It still worked - just slowly as 95% of the time was spent in error-recovery. Adequate to ensure no-one died as the result. But we fixed it before delivery anyway, was a problem caused by a 3rd party CPU design flaw.
Give it time. With Mugabe and his cronies in power, soon Zimbabwe will be in the same category as Rwanda and Mozambique. It's already half-way there, going from a food exporter that kept many of its neighbours alive to a country riddled with famine.
Zimbabwe is an example of how a country can go from one of the highest standards of living on the continent to being an economic basket-case in just a decade or two. All it takes is a populist Demagogue.
Quote from the CIA Factbook:
Which says it all, really.