The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,311 other followers

Posts Tagged ‘internet’

Please write dates and times so that everyone understands them, not just you. xkcd: ISO 8601

Posted by jpluimers on 2013/02/28

ISO 8601 was published on 06 05 88 and most recently amended on 12 01 04

ISO 8601 was published on 06 05 88 and most recently amended on 12 01 04

Boy, am I glad with the xkcd: ISO 8601 post and image on the right.

One reason:

Please write dates and times so that everyone understands them, not just you.

The alt-text of the comic is hilarious (ISO 8601 was published on 06 05 88 and most recently amended on 12 01 04) showing the confusion of using 2 digit years not knowing which field means which (I thin XKCD author Randall Munroe and Mathematics of the ISO calendar got some of the dates, see PDF search dates below).

I found out in the mid 1980s that people I was communicating with internationally (back then the internet was forming and you already had BITNET Relay chat and email) were using different date formats than I did.

Ever since that, I’ve used the YYYY-MM-DD format of writing dates, encouraging others to use as well and as soon as I found out that was a standard, started to evangelize ISO 8601 (there is an ISO 8601 category on my blog), which – at the time of writing this – had had revisions in 1998 (on 1998-06-15), 2000 (on 2000-12-15) and 2004 (on 2004-12-01).

A lot later I found out that back in 1971, this date format was a recommendation, and in 1976 already a standard. Not nearly as old as Esperanto though (:

Speaking about languages:

At the end of last century, after Delphi 5 added year 2000 support (which made the 16-bit Delphi 1 disappear from the box as the effort to prove the product including all libraries was year 2000 proof), Delphi went cross platform.

The Delphi team working on both Kylix 1 and Delphi 6, the also added a DateUtils unit which provides a lot of cuntionality, including support for weak numbers. The first test version always assumed week 1 was the one with januari first in it. As ISO 8601 also indicates how the first week of a year should be determined, a couple of people (Jeroen W. Pluimers, Glenn Crouch, Rune Moberg and  Ray Lischner) provided code that fixed this and a few other things in the unit. We even got mentioned by Cary Jensen!

That code is now also part of the RemObjects ShineOn library. That DateUtils unit is now on GitHub.
A Delphi XE version of the code (and a Delphi 2007 one) are now at NickDemoCode (Thanks Nick Hodges!).

Delphi is not the only environment having ISO 8601 support. XML has, .NET has, etc: it is now wide spread.
So follow your tools, and start using it yourself as well (:

Too bad the ISO 8601 standard text is not available publicly:

I remember the Y2K preparation era where the ISO-8601 standard was freely available at http://www.iso.ch/markete/8601.pdf, soon after the Year 2000, the PDF got locked behind a payment engine.
ISO suffers from heavy link rot too, for instance the ISO 3166 country codes used to be at http://www.iso.org/iso/prods-services/iso3166ma, but are now at http://www.iso.org/iso/home/standards/country_codes.htm. What about HTTP 303 or 302 redirect here guys?

Luckily people keep cached copies:

  1. “ISO 8601” “First edition” “1988-06-15” filetype:pdf
  2. “ISO 8601” “Second edition” “2000-12-15” filetype:pdf
  3. “ISO 8601” “Third edition” “2004-12-01” filetype:pdf

–jeroen

via: xkcd: ISO 8601.

Posted in .NET, Delphi, Delphi 2005, Delphi 2006, Delphi 2007, Delphi 2009, Delphi 2010, Delphi 6, Delphi 7, Delphi 8, Delphi x64, Delphi XE, Delphi XE2, Delphi XE3, Development, ISO 8601, Power User, Prism, Software Development | Tagged: , , , , , , , , , , , , , | 10 Comments »

Recommended reading: “Security Engineering” now available free online

Posted by jpluimers on 2013/02/06

According to Alan Cox,

And yes this is worth reading…

Right now it looks like the site is overloaded, so you will have to use the Google Cache: Light Blue Touchpaper » Blog Archive » “Security Engineering” now available free online.

So I’m going to re-try in a couple of days.

Later: that was an intermediate site. The actual site is Security Engineering – A Guide to Building Dependable Distributed Systems..

–jeroen

via: Security Engineering – A Guide to Building Dependable Distributed Systems.

Posted in Power User, Security | Tagged: , , , , , | Leave a Comment »

in light of the zero-day Java exploits: JRE removal/install tool JavaRa from SingularLabs

Posted by jpluimers on 2013/01/17

Even though the JavaRa tool is Windows-only, it is a tremendous help scraping old vulnerable versions of the Java Runtime Environment (JRE) from your systems and keeping only the fixed versions.

Regular JRE installs from Oracle/Sun will keep the old-and-vulnerable JRE versions.

(note that it seems the recent JRE update did not actually fix the vulnerability, just the exploit, and that a new Java vulnerability might already be exploited. Be sure to keep a watch upcoming Java updates for these).

JavaRa

JavaRa is an effective way to deploy, update and remove the Java Runtime Environment (JRE). Its most significant feature is the JRE Removal tool; which forcibly deletes files, directories and registry keys associated with the JRE. This can assist in repairing or removing Java when other methods fail.

JavaRa 2.1 (released 20130116) Read the rest of this entry »

Posted in Development, Java, Power User, Software Development, Windows, Windows 7, Windows 8, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP | Tagged: , , , , , , , , | 1 Comment »

TURKTRUST Incident Raises Renewed Questions About CA System | threatpost

Posted by jpluimers on 2013/01/05

A small quote from the very interesting  TURKTRUST Incident Raises Renewed Questions About CA System | threatpost article:

“Subordinate certificates have long been identified as a point of weakness in the CA system. They are typically granted unconstrained power to issue certificates for any domain name. Thus, a leak of one subordinate certificate is seen as equivalent to a leak of authority equivalent to all CAs combined. Worse, subordinate certificates need not be explicitly trusted by the software that authenticates encrypted SSL connections typically your web browser. They inherit their trust from the explicitly trusted CAs that have been vetted by your browser vendor,” Steve Schultze, associate director of the Center for Information Technology Policy at Princeton University, wrote in an analysis of the TURKTRUST incident.

A CA (Certificate Authority) issues certificates, most of which are used for domain validation by web-browsers, email and applications. This allows you to make sure when you communicate with your bank (through a web browser or banking app on your phone) to verify the server of the bank is in fact the server of your bank. Or your email program really talks to the server of your email provider and not some intermediate that spoofs your mails.

If fraudulent certificates get issued for certain domains (sometimes specific like http://www.google.com, sometimes generic like *.yahoo.com, or *.*.com), then you cannot trust those domains any more, nor your communication with them. So communication with your bank could be intercepted and changed, thereby loosing money.

That’s exactly what happened in 2011 and late 2012:

The heart of the problem is twofold:

  1. if a CA somehow (by mistake, hacking or whatever) issues a rogue certificate, it takes a relatively long time to find out it is rogue. In the mean time, everyone trust the rogue certificate, and a lot of damage can be done.
  2. it takes a relatively long time for people to patch their systems making the window of opportunity even bigger (heck, I regularly see systems that have not been patched for months or years).

While a IETF proposal to log all intermediate and end-entity certificates tries to fix 1., make sure you fix 2. by keeping your systems patched.

–jeroen

via TURKTRUST Incident Raises Renewed Questions About CA System | threatpost.

Posted in Opinions | Tagged: , , , , , , , , , , , , | Leave a Comment »

 
%d bloggers like this: