PHP for C++, C# or Java Programmers

Introduction

Scripting languages are horrible. All of them. However, it is probably true to say that PHP is better than Python, so it’s not all bad. While it shares the latter’s disregard for data types, it does have classes and a full set of statements for structured flow control. Because PHP could run from within Apache, without the overhead of CGI, it gained great popularity for web sites, where “web developers” have committed unspeakable sins against computer science; but it’s not the languages’ fault.

If you’re a C++ programmer, the paragraph above will sound reasonable. If you’re taking issue with my dislike of scripting languages for software engineering, you’re reading the wrong document, because I don’t hold back.

These notes are intended as a quick crib sheet for dealing with PHP for anyone who understands basic C++ or derived languages such as Java and C#), together with Unix scripting. PHP borrows from both. It’d be hard to call yourself a programmer if you didn’t used both, but if you’ve somehow avoided the Bourne (or BASH for penguinistas) you might want to read up on the basics of these first. Whilst the control structures are borrowed from C, the variable and string syntax will be familiar from shell.

This document cuts to the chase – a quick start to PHP for programmers. It’s not a tutorial in how to program for beginners. I come neither to bury nor praise PHP. It has its uses, as do all scripting languages, and can be great fun for a quick lash-up.

Nonsense

Let’s not sugar coat this – there are aspects of PHP that don’t make a lot of sense. Here are a few you should be aware of to avoid a load of confusion:

  • Overloading in PHP does not refer to overloading in anything like the normal sense of the word in computer languages. It’s actually used to talk about interpreter hooks. There is no function overloading in PHP.
  • Case sensitivity is inconsistent. Variable and constant names, and labels, are case sensitive. Other things are not, including function names, class names, keywords and namespaces.
  • PHP syntax isn’t necessarily backward compatible, and new syntax is added on minor versions. This document is based on PHP 7.4, but mentions some important differences with 5.x and 7.x releases.
  • The meaning of “declare” has nothing to do with declaring anything; it sets interpreter options.
  • Multiple inheritance isn’t supported as a matter of design, which is then circumvented using a weird non-class called a trait.
  • The type declaration of “const” does not refer to an immutable object (it’s a way of declaring a manifest constant, and nothing more).
  • Things like parametric polymorphism aren’t supported, but reflection is used to simulate them at run-time.

File format

PHP interprets lines from a text file:

#!/usr/local/bin/php
<!--?php
print (“Hello World\n”);
?-->

Like any other script language, it helps to put the name of the interpreter in the first line of the file although if it’s being run through Apache you won’t need to.

#!/usr/local/bin/php

If you’re using Linux rather than Unix this may be at /bin/php, of course.
Next there is the <!–?php … ?–> business. The PHP interpreter was intended to allow PHP code to be embedded in an HTML tag, so this is the opening and closing of a tag to get it to take notice of the stream.

On later (current) versions you can dispense with the HTML comments and wrap the file in <?php … ?>

And in the middle, there’s our print statement. And it is actually a statement; not a function. I just put the brackets around it because I could. It prints a single string.

Note the semicolon on the end – like ‘C’, line breaks are irrelevant and statements are ended by a ‘;’

PHP also includes the echo statement, which takes multiple arguments like echo in the shell:

echo "foo", "bar";

Having two ways of doing the same thing is all part of the fun on PHP.

Comments

As you might expect from the offspring of C++ and Bourne shell, you can use both types of comment. C++ // and /* */, as well as #. For the sake of sanity, I’ll stick with // in this document, but it’s a matter of taste which you prefer.

Constants

Literal constants follow the conventions you’re used to, with the exception of string literals, which follow normal shell convetions. That’s to say that they may be quoted with either a single (‘) or double (“) quote. A single quote does not produce an integer character code. This is covered in more detail in the Strings section.

Other literal constants are as you’d expect – 123 is a cardinal; 1.23 is a float, and True is a Boolean.

Manifest constants in PHP are, by convention, declared in UPPER CASE, although it doesn’t matter to the language. There are two ways to do it:

const PI = 3.141592;
define ("Euler", 2.71828);

If you redefine a constant PHP will ignore you, silently. In other words, the first definition persists even though this is irrational.

At first sight, define() may look like a pre-processor option, but in an interpreted language this doesn’t really make sense. However, in combination with a conditional, you can use define() to create a constant with a value determined at run-time. The const modifier is a later addition to PHP and works like a compile-time definition (but with no error-checking). It has the advantage that it’s sensitive to namespaces and you’ll probably prefer it going forward. Until PHP 5.3 it only worked in class scope, but this restriction has gone.

It’s widely believed that the initialiser in a const declaration can’t be an expression. It can (since PHP 5.6); it just has to be a constant expression – e.g. const RPI = 1/PI;

Operators

PHP implements the usual operators with the usual precedence, with a few extras.

‘.’ is the string concatenation operator.

‘**’ is the exponential operator (from PHP 5.6 onward).

!== and === differ from != and == in that they must be identical – no type conversions are performed so the expressions being compared must be of the same type to be the same value.

<> is an alternative to !=, although bizarrely it has a precedence one below.

Only a maniac would use this feature in coding.
Comparison operators also work on arrays, and plus (‘+’) can be used to concatenate arrays (i.e. a union operator).

And as of PHP 7, there’s the <=> operator. It returns zero if both arguments are the same, -1 if the left argument is less than the right, and +1 if it’s greater. This is similar to the strcmp() function in the POSIX library, but the thought process that came up with it being a good idea as an operator is baffling.

Variables and Types

All variables are prefixed with a $, whether they appear in an lvalue and as an rvalue (unlike shell). But they don’t have a type.

$a=2;
$b=$a*10;
$a='Twenty: ';
echo $a ,$b;

As you can see, I stored an integer in $a, and then stored a string in it. Variables do have dynamic typing, although at any one time they are of a specific type. There’s a function to return the current type as a string:

$myint=123;
$mystr="A string";
$myreal=3.14159;
$mybool=true;
echo gettype($myint),": ",$myint,"\n";
echo gettype($mystr),": ",$mystr,"\n";
echo gettype($myreal),": ",$myreal,"\n";
echo gettype($mybool),": ",$mybool,"\n";
Output:
integer: 123
string: A string
double: 3.14159
boolean: 1

There are several functions like is_int() for other types, and they return true or false as you’d expect. And speaking of Boolean values, true is the integer 1, whereas false is an empty string. For conditionals, 0 or non-zero work as false or true too; as do empty or non-empty strings.

$a = (3 > 5);
$b = (3 < 5);
print ("a=$a, b=$b");


Output: a=, b=1

Variables in PHP are self-creating on first use, and that includes using them as part of an rvalue. The following nonsense is legal, with $b printing as an empty string. If you’re lucky you’ll get a notice-level warning to alert you to the fact you’ve messed up, but this isn’t guaranteed by any means.

$a="Hello";
echo $a, $b;


Output: Hello

Strings

Numeric expressions work as you’d expect. Strings can be concatenated using the ‘.’ operator (which you should separate with a space. Expression types are cast in a sensible way, so “Testing” . 123; results in a string containing “Testing123”.

$name='Mary';
$day='Monday';
$age=6;
print ("It will be $name's Birthday next $day and she will be $age.\n");

Output: It will be Mary's Birthday next Monday and she will be 6.

As you can see I haven’t quoted the single quote – there’s no need. The usual conventions apply, so to get a double quote you’d need \”. If your variable name isn’t obvious because it has printable characters immediately before or after, put it in curly brackets thus:

{$name}

PHP has dozens of string functions for you to look up, including everyone’s favourite strlen(). Some take the form str_xxx() and some are named strxxx(), for no good reason I can see except for PHP being bonkers.

Arrays

PHP doesn’t go for types, so arrays are also un-typed; and can be of mixed type values. Arrays are also dynamic. In fact they’re really lists, but PHP heads called them arrays anyway.
You can create arrays with an array() function, but the simple way is self-explanatory assuming you’re using a relatively recent version of PHP, as below:

$a1 = []; // Empty array
$a2 = [1,2,3,"Tom","Dick","Harry"]; // Initialised with stuff

If you’re using ancient PHP you could get the equivalent using:

$a1=array();
$a2=array(1,2,3,"Tom","Dick","Harry");

In the above, $a2[3] would be “Tom”, as you might expect. However, PHP arrays only default to zero based integer addressing. The index can be anything else, like a string. (Associative array is a name that may sprint to mind). The full syntax for initialisation is:

 $a3 = [ "red" => "rouge", 
"blue" => "bleu",
"green" => "vert",
"yellow" => "jaune" ];


And $a3[“green”] would return “vert”. You can mix integer indexes in with the strings, and if you don’t specify an index for an element it defaults to the next integer index. That’s to say, the last integer index used plus one. For example the following is perfectly legal, even if it isn’t sane:

$a3 = [ "red" => "rouge",
6 => "bleu",
"green" => "vert",
"jaune" ];


print ("a3[7] = $a3[7] \n");



Output: a3[7] = jaune

Note that this wouldn’t be $a3[8] or $a3[3]; both of which you might expect. This is because the second element had its index set to 6, the third element was given a key and the eight element defaulted to the next integer – 6+1 = 7. $a3[0] won’t get your “rouge”, as it’s got a key instead.

If you’re using an associative array (or integer indexed one), the risk is that PHP will bomb out if it can’t find the index/key. You can avoid this using the array_key_exists() function. It returns a bool and takes two arguments, the first being the key and the second the array. There are a number of array functions similar to those in the STL – in_array(), array_push(), array_pop(), count() sort(), and so on.

To add elements to an array this syntax is:

$a2[] = "Another";
$a3["purple"] = "violet";

The first adds an item indexed by the next available integer index. The second form adds a key/value pair. And yes, if the key or index already exists you’ll over-write the current value with your new one.
To remove an item from an array, you need the unset() function. It basically takes one or more variables or array locations as parameters and removes them, as if they’ve never been set

unset ($a3[6], $a3["green"); // Blue and green should never be seen.

Multi-dimensional array access is the same as for ‘C’ – i.e. as many indexes as you need each in their own square brackets

Flow Control

I hope you had fun with variables and strings. Now we come to some good news. The flow control structures in PHP are the same as ‘C’, Java and C#. Including blocking statements together with curly brackets.

All of the following are valid and work exactly as you’d expect.

if (conditional) statement;

if (conditional) { statement; statement; … }

do statement; while (conditional);

do statement; while (conditional);

while (conditional) statement;

for (initialiser; conditional; increment) statement;

switch (value) // Value can be any type
{
case 1:
statement;
break;
case 2:
statement;

default:
statement;
}

goto label;

There’s also an “enhanced” for loop as in Java, C# or shell script, or the C++ STL:

foreach (array as item) statement;

Basically, each time through the loop the variable “item” is replaced with the next element in “array”.

foreach ($a3 as $element)
print ("The item is $element\n");

Whilst Java omits goto; PHP doesn’t, in common with C, C++ and C#.

In complex code a goto statement can simplify flow control considerably, although it’s hard to come up with a trivial example where it makes sense. Here follows a trivial example where it doesn’t make sense, but you get the idea. Note the label ends in a colon (“:”).

goto mylabel;
print ("This will NOT be printed\n");
mylabel:
print ("Output will start here\n");

Finally, “break” and “continue” work as expected in loops.

In spite of having a full set of structured statements, many PHP developers seem to like using exceptions to implement program flow. More on this later.

Functions/Methods

PHP functions are a simplified version on C/C++/Java/C# syntax. Note that functions are called methods in Java.

So here’s a function:

function square ( $x )
{
return $x * $x;
}

print("2 squared is ".square(2)."\n");

Output: 2 squared is 4

And that’s about it. The keyword “function” tells the interpreter it’s about to get a function definition.

As PHP isn’t typed, there’s no need to worry about specifying a return type, or parameter types. This is probably one of the worst aspects of K&R ‘C’, which was corrected with function prototypes in the ANSI specification. PHP made the same initial mistake, and implemented something similar to function prototypes in PHP version 5 onwards where they were known as type hints. From version 7 they’re called type declarations and have been extended.

Even with type hints, function name overloading isn’t possible; there is no compile-time polymorphism as there is no compilation. However, introspection and reflection are supported in PHP and this is used for un-checked dynamic polymorphic constructs.

The syntax for declaring an (optional) function return type is different to other languages (PHP 7 onward):

function sum($x, $y): float
{
return $x + $y;
}
print("The type of sum() = ".gettype(sum(2,3))."\n");

Output: The type of sum() = double

As you can see, PHP also “rounds up” floats to doubles. The value of return types may be a bit limited, as most of the time dynamic typing will silently convert it to whatever seems right anyway.

In addition to class names, the return type of a function can be one of self (instance of the class the method was defined on), array or callable. From PHP 7 onward you can have book, float, int and string. In 7.2 return types of iterable and object have been added.

The syntax for arguments is the same as C/C++/Java/C#. If you want to use argument type checking, you can write it as:


function square ( int $x )

It’s worth noting that without the optional type checking (which is normal for PHP), a function will return something random if you give it unexpected arguments. There’s a convention that a NULL will be returned in such circumstances, but it’s only a convention.

You can pass by reference by prefixing the variable name with an ampersand “&”, (C++ style).

function square ( &$x )
{
$x = $x*$x;
}

If a function returns a reference, prefix its name with &.

function &add_tax (&$x)
{
$x *= 1.2;
return $x;
}

You can also have default parameter in the same way as C++

function printwhen ( $product, $when="sometime")
{
print ("Your $product will be ready $when.\n");
}

A variable arguments list is accomplished using … as prefix to a variable, which effectively becomes an array of the passed values.

function total (...$numbers)
{
$tot = 0;
foreach ($numbers as $num)
$tot+=$num;
print "The total is $tot\n";
}


total (3,1,4,1,5);
Output: The total is 14

And for one final piece of craziness you can call a function by having its name stored in a string.

function hi()
{
print "Hello\n";
}
$greeting ="hi";
$greeting();

This does not make it a first-class function, or even a pointer to a function. It’s a recipe for disaster.

If you’re wondering about void functions, there’s no such thing, but if you don’t hit a return statement PHP will return a NULL.

Lambda (closure; anonymous) functions are supported:

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post
function myfunction ($a1, $f1)
{
print ("a1=$a1\n");
$f1 (456);
}
myfunction (123, function ($a) { print ("a=$a\n"); } );

This will output

a1=123
a=456

You can make the lambda inherit variables from the local scope with use():

$x = 1; $y = 2;
myfunction (123, function ($a) use ($x, $y) { print ("a=$a, x=$x, y=$y\n"); } );

Output:

a1=123
a=456, x=1, y=2

Just keep reading it until in makes sense.

Classes

The class/object model is pretty much a subset of the same as C++, which has been borrowed by Java and C#. If you’re not used to C++ terminology:

  • method = member function
  • property = member variable = attribute

You define a class using the class keyword followed by the name. The modifiers const, static, public, private and protected have the usual meaning. By default everything is private, but this can be overridden on an element-by-element basis. Unlike C++, you can’t use public:, protected: or private: as labels to change subsequent declarations. There’s no such thing as a “struct” in PHP (which is a class where members default to public, if you’re coming from Java or C#), or a union.

The final keyword can be applied to a class or method, and prevents the class being used as a base for a derived class, or the method being overridden. It’s not the same as Java when it comes to class constants; in PHP use the keyword “const” instead.

A constructor is defined as “public function __construct() …”, with optional arguments. Remember, function name overloading isn’t supported. A class’ destructor is a function named __destruct().

Functions starting with __ (two underscores) are “magic” in PHP. Additional magic functions defined include __call(), __callStatic(), __get(), __set(), __isset(), __unset(), __sleep(), __wakeup(), __toString(), __invoke(), __set_state(), __clone() and __debugInfo(), and might best be described as hooks within a class that get called by the interpreter in particular circumstances. See a PHP reference for further details.

The pseudo-variable $this has the same meaning as other languages. There’s also a keyword “self” (no $) that can be used to refer to the class rather than this particular instantiation (object of class), and “parent”, to refer to the parent class where inheritance is used.

To reference an element within an object of a class, use the arrow operator (“->”), as if it’s a structure pointer dereference in C++. In languages without pointers, like Java and C#, you always use the “.” operator to specify an element, whatever the underlying reality. In ‘C’, the choice of . and -> makes a difference. In PHP, you always use “->”; at least you don’t have to think about it.

So here’s an example, which should be self-explanatory, but I’ll explain it afterwards anyway:

class myClass
{
public $myVar = "My default value";

function printme()
{
print("myVar = " . $this->myVar . "\n");
}
function printhello()
{
print("Hello!\n");
}
}

$myObject = new myClass;
$myObject->printme();

$myObject->myVar = "New value";
$myObject->printme();
myClass::printhello();

Output:

myVar = My default value
myVar = New value
Hello!

First off, note that the attribute $myVar is declared with at $ but this isn’t used when it’s referenced as an element. I’ve made it public so it can be referenced from outside the class.

I haven’t made the printme() method public; it is by default! Inside it I’ve used $this->myVar to get at the attribute. Without the $this-> it won’t be in scope. In other words, properties are NOT in scope of methods.

PHP supports the scope resolution operator “::”, which is used above for the sake of simple demonstration. printhello() is the same as a Class method in Java. Note that myClass::printme(); would fail, because no instantiated object exists for $this to refer to.

The scope resolution becomes important when you use derived classes.

class myChild extends myClass
{
public $childVar = "I'm only a kid";

function printme()
{
myClass::printme();
print("myVar another way = " . $this->myVar . "\n");
print("childVar = " . $this->childVar . "\n");
}
}

$myChildObject = new myChild;
$myChildObject->myVar = "I'm the parent object.";
$myChildObject->printme();

What won’t work is if you have properties of the same name in both the base and derived class. With the auto-creating variables in PHP, “declaring” another myVar in myChild will make it indistinguishable from the same property in myClass. No warning. Just confusion; so take care you never do it. If BOTH properties are private, that’s fine.


class myClass
{
private $myVar = "I'm the parent";
function printme()
{
print("myVar in base = " . $this->myVar . "\n");
}
}

class myChild extends myClass
{
private $myVar = "I'm only a kid";
function printme()
{
myClass::printme();
print("myVar in child = " . $this->myVar . "\n");
}
}

$myObject = new myChild;
$myObject->printme();

Output:

myVar in base = I'm the parent
myVar in child = I'm only a kid

To access a static class property or function (aka attribute or method) prefix it with the class name and the scope resolution operator (not a dot!)
Interface and Abstract Classes

In C++ an interface class contains one or more pure virtual functions (abstract methods) and nothing else. It’s a special case of an abstract class. However, because a class is a class, it’s treated as any other. Multiple inherence lets a new class inherit as from as many parents as it likes; interface or not.

In Java and C#, with single inheritance, multiple interface classes can also be inherited. However, they’re up-front about an interface class, with its own special keyword. PHP shares this, as well as Java’s “implements” keyword when specifying an interface in a class declaration.

Here’s a simple example of an abstract class:

abstract class AbstractClass
{
// Force an extending class to define this method
abstract protected function printme();

// Example method everything will inherent

public function printHello ()
{
print "Hello World\n";
}
}

class ConcreteClass extends AbstractClass
{
public function printme()
{
parent::printHello();
print("I’m concrete\n");
}
}

$rubble = new ConcreteClass;
$rubble->printme();


Output:

Hello World
I’m concrete

If you’re having an interface class (abstract class consisting of only pure virtual functions), in PHP you say so. A concrete class can inherit multiple interfaces (using a comma separated list), even if it can only extend one base class.

interface iPrintable
{
public function printme();
}

interface iFriendly
{
public function printHello();
}

class MyClass implements iPrintable, iFriendly
{
public function printme()
{
print("I’m concrete\n");
}

public function printHello()
{
print("Hi there!\n");
}
}

$myObject = new MyClass;
$myObject->printHello();
$myObject->printme();

Output:

Hi there!
I’m concrete

I’ve previously mentioned that PHP doesn’t support multiple inheritance. To get around this PHP does include something called a trait (from PHP 5.4). If the answer to your problem involves using traits, you’re probably doing something wrong., but you’ll need to be aware of them.

class MyClass
{
public function printHello()
{
print ("Hello");
}
}

trait PrintWorld
{
public function printWorld()
{
print ( " World!\n");
}
}

class Greeting extends MyClass
{
use PrintWorld;
}

$myObject = new Greeting();
$myObject->printHello();
$myObject->printWorld();


Output: Hello World!

As you can see in the code, MyClass and Greeting are both classes. Greeting extends MyClass but uses a trait called PrintWorld. As a result, Greeting inherits the printHello() method from MyClass and the printWorld() method from the PrintWorld trait. You can use as many traits as you like, but there are, unsurprisingly, more limited than a full class. If they have a use, it’s to lump a load of functions together in a convenient place. If you use traits for anything tricky, and need to resolve clashes and work out precedence, you’ll have to read the full manual; and when you do remember it was your fault for getting into the mess in the first place, because I warned you.

Namespace

PHP does support namespaces from PHP 5.3 onward, but it’s clunky. The keyword “namespace” followed by your chosen name must be the first thing in the source file, other than the opening tag (<?php). This is very strict, meaning that you can’t have anything before the tag, including initial html.

Good:

 <?php
namespace Example;

Fatal Error:

 <?php
namespace Example;

Namespaces are hierarchical, and the path can be separated using a backslash (‘\’) – not the scope resolution operator. You can access anything public in a different namespace if you know how to get to it:

namespace test/junk/foo;
\test\junk\somefunction();

You can import classes from another namespace with the “use [… as …]” keyword:

 use \test\junk\myClass as hisClass;

From PHP 5.6 you can also have “use const …” and “use function …”

Reflection and Introspection

Because PHP is interpreted it’s technically possible to mess around with objects at runtime; not the object’s members but the languages’s notion of an object. This can lead you many interesting and amusing problems, but is sometimes the least-worst option for dealing with the fluid object typing inherent in the language.

Let’s be clear here – in assembly language its possible to use self-modifying code. It was clever, and when you had 1K of core to play with, its use was justified. It’s also possible in ‘C’ – you can find the address of a function easily enough and modify the op-codes. However, it’s pretty obvious to anyone that this is a path to madness. And with modern compiler optimisation, wholly unnecessary.

So where you see introspection used sensibly is on checking the arguments to a function. To PHP, every object can look like any other, which appears to be a good reason why parametric polymorphism can’t happen. However, if you write a single function that examines the objects actually passed and acts accordingly.

If you want to read more about this, as ever, the PHP documentation is the place yo go. However, here’s a quick example to give you the idea of how to get started.

class Foo
{
private $my_private_var;
public $my_public_var;
protected $my_protected_var;
function print_my_name ()
{
echo "My name is Foo\n";
$this->my_private_var = "I'm Private";
$this->my_public_var = "I'm Public";
$this->my_protected_var = "I'm Protected";
}
}

// Instantiate a Foo, check it's working and set it's variables.
$test = new Foo;
$test->print_my_name();

// These two functions get the type of a variable
// (in this case it'll be an object) and the class
// name of the object, so your function can decide what
// to do with it.
echo "gettype() returns " . gettype($test) . "\n";
echo "get_class() returns " . get_class($test) . "\n";

// As these next functions are returning arrays, we're going to
// use the print_r() function to print them in readable format
// from now on. And here's where it starts to get silly.

echo "Output of get_object_vars()\n";
print_r(get_object_vars ($test));

echo "\nOutput of get_class_vars()\n";
print_r(get_class_vars ('Foo'));

echo "\nOutput of get_class_methods()\n";
print_r(get_class_methods ('Foo'));

echo "\nOutput after casting object to array\n";
print_r((array)$test);

echo "\nvar_dump() after casting to an array\n";
var_dump((array)$test);

// And now for something really horrible:

$a=(array)$test;
$a["Var_no_one_knows_about"] = "I've got a bad feeling about this.";
$test=$a;

echo "\nThe Foo object after we've hacked it.\n";
print_r((array)$test);

Output

 My name is Foo
gettype() returns object
get_class() returns Foo
Output of get_object_vars()
Array
(
[my_public_var] => I'm Public
)
Output of get_class_vars()
Array
(
[my_public_var] =>
)
Output of get_class_methods()
Array
(
[0] => print_my_name
)
Output after casting object to array
Array
(
[Foomy_private_var] => I'm Private
[my_public_var] => I'm Public
[*my_protected_var] => I'm Protected
)
var_dump() after casting to an array
array(3) {
["Foomy_private_var"]=> string(11) "I'm Private"
["my_public_var"]=> string(10) "I'm Public"
["*my_protected_var"]=> string(13) "I'm Protected"
}
The Foo object after we've hacked it.
Array
(
[Foomy_private_var] => I'm Private
[my_public_var] => I'm Public
[*my_protected_var] => I'm Protected
[Var_no_one_knows_about] => I've got a bad feeling about this.
)

Debugging

There are many PHP functions intended for debugging, but here are a few tips to start you off.

print_r() – Pretty print a variable or array.

var_dump() – As above, but with more information (particularly its type)

debug_zval_dump() – As above, but with reference counts for debugging the PHP interpreter.

Here’s a quick example.

$a = ["One","Two","Three"];
print_r($a);
var_dump($a);

Output

 Array
(
[0] => One
[1] => Two
[2] => Three
)
array(3) {
[0]=> string(3) "One"
[1]=> string(3) "Two"
[2]=> string(5) "Three"
}

One very useful feature of the var_dump() function is that when it’s used for a class it can be overridden by the special “__debugInfo()” member function, which can output the contents in any way you see fit. The default is to dump the lot.

Because debugging is something you’re likely to want to do without wanting to read the whole PHP manual, I’ll go into a bit more detail. These functions will write to the standard output (or HTML stream if you’re using it for a web site). To catch teh output and write it to a file use something like this:

// First we capture the output into an output buffer
// and store the result in the string.
ob_start();
var_dump($a);
$stuff = ob_get_clean();

// Then we append it to a text file of our choice
$fp = fopen("/var/log/mylog.log", "a");
fwrite($fp, $stuff);
fclose($fp);

It’s easier to capture print_r() as it has a default final parameter; a flag to return the output as a string rather than printing it. In this example I’m using the special variable $GLOBALS to dump every global variable.

$stuff = print_r($GLOBALS,true);

Miscellanies

Running shell commands

PHP supports the back-tick operator in the same way as the Bourne shell. Anything between two back-ticks (‘`’) will be passed to the shell, and stdout will replace the whole lot in the interpreted line.

declare()

There’s a keyword “declare” that is akin to a compiler #pragma. It sets various options for the interpreter from this point onward; or for the following block. It doesn’t actually declare anything.

Examples:

 declare (strict_types=1);

This will actually enable type checking on function arguments, assuming someone’s bothered to define types in the first place.

 declare(encoding='ISO-8859-1')
{

}

The code between the { … } is encoded using ‘ISO-8859-1’ (i.e. 8-bit extended ASCII, not Unicode).

include/require

These statements simply include an external file into the interpreter stream at this point.

 include “something.php”;

Require is similar, except it’ll halt execution with a fatal error if the file isn’t found. There are special versions, include_once and require_once, which will refrain from including the named file if it’s been included before.

@ Error control operator

Being an interpreted language, you won’t be bothered by any compile-time errors drawing attention to mistakes in your code. If you want to prevent pesky run-time errors to, you can prefix any expression you like with a commercial at (‘@’), and it’ll suppress any errors or warnings that would otherwise highlight your mistakes. This includes fatal errors, so your script will just stop dead, causing the user to utter many interesting terms of endearment about you when they find out.

As far as I can make out, the @ operator technically sets the run-time error reporting level to zero (that which is returned by error_reporting ()). Any error handlers you’ve set will still be called.

Auto loading functions

PHP programs can become a mess with a lot of includes at the beginning of each script file in order to import a large number of classes. As a result its quite common to use a mechanism called auto-loading. Prior to PHP 8 this was done using a __autoload function() but newer versions use spl_autoload_register() instead.

With __autoload() (two underscores) you basically defined the function and it will be called if some of your code fails with a “Class not found” error. The function takes a class name as its parameter (the one that caused the error) and is likely to include that class from wherever you have it stashed.

This mechanism does, at least, only load classes when they’re first called.

function __autoload($ClassName)
{
    include($ClassName.".php");
}

With PHP 8 it’s a bit more complex. __autoload() has been removed, so you have to use spl_autoload_register() – although you can use this to call an __autoload() from your old code. The difference is that __autoload() has no special meaning any more but it’s still a valid function.

As its name might suggest, it registers a load of autoload functions that the system can use as required.

The function takes the name of an autoload function (which defaults to spl_autoload()) as its first parameter. Two more optional boolean flags are passed – the first can be set to false if you don’t want it to throw an exception, and the second can be set to true if you want the function registered at the front of the list rather than the end.

You’d probably be best reading the full documentation if you come across something that isn’t obvious in the code.

Iteration

Since Version 5, PHP has supported external iterators for arrays objects. There are a couple of dozen predefined, and each of which has a similar number of methods. You’ll have to read the PHP documentation for a comprehensive list. Unfortunately the documentation is lacking for many of them.

Like other languages, an Iterator is an interface that an object may implement. This includes the following methods:

current() – return element pointed to by the cursor.
key() – return the key pointed to by the cursor.
next() – move the cursor on by one.
rewind() move the cursor to the first element.
valid () – return true if the cursor is pointing to a valid element (e.g. it hasn’t gone off the end).

Exception Handling

There really needs to be a section on exception handling. It’s very similar to the Java model, but the way it’s used makes me nauseous and I can’t bring myself to write about it right now.

Jails on FreeBSD are easy without ezjail

I’ve never got the point of ezjail for creating jailed environments (like Solaris Zones) on FreeBSD. It’s easier to do most things manually, and especially since the definitions were removed from rc.conf to their own file, jail.conf. (My biggest problem is remembering whether it’s called “jail” or “jails”!)

jail.conf allows macros, has various macros predefined, and you can set defaults outside of a particular jail definition. If you’re using it as a split-out from rc.conf, you’re missing out.

Here’s an example:

# Set sensible defaults for all jails
path /jail/$name;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
mount.procfs;
host.hostname $name.my.domain.uk;
# Define our jails
tom { ip4.addr = 192.168.0.2 ; }
dick { ip4.addr = 192.168.0.3 ; }
harry { ip4.addr = 192.168.0.4 ; }
mary { ip4.addr = 192.168.0.5 ; }
alice { ip4.addr = 192.168.0.6 ; }
nagios { ip4.addr = 192.168.0.7 ; allow.raw_sockets = 1 ; }
jane { ip4.addr = 192.168.0.8 ; }
test { ip4.addr = 192.168.0.9 ; }
foo { ip4.addr = 192.168.0.10 ; }
bar { ip4.addr = 192.168.0.11 ; }

So what I’ve done here is set sensible default values. Actually, these are probably mostly set what you want anyway, but as I’m only doing it once, re-defining them explicitly is good documentation.

Next I define the jails I want, over-riding any defaults that are unique to the jail. Now here’s one twist – the $name macro inside the {} is the name of the jail being defined. Thus, inside the definition of the jail I’ve called tom, it defines hostname=tom.my.domain.uk. I use this expansion to define the path to the jail too.

If you want to take it further, if you have your name in DNS (which I usually do) you can set ip.addr= using the generated hostname, leaving each individual jail definition as { ;} !

I’ve set the ipv4 address explicitly, as I use a local vlan for jails, mapping ports as required from external IP addresses if an when required.

Note the definition for the nagios jail; it has the extra allow.raw_sockets = 1 setting. Only nagios needs it.

ZFS and FreeBSD Jails.

The other good wheeze that’s become available since the rise of jails is ZFS. Datasets are the best way to do jails.

First off, create your dataset z/jail. (I use z from my default zpool – why use anything longer, as you’ll be typing it a lot?)

Next create your “master” jail dataset: zfs create z/jail/master

Now set it up as a vanilla jail, as per the handbook (make install into it). Then leave it alone (other than creating a snapshot called “fresh” or similar).

When you want a new jail for something, use the following:

zfs clone z/jail/master@fresh z/jail/alice

And you have a new jail, instantly, called alice – just add an entry as above in jail.conf, and edit rc.conf to configure its networ. And what’s even better, alice doesn’t take up any extra space! Not until you start making changes, anyway.

The biggest change you’re likely to make to alice is building ports. So create another dataset for that: z/jail/alice/usr/ports. Then download the ports tree, build and install your stuff, and when you’re done, zfs destroy
z/jail/alice/usr/ports. The only space your jail takes up are the changes from the base system used by your application. Obviously, if you use python in almost every jail, create a master version with python and clone that for maximum benefit.

Facebook wants end-to-end encryption

Facebook is wrong. Completely.

End-to-end encryption means that Facebook doesn’t have access to the content of messages. Right now, ONLY Facebook can read your private message content, but that will change. (Actually, that’s not true – your employer can too, and that won’t change, but it’s beside the point)

Given Facebook’s entire business model is collecting and selling personal data on its users, this might sound strange. You can bet it’s nothing to do with making the world a safe place for political activists in repressive countries. Such countries can simply block Facebook.

But there are three reasons they may wish to do this:

  1. Right now law enforcement can ask Facebook for data. If Facebook refuses, there can be a stink. If it hands it over, there can be a stink. If Facebook can shrug its shoulders and say “can’t be done”, it’s off the hook. Apple has done this.
  2. If Facebook’s system is insecure, someone may steal personal data from it in the future, leading to embarrassment and GDPR complications. If it’s encrypted while at Facebook, this cannot happen.
  3. Hard core criminals know all about how to use encryption. Facebook is used for recruiting. If Facebook has to face the music for this, with end-to-end encryption they have plausible deniability.

It’s worth noting that political activists have well established secure communication channels too. Paedophile networks have the knowledge to do this, and do. There are plenty of “dark web” options to keep things secret.

So far from protecting the public, the only reason Facebook has to do this is to protect itself.

Amazon Echo vulnerable in Smart Speaker battle

When Google launched its smart speaker it was playing catch-up with Amazon. The Echo had an established ecosystem, and unless Amazon blew it, this lead looked unassailable. The field was Amazon’s to lose.

Since then, Amazon’s arrogance seems to have taken it towards such a losing strategy. Glitzy launches of new gadgets are not enough to maintain a lead. I have a sample of pretty much every Echo device ever sold, and the newer ones aren’t that much better than the old ones. The build quality was always good, and they work.

What could damage the Echo is the slide in functionality.

Most people assumed that the rough edges – things you should be able to do but couldn’t – would be addressed in time. Google stole a march by recognising the person speaking, but Amazon has caught up. Sort-of. Meanwhile Google has been catching up with Amazon on other functionality and ecosystem.

What Amazon is failing to realise is that they’re selling smart speakers. This is the core functionality. They came up with the technology to link speakers in groups, so you could ask for something to be played “Upstairs”.

This is still there, but it’s been made almost useless. In the beginning you could play anything you wanted on an Echo. All music purchased direct from Amazon was added to your on-line library. There was also Amazon’s Prime music service. The latter has gone down hill recently, with the good stuff moved to a separate “full” streamin service. The ability to play your own music by uploading your MP3 files to your library. This facility has just “gone”, as of the start of the year.

Loyal Amazon customer assumed that it would go the other way, and that you’d be able to stream from your local source to your smart speaker groups. Amazon has blocked this, although some third party skills can play media to a single Amazon speaker. Not so smart.

Now Echo users are about to be hit again. From next month feed of BBC Radio, and other things, is changing. You’ll still be able to get them, but only on a BBC skill. The effect of this is that you can’t use an Echo as a radio alarm clock and more, the alarms will be confined to built in sounds. No longer will I be able to wake up to Radio 4’s Today program at 6am. Unfortunately I will still have to wake up at that time.

Echo Dot with Time Display – but now no use as a radio alarm

Ironically, one of Amazon’s enhancements is an Echo Dot with a time display. Just in time for it to be made useless by the software.

Looking at the change, I also strongly suspect you won’t be able to play a radio station on a group of speakers either. The speaker group technology is limited to Amazon’s own streaming service.

The Echo/Alexa system used to just work. Unless Amazon reverses these catastrophic decisions, it just doesn’t work. And now the public has a taste for this functionally, someone else can walk in and provide it.

Why Python is a terrible language for education

The interpreted language Python is a lot of fun. It’s great for quick and dirty lash-ups, and has list comprehensions whilst being easier to use that Haskell. There are many great reasons why you would never deploy it in a production environment, but that’s not what this article is about.

In the UK, the government decided that schoolchildren needed to learn to code; and Python was picked as the language of choice.

Superficially it looks okay; a block structured BASIC and relatively easy to learn. However, the closer I look, the worse it gets. We would be far better off with Dartmouth BASIC.

To fundamentally understand programming, you need to fundamental understand how computers work. The von Neumann architecture at the very least. Sure, you can teach CPU operation separately, but if it’s detached from your understanding of software it won’t make much sense.

I could argue that students should learn machine code (or assembler), but these days it’s only necessary to understand the principle, and a high level language like BASIC isn’t that dissimilar.

If you’re unfamiliar with BASIC, programs are made up of numbered lines, executed in order unless a GOTO is encountered. It also incorporates GOSUB/RETURN (equivalent to JSR/RTS), numeric and string variables, arrays, I/O and very little else. Just the basic building blocks (no pun intended).

Because of this it’s very quick to learn – about a dozen keywords, and familiar infix expression evaluation, and straightforward IF..THEN comparisons. There are also a few mathematical and functions, but everything else must be implemented by hand.

And these limitations are important. How is a student going to learn how to sort an array if a language has a built-in list processing library that does it all for you?

But that’s the case for using BASIC. Python appears at first glance to be a modernised BASIC, although its block structured instead of having numbered lines. That’s a disadvantage for understanding how a program is stored in sequential memory locations, but then structured languages are easier to read.

But from there on, it gets worse.

Types

Data types are fundamental to computing. Everything is digitised and represented as an appropriate series of bits. You really need to understand this. However, for simplicity, everything in python is treated as an object, and as a result the underlying representation is completely hidden. Even the concept of a type is lost, variables are self-declaring and morph to whatever type is needed to store what’s assigned to them.

Okay, you can do some cool stuff with objects. But you won’t learn about data representation if that’s all you’ve got, and this is about teaching, right? And worse, when you move on to a language for grown-ups, you’ll be in for a culture shock.

A teaching language must have data types, preferably hard.

Arrays

The next fundamental concept is data arrays; adding an index to a base to select an element. Python doesn’t have arrays. It does have some great built in container classes (aka Collections): Lists, Tuples, Sets and Dictionaries. They’re very flexible, with a rich syntax, and can be used to solve most problems. Python even implements list comprehensions. But there’s no simple array.

Having no arrays means you have to learn about the specific characteristics of all the collections, rather than simple indexing. It also means you won’t really learn simple indexing. Are we learning Python, or fundamental programming principles?

Structuring

Unlike BASIC, Python is block structured. Highly structured. This isn’t a bad thing; structuring makes programs a lot easier to read even if it’s less representative of the underlying architecture. That said, I’ve found that teaching an unstructured language is the best way to get students to appreciate structuring when it’s added later.

Unfortunately, Python’s structuring syntax is horrible. It dispenses with BEGIN and END, relying on the level of indent. Python aficionados will tell you this forces programmers to indent blocks. As a teacher, I can force pupils to indent blocks many other ways. The down-side is that a space becomes significant, which is ridiculous when you can’t see whether it’s there or not. If you insert a blank line for readability, you’d better make sure it actually contains the right number of spaces to keep it in the right block.

WHILE loops are support, as are FOR iteration, with BREAK and CONTINUE. But that’s about it. There’s no DO…WHILE, SWITCH or GOTO.

You can always work around these omissions:

do
<something>
until <condition>

Becomes:

while True: 
<something>
if <condition>:
break

You can also fake up a switch statement using IF…ELSEIF…ELSEIF…ELSE. Really? Apart from this being ugly and hard to read, students are going to find a full range of control statements in any other structured language they move on to.

In case you’re still simmering about citing GOTO; yes it is important. That’s what CPUs do. Occasionally you’ll need it, or at least see it. And therefore a teaching language must support it if you’re going to teach it.

Object Orientation

And finally, we come on to the big one: Object Orientation. Students will need to learn about this, eventually. And Python supports it, so you can follow on without changing language, right? Wrong!

Initially I assumed Python supported classes similar to C++, but obviously didn’t go the whole way. Having very little need to teach advanced Python, I only recently discovered what a mistake this was. Yes, there is a Python “class”, with inheritance. Multiple inheritance, in fact. Unfortunately Python’s idea of a class is very superficial.

The first complete confusion you’ll encounter involves class attributes. As variables are auto-creating, there is no way of listing attributes at the start of the class. You can in the constructor, but it’s messy. If you do declare any variables outside a method it silently turns them into global variables in the class’s namespace. If you want a data structure, using a class without methods can be done, but is messy.

Secondly, it turns out that every member of a class is public. You can’t teach the very important concepts of data hiding; how to can change the way a class works but keep the interface the same by using accessors. There’s a convention, enforced in later versions, that means prefixing a class member with one or more underscores makes it protected or private, but it’s confusing. And sooner or later you discover it’s not even true, as many language limitations are overcome by using type introspection and this rides a coach and horses through any idea of private data.

And talking of interfaces, what about pure virtual functions? Nope. Well there is a way of doing it using an external module. Several, in fact. They’re messy, involving an abstract base class. And, in my opinion, they’re pointless; which is leading to the root cause why Python is a bad teaching language.

All Round Disaster

Object oriented languages really need to be compiled, or at least parsed and checked. Python is interpreted, and in such a way as it can’t possibly be compiled or sanity checked before running. Take a look at the eval() function and you’ll see why.

Everything is resolved at run-time, and if there’s a problem the program crashes out at that point. Run-time resolution is a lot of fun, but it contradicts object orientation principles. Things like pure virtual functions need to be checked at compile time, and generate an error if they’re not implemented in a derived class. That’s their whole point.

Underneath, Python is using objects that are designed for dynamic use and abuse. Anything goes. Self-modifying code. Anything. Order and discipline are not required.

So we’re teaching the next generation to program using a language with a wide and redundant syntax and grammar, incomplete in terms of structure, inadequate in terms of object orientation, has opaque data representation and typing; and is ultimately designed for anarchic development.

Unfortunately most Computer Science teachers are not software engineers, and Python is relatively simple for them to get started with when teaching. The problem is that they never graduate, and when you end up dealing with important concepts such as object orientation, the kludges needed to approximate such constructs in Python are a major distraction from the underlying concepts you’re trying to teach.

Talkmobile APN data settings for Android

If you’re trying to get Talkmobile working with the current version of Android and have tried various settings on the Web with no luck. The Talkmobile web site itself is also incorrect. Here are the real ones as of right now…

Go to “Access Point Names” under setting somewhere. You’ll see Vodafone ones already there, probably. Ignore them.

Create a new one. Call it “Talkmobile” or whatever you fancy. The only three settings you need to change are:

APN Name: talkmobile.co.uk

User name: wap

Password: wap

Proxy: 212.183.137.12

Port: 8799

APN Type: * (if this doesn’t work try “Default”)

I haven’t given the MMS settings because I leave them blank and avoid rip-off charges!

Baofeng DM-9HX First Look Review

The DM-9HX looks the same as the UV-9HX which is the same as the UV-5R. Everything fits.

It’s finally here – Baofeng has released its proper digital version of the UV-5R and you can just-about get it in the UK by direct import (although I gather Moonraker have a few).

I reviewed their first digital model, the DM-5R, and concluded it was a bad idea as it only implemented Tier 1 and therefore could only talk to identical transceivers. A real pity. There is supposed to be a Tier-II version, the DM-5R Plus, but I don’t know anyone who’s seen one and even the specifications say it’s isn’t compatible with Motorola. Anyway, it seems to be history or myth now the DM-9HX has arrived.

The DM-9HX does Tier II, and should talk to DMR sets from other manufacturers and work through repeaters. I haven’t personally tested this properly as yet, but indications are good. So with that in mind, on with an initial review:

I’ll assume you know previous Baofeng models well enough and concentrate on the differences. But just in case you don’t, the legendary Baofeng UV-5R series are cheap and cheerful handheld dual-band FM 2m/70cm transceiver with a speaker/mic socket and an MSMA connector for whatever antenna you choose. There is a tri-band model, and they all seem to have a built-in torch.  A number of variations in case style exist, including waterproof, as do versions with uprated RF. But they’re pretty much identical at the user level; and they’re the mainstay of many people’s community PMR set-ups as well as a no-brainer for Ham use.

Baofeng announced it was going to produce a digital version, which was physically interchangeable with previous models but with added DMR capability. This is a great proposition for people like me, with dozens of UV-5R batteries, antennas, chargers, cases and so-on. It protects your investment whilst allowing controlled migration to DMR. It’s been a long time coming, but now it’s here.

So first off – the interoperability is there. It uses exactly the same accessories as the UV-5R. It’s the same size and looks like a UV-5R – apart from the all-new display. Good job. The only physical difference is the programming cable, which is a direct USB feed into the microphone socket. And it doesn’t work with CHIRP. If you look closely, the label also says DM-9HX (check the picture near the top) and the keypad is overprinted for digital mode – alpha instead of menu shortcuts. The DM-5R/Plus had a black VFO button but they’ve gone back to orange with this model. I’ve had to put a rubber sleeve on it to find it amongst the others.

The new dot-matrix screen is more flexible and easier to read,

Inside the box you get a new “digital” antenna, the standard charger and the large battery. I’ve yet to test how much difference the fancy antenna makes; for ease of carrying, and like-for-like comparison, I swapped it for a standard battery and a stubby antenna. Moonraker supplied a standard Beofeng headset (yeah) with theirs; others don’t. The charger is the same, and it comes with the larger BL-5 12Wh battery although the smaller type still fit.

It also comes with an English manual, which is reminiscent of the one supplied with the DM-5R. It doesn’t actually relate to the DM-9HX, which is different enough for this to matter.  But we’re radio amateurs, right? We like fiddling with things to find out how they work.

Compared to the analogue models, the user interface is much improved in terms of sanity, while remaining similar in some respects. The buttons do more-or-less the same, with the side ones being programmable. Alpha text entry on the keypad is now Nokia-like, with the # key switching case and three alpha characters on each number key.

The display is a high-res monochrome dot-matrix instead of a segmented LCD found on the analogue models and the DM-5R. It’s very clear to read, and back-lit either permanently or on a timer. There are also no more voice prompts. This is either a good or bad thing, depending on your taste.

Instead of settings being arranged in one long numbered list, in the new world they’re in a hierarchy of menus. Some settings are in odd places, but in general it’s a big improvement and easy to get around. The layout in the manual is simply incorrect, but even then it didn’t take too long to find most things. Some, however, were more difficult – read on and save yourself some trouble.

One handy feature of Beofeng analogue sets is the “dual watch”. This allows you to monitor two frequencies, and optionally lock on to the active one for transmissions. Although it appears in the manual, it wasn’t in the menu. The truck is to turn off “Power Saving” mode, after which it appears. There’s no sensible explanation of “Power save” mode, but it’s on by default.

Another oddity is tone squelch. CTCSS can be set on T, R and C. I’m not sure what ‘C’ is but I suspect it simply sets both T and R at once. The same menu identifies itself as setting DCS modes, but doesn’t appear to allow any such thing. I’ve yet to find a way of doing it on the radio, but you can from the programming software. This turns out to be true of quite a few things, for not apparently good reason.

Remember the analogue channel saving game, where you could write current settings to a memory and it sometimes worked? It was always a bit hit-and-miss in my experience, so I left it to CHIRP, but the DM-9HX has dropped the option entirely from the radio but it’s still described in the manual.

I struggled to program our local repeater in to the set, and discovered the following:

It’s not possible to save current VFO settings to a memory.

It is possible to edit a memory when in MR mode, to an extent.

This is logical, but is a PITA if you’ve just got something working in VFO mode. and you want to save it. If you do want to store to a channel, switch to MR mode, choose the channel and then edit. The editing menu options vary from VFO mode, just to make life interesting. For example, you can’t program an offset transmit frequency using the direction/offset menu settings (they’re disabled in MR, but not in VFO). However, you can enter separate Tx and Rx frequencies directly (calculating the Tx in your head, of course). It’s a bit illogical, but it works.

Another thing you’ll need to know is that a memory location is either designated as Digital or Analogue. This is set using the programming software, and cannot be changed on the radio. Neither can unused memory locations be brought in to use. As shipped, a mixture of sixteen analogue and digital channels were configured by default; you’re going to need the programming software if you want to make use of the memory, but saying that, making quick tweaks to an existing memory on the radio is much easier than it was before. As a suggestion, you might want to define a load of channels in software early on, so you have enough to choose from when programming using the radio.

One big worry with the first unit I tested (I have others waiting) is that the CTSS appeared not to work on receive. However, leaving it set on Tx it seemed to work for both. Further investigation needed on this one.

And so to the programming software:

I received the programming cable and a small anonymous CD containing many files. One of these was a ZIP with a name in English identifying it as related to the DM-9HX, so I installed it. It was the right one, but it’s hard to tell because it came up in Chinese, and does so every time. Keep going through the menus until you find “English”, select the option and all will be well – assuming you don’t speak Chinese.

The cable is a USB lead, with multi-ring plugs that go into the mic socket. I’d have liked to see a micro-USB socket on the radio for programming, but it works. Windoze recognises without the need for any special COM port driver. Yeah! It recognises it as a mouse, but it works.

After this rocky start, I’m pleased to report that the programming software has worked perfectly so far. Some of the terminology for settings doesn’t match the radio, manual or any known term I know of but you can figure it out easily enough.

There’s no manual for the software, but it does have useful help information that appears in a lower window pane. A lot of additional options related to digital operation, such as phone books and zones. As a GUI, it works as you might expect.

For locking down the radio, you can select which menus are available to the user in a way that seems very flexible. You can also set the allowed frequencies, as you could with the analogue sets.

There is, however, one serious limitation to the software. I have found no way of importing/exporting memories to a spreadsheet. You have to enter them all, one at a time, using dialogue boxes. This is NOT cool.

Will CHIRP support this? Well no one has been inclined to add support for the DM-5R since 2016, but then again who would want to use one? Unfortunately, looking at the technicalities and very different nature of DMR it’d take some work to add, although it’s been propo DMR-6X2sed for 0.5.0.

The programming for another Beofeng DMR, the DMR-6X2, does import/export CSV so it’s entirely possible I’ve just not figured it out yet but I’ve looked closely.

Conclusion

That’s about it for this quick look. I’ve done some RF tests, the results are to follow, as is some proper photography. I’ve spoken to friends over analogue. The sound quality was described as fine, but through a repeater to mobile stations.

To conclude, after the false-start on the DM-5R, the DM-9HX delivers – both in terms of DMR functionality, compatibility and as a major step forward in usability. With a few rough edges.

 

Facebook has user data slurped

The following has just appeared on Facebook’s press release page:

Security Update

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts….”

“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted… a feature that lets people see what their own profile looks like to someone else.”

Mark Zuckerberg’s understated response to the incident was “I’m glad we found this and fixed the vulnerability. It definitely is an issue that this happened in the first place. I think this underscores the attacks that our community and our services faces.”

Wall Street’s response so far has been a 3% drop in Facebook’s stock.

I’m now waiting to see which of my sock puppets is affected.

Tesco Bank hit with £30m fine for computer breach

According to a Sky News exclusive, the FCA is set to clobber Tesco Bank with a fine of £30m over the data breach in late 2016, where £2.5m was snaffled from thousands of its customer’s current accounts. Except it turned out it wasn’t; only fifty accounts were actually plundered, not for very much, and it was all sorted.

So how does this warrant such a huge fine? It’s hard to see, but the first two theories I have are that Sky News has got of wrong, or the FCA has gone seriously bonkers. If they’re touching miscreant institutions for £600K per customer inconvenienced, RBS and NatWest are toast.

So what’s it all about? Well we don’t know what Tesco Bank actually did. My best guess is that someone cloned cards and cashed out at ATMs. That’s the easiest way, and there is no evidence this was widespread or sophisticated. And its interesting that only current accounts were hit; not credit – which is where the big money is in retail banking fraud.

But that’s just a guess. Why would the FCA be so exercised about some card fraud?

There is not shortage of other theories. There is the usual criticism of the patent company and its insecure non-banking systems. The usual unpatched server card is played. Yes, everyone knows Tesco self-checkouts use Windows XP. There ate criticisms of the lack of protective monitoring. Lack of AV. But this comes from commentators whose employer’s business is selling such things. There is talk of an inside job, which is possible but they didn’t take them for much if it was.

So if the FCA is really that cross with Tesco Bank, why?

The question no one is asking is why Tesco Bank announced a major breach, affecting so many people? Here I’m stacking guesses, but just for fun…

If I’m right about it being ATM bandits, could it be that staff investigating found something horrible and hairy, and jumped to the conclusion it was behind it? They did the right thing, and told everyone about the vulnerability, but the black hats hadn’t. The FCA would have been unimpressed, regardless of the consequences, and whacked them according.

If I’m right, it’s a bit rough on Tesco Bank, fined as a result of being robbed. But this is all one guess based on another. The truth may be still stranger.