The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,160 other followers

Archive for June 30th, 2020

binaryfiles – How to convert PDF binary parts into ASCII/ANSI so I can look at it in a text editor? – Stack Overflow

Posted by jpluimers on 2020/06/30

The first hit of pdf binary to text – Google Search was [WayBack] binaryfiles – How to convert PDF binary parts into ASCII/ANSI so I can look at it in a text editor? – Stack Overflow has many options including:

Since I have qpdf installed on most systems:

Another useful tool to transform a PDF into an internal format that enables text editor access is qpdf. It is a “command-line program that does structural, content-preserving transformations on PDF files”.

Example usage:

 qpdf                                  \
   --qdf                               \
   --object-streams=disable            \
     input-with-compressed-objects.pdf \
     output-with-expanded-objects.pdf
  1. The output of the QDF-mode enforced by the --qdf switch organizes and re-orders the objects neatly. It adds comments to track the original object IDs and page content streams. All object dictionaries are written into a “normalized” standard format for easier parsing.
  2. The --object-streams=disable causes the extraction of (otherwise not recognizable) individual objects that are compressed into another object’s stream data.

The recompress is easy as per [WayBackQPDF Manual:

qpdf /tmp/uncompressed.pdf /tmp/compressed.pdf

The answer is by [WayBack] User Kurt Pfeifle – Stack Overflow who has many other interesting PDF related answers at:

Stackoverflow.com:

Superuser.com:

Serverfault.com:

–jeroen

Posted in Development, EPS/PostScript, PDF, Power User | Leave a Comment »

Just as “curl | sudo sh is not advised”, do not impose running http based scripts in your customers IDE

Posted by jpluimers on 2020/06/30

For a long time, it is advised against to curl | sudo sh or equivalent:

  • [WayBackwhy using curl | sudo sh is not advised? – Stack Overflow

    Because you are giving root access to whatever script you are executing. It can do a wide variety of nasty things.

  • [WayBack] The Security Spectrum of curl | sh

    By far the most irresponsible use of curl | sh is to use it with plain, unauthenticated, insecure HTTP instead of HTTPS. This is because it’s not only possible, but also increasingly likely, that the connection over which the shell script is delivered could have its contents silently modified by anyone in network position between the vendor and the installer—especially if you’re using public Wi-Fi. (If you don’t believe this is a real risk, consider that some companies’ business models revolve around modifying JavaScript delivered over HTTP in-transit—and anyone can hijack Wi-Fi with inexpensive, easy-to-obtain devices.)

So I’m surprised that companies still run content – include JavaScript – over an insecure http transport channel in their customers IDE instances.

Many developers run their IDE as Administrator, but even as regular user this is a large security risk: the transport layer is the easiest to hack and will eventually be hacked.

One such occasion was [WayBack] Delphi 10.2.3: Tools > Options Click OK = Script Error I have another weird situation with Delphi 10.2.3. Anytime I open up the options and click OK I … – Michael Riley – Google+ .

That one actually showed the script executed, but normally you do not see it happening at all.

So my advice:

Run the web-traffic from your development machines over a web-proxy like HTTP Fiddler, then disable all http based scripts.

–jeroen

Line 73: https://gist.github.com/jpluimers/40a60ca1e07bb91fa337ecfebe314d64#file-cf-common-js-L73

Read the rest of this entry »

Posted in Development, Power User, Security, Software Development | Leave a Comment »

Watch Kevlin Henney’s “Enterprise Programming Tricks for Clean Code” and drink The Singleton Single Malt Scotch Whisky

Posted by jpluimers on 2020/06/30

Watch Enterprise Programming Tricks for Clean Code by Kevin Henney and Agile is Dead by Pragmatic Dave Thomas.

Then (or at the same time) drink [WayBack] The Singleton Single Malt Scotch Whisky | The Singleton.

A few titbits:

I should watch more of his videos; luckily he has a playlist on YouTube.

There is also a Vimeo channel, and an InfoQ channel. These alle are not in sync, because, well, internet.

–jeroen

Read the rest of this entry »

Posted in Design Patterns, Development, Software Development | Leave a Comment »

 
%d bloggers like this: