[Cryptography] UK "HCSEC" UK-cleared engineers try to prove Huawei gear secure
jamesd at echeque.com
jamesd at echeque.com
Sat Feb 22 23:17:56 EST 2020
On 2020-02-20 5:46 pm, John Gilmore wrote:
> A recent inflammatory Washington Examiner article pointed me at this
> report:
>
> https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf
This report looks to me like a report on the typical product of Chinese
software engineering and of non engineers supervising engineers, copy
and paste instead of following the dry principle.
If you use copy and paste to implement a hundred features each with
almost, but not quite, the same copypasta code, then if your boss is
measuring your productivity in kilolines of code, your copypasta code
production becomes insanely high.
And if he is measuring your productivity in bug fixes, you will
encounter a thousand bugs in a hundred features implemented by copypasta
code, each caused by almost the same code, or the exact same code, and
you will wind up fixing each supposedly separate bug separately, but
after the third or fourth variant of what is the same or almost the same
bug, your bug fix productivity becomes insanely high.
If you are following the dry principle you will wind up metaprogramming,
what C++ programmers call template metacode, and lisp programmers
confusingly call macros, or using metaprogrammed program transformation
tools as the sqlite3 project does to generate enormous files of plain
vanilla C. Joe random dumb interchangeable programmer cannot
metaprogram, and Joe Random pointy haired boss does not know the
difference between and engineer who can, and an engineer who cannot.
Copypasta in big projects is a big problem throughout the industry, but
tends to be even worse in China, and worse with Chinese engineering teams.
Because there is so much copypasta code, most of it never gets tested in
the unit test. The number of potential bugs is astronomically large, so
some bugs are bound to get into the release.
More information about the cryptography
mailing list