Jump to content

ShaunR

Members
  • Posts

    4,402
  • Joined

  • Days Won

    242

Posts posted by ShaunR

  1. On 1/8/2022 at 11:42 AM, Rolf Kalbermatter said:

    I feel the higher management has already decided that this is going to be a dead end

    Tin foil hat time :)

    We know there were discussions about SaaS that the LabVIEW dev team were resisting. I think this is the real reason why AQ left.

  2. 2 hours ago, X___ said:

    That was what the Advanced Plotting Toolkit was doing, storing a minimal Python exe as a string constant and running it as soon as started.

    But that was not as a tag, which I still don't see what it can do besides store stuff (not just strings).

    Storing hidden programs is not unusual for you? It's highly suspicious to me.

    As separate operations,  Run When Opened isn't common and storing hidden programs even less so. Both together start alarms bells ringing for me.

  3. 19 minutes ago, Rolf Kalbermatter said:

    Would have to see the code in question. But generally I would think that you can call Functions like LocalAlloc() with the return value configured as pointer sized integer and using a 64-bit integer to transport it on the diagram/front panel. Then when passing it to an API, pass it again as pointer sized variable and when putting it into a cluster, assign it to either the 32-bit integer or the 64-bit integer respectively. There should be no problem with this since if you are on a 32-bit platform only the lower significant 32-bit should have been assigned by the Call Library Node, although there might be a sign extension happening if you happen to configure it as signed integer but that should not be a problem either.

    At the risk of derailing the thread; that's not really what I was talking about. It's that I *have* to use the localheap for the function to fill with data. I then used moveblock to copy the data from the localheap to a U8 Array and it's this copy which is when I was casting to a cluster. My surprise was that a function that populated the memory *required* the memory created with localheap, not the pointer, per se. Now I should be able to moveblock it directly to a cluster, now I know what's happening, and avoid the cast completely.

  4. 5 hours ago, Rolf Kalbermatter said:

    unless you use the Typecast function to Typecast a properly sized byte array to or from the cluster.

    Insightful and amazing you identified that from my terse comment. Yes indeed. It seems that the source was indeed a type-cast and I was unaware of this "feature". I retract my previous comment but won't delete it for historical reference.

    5 hours ago, Rolf Kalbermatter said:

    Alternatively I usually create two separate clusters, one with 32 bit ints and one with 64 bit ints for the pointers.

    Indeed. However the function that returns it required a call to create localheap memory (in the Win32 API) which I then needed to get back into a cluster. Otherwise I would have used this method. This, in itself, was unusual so maybe I'm missing something else too in this particular example.

  5. 6 hours ago, Rolf Kalbermatter said:

    The disruptive sounds actually rather bad in my ears but it seems to have been getting a different meaning in marketing nowadays.

    In this context it just means challenging existing monopolies, orthodoxies or methods. Text-book examples would be things like streaming to terrestrial TV, block-chain to banking etc.

  6. One caveat is because, as Rolf states, LabVIEW passes the lower 32 bits (Big Endian), if you are manipulating pointers returned from functions you have to be careful if they are Little Endian. You don't come across it very often in LabVIEW since many API's have a create or new function and it can be treated as opaque. But there are Windows functions that return pointers that need to be converted.

  7. 2 hours ago, X___ said:

    Eric began his career at NI as an application engineer and, for more than two decades, has been instrumental in defining and implementing the company’s strategic direction. His leadership is focused on delivering results to NI’s key stakeholders through a strategy that’s built on disruptive technology and informed by customer needs to get accessible technology to market faster.

    If they had put "Synergy" in there we would have had a full house in BS Bingo. :) This seems to have been written by PR and is usually an indication of few tangible achievements.

  8. On 1/3/2022 at 8:50 PM, X___ said:

    Why is the "RunOnOpened" PN in the loop

    Copyright reasons.

    On 1/3/2022 at 8:50 PM, X___ said:

    why are persistent tags suspicious?

    You can put a lot of stuff in a VI and unpack it when run.

    On 1/4/2022 at 5:57 PM, jacobson said:

    GitHub also added a warning if you are looking at a file with these characters so hopefully more IDEs are being updated to make this vulnerability more obvious.

    I dare say it will be addressed in time. I was just commenting on LabVIEW being one of the few not touched by it-for obvious reasons.

  9. 8 hours ago, Rolf Kalbermatter said:

    this need hasn't arisen on Windows before NI decided to embark on the NXG adventure and pretty much deferred all improvements on existing code features in LabVIEW Classic to be solved in NXG

    We were asking for unicode support well before NXG was a twinkle in the milkman's eye. I'm sure if we searched this forum we would see that we've been moaning about it for at least the last 10 years. I certainly remember raising it when Delphi got full Unicode support and, IIRC, that was RAD Studio in 2008 but we were able to use it in Delphi before then if the OS supported it.

    LabVIEW's problem has always been displaying Unicode, hence that hit & miss kludge in the ini settings (LabVIEW 8.x?). Since they never gave us the ability to create the proper controls/indicators, we were never really able to work around it.

  10. 15 hours ago, Gribo said:

    There was a page full of evil VIs that played tricks on the poor programmer trying to read them, I don't remember where I saw it.

    If it is what I think you are referencing then it is when the VI is run (run when opened), rather than the source code itself. It is also detectable by inspection but double clicking on the VI runs it. This is why most of us place a new, unknown, VI on a diagram or run something like this.

    Tags Detect.vi

     

  11. 17 hours ago, Gribo said:

    LabVIEW enjoys security by obscurity right now. I am sure that the entire stack (Run time, Visa, DAQmx, whatever other services NI installs) have tons of holes and exploits.

    It's a lot worse than that. It affects all text languages that use a unicode compiler (Python, C++, Delphi et.al) and is undetectable by visual inspection of the source code. It isn't a programmers application with a bug - you can't trust the source code is doing what you think it is doing.

  12. CVE-2021-42694

    Quote

    An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software.

    CVE-2021-42574

    Quote

    An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

     

  13. What ensegre is getting at is that LabVIEW has never (officially) supported unicode and at one point NI said they don't need to (in classic) because NXG supports it.

    There are some UTF8 primitives that means you can support UTF8 internally but many of the controls and primitives don't support it (like the file control and functions). For that you have to have replacement windows file functions but that will not help you loading projects and is not cross-platform.

    • Like 1
  14. You are pretty much locked into NI at this point so I would be looking for ways to mitigate and diversify without throwing everything out and starting again. That means making future choices that replace piecemeal. This is a lot easier with software than it is with hardware.

    1. Keep LabVIEW 2020. You probably have more than 5 years or so before it is completely obsoleted and you will not lose access to it with a perpetual licence. Make sure you keep the full installer and not the download installer! I still use LV2009 (through preference) and only compile for later versions as customers require it. LV2020 brings TLS and this is a must-have, nowadays so if I didn't have my own TLS solution, I would have upgraded to it from 2009.
    2. I resist the subscription model in principle. So make of that what you wish.
    3. See 2.
    4. Keep what you have. It works, right? As you add more or start to replace stuff, look for alternatives.
    5. Depends if real-time is required. By all means have an external PC with databases and servers etc but if you need a real-time controller this will be difficult. An external PC is not generally a replacement of local controllers, it is usually a configuration and data collection station.
    6. Only you can answer that according to your specific current and future requirements.
    7. Yes. I moved to this a couple of years ago and never looked back. This is maybe where you would use the external PC but it can easily be provisioned and maintained by IT. You will also have a greater pool of resources to develop with as Web Devs are what you need, and they are plentiful.
    8. TDMS is only really useful if you are doing high-speed datalogging of large data-sets. Given 7. SQL over the network and SQlite locally should be the first choice.
    6 hours ago, Jim Kring said:

    Also, Python *really is* the s#!t.

    You only need a "garbage collector" to clean up garbage :P It's an interpreted scripting language, with the heavy lifting done by C/C++, masquerading as a general programming language. It's also a lovey of the Linux world so expect ABI breaks often like with v2-v3.

  15. 6 hours ago, Bryan said:

    This piqued my interest and I downloaded it to give it a look.  The majority of what I currently do in LabVIEW involves user interfaces, so WISIWIG looks ideal.  From the screenshots I saw, it reminded me of the days when I dabbled in VB6.

    It has that feel to it but it is far more powerful.

    CodeTyphon is really a fork of Lazarus but with all components already packaged. That makes it a bit daunting to begin with as there are multiple components to choose from that are very similar - but not quite - since they are from different tool-sets to do the same things.

    Just get it installed and have a look through the (hundreds?) of examples (Under Tools>>CodeOcean Examples).

    The big boon of it though is that the IDE runs on most Desktops and from there it can compile native code for hundreds of targets. At that point you are way down the rabbit hole from the forms editor, though.

    Another plus is that it can use Lazarus and Delphi components. So if you have 3 different sources of projects and components you can leverage.

    • Thanks 1
  16. 23 hours ago, FixedWire said:

    So folks...what about a Plan B?

    Python may have become a "fav" in some circles but having to dig for plugins is a pain at best and a disaster in the making if the code is anywhere near a regulated environment. Rolf nailed it with far too much code that just works but lacks architecture or isn't hardened. Choosing that one plugin could derail a project so fast if it needs to be rewritten.  In the real world we need tools that we can rely on.

    Has anyone looked into Uno Platform or Avalonia? You'd think at this point and time one could build out projects that could easily port between Windows, Mac & Linux. Uno works off of C# & the .NET and thus caught my attention.

    Just re-reading the above pains me for all this superb community does. So many sharp minds here, something good will evolve!

     

    While Python has taken over T&M, I don't actually use it that much unless asked to. I don't even rate it as one of my core competencies. Outside of LabVIEW; for web stuff I use PHP (server) or Javascript (client) and everything else I use Codetyphon (WISIWIG IDE) or C (DLL's). When LabVIEW dies, it will be more CodeTyphon, PHP, Javascript and C depending on what I am doing.

    Much of what I do nowadays is UI interfacing to back-ends (DLL's, web services etc). I moved away from the LabVIEW UI so it boils down to what to use for a UI. For web stuff it is HTML & Javascript, on the client side, and Apache & PHP, on the server. For desktop it is Codetyphon (which is an open source Object Pascal competitor to Visual Studio but programs can be compiled for almost anything).

    I wouldn't touch .NET or C# with a 10 foot barge pole.

  17. 8 minutes ago, torekp said:

    Computers at the devices won't have any WWW connection, only local.  And the GUI computer will normally not connect more than locally either.  So I'm not too worried about security, although now you can explain why I'm an idiot as well as a noob 😬

    I'll let your IT dept. scream every point, in exquisite detail, when you tell them what you are planning and how you are not worried about their security.

  18. 31 minutes ago, torekp said:

    Thanks!  If not Labview, Python is probably my least-incompetence path forward.  Any suggestions on a good starting point - maybe a canned websocket example that I could adapt?

    For the HQ  GUI side, use a browser and Javascript. You don't need a web server.

    You don't really need a web  server on the device side either but it's useful to have a HTTP webserver to get a web page as a starting point and to configure things. Note that having a webserver is a security risk so if you are new to all this, I wouldn't suggest you have one on the devices in production but it will help you developing.

    You will need a Web server on the HQ side if you are doing database stuff but I'd suggest you talk to IT to get provisioning which will probably be an Apache Server-which they will maintain.

    • Thanks 1
  19. I don't think this is a good use case for interfaces. Not so much the test stuff, just as a "Collection".

    As an aside; pedantically and academically, the difference between a List and a Collection is that a Collection is unordered so what you technically have is a List - although many use the terms interchangeably. What this means in practice is usually a List is implemented as an array (arrays are intrinsically ordered) and a Collection is implemented as a linked-list. So to access a Collection iteratively, Next/Previous must be used.

    On 5/18/2020 at 2:25 PM, Marko Hakkarainen said:

    Each element can be either a sequence command (send message, wait timer, wait complete etc.) or another collection of commands (sub-sequence).

    That's not a desirable limitation for collections. IMO, a generalisation of collections should not limit types.

    On 12/18/2021 at 5:57 PM, Marko Hakkarainen said:

    Items can be objects of any class which inherits from Collectable interface

    This is also undesirable.

    A while ago I wrote a List class which was modeled on the functions in the Delphi collections class. It doesn't implement Next/Previous like here but it could be added trivially and wouldn't have the above limitations.

    As a specific "Array of Test Sequences" you are OK but it's not general enough for a generic "Collection/List" class.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.