Mocking your customer is not a way to sell more... or it is?

Resident Embarcadero wizard of Oz, David Intersimone, has been so bold to write about Delphi "security". You know I already wrote about the utterly lack of security in Datasnap (but relying on web server security using https), but there are some true pearls in that article.

Embarcadero misses the Feb 1st, 2015 deadline for 64bit iOS apps

Despite what promised, Embarcadero wasn't able to meet the February 1st, 2015 deadline for 64 bit iOS apps. Not a surprise. Just another warning Embarcadero is trying to do too much with too little, and aligning someone else deadlines and releases with your own is difficult and usually not worth the effort.

Modernize you Delphi Windows application: use Windows 2000 (and later!) services.

No, the title of this blog post is not a mistake. Delphi, including XE7, only implements services using NT APIs obsoleted since Windows 2000. Windows NT was EOLed in 2004, 2000 in 2010, and XP last year, yet Delphi still doesn't take advantage of the new APIs. What are the advantages? Well, using the "extended" RegisterServiceCtrlHandlerEx() and its HandlerEx() callback, services can receive more and useful notifications (control codes). The new control codes allow to be notified of and handle:

Laughable 64KB (!) limit in Delphi RTTI

Today a colleague of mine was trying to import VMWare 5.5 WSDL into Delphi. When he tried to compile the application, it got:

[DCC Error] vimService.pas(60427): E2575 RTTI for 'VimPortType' is too large; reduce scope with $RTTI or
reduce type size

Delphi Doc Wiki says (XE7 too):

This occurs when the generated RTTI is too large (greater than 64kB).

Netgear WNCE3001 DHCP issues, and why luser-oriented interfaces are a mistake

In the past days, I bought a Netgear WNCE3001 wireless adapter to connect my pay TV decoder to the Internet. To configure it, you need to connect it to a PC Ethernet port, and use its configuration wizard to perform the initial configuration - which is just configuring which wireless LAN you want to connect to, and its encryption parameters. In my case, the wizard was unable to complete.

Telexfree: cosa significa la nomina di un "Trustee" sotto il "Chapter 11"

Dopo che una mia lettera riguardante il caso TelexFree è stata pubblicata nella rubrica "Italians" del Corriere della Sera, qualcuno mi ha scritto che TelefFree ha ottenuto il famoso "Chapter 11". Vero. Ma come al solito gli artisti della truffa vi dicono solo parte della verità, quella che fa comodo a loro.

Local elevation points in Windows and Delphi

Since the introduction of Windows Vista and the new security model for applications, application running under User Account Control (UAC) should adopt a "least privilege" model, running as an "unprivileged" user almost all the time, and requesting higher privileges only when needed, even if the user has those privileges.

Requesting higher privileges is called "elevation". A good application uses "local elevation points", meaning it elevates only when it really needs it, and then reverts to a non elevated stated afterwards. These operations are those identified by a little shield on the control (button, menu item, etc.) that activates them.

But how to perform this kind of elevation? There is not a simple way, say an ElevateProcess() or ElevatedThread() API. First, elevation can't be performed for a single thread. It needs to be performed at the process level, and there are good security reason behind this choice. Second, elevating a whole process would also elevate all threads within. Thereby, elevation require to "spawn" a new process. There are at least three different ways to perform this, in this post I'll explain what I believe is the most elegant and flexible one, albeit complex - the COM Elevation Moniker.

Modernize you Delphi Windows application, the real way :)

With the demise of XP - and next year Windows 2003 Server will follow - it is time to really think about modernizing the design and implementation of your applications, and especially write the new ones from start as real Windows Vista+ applications - you can maybe also skip Vista ;) To modernize your application, you don't need to buy Delphi XE6 as Embarcadero tries to make you think you should.

Po Delta Birdwatching Fair 2014

Last weekend, thanks to May Day holiday well placed on a Thursday, I was able to spend four days at the "Po Delta Birdwatching Fair", an annual fair dedicated to birdwatching and natural photography, held in Comacchio, a little ancient city nearby the Po river delta, and in the middle of the shallow waters "valleys" which are now a natural reserve where many different kind of birds reside, or rest for a while during their annual migration from and to Africa and Northern Europe.

Each day a photographic workshop held by natural photographers working especially in that area, and covering different aspects of this kind of imaging, from ethical considerations to posprocessing, paved the way to excursions lead by the same photographers in one of the best places to capture excellent image.

Why Linux admins prefer the command line over a GUI?

Because it's much easier to cut and paste from a browser!
That's a joke, of course, but sometimes not far from truth. Especially, I found surprising how many Linux site offer only some "I did this way" explanations, usually followed by a long list of commands, without any explanation. I've seen people copying them with very little changes if nothing at all - usually configuring their systems the wrong way.
CLI and configurations are good when you know what you're doing - not as copy&paste containers...


Subscribe to RSS - blogs