The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘Delphi’ Category

« Previous Entries
Next Entries »

“Cannot navigate to definition” annoyance in Visual Studio 2010 – (did it implement the mouse equivalent to Delphi code browsing? No, it didn’t)

Posted by jpluimers on 2012/03/08

This use case drove me nuts in Visual Studio 2010 for a while, but can be solved.

Use cases:

  1. Cannot navigate to definition.double click on a word to select it
  2. press Ctrl-C to copy the selected text
  3. result is either of these two dialogs:

    ---------------------------
    Microsoft Visual Studio
    ---------------------------
    Cannot navigate to definition.
    ---------------------------
    OK
    ---------------------------

    Cannot navigate to definition. The cursor is not on a symbol.or

    ---------------------------
    Microsoft Visual Studio
    ---------------------------
    Cannot navigate to definition. The cursor is not on a symbol.
    ---------------------------
    OK
    ---------------------------

The reason is that Visual Studio 2010 still thinks I am clicking the identifier (which I’m not, I just released the mouse button) while pressing the Ctrl key. Read the rest of this entry »

Posted in .NET, Delphi, Development, Keyboards and Keyboard Shortcuts, Power User, Software Development, Visual Studio 2010, Visual Studio and tools | Leave a Comment »

Anyone with a C#, Delphi or FreePascal implementation of the PRESENT Ultra-Lightweight Block Cipher encryption?

Posted by jpluimers on 2012/03/06

A short while ago a paper got published on PRESENT: An Ultra-Lightweight Block Cipher by Andrey Bogdanov et al becoming ISO standard 29192-2:2012.

Is there anyone that has a C#, Delphi or FreePascal implementation with unit tests?

–jeroen

Posted in .NET, C#, C# 2.0, C# 3.0, C# 4.0, C# 5.0, Delphi, Development, Software Development | 13 Comments »

P/Invoke: usually you need CharSet.Auto (via: .NET Column: Calling Win32 DLLs in C# with P/Invoke)

Posted by jpluimers on 2012/02/28

I don’t do P/Invoke often, and somehow I have trouble remembering the value of CharSet to pass with DllImport.

In short, pass CharSet.Auto unless you P/Invoke a function that is specific to CharSet.Ansi or CharSet.Unicode. The default is CharSet.Ansi, which you usually don’t want:

when Char or String data is part of the equation, set the CharSet property to CharSet.Auto. This causes the CLR to use the appropriate character set based on the host OS. If you don’t explicitly set the CharSet property, then its default is CharSet.Ansi. This default is unfortunate because it negatively affects the performance of text parameter marshaling for interop calls made on Windows 2000, Windows XP, and Windows NT®.

The only time you should explicitly select a CharSet value of CharSet.Ansi or CharSet.Unicode, rather than going with CharSet.Auto, is when you are explicitly naming an exported function that is specific to one or the other of the two flavors of Win32 OS. An example of this is the ReadDirectoryChangesW API function, which exists only in Windows NT-based operating systems and supports Unicode only; in this case you should use CharSet.Unicode explicitly.

–jeroen

via: .NET Column: Calling Win32 DLLs in C# with P/Invoke.

Posted in .NET, Ansi, C#, Delphi, Development, Encoding, Prism, Software Development, Unicode | 3 Comments »

FireMonkey and (OS X, iOS, Windows) Link Clearance

Posted by jpluimers on 2012/02/21

Some links that I found useful for doing FireMonkey and development for OS X or iOS:

–jeroen

Posted in Delphi, Development, FireMonkey, OS X FMX, Software Development | 2 Comments »

Jason Southwell (from arcana) just published DuckDuckDelphi: a unit to do Duck typing in Delphi XE2 (not XE)

Posted by jpluimers on 2012/02/16

If you haven’t seen Jason announce this in the general Delphi 3rd party newsgroup or his announcement thread on the FaceBook Delphi Developer group yet, this is a definitive must read:

Jason Southwell (from arcana) just published DuckDuckDelphi: a unit to do Duck typing in Delphi XE2 (not XE):

Duck Duck Delphi

DuckDuckDelphi is an Open Source (MIT License) unit for Delphi XE2 which adds duck typing functionality to a normally strongly typed language.

Great stuff that makes a truckload of my code so much easier to maintain.

–jeroen

via arcana – DuckDuckDelphi.

(Edit: 1400 UTC+1 Sorry, wrong boolean; wrote “and” but should be “not” XE).

Posted in Delphi, Delphi XE2, Development, Software Development | 8 Comments »

There is a great Android Design – UI Overview site, but no great UI design tools for Android

Posted by jpluimers on 2012/02/15

Recently the Android Design site was launched with great explanation on how to properly design UIs for Android Apps.

Like Apple’s iOS Human Interface Guidelines and Microsoft’s User Experience Design Guidelines for Windows Phone they are a must for any mobile developer.

Together with sites like Android UI Design Patterns, and mockup stencil tools, more Android UI mockup sketch tools and stencils allow you to give prospective users an impression on how an app might be looking like when developed.

What is lacking is a set of real Android GUI design tools. The kind of tools like the Xcode Interface Builder for iOS, or Expression Blend for Windows Phone that – together with iOS PSD templates or Windows Phone design templates (and more templates) – give you a killer start.

Also note Delphi XE2 that has a great UI designer which has consistently covered Windows UI design for 15+ years, including multi-touch and gesture support, and now covers Mac OS X and iOS for HD and 3D apps (but not yet with multi-touch or gesture support).

The only design tool for Android I could find is DroidDraw that emits the XML needed for Android UIs. It is painfully slow and lacks basic things like a property window to edit properties of UI elements.

Given the number of Android app developers, there is much room for improvement.

  • Am I missing something here?
  • What kind of tools are you using?

–jeroen

via: Android Design – UI Overview.

Posted in .NET, Android, Delphi, Development, iOS Development, Mobile Development, Software Development, Windows Phone Development | 6 Comments »

great answer by Remy Lebeau on windows – CreateProcessAsUser doesn’t work when “change user” – on Stack Overflow part of @StackExchange

Posted by jpluimers on 2012/01/10

You might wonder why I quoted two great StackOverflow answers recently. Well, it is because I absolutely love the way that StackExchange.com and StackOverflow.com changed how to find quality answers (and questions!) on topics varying from programmers through Cooking to Chines Language Usage in a community based way.

This one is by Remy Lebeau, who is part of TeamB:

You don’t need to enumerate running explorer.exe processes, you can use WTSGetActiveConsoleSessionId() instead, and then pass that SessionId to WTSQueryUserToken(). Note that WTSQueryUserToken() returns an impersonation token but CreateProcessAsUser() needs a primary token, so use DuplicateTokenEx() for that conversion.

You should also use CreateEnvironmentBlock() so the spawned process has a proper environment that is suited to the user account that is being used.

Lastly, set the STARTUPINFO.lpDesktop field to ‘WinSta0\Default’ instead of nil so the spawned UI can be made visible correctly.

I have been using this approach for several years now and have not had any problems with it. For example:

… code sample is in the answer …

–jeroen

via: windows – CreateProcessAsUser doesn’t work when “change user” – Stack Overflow.

Posted in Delphi, Development, Software Development | 2 Comments »

Great answer by Cosmin Prund: How and when are variables referenced in Delphi’s anonymous methods captured? – Stack Overflow

Posted by jpluimers on 2012/01/05

Every once in a while, by accident you stumble on a really great answer on StackOverflow.

Here is a quote from Cosmin Prund describing on how Delphi implements anonymous methods using a TInterfacedObject descendant:

When you have a function like the one in the question, where you have an anonymous method accessing a local variable, Delphi appears to create one TInterfacedObject descendant that captures all the stack based variables as it’s own public variables. Using Barry’s trick to get to the implementing TObject and a bit of RTTI we can see this whole thing in action.

Read his full answer for the complete description including sample code.

I stumbled on this great answer trough the question Is it possible for a managed local variable to transparently “travel to” another local scope? which might sound like an odd question, but it is not: StackOverflow is about learning, and some people do that by asking questions on solving problems in a very uncommon way, just to learn there are far better ways of obtaining what they want.

–jeroen

via: How and when are variables referenced in Delphi’s anonymous methods captured? – Stack Overflow.

Posted in Delphi, Development, Software Development | Leave a Comment »

Many more web platforms vulnerable to the hash collision attack (not only ASP.NET) #28C3 @hashDoS #hashDoS @ccc

Posted by jpluimers on 2011/12/29

When writing my Patch your ASP.NET servers ASAP early this morning, I didn’t have time to research the full extend of the vulnerabilities published at 28C3 (slides, mp4), though a small bell was ringing a message that I had seen something like it before earlier this century.

I was right, this posting on perlmonks direct me to a /. posting in 2003 pointing me to the research paper on low-bandwidth attacks based on hash collisions (pdf version) that I had seen before. Perl 5.8.1 fixed it September 2003 (search for “hash” in that link).

The attack can be used for DoS because a normal distributed hash table insert of n elements will be running O(n), but a carefully crafted insert of those elements will run O(n^2).

Carefully crafting a worst case scenario depends on how well you can predict collisions in the underlying hash table implementation, which – apparently – is not too difficult, and requires little bandwidth.

Many platforms and languages are vulnerable (already archived at the WayBack machine), including those based on Java, Tomcat, .NET, Ruby, PHP and more in greater or lesser extent. I have the impression that the list only includes big names, but presume platforms based on smaller names (ASP, Delphi, Objective C) are equally vulnerable.

Just read the articles on CERT 903934, oCERT 2011-003Arstechnica, Cryptanalysis.euHeise (German), Hackillusion and the research paper published at 28C3.

a few quotes:

“This attack is mostly independent of the underlying Web application and just relies on a common fact of how Web application servers typically work,” the team wrote, noting that such attacks would force Web application servers “to use 99% of CPU for several minutes to hours for a single HTTP request.”

“Prior to going public, Klink and Wälde contacted vendors and developer groups such as PHP, Oracle, Python, Ruby, Google, and Microsoft. The researchers noted that the Ruby security team and Tomcat have already released fixes, and that “Oracle has decided there is nothing that needs to be fixed within Java itself, but will release an updated version of Glassfish in a future CPU (critical patch update).”

“The algorithmic complexity of inserting n elements into the
table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request”

“We show that PHP 5, Java, ASP.NET as well as v8 are fully vulnerable to this issue and PHP 4,
Python and Ruby are partially vulnerable, depending on version or whether the server
running the code is a 32 bit or 64 bit machine.”

Microsoft seems to have been notified pretty late in the cycle, I presume because the researchers started with a some platforms and finally realized the breath of platforms involved.

The ultimate solution is to patch/fix the platforms using for instance a randomized hash function a.k.a. universal hashing.

Microsoft will provide a patch for ASP.NET later today, Ruby already patched and other vendors will soon or have already (please comment if you know of other platforms and patches).

The links this morning indicated there were no known attacks. That is (maybe was) true for ASP.NET, but for PHP a public proof of concept of such a DoS is has been published by Krzysztof Kotowicz (blog) with sources at github and a demo html page.

Temporary workarounds (based on the some of the links in this and the prior blog post, and the workarounds mentioned here and here):

  1. If you can: replace hash tables by more applicable data structures
    (I know this falls in the for-if anti-pattern category, but lots of people still use a hammer when a different tool works much better)
  2. Limit the request size
  3. Limit the maximum number of entries in the hash table
  4. Limit form requests only for sites/servers/etc that need it.
  5. Limit the CPU time that a request can use
  6. Filter out requests with large number of form entries

Some platforms already have applied temporary workarounds (I know of Tomcat (default max 10000 parameters), and PHP (default max_input_vars = 1000) did, and looks like the ASP.NET fix will do too).

Other platforms (like JRuby 1.6.5.1, CRuby 1.8.7 (comments) and Perl 5.8.1 in September 2003 ) fixed it the proper way.

Note: workarounds are temporary measures that will also deny legitimate requests. The only solution is to apply a fix or patch.

A major lesson learned today for a few people around me: when vendors start publishing “out of band” updates, do not trust a single 3rd party assessment with state “initial investigation”, but be diligent and do some further research.

–jeroen

PS: Just found out that most Azure users won’t need to manually apply a fix: just make sure your Hosted Service OS servicing policy is set to “Auto”.

Posted in .NET, ASP.NET, C#, Cloud Development, Delphi, Development, Java, PHP, Ruby, Scripting, Software Development, Web Development, Windows Azure | 6 Comments »

Added a few links to my “Tools” page, @WordPress bug spuriously inserting div tags still present.

Posted by jpluimers on 2011/12/28

While re-designing a Visual Studio 2010 plus Delphi XE2 install for a specific client, I updated some of my Tools page links:

And found out that the WordPress still wrongly inserts div tags when you step out a list by pressing Enter twice is still present. Annoying, as it has been there for at least 2 years, so I’m still interesting in people having a workaround for it.

–jeroen

Posted in .NET, C#, Delphi, Development, Software Development, TFS (Team Foundation System), Visual Studio 2008, Visual Studio 2010, Visual Studio and tools | 1 Comment »

« Previous Entries
Next Entries »