Idera / Embarcadero at least fixed some of their security issues…
Posted by jpluimers on 2017/12/27
Some security improvements
A long while ago I quoted [WayBack] Ideara / Embaracdero is flushing away user trust in their ability to do secure computing… – Jeroen Wiert Pluimers – Google+.
Since then they have fixed some of the issues:
- EDN password reset email messages do not contain the plain text password any more
- The https sites now have much better security certificates
Still, parts of their infrastructure run over http or use other insecure patterns.
Infrastructure and DevOps are hard, but an integral aspect of any company.
Hopefully, their most important new-years resolution is to improve on that.
AppAnalytics still down
I don’t hold my breath as [Archive.is] https://appanalytics.embarcadero.com/ for more than a month now has been showing
503 Service Unavailable
No server is available to handle this request.
On the other hand: they have improved, so let’s keep our fingers crossed, and it had been running since 2015: [WayBack]Embarcadero Introduces AppAnalytics, the First Usage Analytics Service for Desktop, Mobile, and Wearable Applications
Disabling AppAnalytics in Delphi
There are three ways to disable AppAnalytics in the Delphi IDE to phone home (this is for Delphi XE8, change the version numbers accordingly):
reg add "HKEY_CURRENT_USER\Software\Embarcadero\BDS\16.0\UsageAnalytics" /v Enabled /t REG_DWORD /d 0 /fdel "C:\Program Files (x86)\Embarcadero\Studio\16.0\bin\TrackingSystem220.bpl"- Disable
$(BDS)\Bin\TrackingSystem220.bpl(normally having valueEmbarcadero Tracking System Package) as described in Delphi packages I have disabled by prefixing their description with an underscore (and why)
That should at least get rid of the 30 second shut-down timeout in some Delphi versions while they try to post the usage data to AppAnalytics (thanks Uwe Raabe for this great tip!)
–jeroen
Related:
- [WayBack] Rob’s Technology Corner: Ideara / Embaracdero is flushing away user trust in their ability to do secure computing.
- QC does this logon call to http://qc.embarcadero.com/coBugCGI.exe/soap/ICDSReportPublicInterface
- List of “Plain Text Offenders”; hopefully someone publishes a list of https offenders too
- [Archive.is] Is appanalytics.embarcadero.com down?
- [WayBack] AppAnalytics is dead? https://appanalytics.embarcadero.com/ 503 Service Unavailable – for me – Pavel Golub – Google+
The Wiert Corner - irregular stream of stuff 
Kent Morwath said
“In other words: there is no “idea” in “Idera” ”
Yes. we’ve been painfully aware of that for a while…
rvelthuis said
FWIW, it is Idera, with only one “a”. In other words: there is no “idea” in “Idera”.
jpluimers said
Thanks: fixed. That was my word-blindness that kicked in.
Rudy Velthuis said
And it is Embar-ca-dero, not Embar-ac-dero. ;-)
jpluimers said
Thanks. Fixed.