The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,361 other followers

From TailsOS – I needed a faster security wipe to clear out a Linux VM’s…

Posted by jpluimers on 2018/03/21

Cool tool to clear out Linux VM’s non-paged RAM: [WayBack] From TailsOS – I needed a faster security wipe to clear out a Linux VM’s non-paged RAM on demand and on shutdown – someone might find my little journey… – Joe C. Hecht – Google+

A Way Fast Memory Wipe – based on van Hauser’s / [THC], sdmem


Read the rest of this entry »

Posted in *nix, C, Development, Power User, Software Development | Leave a Comment »

Rumors of Cmd’s death have been greatly exaggerated – but it still pays to switch to PowerShell

Posted by jpluimers on 2018/03/21

About a year ago, [WayBackRumors of Cmd’s death have been greatly exaggerated – Windows Command Line Tools For Developers got published as a response to confusing posts like these:

But I still think it’s a wise idea to switch away from the Cmd and to PowerShell as with PowerShell you get way more consistent language features, far better documentation, truckloads of new features (of which I like the object pipeline and .NET interoperability most) and far fewer quirks.

It’s time as well, as by now, Windows 7 has been EOL for a while, and Windows 8.x is in extended support: [WayBackWindows lifecycle fact sheet – Windows Help:

Client operating systems  Latest update or service pack  End of mainstream support  End of extended support
  Windows XP  Service Pack 3  April 14, 2009  April 8, 2014
  Windows Vista  Service Pack 2  April 10, 2012  April 11, 2017
  Windows 7*  Service Pack 1  January 13, 2015  January 14, 2020
  Windows 8  Windows 8.1  January 9, 2018  January 10, 2023
Windows 10, released in July 2015**  N/A  October 13, 2020  October 14, 2025

Which means the PowerShell version baseline on supported Windows versions is at least 4.0: [Archive.iswindows 10 powershell version – Google Search and [WayBackPowerShell versions and their Windows version – 4sysops

PowerShell and Windows versions ^
PowerShell Version Release Date Default Windows Versions
PowerShell 2.0 October 2009 Windows 7 Windows Server 2008 R2 (**)
PowerShell 3.0 September 2012 Windows 8 Windows Server 2012
PowerShell 4.0 October 2013 Windows 8.1 Windows Server 2012 R2
PowerShell 5.0 April 2014 (***) Windows 10

So try PowerShell now. You won’t regret it.


via: [WayBack] Very interesting clear-up post and comments on CMD,, PowerShell in past and future DOS/Windows versions and Unix shells altogether. – Ilya S – Google+

Posted in Batch-Files, CommandLine, Development, Power User, PowerShell, Scripting, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 | Leave a Comment »

One of those “duh” moments: “go –version” says there is no “go -version”, but there is “go version”

Posted by jpluimers on 2018/03/20

One of those “duh” moments: go --version says there is no go -version, but there is go version as shown below.

It is even at [WayBack] Print Go version right in the middle of this 30 page [WayBackgo – The Go Programming Language.

On the hunt for that, I found this very interesting link for when you have binaries built with go and need the version: [WayBack] How to find out which Go version built your binary | Dave Cheney.

$ go --version
flag provided but not defined: -version
Go is a tool for managing Go source code.
        go command [arguments]
The commands are:
        build       compile packages and dependencies
        clean       remove object files and cached files
        doc         show documentation for package or symbol
        env         print Go environment information
        bug         start a bug report
        fix         update packages to use new APIs
        fmt         gofmt (reformat) package sources
        generate    generate Go files by processing source
        get         download and install packages and dependencies
        install     compile and install packages and dependencies
        list        list packages
        run         compile and run Go program
        test        test packages
        tool        run specified go tool
        version     print Go version
        vet         report likely mistakes in packages
Use "go help [command]" for more information about a command.
Additional help topics:
        c           calling between Go and C
        buildmode   build modes
        cache       build and test caching
        filetype    file types
        gopath      GOPATH environment variable
        environment environment variables
        importpath  import path syntax
        packages    package lists
        testflag    testing flags
        testfunc    testing functions
Use "go help [topic]" for more information about that topic.



Posted in Development, Software Development | Leave a Comment »

Update for DprojNormalizer | The Art of Delphi Programming

Posted by jpluimers on 2018/03/20

Important small [WayBack] Update for DprojNormalizer | The Art of Delphi Programming: it fixes usage of SanitizedProjectName in all other properties.

It is now at [WayBack] Version 2.2.1.

via: [WayBack] Small update for DprojNormalizer available – Uwe Raabe – Google+



Posted in Delphi, Development, Software Development | Leave a Comment »

In this day and age, people still write SQL injection vulnerable code

Posted by jpluimers on 2018/03/20

I keep being amazed that new generations of people keep writing SQL injection vulnerable code, so further below is a repeat of  [WayBack] xkcd: Exploits of a Mom on Little Bobby Tables named Robert '; Drop TABLE Students;--

Take this recent question on G+ for instance: [WayBack] Hi can you help to write correct Query for Filter 3 Data fields for Example Data1 , Data2 , Data2 txt1 = Data1 txt2= data2 txt3 = data3… – Jude De Silva – Google+ with this code fragment:


Data1 , Data2 , Data2

Text control contents:

txt1 = Data1
txt2= data2
txt3 = data3

Examples when text property is filled:

ex1: Data1  and Data 3
ex2: Data 3 and Data2
ex3: Data 1, Data 2 Data 3


Qury.Sql.Add (Select * From Table1);
If Not (txt1.text = ' ')then
   Qury.Sql.Add(Format ('Where Data1= ' '%s' ' ',[txt1] ));
If not (txt3.text = ' ') then
   Qury.Sql.Add(Format ('and Data3= ' '%s' ' ',[txt1] ));

This example is wrong on so many levels, to lets explain a few:

  • use name Qury and Query for queries: are they actually two variables?
  • inconsistent keyword capitalisation for both used languages
  • incinsistent indenting and unindenting
  • mixed use of quotes for strings
  • use of space for blank fields
  • getting embedded quotes wrong

The basic solution for solving the actual problem asked is like this (assuming all user input are strings):

  • use
    • where 1=1 for a starting point for and based queries
    • where 1=0 for a starting point of or based queries
  • add a method AddAndClause or AddOrClause taking with parameters Query,  FieldName, ParameterName and ParameterValuethen when ParameterValue is not empty:
    • adds this to the SQL Text:
      • for and based queries:Format('and %s = :%s', [FieldName, ParameterName]);
      • for or based queries:Format('or %s = :%s', [FieldName, ParameterName]);
    • adds a parameter Query.ParamByName(ParameterName).AsString := ParameterValue

SQL Injection: Little Bobby Tables

Back in 2007, SQL Injection was already a very well known vulnerability (they date back to at least 1998), so Randall Munroe published [WayBack] xkcd: Exploits of a Mom on Little Bobby Tables named Robert '; Drop TABLE Students;--

School: “Hi, this is your son’s school. We’re having some computer trouble.”
Mom: “Oh, dear — Did he break something?”
School: “In a way. Did you really name your son Robert'); DROP TABLE Students;-- ?
Mom: “Oh. Yes. Little Bobby Tables we call him.”
School: “Well, we’ve lost this year’s student records. I hope you’re happy.”
Mom: “And I hope you’ve learned to sanitize your database inputs.”
(Alt-text: “Her daughter is named Help I’m trapped in a driver’s license factory.”)

It did not just get explained at [WayBack] 327: Exploits of a Mom – explain xkcd (Explain xkcd is a wiki dedicated to explaining the webcomic xkcd. Go figure.), Little Bobby Tables got his own page there: [WayBack] Little Bobby Tables – explain xkcd.

Like people continuing writing SQL injection vulnerable code, XKCD posted another SQL injection in [WayBack] 1253: Exoplanet Names – explain xkcd by using e'); DROP TABLE PLANETS;-- as name for Planet e of Star Gliese 667.

Preventing SQL Injection

A few years later, around 2009, Bobby Tables inspired [WayBack] A guide to preventing SQL injection explaining:

  • what not to do “Don’t try to escape invalid characters. Don’t try to do it yourself.”
  • what do to: “Learn how to use parameterized statements. Always, every single time.”

It goes on with many examples of parameterised queries in many environments and language, for instance in the language used above: Delphi.

You can contribute new environments and languages as the site has source code at [WayBack] GitHub – petdance/bobby-tables:, the site for preventing SQL injections.

Finally, it points to a few more resources:

WayBack A guide to preventing SQL injection in Delphi


To use a prepared statement, do something like this:

query.SQL.Text := 'update people set name=:Name where id=:ID';
query.ParamByName( 'Name' ).AsString := name;
query.ParamByName( 'ID' ).AsInteger := id;


Read the rest of this entry »

Posted in Development, Software Development, SQL | Leave a Comment »

%d bloggers like this: