The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,839 other subscribers

Archive for the ‘Software Development’ Category

« Previous Entries
Next Entries »

CVE-2017-11509: Firebird fbudf Module Authenticated Remote Code Execution – Firebird News

Posted by jpluimers on 2018/05/31

Ouch (despite one needs authenticated access): [WayBack] Firebird fbudf Module Authenticated Remote Code Execution – Firebird News

Here is the description for CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL
Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. The
only known solution is to disable external UDF libraries from being loaded. In
order to achieve this, the default configuration has changed to UdfAccess=None.
This will prevent the fbudf module from being loaded, but may also break other
functionality relying on modules.

Here is the Debian security page with the issue : CVE-2017-11509

The thing I am really not happy about is that the 90 day limit has been overdrawn by about 180 days (see https://www.tenable.com/security/research/tra-2017-36)

Related:

Via:

–jeroen

Posted in Database Development, Development, Security, Software Development | Leave a Comment »

Coding is not “fun,” it’s technically and ethically complex — Quartz

Posted by jpluimers on 2018/05/31

Interesting read: [Archive.is/WayBackCoding is not “fun,” it’s technically and ethically complex — Quartz

via: [WayBack] Coding is not for everyone – Kevin Powick – Google+

–jeroen

Posted in Development, Software Development | Leave a Comment »

Some useful Visual Studio Keyboard bindings – via my comment at “Allow for floating windows · Issue #10121 · Microsoft/vscode · GitHub”

Posted by jpluimers on 2018/05/30

The thread at [WayBack]: Allow for floating windows · Issue #10121 · Microsoft/vscode · GitHub made me discover a few things, which I have commented there.

Reminder to self: find the Windows keyboard shortcuts as well.

Thanks @steinhh for the CmdK O keyboard combination. I was not aware of that yet and I am going to use this next week on a multi-monitor system to see how well that works.

Your tip made me found the PDFs below and made me make the lists/screenshots below as well.

Terrific! Thank you, thank you!

The bindings (on Mac) I found with their screenshots:

  • CmdShiftP: show all commands
    screenshot 2018-05-20 15 27 30
  • CmdK O: open current file in new Window
  • CmdShiftN: open a new window
    screenshot 2018-05-20 15 27 00
  • CmdK CmdR: open keyboard shortcuts reference PDF for current OS in the default web-browser
  • CmdK CmdS: open keyboard shortcuts editor
    screenshot 2018-05-20 15 24 07

The keyboard shortcuts editor has a search which can find bindings on the keybinding name itself or the command name:

  • screenshot 2018-05-20 15 31 58
  • screenshot 2018-05-20 15 33 19

–jeroen

Posted in Development, Software Development, Visual Studio and tools, vscode Visual Studio Code | Leave a Comment »

Akismet GDPR notification: enabled

Posted by jpluimers on 2018/05/30

I saw the below notification recently, but it was already enabled.

Akismet & Privacy.

To help your site be compliant with GDPR and other laws requiring notification of tracking, Akismet can display a notice to your users under your comment forms. This feature is disabled by default, however, if you or your audience is located in Europe, you need to turn it on.

Please enable or disable this feature. More information.

–jeroen

Read the rest of this entry »

Posted in Development, GDPR/DS-GVO/AVG, Power User, Privacy, SocialMedia, Software Development, Web Development, WordPress, WordPress | Leave a Comment »

Class Constructors/Destructors are special initialization/finalization sections – via Popping the hood. – Community Blogs – Embarcadero Community

Posted by jpluimers on 2018/05/30

I wasn’t sure what the order of class constructors/destructors was with respect to initialization/finalization sections. [WayBackClass Constructors. Popping the hood. – Community Blogs – Embarcadero Community explains that there is more to it than below summary, but it is a good start:

If a given class constructor is eligible to be invoked (ie. it was linked into your application), it will run immediately before the initialization section for the unit in which the class is implemented. The class destructors will be invoked immediately after the finalization section for the unit in which the class is implemented.

–jeroen

Posted in Delphi, Development, Software Development | Leave a Comment »

Via G+: I’m having some trouble with high DPI support and popup menus…

Posted by jpluimers on 2018/05/29

Hopefully Uwe Raabe will publish his VCL patches soon: [WayBack] I’m having some trouble with high DPI support and popup menus (using Delphi 10.2.3). Everything scales correctly except for the popup menus which still … – Dominic De Chasteigner Dumée – Google+

HiDPI with VCL still needs quite a bit of work, even on running one monitor (mixing regular DPI and HiDPI monitors will likely always be a pain for any pixel based environment)…

Note figuring out errors is not always easy, as Delphi 2009 introduced the System.TMonitor record for thread synchronisation, next to the existing Forms.TMonitor class that had monitor settings.

Related:

–jeroen

Posted in Delphi, Development, Software Development | Leave a Comment »

Use DelphiAST – via TPersistent.com » Blog Archive » The Parsing Problem

Posted by jpluimers on 2018/05/29

Stefan Glienke Says:
May 3rd, 2016 at 1:33 am

FWIW DelphiAST is the most up to date parser for Delphi (at least that is open source) because Roman Yankovsky is fixing bugs in a timely manner and is using it for his own plugin (FixInsight) that needs to parse all kinds of source code. It is also derived from the Castalia parser but many fixes and changes have been applied since.

In addition, TestInsight (by Stefan Glienke) also uses DelphiAST and Stefan is quite well at bugging people fixing bugs in open source projects.

DelphiAST works from Delphi XE and up (parts might work in Delphi 2010 and 2009), so ancient Delphi is out.

--jeroen

via: [WayBackTPersistent.com » Blog Archive » The Parsing Problem

Posted in Castalia, Delphi, Development, Software Development | Leave a Comment »

Indy Sockets and getting a description on the connection depends on the direction

Posted by jpluimers on 2018/05/29

From my Indy gitter archive:

@jpluimers
From a TIdIOHandlerSocket or TIdSocketHandle: is it possible to see who has initiated the connection? i.e. if it’s Binding.Peer that initiated to Binding.IP or the other way around?

@rlebeau
A socket is bidirectional, it doesn’t know or care which direction the connection was initially established. You will have to keep track of that yourself based on whether the socket is coming from a client component or a server component.

@jpluimers
I was afraid so. No problem: thanks for confirming.

So I made a helper class for TIdSocketHandle that gets you a SummaryString based on a direction enumeration: TIdSocketHandleHelper.

Notes:

–jeroen

Read the rest of this entry »

Posted in Delphi, Development, Indy, Software Development | Leave a Comment »

DRAM Access Timing – now and then (then = during 6502 times) TL;DR: Modern DR…

Posted by jpluimers on 2018/05/28

DRAM Access Timing – now and then (then = during 6502 times)TL;DR: Modern DRAM ist faster old stuff, but not much. – Kristian Köhntopp – Google+

Source: [WayBackDRAM Access Timing – now and then (then = during 6502 times) TL;DR: Modern DR…

Full article: [WayBackdram_latency_then_and_now.md by [WayBackPer Vognsen.

–jeroen

Posted in Development, Hardware Development, History, Software Development | Leave a Comment »

Fixing the WSDLImp command-line Delphi WSDL importer to parse WSDL files including XSD files using xsd:group at the top level

Posted by jpluimers on 2018/05/24

I finally found out the cause of the Delphi WSDL Importer generating wrong .pas files when the WSDL file includes an XSD file that uses an xsd:group (see below) at the top-level.

The resulting access violation was caused by forgetting a nil check for a Context (at the top-level it is nil because there is no encompassing type yet; xsd:group can be at the top-level).

There might also be other WSDL/XSD constructs leading to the same code path: a good set of WSDL/XSD combination would be needed for proper integration testing on this. Hopefully, Embarcadero has such a set.

Patches

All patches are at https://gist.github.com/jpluimers/2824c03ae816229a53ffa4830b2d6208. If you need a binary build that includes the patches, drop a comment below.

Before fixing, I had to get it building which required modifying the search path and output path (both see Delphi WSDL importer compiler defines). This is the first patch below (which results includes a huge .dproj change as that’s what the IDE does to a project when you change just a few simple things).

The second patch below is the fix.

The fix is to replace if (TypeDef.IsAnonymous) then by if (TypeDef.IsAnonymous) and Assigned(Context) then in side the function TWSDLTypeImporter.AddComplexType of WSDLImpWriter.pas.

After careful checking of the group handling (around etElementGroup, cmGroupRef,  xtiElemGroupIXMLElementGroup, IXMLElementGroups), no other fixes are needed as the rest of the xsd:group handling functions correctly at least for the WSDL/XSD combinations I had to import.

During fixing, I found some compiler defines would produce much more output. That output tremendously helped finding out if xsd:group handling was indeed correct.

In the third patch, I have added another modification that introduces a new -logall command-line parameter that enables all these in one go.

I have handed over the patches through internal channels in order to circumvent a long and tedious QC/QualityPortal process. Hopefully they will make it in the next major Delphi version.

Related

Patches generated by following the steps in [WayBack] Generate a git patch for a specific commit – Stack Overflow:

git format-patch -1 <<commit-SHA>>

Command-line parameters

The WSDLImp has many command-line parameters, some of which are not accessible from the IDE expert. More information on these at:

xsd:group

An xsd:group contains a group of definitions. It is similar to a list of fields in a record/class/interface in Delphi that you can use in multiple record/class/interface definitions. The group only has a name at the XSD level, but not at the Delphi generated code level: there the group is expanded in each place it is used.

More information: [WayBack] xsd – How to use the xml schema group element – Stack Overflow

–jeroen

Read the rest of this entry »

Posted in Conference Topics, Conferences, Delphi, Development, Event, Software Development | 12 Comments »

« Previous Entries
Next Entries »