My Photo

« Chimpeach! | Main | all of the BS aside, there actually is a problem here »

September 30, 2019

Comments

At the end, the article notes that the country which is most vulnerable to cyber attacks is the US. A good part of the reason is not that we are so dependent on networked computers. Most advanced countries are, these days. Rather the problem is that we were first.

A lot of our core systems are still running on decades-old code. They don't have modern defenses built in. And retrofitting those kinds of defenses (even once you convince companies to spend money doing so) faces a serious problem: the folks who actually know the programming languages involved are either retired or close to doing so. Worse, in some cases the source code is lost. Which means retrofitting is difficult to impossible -- the only real option is to recreate the application from scratch. And fix all the inevitable bugs which, in the old system, have been gradually cleaned up over the course of years.

It will be neither cheap nor painless. We may get motivated once we have been badly burned a few times. Maybe.

Hey, just like fixing software for Y2K.

"two thousand zero zero party over we're out of time, so tonight we gotta debug like it's nineteen ninety nine!"

Of course 1 Jan 2000 was when the Universe bifurcated, and we wound up on the 'No Y2K problem, but Dubya doing war crimes' branch.

Yeah. But then all those mainframe programmers were around 50. Now, they're more like 70.

But then all those mainframe programmers were around 50. Now, they're more like 70.

I resemble that. :(

I admit I was speaking from first-hand knowledge.

But surely one can learn COBOL or FORTRAN or suchlike in a day, if one takes a long lunch break. Especially the older, simpler versions.

surely one can learn COBOL or FORTRAN or suchlike in a day

You can probably learn to read CoBOL in a day. At least roughly. (FORTRAN not so much.) But learn to write it that fast? No.

Back in the day, my first employer gave a class for programmers. The CoBOL portion was more like 6 weeks. That didn't qualify you to write, or modify, actual programs. It merely got you to the point where, under close supervision**, you could learn on the job, starting with extremely simple tasks. Actually becoming proficient, to the point where you could create the necessary new code, takes years.

** Which supervision assumes available experienced staff -- in numbers substantially greater than the trainees. Which are likewise in short supply.

It can take years just to figure out the meaning of some programmers' overly creative use of the PERFORM statement.

This is probably something I should know, but I don't.

My COBOL days were back in the mid-80's, before there even was an Internet to speak of. Most of the COBOL-powered systems I worked on had no concept of being connected to a network that offered any path to or from the outside world. There was some concept of networking in the sense of time-sharing connections (from green screens!). But it was kind of a closed system.

I may be working from assumptions that are not accurate, but how vulnerable are COBOL mainframe systems to black-hat hacking? How would a hostile party even get access to the system?

What @wj said about the differences between being able to read a language, and being able to write in it. At least to write well, using the appropriate idioms and style. I have written exactly one COBOL program, back in the summer of 1976. Most of the effort went into simulating recursion, which to me was the natural way to express the algorithm. I don't know if more modern versions of the language support recursion or not, but I've never been tempted to find out. I suspect that an experienced COBOL programmer would have looked at the problem very differently since recursion wouldn't have been in their mental toolbox.

I have no actual room to criticize other programmers' choice of language, as I do most of my coding in Perl.

I have written exactly one COBOL program, back in the summer of 1976.

Much the same. Except it was in the aforementioned class in the spring of '74. I can read it, and make tuning recommendations -- done that for years. But write it? No way.

My COBOL resume:

Claims reporting system for an insurance company, my very first high-faluting tech job.

"Interactive" (meaning it had a user interface) risk management application for the same insurance company, COBOL w/ CICS.

Similar (from a technical stack point of view) application for the USAF Logistics Command, basically a system helping them keep track of which aircraft were ready to fly.

Then, C++, starting around '89 or '90.

Still horsing around with C++, as in, this very minute. No escape. I'm now the C++ version of the guy who 20 years ago knew how to make sense of COBOL. Everything was Java for a while, now some folks are getting back into C++ so they can make things go fast. Not so much at the "enterprise" level, but down in the weeds, where that actually yields some value.

A lot of the focus now seems to be (a) leveraging multi-core architectures and (b) optimizing by attending to the memory caches, which leads to some neat parlor tricks, some of which I even understand.

COBOL was (and is) a great language for describing business logic. And it ran on great big machines that went really fast without business application developers having to worry about all of that. Not a bad legacy.

I did know a guy who knew how to make OS/JCL sing like a well-tuned violin. Jobs spawning jobs dynamically, with all kinds of crazy parameter interpolation. A freaking quasi code generator, in OS/JCL. Wild times.

I sometimes wish I would have jumped on the Y2K fix-up gravy train when that was a thing. I might be retired now.

My only comment on the original post is, well done US military intelligence. We all have blood on our hands, I suppose, but ISIS are bloodthirsty thugs. Crush them.

We all have blood on our hands, I suppose, but ISIS are bloodthirsty thugs.

Absent a far better world than appears to be on offer, we are mostly left distinguishing between those (countries, organizations, or just individuals) who do some bad things and those for whom doing bad things is the be all and end all of their existence.

Not to say that we shouldn't work towards that better world. But for the moment, we need to at least be clear on who is worse and who is less bad. Otherwise we end up doing nothing, and the guys who live to hurt others (including Trump, from everything I've seen of him in action) win.

I don't buy wj's argument about the six-week course. I suggest that new concepts are hard to learn, but new syntax is not. And concepts which were new back in the day are not new now.

For example, a C programmer learning JavaScript might struggle with its implementation of anonymous functions. Whereas a C++ programmer (since C++11) would not.

I don't buy wj's argument about the six-week course.

Just to be clear, it wasn't an argument. It was a report of first hand experience.

Perhaps a useful parallel would be this. If you already know Italian, learning Spanish is easy. Learning French less so, but pretty straightforward. But knowing Italian does nothing for you if you are trying to learn Chinese.

CoBOL just doesn't work like C++ or HTML or Perl. Yes, deep inside it's also all about 1s and 0s. But that isn't enough to get you a useful grip on it.

There’s nothing I like more than a rip-roarin’ coding kerfuffle!

And the serious language bigotry hasn't reared its head. Yet.

I suggest that new concepts are hard to learn, but new syntax is not.

Languages come with ecosystems. There are transferable concepts, which are expressed using different syntax in different languages. And, if you understand them in one language, it can be fairly straightforward to say, oh, this is how you do [fill in the blank] in this language.

Which will get you about three steps beyond "hello, world" in the new language. You might be able to stand up a toy application, a proof of concept.

Then, in order to become effective in any kind of real-world context in that new language, you have to learn all of the conventions and idioms that people who have been working in that language for 5 or 10 or 30 years are familiar with.

And then, in order to *really* become effective in any kind of real-world industrial context in that new language - in order to deliver shippable product, to demanding real-world timelines, to demanding real-world SLAs - you need to understand all of the common industrial tooling that goes along with that language. Development environments and frameworks, test environments and frameworks, build and deploy pipelines, common deployment architectures, standard development workflows.

And then you're ready to work in that language, for a living. And you get to compete for work with everyone else who works in that language for a living, so best be on top of your game.

It takes more than a day, with a long lunch break.

Conceptually, COBOL doesn't go that deeply into sophisticated computing concepts. No lambdas, no partial evaluations, no recursion if I recall correctly. No direct interaction with memory, no direct interaction with anything close to the machine. Nobody worries about the size of the cache line when they're coding in COBOL, as far as I know. It's a relatively simple language, in those terms.

If you were required to either make sense of a non-trivial system built in COBOL, or for that matter build one from scratch, it would still prove to be a challenge. Even if you're good at this stuff.

My opinion.

And the serious language bigotry hasn't reared its head. Yet.

LAMBDA THE ULTIMATE!!!!

Fight me!

Maybe this will resonate more for Pro Bono. You know the law in the UK. So, can you pick up the law in another country in a day or two? To the point that you could represent someone in court? After all, both countries doubtless have laws against stuff like murder and theft -- so how hard could it be?

And that's before we get to questions about stuff that's legal in one place, but criminal in another. Entirely normal husband prerogative in Saudi Arabia is spouse abuse and felony battery in the US, to give just one example.

“Absent a far better world than appears to be on offer, we are mostly left distinguishing between those (countries, organizations, or just individuals) who do some bad things and those for whom doing bad things is the be all and end all of their existence.”

No, we’re not. There is no reason at all to think that way. That line of thinking is how virtually everyone justifies their own crimes. I suppose there will be someone at the absolute bottom of the moral pile and he can’t use that excuse, but there is also a decent chance we are arming that guy anyway.

And btw, we accidentally armed ISIS. We would send weapons illegally to some favored Syrian groups and a few weeks later ISIS has them. Oopsie.

https://www.conflictarm.com/reports/weapons-of-the-islamic-state/

Starts on page 36.

No, we’re not. There is no reason at all to think that way.

OK, give me an example of a national government with clean hands. I expect you can find one or two; after all there are small countries which basically outsource their foreign policy to larger neighbors, so their hands are (arguably) clean. But other than them...?

LAMBDA THE ULTIMATE!!!!

Fight me!

Sorry, forgot smileys.

:) :) :)

We can all be thankful that it is *highly unlikely* that the code that will need to be translated/maintained is not "APL".

But I suspect (no direct knowledge) that a similar problem is going to be found in mission-critical ADA code.

Thanks DOD, as if you don't create enough problems already.

OK, give me an example of a national government with clean hands.

I don't think the lack of a purely good national government negates Donald's point. He's saying the relative goodness of the US (or whatever country) when compared to the worst nations or quasi-state regimes doesn't excuse our wrongs. Yes, we're better than ISIS. And I'm a better person than Charles Manson. Yay for me!

Oooh, you know what? I could probably cheat on my wife and still be a better person than Charles Manson. I guess that makes it okay. (Not that I think you think that, wj. Just illustrating Donald's point.)

hsh, I'm not disputing that. I'm just saying that, while we should try to be better, it's not reasonable to beat ourselves up because we aren't saints. Which is how (perhaps incorrectly) I read his post.

Perhaps a better analogy is this. You may routinely exceed the speed limit (and if you live west of the Mississippi, you do). But that doesn't make you a career criminal.

But I suspect (no direct knowledge) that a similar problem is going to be found in mission-critical ADA code.

With exactly that thought in mind, new code for the F-35 is being written in C and C++, with a dash of assembler. The only ADA is legacy code brought over from the F-22. More accurately, subsets of C and C++. Certain language features are disallowed, and there are automated checks to verify that they have not been used.

It's been a long time coming. But long-term maintainability is finally becoming a serious priority.

Imo a lot of official (approved) saints were giant digestive rear exits.
Moderate crooks would probably be a great improvement over both the current state of things and an imaginable rule by saints.

...it's not reasonable to beat ourselves up because we aren't saints.

But it is reasonable to beat ourselves up when we do something objectively horrible, which, on occasion, we have, even if less than some/most others.

But it is reasonable to beat ourselves up when we do something objectively horrible, which, on occasion, we have

Sure. Just not to act like we do it routinely and enthusiastically, as some others seem to.

"Not all programming languages will stay relevant forever. As technologies evolve, and companies ask developers to rewrite mountains of legacy code, some languages will inevitably see their “base” erode. But “lesser usage” isn’t the same thing as annihilation. In that spirit, let’s examine five programming languages that, despite a shrinking user base, probably won’t disappear for a decade or two—if ever."
5 Programming Languages That Refuse to Die

@russell: The first system I was involved with (in 1979) was in effect a communications hub that allowed systems that were initially designed as stand-alone systems to talk to each other. Since none of the systems supported networking, the computers communicated with each other by having operators move magnetic tape, or in one case punched paper tape, from one machine to another. It was a really kludgy system, but an improvement over having to type the same information into six different systems.

I wonder how many of stand-alone systems are still truly stand-alone, given all the various reasons one might want a legacy system to communicate with other computer systems. If the narrative around the StuxNet virus is accurate, the Iranians had a data path from the internet to their uranium enrichment centrifuges which involved moving USB sticks from computer to computer. Apparently the temptations of computer networking are hard to resist even if you are conducting a top secret military program.

Maybe this will resonate more for Pro Bono. You know the law in the UK. So, can you pick up the law in another country in a day or two?

If that's the argument, I'm convinced I'm right.

Parliament passes maybe 30 Acts a year. So the size of the English legal code is orders of magnitude larger than any computer language specification. Then there are volumes of precedent establishing how the law is to be interpreted, and still we have barristers arguing the law and judges ruling on it.

out of curiosity, I went and looked at a COBOL tutorial. It's been.... 30 years since I wrote any COBOL.

In general I sort of take Pro Bono's point about transferable concepts between languages. That said, COBOL is really an oddball. Logically it is just not overly sophisticated, but it has... baggage.

Maybe I'll brush up and get a side hustle or a retirement part-time thing going!

I'm no code guy by any stretch. I only wrote code in school, never for work. But, in my relative ignorance, I'd say a good analogy for the "transferable concepts between languages" thing is playing different musical instruments.

If you've learned to play the piano proficiently, you're going to have a big leg up on someone who's never played anything when it comes to learning to play some other instrument. But you aren't going to be good quickly. You're just going to pick it up a lot faster and already know a bunch of stuff that applies to playing music generally.

Some instruments will have more cross-proficiency than others. A wind instrument isn't going to translate to a string instrument as well as to another wind instrument. I'm guessing there are programming languages with similar relationships.

hsh -- the music analogy is a good one. I played the piano a lot up until I left home for college, then rarely. As a teenager I was the accompanist for school plays and the school choir, and I played the organ at Mass on Sundays. Music, like coding, is something I pick up quickly in my dilettantish way. Then I tend to reach a plateau where I would have to work really hard, and look dumb sometimes, and ... I go on to the next thing.

But I stumbled across an enticement to learn to play the fiddle (folk music) when I was forty, and took to it enthusiastically. The guy who was teaching me informally said I had the steepest learning curve he had ever seen. Well duh. ;-)

But that was a combination of some innate talent – music is one of the things I pick up quickly – and all the music I had played as a kid. Soon I was playing in a contra dance band. But when my little local band broke up, and I was coasting along on the platueau, well, I had kids to raise, work and volunteer work to do.....etc.

I have done a lot of coding in my life based on that model, coupled with being the holder of thirty years of institutional knowledge of the systems at my (former) place of work. But I haven't got a clue what russell and wj and Michael Cain and others are talking about here most of the time when the subject turns technical. I had my niche, and that involved being competent at some baseline level in a number of languages/environments. But besides russell's comment 9:11 pm on 10/2, there’s something else. If you're learning some new (or old, as in Cobol) language in order to do some rewriting or enhancing of old code, learning the application can be an even bigger effort than learning the language. I'd like to see anyone jump into my old workplace and start being effective (in whatever language) writing code having to do with expatriate compensation after a lunch break's worth of study. Yeah, good luck with that.

***

Maybe a better comparison than moving between jurisdictions as a lawyer would be – learning a natural language. Although I do think learning a programming language is easier, there rae similarities in that you can become competent at some baseline level relatively quickly (ordering in a restaurant, asking directions, whatever; and all the quicker if you’re going from Spanish to Italian rather than Chinese to Finnish). But to become fluent in all the nuance and idiom of a natural language takes longer. I take russell’s 9:11 on 10/2 to be an attempt to address some of that, and if that didn’t make pro bono pause I’m not sure why I’m bothering to add anything more. Just procrastinating on today’s chores, I guess.

Meant to acknowledge that wj had used the natural language analogy before.

This whole "oh it's easy, a lunch break should do it" line of thinking reminds me of last year's gubernatorial race in Maine. One of the guys running in the D primary was the physics teacher at our local high school, and also the x-country ski coach. By universal agreement he's a *fantastic* physics teacher and a great coach. (My son had him for physics and testifies to the former.)

So, he says, he's always had a hankering to be in government, and does he start with, let's say, the town select board? And then maybe go on to state legislature? Or even the governing body of some foundation or other?

Nope, right to the top: the governor's race.

He actually put together a campaign committee and a website and held some events, but he knew so little about politics that he didn't even manage to get enough signatures to get on the primary ballot.

I kept wanting to ask him whether he thought the governor -- well yech, it was Paul LePage, but still, let's say *any* governor -- could have just hopped in and started teaching physics or coaching skiing with no prep at all beyond what he had read in the papers about teaching and coaching.

Music, like coding, is something I pick up quickly in my dilettantish way. Then I tend to reach a plateau where I would have to work really hard, and look dumb sometimes, and ... I go on to the next thing.

Are you sure we're not related? ;^)

(Perhaps I've joked before that the one thing I've been able to master in life is being a dilettante.)

Are you sure we're not related? ;^)

Not sure at all! What does your DNA study say? ;-)

writing code having to do with expatriate compensation

Not only this, but my particular company's particular implementation of expatriate compensation....

the one thing I've been able to master in life is being a dilettante.

Definitely sounds like we're at least cousins!

Of course, I suspect that's true of everybody here. If we weren't dilettantes, we'd be involved somewhere that requires more expertise. Maybe an advisor on somebody's campaign committee....

somewhere that requires more expertise. Maybe an advisor on somebody's campaign committee

LOL

My son told me that there are consulting firms that hire themselves out to NFL teams to help the teams pick coaches. I'm like WTF? There can't be more than a hundred people on earth who would be viable candidates for NFL head coaching jobs, and there are only what, 32 teams? Surely they all know everything about everyone already...

To come down to earth, I suppose these firms help with picking candidates for other roles on the coaching staff besides top dog, but still.

Okay, and maybe they serve as go-betweens for communications that can't be done directly for "political" reasons....

Wandering off the point here, so I'll stop now.

I love music but I never mastered any instrument (as a kid I got as far as one # or b on the recorder). I did a bit of composition (simple counterpoint) but had to use a computer instead of a piano and two self-fabricated moveable chord tables (not furniture) to get my harmonies right. Musical doggerel so to speak but (imo) nothing to be ashamed of.

Foreign languages? English (but only through reading thousands of pages. My English at leaving school was abysmal). With some effort I can read a bit of French and generic Scandinavian. I tried my luck with Icelandic, so I can at least makes use of a grammar book and dictionary (without a general introduction into the language neither is of much use due to some peculiarities of the language, in particular stem vowel shifts dependent on case and high irregularity of conjugation).
I'd say apart from German and English, the only language I could have a conversation in is classical Latin.

he knew so little about politics that he didn't even manage to get enough signatures to get on the primary ballot

And he knew so little about life that he didn't even know that being competent as a teacher and coach didn't mean you would automatically be highly competent, with no preparation, at whatever you decided (dilettantishly?) to do next.

This isn't Dunning-Kruger...it's more like the smartest guy in the room effect, but if there's a formal name for it I've forgotten what it is.

Back in the days when we did this sort of thing, I was responsible for designing a COBOL training program at a large company. We taught a logic course, quite abbreviated, as the first step.

Prior programming languages tended to make people a little harder to teach. But COBOL was more structured than its peers.

I did do a gig writing complex OS/JCL procs for ATT. Fun stuff, generated a complete new batch stream with 8 or 9 parameters.

I quit at OOP after learning Powerbuilder and all its foundation classes as a precursor, I didnt like doing it that way....

Closer to the OP's topic... Back in the mid-1970s, the Bell System got serious about deploying lots of network gear and support systems for configuring/managing that gear remotely. Getting hacked -- or more accurately, avoiding getting hacked -- was a hot topic for discussion inside Bell Labs. The Labs eventually settled on the expensive, but more reliable, approach of building a physically separate data network to run operations over. Having lived through that, I am always perplexed when it comes out that, for example, critical pieces of the US power grid can be manipulated from the public internet. There shouldn't be connections between the public internet and the network for controlling the power grid.

An echo from my 1:52 -- someone apparently put up on Twitter a photo of Clickbait, Pence, Pompeo, and Barr, and asked people to name the band.

Laugh of the day responses here, one of them being "Dunning-Kruger Overdrive." I think my fave is "Felonius Monk."

Meanwhile, over at BJ they're talking about names for the scandal (viz. Watergate). My fave there is "Crackpot Dome," again from someone on Twitter, and the opening salvo of the thread.

Someone toward the end suggests using the alleged president's name followed by -gate, but since I have boycotted that name since 2016, I would offer Clickbaitgate. ;-)

My son told me that there are consulting firms that hire themselves out to NFL teams to help the teams pick coaches

It's like rule 34 - if it exists, there is a consulting firm for it.

This isn't Dunning-Kruger...it's more like the smartest guy in the room effect

As a practical matter, I think they're one and the same.

I think they're one and the same.

This is true, but I feel like there's another label for a subset of what D-K covers, specifically for people who are in fact unusually competent, even brilliant, in one way, and therefore think they're geniuses in every other way as well. But if there is, I can't think of it. (Mansplaining is a related concept.... ;-)

JanieM,

I submit Dunning-Kruger Overdrive and The Ukrainian Ring Trilogy.

Respectfully,

We all appear to have failed to express delight that liberal japonicus is still alive.
I for one would like to correct that.

In honour of his Korean Odyssey, I’m posting this fun story on their justice system:
http://m.koreatimes.co.kr/pages/article.asp?newsIdx=276661
Prosecutor-General Yoon Seok-youl announced Friday that the prosecution will no longer allow the press the opportunity to photograph suspects or witnesses arriving for questioning by prosecutors.

The reform was put forward to the President Moon Jae-in administration amid the ongoing investigation into Justice Minister Cho Kuk and his family over corruption allegations

To date, it has been common practice for the prosecutors' office to alert the media in advance, allowing journalists to photograph such high-profile people on a "press photo line" at the main entrance. This arrangement "updated the public" on ongoing investigations, but also served as a powerful political tool, making targeted suspects look guilty before any allegations were proven...

"A perp walk, walking the perp, or frog march, is a practice in American law enforcement of taking an arrested suspect through a public place, creating an opportunity for the media to take photographs and video of the event. The defendant is typically handcuffed or otherwise restrained, and is sometimes dressed in prison garb. Within the United States, the perp walk is most closely associated with New York City. The practice rose in popularity in the 1980s under U.S. Attorney Rudolph Giuliani, when white-collar criminals were perp-walked."
Perp walk

This is deeply disturbing:
https://www.politico.com/news/2019/10/05/justice-department-russia-probe-028545

This is deeply disturbing:
https://www.politico.com/news/2019/10/05/justice-department-russia-probe-028545

Excellent band names - thanks Janie!

Excellent band names - thanks Janie!

...people who are in fact unusually competent, even brilliant, in one way, and therefore think they're geniuses in every other way as well.

There's a tendency for people to forget that the point where they're recognized as brilliant is usually well into a career, not just a job (or equivalents in hobby fields). So they think they can start at that level in a different field without all of the career-laying scut work.

After a tech career where I was very, very good, I went back to grad school, got an MA in public policy, and started in an excellent entry position in my state government. I believe I could have been very, very good in that field as well -- but I discovered that I wasn't willing (and to a certain degree, wasn't able) to put in the time to reach that point.

(my apologies if I've skipped over previous replies)

wj: "Perhaps a useful parallel would be this. If you already know Italian, learning Spanish is easy. Learning French less so, but pretty straightforward. But knowing Italian does nothing for you if you are trying to learn Chinese. "

However, the task at hand might be to take over a legal case in that other language, not just order dinner, with the waiter filling in one's mistakes.

The comments to this entry are closed.