Posted by jpluimers on 2018/03/27
I wish many other companies would disclose post mortem information like this: [WayBack] A Post-Mortem on the Recent Developer Story Information Leak – Meta Stack Overflow
via: [WayBack] Interesting and very appropriate top commenthttp://meta.stackoverflow.com/questions/340960/a-post-mortem-on-the-recent-developer-story-information-leak – This is why I Code – Google+
–jeroen
Posted in .NET, Delphi, Development, Pingback, Power User, Software Development, Stackoverflow | Leave a Comment »
Posted by jpluimers on 2018/03/26
I forgot to blog about this before, but 2 months ago PowerShell core came available: [WayBack] PowerShell Core 6.0: Generally Available (GA) and Supported! | PowerShell Team Blog.
[WayBack] Installing PowerShell Core on macOS and Linux | Microsoft Docs is easy (one way is through homebrew:
$ brew tap caskroom/cask
$ brew cask install powershell
If you already installed a beta, then the steps are these:
$ brew update
$ brew cask reinstall powershell
Note that after installation, it is known as pwsh (at least one of the betas named it powershell) to set PowerShell Core apart from PowerShell*:
$ pwsh --version
PowerShell v6.0.2
Via: [WayBack] PowerShell Core 6.0 is a new edition of PowerShell that is cross-platform (Windows, macOS, and Linux), open-source, and built for heterogeneous environm… – Lars Fosdal – Google+
pwsh versus powershellThere has been quite a discussion on the PowerShell Core repository on the rename, but I think it is for a good reason.
Too bad that during part of the beta, the old name powershell was used, but beta-time means things break every now and then.
PowerShell Core is sufficiently different from prior PowerShell versions to warrant a name change. This also makes it a lot easier to use them side-by-side.
Many other names (like posh, pcsh or psh) were considered, usually because of naming conflicts with existing tools (like posh) or easy confusion with existing shells (like pcsh and csh). A benefit on Linux/macOS is that it now ends with sh like virtually all other shells.
More background information is at:
–jeroen
Posted in Apple, CommandLine, Development, Home brew / homebrew, Mac, Mac OS X / OS X / MacOS, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, MacMini, Power User, PowerShell, PowerShell, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2018/03/26
From [WayBack] Docker – Docker Cloud Migration Notification and FAQs:
The services on Docker Cloud that provide application, node, and swarm cluster management will be shutting down on May 21.
…
If you do not migrate by May 21, your applications running on the Docker node cluster management service will cease to operate.
Swarms will continue to function; however, if you do not retrieve your SSH keys for the Swarms being managed by our swarm cluster management service, you will be unable to access your swarms using your Docker ID. For instructions on how to retrieve and access your Swarms with SSH keys, please refer to the Docker docs.
So soon, no more [WayBack] Docker Cloud – Build, Ship and Run any App, Anywhere.
Remember: still the cloud is other peoples computers, so be sure you can move when needed.
–jeroen
Posted in Cloud, Cloud Development, Containers, Development, Docker, Infrastructure, Power User | Leave a Comment »
Posted by jpluimers on 2018/03/21
Cool tool to clear out Linux VM’s non-paged RAM: [WayBack] From TailsOS – I needed a faster security wipe to clear out a Linux VM’s non-paged RAM on demand and on shutdown – someone might find my little journey… – Joe C. Hecht – Google+
A Way Fast Memory Wipe – based on van Hauser’s / [THC], vh@thc.org sdmem
–jeroen
Posted in *nix, C, Development, Power User, Software Development | Leave a Comment »
Posted by jpluimers on 2018/03/21
About a year ago, [WayBack] Rumors of Cmd’s death have been greatly exaggerated – Windows Command Line Tools For Developers got published as a response to confusing posts like these:
But I still think it’s a wise idea to switch away from the Cmd and to PowerShell as with PowerShell you get way more consistent language features, far better documentation, truckloads of new features (of which I like the object pipeline and .NET interoperability most) and far fewer quirks.
It’s time as well, as by now, Windows 7 has been EOL for a while, and Windows 8.x is in extended support: [WayBack] Windows lifecycle fact sheet – Windows Help:
Client operating systems Latest update or service pack End of mainstream support End of extended support Windows XP Service Pack 3 April 14, 2009 April 8, 2014 Windows Vista Service Pack 2 April 10, 2012 April 11, 2017 Windows 7* Service Pack 1 January 13, 2015 January 14, 2020 Windows 8 Windows 8.1 January 9, 2018 January 10, 2023 Windows 10, released in July 2015** N/A October 13, 2020 October 14, 2025
Which means the PowerShell version baseline on supported Windows versions is at least 4.0: [Archive.is] windows 10 powershell version – Google Search and [WayBack] PowerShell versions and their Windows version – 4sysops
PowerShell and Windows versions ^
PowerShell Version Release Date Default Windows Versions PowerShell 2.0 October 2009 Windows 7 Windows Server 2008 R2 (**) PowerShell 3.0 September 2012 Windows 8 Windows Server 2012 PowerShell 4.0 October 2013 Windows 8.1 Windows Server 2012 R2 PowerShell 5.0 April 2014 (***) Windows 10
So try PowerShell now. You won’t regret it.
–jeroen
via: [WayBack] Very interesting clear-up post and comments on CMD, command.com, PowerShell in past and future DOS/Windows versions and Unix shells altogether. – Ilya S – Google+
Posted in Batch-Files, CommandLine, Development, Power User, PowerShell, Scripting, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 | Leave a Comment »
Posted by jpluimers on 2018/03/20
One of those “duh” moments: go --version says there is no go -version, but there is go version as shown below.
It is even at [WayBack] Print Go version right in the middle of this 30 page [WayBack] go – The Go Programming Language.
On the hunt for that, I found this very interesting link for when you have binaries built with go and need the version: [WayBack] How to find out which Go version built your binary | Dave Cheney.
$ go --version
flag provided but not defined: -version
Go is a tool for managing Go source code.
Usage:
go command [arguments]
The commands are:
build compile packages and dependencies
clean remove object files and cached files
doc show documentation for package or symbol
env print Go environment information
bug start a bug report
fix update packages to use new APIs
fmt gofmt (reformat) package sources
generate generate Go files by processing source
get download and install packages and dependencies
install compile and install packages and dependencies
list list packages
run compile and run Go program
test test packages
tool run specified go tool
version print Go version
vet report likely mistakes in packages
Use "go help [command]" for more information about a command.
Additional help topics:
c calling between Go and C
buildmode build modes
cache build and test caching
filetype file types
gopath GOPATH environment variable
environment environment variables
importpath import path syntax
packages package lists
testflag testing flags
testfunc testing functions
Use "go help [topic]" for more information about that topic.
–jeroen
Posted in Development, Software Development | Leave a Comment »
Posted by jpluimers on 2018/03/20
Important small [WayBack] Update for DprojNormalizer | The Art of Delphi Programming: it fixes usage of SanitizedProjectName in all other properties.
It is now at [WayBack] Version 2.2.1.
via: [WayBack] Small update for DprojNormalizer available – Uwe Raabe – Google+
–jeroen
Posted in Delphi, Development, Software Development | Leave a Comment »
Posted by jpluimers on 2018/03/20
I keep being amazed that new generations of people keep writing SQL injection vulnerable code, so further below is a repeat of [WayBack] xkcd: Exploits of a Mom on Little Bobby Tables named Robert '; Drop TABLE Students;--
Take this recent question on G+ for instance: [WayBack] Hi can you help to write correct Query for Filter 3 Data fields for Example Data1 , Data2 , Data2 txt1 = Data1 txt2= data2 txt3 = data3… – Jude De Silva – Google+ with this code fragment:
Tables:
Data1 , Data2 , Data2
Text control contents:
txt1 = Data1 txt2= data2 txt3 = data3
Examples when text property is filled:
ex1: Data1 and Data 3 ex2: Data 3 and Data2 ex3: Data 1, Data 2 Data 3
Code:
Qury.Close; Query.Sql.Clear; Qury.Sql.Add (Select * From Table1); If Not (txt1.text = ' ')then Begin Qury.Sql.Add(Format ('Where Data1= ' '%s' ' ',[txt1] )); end; If not (txt3.text = ' ') then Begin Qury.Sql.Add(Format ('and Data3= ' '%s' ' ',[txt1] )); end;
This example is wrong on so many levels, to lets explain a few:
Qury and Query for queries: are they actually two variables?The basic solution for solving the actual problem asked is like this (assuming all user input are strings):
where 1=1 for a starting point for and based querieswhere 1=0 for a starting point of or based queriesAddAndClause or AddOrClause taking with parameters Query, FieldName, ParameterName and ParameterValuethen when ParameterValue is not empty:
and based queries:Format('and %s = :%s', [FieldName, ParameterName]);or based queries:Format('or %s = :%s', [FieldName, ParameterName]);Query.ParamByName(ParameterName).AsString := ParameterValueBack in 2007, SQL Injection was already a very well known vulnerability (they date back to at least 1998), so Randall Munroe published [WayBack] xkcd: Exploits of a Mom on Little Bobby Tables named Robert '; Drop TABLE Students;--
School: “Hi, this is your son’s school. We’re having some computer trouble.”
Mom: “Oh, dear — Did he break something?”
School: “In a way. Did you really name your sonRobert'); DROP TABLE Students;-- ?”
Mom: “Oh. Yes. Little Bobby Tables we call him.”
School: “Well, we’ve lost this year’s student records. I hope you’re happy.”
Mom: “And I hope you’ve learned to sanitize your database inputs.”
(Alt-text: “Her daughter is named Help I’m trapped in a driver’s license factory.”)
It did not just get explained at [WayBack] 327: Exploits of a Mom – explain xkcd (Explain xkcd is a wiki dedicated to explaining the webcomic xkcd. Go figure.), Little Bobby Tables got his own page there: [WayBack] Little Bobby Tables – explain xkcd.
Like people continuing writing SQL injection vulnerable code, XKCD posted another SQL injection in [WayBack] 1253: Exoplanet Names – explain xkcd by using e'); DROP TABLE PLANETS;-- as name for Planet e of Star Gliese 667.
A few years later, around 2009, Bobby Tables inspired [WayBack] bobby-tables.com: A guide to preventing SQL injection explaining:
bobby-tables.com
It goes on with many examples of parameterised queries in many environments and language, for instance in the language used above: Delphi.
You can contribute new environments and languages as the site has source code at [WayBack] GitHub – petdance/bobby-tables: bobby-tables.com, the site for preventing SQL injections.
Finally, it points to a few more resources:
WayBack bobby-tables.com: A guide to preventing SQL injection in Delphi
Delphi
To use a prepared statement, do something like this:
query.SQL.Text := 'update people set name=:Name where id=:ID'; query.Prepare; query.ParamByName( 'Name' ).AsString := name; query.ParamByName( 'ID' ).AsInteger := id; query.ExecSQL;
–jeroen
Posted in Development, Software Development, SQL | Leave a Comment »
Posted by jpluimers on 2018/03/20
Quite a while back, I got attended to Ben, blogging: Show the complete apache config file:
If you really want to see all the complete config settings, there is no existing tool for that. This Stack Overflow page answered this question pretty well: You can use apachectl -S to see the settings of Virtual Host, or apachectl -M to see the loaded modules, but to see all settings, there is no such tool, you will have to go through all the files , starting from familiar yourself with the general structure of the httpd config files.… script …The usage is simple: Run it as
python CombineApacheConfig.py. Since there is no additional parameters given, it will retrieve the default Ubuntu apache config file from/etc/apache2/apache2.confand generate the result complete config file in/tmp/apache2.combined.conf. If your config file is in different location, then give the input file and output file location.Note: Apache server-info page http://127.0.0.1/server-info also provide similar information, but not in the config file format. It is in human readable format. The page works only when it is open from the same computer.
python CombineApacheConfig.py /etc/apache2/httpd.conf /tmp/apache2.combined.conf
–jeroen
| #!/usr/bin/python2.7 | |
| # CombineApacheConfig.py | |
| __author__ = 'ben' | |
| import sys, os, os.path, logging, fnmatch | |
| def Help(): | |
| print("Usage: python CombineApacheConfig.py inputfile[default:/etc/apache2/apache2.conf] outputfile[default:/tmp/apache2.combined.conf") | |
| def InputParameter(): | |
| if len(sys.argv) <> 3: | |
| Help() | |
| return "/etc/apache2/apache2.conf", "/tmp/apache2.combined.conf" | |
| return sys.argv[1], sys.argv[2] | |
| def ProcessMultipleFiles(InputFiles): | |
| Content = '' | |
| LocalFolder = os.path.dirname(InputFiles) | |
| basenamePattern = os.path.basename(InputFiles) | |
| for root, dirs, files in os.walk(LocalFolder): | |
| for filename in fnmatch.filter(files, basenamePattern): | |
| Content += ProcessInput(os.path.join(root, filename)) | |
| return Content | |
| def RemoveExcessiveLinebreak(s): | |
| Length = len(s) | |
| s = s.replace(os.linesep + os.linesep + os.linesep, os.linesep + os.linesep) | |
| NewLength = len(s) | |
| if NewLength < Length: | |
| s = RemoveExcessiveLinebreak(s) | |
| return s | |
| def ProcessInput(InputFile): | |
| Content = '' | |
| if logging.root.isEnabledFor(logging.DEBUG): | |
| Content = '# Start of ' + InputFile + os.linesep | |
| with open(InputFile, 'r') as infile: | |
| for line in infile: | |
| stripline = line.strip(' \t') | |
| if stripline.startswith('#'): | |
| continue | |
| if stripline.lower().startswith('include'): | |
| match = stripline.split() | |
| if len(match) == 2: | |
| IncludeFiles = match[1] | |
| IncludeFiles = IncludeFiles.strip('"') #Inserted according to V's comment. | |
| if not IncludeFiles.startswith('/'): | |
| LocalFolder = os.path.dirname(InputFile) | |
| IncludeFiles = os.path.join(LocalFolder, IncludeFiles) | |
| Content += ProcessMultipleFiles(IncludeFiles) + os.linesep | |
| else: | |
| Content += line # if it is not pattern of 'include(optional) path', then continue. | |
| else: | |
| Content += line | |
| Content = RemoveExcessiveLinebreak(Content) | |
| if logging.root.isEnabledFor(logging.DEBUG): | |
| Content += '# End of ' + InputFile + os.linesep + os.linesep | |
| return Content | |
| if __name__ == "__main__": | |
| logging.basicConfig(level=logging.DEBUG, format='[%(asctime)s][%(levelname)s]:%(message)s') | |
| InputFile, OutputFile = InputParameter() | |
| try: | |
| Content = ProcessInput(InputFile) | |
| except Exception as e: | |
| logging.error("Failed to process " + InputFile, exc_info=True) | |
| exit(1) | |
| try: | |
| with open(OutputFile, 'w') as outfile: | |
| outfile.write(Content) | |
| except Exception as e: | |
| logging.error("Failed to write to " + outfile, exc_info=True) | |
| exit(1) | |
| logging.info("Done writing " + OutputFile) |
Posted in *nix, *nix-tools, Apache2, Development, Linux, openSuSE, Power User, Python, Scripting, Software Development, SuSE Linux | Leave a Comment »
Posted by jpluimers on 2018/03/19
Many more things to learn and practice, especially on how these concepts interact, how to make things quantifiable and especially practice them in ways that people intrinsically understand how to:
The ideas of agile are great. It’s the way it has been codified into rituals and certifications and rolled out mindlessly that misses the point. When people talk about Lean, the conversation often ends at process optimization, waste, and quality, and misses so much of what the Lean mindset offers. Design Thinking is held high as the new magic trick of design facilitators.
Source: [WayBack] Understanding how Design Thinking, Lean and Agile Work Together | ThoughtWorks.
The article has some nice graphics to illustrate the points (some are below) and points to a lot more links for further learning.
Via [WayBack] ThoughtWorks on Twitter: “Instead of focusing on applying a process, teams ought to challenge how they think and try new things, embrace the things that work, and learn from the things that don’t. #Agile #DesignThinking “
–jeroen
Posted in Agile, Development, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 