No More Freebies

Starting December 6th 2012 there is no more free Google Apps. If someone wants Google to handle mail for his domain, he can now expect hefty yearly charge of $50 per user.

All current users of free Google Apps should probably start searching for new home since I don’t expect this status quo to last. My assumption is that existing users will start getting “pay up or get lost” mails pretty soon. For family of four this means $200 if you want to continue using it or dealing with account migration. Lets hope that Google’s “Don’t be evil” motto will prevent this extortion-style scenario from happening.

This unfortunate turn of events just comes to show how living in cloud leaves you in mercy of your hosting company. There is no such things as a free lunch.

Taste of ITU Governance

If you are wondering what ITU can offer if it takes over control of Internet, wonder no more. Great example of moronic and damaging decisions is already here - Y.2770 Requirements for deep packet inspection in Next Generation Networks.

This standardizes the way how government can spy any traffic that goes over your favorite telco. If possible this standard also keeps door open to decrypt user’s traffic “in case of a local availability of the used encryption key(s).”

Whoever thinks that this is good idea and trusts his government is complete moron.

My own government was caught some time ago (translation) just adding unrelated phone numbers to existing warrants. End result is that this practice was deemed quite appropriate. USA government is no better with its whole NSA activities. Lets not even go into areas here warrant are not required. And there is plenty of other governments with even lower standards.

This standardization will allow them to use one kind of equipment in each telco thus reducing their cost of tracking a citizen. Forcing a company to give them SSL keys in order to stop users from encrypting traffic is next step. Hell, I can bet that some countries are already doing that.

Quite a lot of Internet security relies on encrypted things staying encrypted. Once that encryption is taken away all you think of private is not so private anymore. Each time you access your bank in order to make a transaction, someone else is peeking over your shoulders.

And “honest people have nothing to hide” is bullshit. How much time do you think it will pass until some security hole is discovered on those systems?

Same standardization that makes live easy for government will also make it a sweet delight for criminals. Just filter through minute of traffic and you will have enough information to get into thousands of accounts. I will not even cover what single rogue agent can do e.g. if he finds that his wife is cheating him. He can gather/falsify enough information to get other guy in real trouble. And I am being optimistic, real-life scenarios will be much darker.

And this is a mess that ITU is already capable of. Imagine ideas that will spring into their mind if they gain control over Internet. Orwell was right, he just missed the year.

XC8 and Fixup Overflow Referencing Psect BssBANK1

Illustration

For one PIC microcontroller program I had to use assembly code for some critical timing. Rest of code was just plain XC8 C code and everything compiled (and performed) without any issue. So I decided to share code with another project of mine.

Suddenly I got bunch of warnings all saying almost same thing: wait.h:19: error: fixup overflow referencing psect bssBANK1 (0xA2) into 1 byte at 0xB3E/0x2 -> 0x59F (dist/default/production\Source.production.obj 136/0x3E). Program did work (fixup did what its name says) but each compilation would pepper output with warnings - unacceptable.

It was easy to find a culprit:

unsigned char wait_asm_W; //copy of W
...
#asm
    BANKSEL _wait_asm_W
    MOVWF   _wait_asm_W
    ...
#end asm

Address of an variable was used inside assembly code. Original program had this variable in bank0 and thus no warning were issues. This project had slightly different allocations and variable ended up in bank1 (e.g. 0xA2). Since assembly instruction can only deal with 7-bit registers, address was outside of allowed range.

Once solution is forcing variable into bank0:

bank0 unsigned char wait_asm_W; //copy of W
...
#asm
    BANKSEL _wait_asm_W
    MOVWF   _wait_asm_W
    ...
#end asm

This works but only after change to project’s compiler flags (Properties, XC8 global options, XC8 compiler, Option categories: Optimizations, Address qualifiers: Require). Just thought of having to remember to change project properties each time I reuse this code made me wince. Yes, it was a solution but not what I wanted.

What I wanted is way to transform offending value 0xA2 to non-problematic 0x22. Quick bit-masking solved that issue and warnings were gone:

unsigned char wait_asm_W; //copy of W
...
#asm
    BANKSEL _wait_asm_W
    MOVWF   _wait_asm_W & 0x7F
    ...
#end asm

Government Control

This December International Telecommunication Union is asking for keys to the Internet. Finally there will be central body to control and help expand the network we all use.

And I am scared.

When I look the trend of various countries locking down on Internet privacy and usability in the name of “security” I can just imagine ITU making it mandatory for all countries to implement switch in order to prevent cyber attacks. And then some content filtering of naughty material “for the sake of children”. One tiny step removed I can see countries suppressing criticism and all content that they do not care about.

I do not trust my (or any other government for that matter) in making wise choice. Government will by design try to keep it self in power regardless of what it takes. And each government having same input in ITU is just recipe to allow for Great wall of [insert country name here].

Huge concern is also that ITU is actually quite telco-heavy. That means that all decisions would be very much influenced by what powerful telcom operators think about it. And I can just see how they would like to limit (already low) speeds in order not to invest in their network anymore. Telcos do not care about people, nor should they. Telcos are corporations and they only care about profit for their shareholders.

Yes, currently USA has all keys to the Internet and situation is not ideal. However, even with this there is lot of freedom left to engineers to do what they need. And “freedom talk” that they are all fond of does keep most of censorship and death switches away for now. Having someone like China determine how open Internet will be is not a thought I cherish.

Maybe I am just paranoid, but I cannot see how this can end up well.

PS. A bit more to read. 2012-12-06: USA will probably not let go willingly.

[2012-12-14: I am pleasantly surprised that my native country (Croatia) is not among those who signed ITU WCIT treaty.]

Which Rule Set?

Illustration

Static code analysis is a beautiful thing. For a while now Visual Studio has it embedded and it is only a right click away.

By default each project gets assigned “Microsoft Managed Recommended Rules” as baseline for analysis. In my opinion this is really good choice for most of projects. It does include quite a few checks (61 to be exact) and whatever you get is almost certainly something you want to improve.

I would argue that most projects would benefit from setting bar quite a bit higher at “Microsoft Extended Design Guidelines Rules”. This ruleset gets annoying pretty fast when you run it on existing project. You can almost be sure that code will be peppered with CA1704: Identifiers should be spelled correctly and CA1062: Validate arguments of public methods.

First one can be sorted with small code analysis dictionary and second one will need few ifs here and there. All other warnings can also be sorted with similar level of effort since they are not real errors nor something that will cause immediate problems (e.g. double dispose). If project is old this can take ages and it is for little or no practical value.

Biggest beast is “Microsoft All Rules” setting. This one will complain for anything and everything and it will be really hard to satisfy it in any GUI project. Yes, it is possible but this purity brings no value to customer and I usually keep my main assemblies away from it.

I have quite a simple personal rules which level to use. If assembly is intended to serve as a framework that will be written in stone once it is released I go with “Microsoft All Rules”. It is annoying at times but users of your framework will be thankful because it forces really tidy external interface.

If assembly is intended for sharing between projects I go with “Microsoft Extended Design Guidelines Rules”. It forces me to keep design guidelines close to mind and to avoid some potential bugs that can just creep in code (e.g. returning internal array directly). All externally visible members should be held to higher standards since you never know when you or someone else might reuse them.

If given assembly contains GUI, I usually just stick to default Microsoft Managed Recommended Rules. GUI assemblies are not intended to be called directly and bunch of warnings will be just annoyance (e.g. localization warnings when localization is not even planned).

Your mileage and opinion might differ but one thing is for sure - any project has to have at least minimum code analysis enabled.

PS: As number of rules increases so will number of false warnings. Suppressing code analysis warnings is sometime only way to go around it. Just make sure you have really good reason. If you have too much (valid) suppressions that might as well mean that you selected wrong code analysis level for your project.

PPS: It is not always clear which rule belongs to which ruleset. Therefore I have prepared small Excel file with this information.