yoy - “Why-O-Why”

yoy.be - Why-O-Why

Welcome 06/05/2005
Is this your first visit? Click here for more information about this site. QuickStart...

selected recent changes and comments, log in to see more, browse or filter to see all...

trick: get a non-empty recordset with NULLs

If you ever need a non-empty recordset with all NULL values, e.g. for listing the columns:

select C.* from (select 1 X) X left outer join Customer C on C.ID=0

location: Application Development > Programming Languages > SQL
created: 26/02/2015 10:31:25 « modified: 26/02/2015 10:33:39 weight: 0
tokens:

About WideChar and CharInSet...

I posted this on Google+ a while ago, but didn't think of posting it here, so here it is.

I'm sorry, but I have to vent this: (Attention: what follows is a rant about something with programming in Delphi)
What's up with this?

[dcc32 Warning] W1050 WideChar reduced to byte char in set expressions.  Consider using 'CharInSet' function in 'SysUtils' unit.

CharInSet?! It contains Result:=C in CharSet; so it is actually just a tiny wrapper. But one that causes an extra jump, stack frame and return! Very wasteful of resources, and typically in places where I want iterations to go as fast as possible.

TSysCharSet, by the way, is apparently fixed to a set of byte chars. So I suppose some implicit conversion takes place. I wonder why SysUtils' CharInSet doesn't get a warning then? Not even one like this:
[dcc32 Warning] W1058 Implicit cast with potential data loss from 'WideChar' to 'Char'

But more importantly, I think it goes against the grain of the language. With Pascal being firmly rooted in the academic and mathematic, it saddens me deeply that I can not describe a set of WideChar literals. They're ordinal constants like any other, or am I mistaken?

In other words: if I take some old code where s is still just string, is it too much to expect s[i] in ['0'..'9'] to compile to something that checks if the 16-bit value falls between these two 16-bit limit values or not? As far as I know, it's easily done in both 32 and 64 bits machine code. (*1)

Oh, and one more thing. All of this is darkly overshadowed by this: http://utf8everywhere.org/ with which I most strongly agree. Regretfully I do a lot of work on a platform that has decidedly chosen for the 16-bit-character way of handling text, so I have to work with it up to where I can decide to do it otherwise. In practice this means my programming is a mix of WideString and UTF8String complexed by the ennerving equivalence of the latter with AnsiString.

*1: I know, I know, I should be using Unicode's IsDigit, but I have a lot of existing code for parsing script that uses a lot of while s[i] in [..] do inc(i); (*2)

*2: I know, I know, I should be using a lexer/tokenizer/compiler-compiler. See also: a lot of existing code.

*3: Skipping to the last paragraph are we? All right then:
tl;dr: I strongly regret that "WideChar reduced to byte char in set expressions"

location: Application Development > Programming Languages > Object Pascal > Delphi
created: 8/01/2015 23:58:11 « modified: 8/01/2015 23:58:11 weight: 0
tokens:

UUIDv6

Preamble

Of the 5 existing versions of UUID, version 4, based on a mostly random value, is most widely in use. Though chances of a collision are astronomically low, it is not nihil. Also key sequentiality is lost.

In this day and age of highly connected systems, and highly standardised administration thereof, these issues are addressed by this proposal, while still using the available provisions made for UUID values.

Specification

UUID with value:
00000000-0000-6000-8000-000000000000
after this AND-mask is applied:
00000000-0000-F000-F000-000000000000

consists otherwise of values with this provenance:

AAAA0000-0000-6000-8000-000000000000
A (16 bits): A unique identifier assigned to a corporation, organization or institution that assumes ownership of the software generating the UUIDs, as registered by a single global (online?) registry.
See http://yoy.be/UUIDv6 (for now? see below. if this will find any acceptance and/or could accrue some budget to host something definitive, it'll move)

0000BBBB-0000-6000-8000-000000000000
B (16 bits): A unique identifier assigned to the specific application, database or software suite, as registered by above corporation, organization or institution, optionally also publically registered in the single global registry.

00000000-CCCC-6000-8000-000000000000
C (16 bits): A unique identifier assigned to the specific instance or installation of this application, database or software suite.

00000000-0000-6DDD-8000-000000000000
D (12 bits): reserved for future use, use only 000 for now

00000000-0000-6000-8EEE-000000000000
E (12 bits): A unique identifier assigned to a certain set or collection of entities within this application or database.

00000000-0000-6000-8000-FFFF00000000
F (16 bits): A range identifier assigned from a central storage in the application or database to one single of possibly many sources of UUIDv6 values.

00000000-0000-6000-8000-0000GGGGGGGG
G (32 bits): A unique index into the assigned range.
If the range is depleted by having generated all possible UUID values with this range, and no new range identifier(s) are readily available, the UUID value source should fall back to UUID v4 values, based on 122 random bits.

Optionally the number of bits used by F and G may use a different partition of the total of 48 bits. Take care when making changes to this, so the values generated by the new partition will not collide with any values currently in use.

Registry

Listed here for these few first entries, may get moved to a more permanent location later:

AAAA;Name;Information
0000;(reserved);reserved
0001;(testing/staging/private use);for testing, staging or private use only

AAAA;BBBB;Name;Information
0000;0000;(reserved);reserved
0001;0000;(reserved);reserved
0001;0001;(testing/staging/private use);for testing, staging or private use only

location: Information > Technology > Information Technology > GUID
created: 5/11/2014 15:39:56 « modified: 5/11/2014 16:09:32 weight: 0
tokens:

The ongoing search for the best suitable font.

There is something mesmerizingly strange about the font “PT Sans” (and “PT Sans Serif” and “PT Mono” for that matter, but in this specific case it’s about “PT Sans”).

For something at work I was looking for a font to use throughout a set of applications and a web-site to tie them together and set them apart from all of the other day-to-day work that people at work do. Therefore this font has a lot of requirements to conform to:

• It needs to look professional, but not too much. We don’t want to put off the people that will have to work with this by using too “loud” a font.
• It may be a little playful, but not too much. It’s still a professional setting, and usability and readability are of great importance, hence a sans-serif font.
• It needs to display OK at a wide range of resolutions and display devices. Some older workstations don’t even have anti-aliased fonts, so hinting would come on handy. And same-width same-height numerals. (But it turns out I can do a little FontForge to correct it if need be.)
• It shouldn’t be too dense: people will glance over lists set in the font and should be able to pick up the information they’re looking for. Some font failed on this just because inter-character-spacing was too narrow, with loss of readability.
• It shouldn’t be too wide: that would display less information on the available surface.
• I need a family of: regular, bold, italic (bold-italic if available). Other widths are nice but not required for use in the software (Who knows that perhaps later marketing would want some, but that
• To avoid complicating the budget I started looking for free fonts. Perhaps a cheap font would do also, but since it’s a pretty wide implementation scenario, most non-free fonts result in a complex licensing scheme which drives the price up.
• It should have character, allure, pizzazz, charisma. Although I’m aiming for a subliminal impact with this choice of font, it still has to have this something special about it so it is instantly clear this is this new thing you’re working with. I know this hinges on other wide-spread use of the font (Lobster, anyone?) but still, it’s a criterion none the less. (And if there was budget, the main reason to order a custom-made high-price font.)

I have tested a large number of fonts for all of these. Some are too wide, some too narrow, some too ugly, some too frivolous. Some are bad at the default screen size. Some are too much just another Helvetica clone. A few were only missing a bold or italic version. I know what I’m asking for is a lot, but fonts that get close are generally of a certain age, further along than version ‘1.0’. It takes a lot of work to make a font, and a lot more of work to make a good font. It shows when the font has gotten a lot of care and attention.

From time to time I search the web for other fonts and go through a procedure to test them: make the website use the font, watch a number of pages with lists and common operations to see what they look like. If I like that, put the font up in an application and see if that looks good. Then run the application on the oldest workstation to see what it looks like.

I like to read about the story behind a font. Who made it, why was it made, what was it originally used for. (How come it’s made free for use?) There is so much there.

For now “PT Sans” is about the only font that fits all of my wishes the best. This is the strange thing about it. It appears to be made specifically for Cyrillic script, but the Latin are really good as well. It’s well balanced, does digits well, renders on screen resolution good. So by that logic there must have been a very large amount of work put into it. Based on a very rich set of knowledge on the subject. But I don’t find any record of that, or don’t know where to look for it.

But that’s it. The last few searches have not resulted in a better fit to my needs than “PT Sans”. The project is in development still, but is using “PT Sans” throughout. It’s looking great. Helping its little bit to make a splendid first impression to everyone I’ve demoed to up till now.

And look at that capital Q. Look at it.

location: www.yoy.be > users > StijnSanders > IRL
created: 3/10/2014 18:50:06 « modified: 3/10/2014 19:06:40 weight: 0
tokens:

xxmData.pas: Convert queries.xml to queries.sql

It's nice to see projects work nicely together. Especially when they're your own projects. I've combined WikiEngine and xxm (and TSQLite) before. Now I've changed xxmData.pas so it no longer uses XML to store the queries in, but a plain SQL file, which you can load into any SQL editors (especially nice when it has code-completion). So I have a number of queries.xml to transform into queries.sql. There's a tool for that: RE, download queries_xml_to_sql.rxe, change the file path and run it to transform the XML into SQL using the new notation.

location: freeware > xxm
created: 7/05/2014 23:57:28 « modified: 7/05/2014 23:57:56 weight: 0
tokens: references:          

DelphiProtocolBuffer

When looking to start a Delphi rethinkdb connector, I soon enough found out I'll need a separate solution to work with Google's Protocol Buffer definition files.
And this is it: dpbp: the Delphi Protocol Buffer Parser. It parses a .proto file, and outputs a .pas unit that defines a class for each message. They inherit from TProtocolBufferMessage (defined in the ProtBuf.pas unit) and have the internals to load/save the property values. Run dpbp without command line parameters to see the options you can use to fine-tune the generating process.

Available under the MIT license.

location: freeware
created: 11/04/2014 22:17:47 « modified: 11/04/2014 22:19:03 weight: 0
tokens:

Web Application Security

Read this excellent post:
http://perltricks.com/article/81/2014/3/31/Perl-web-application-security-HTTP-headers

The xxm version could look something like this:

[[@xxmHeaders,]][[!var
d:IXxmDictionary;
]][[
d:=(Context as IxxmHttpHeaders).ResponseHeaders;
d['Server']:='';
d['X-Frame-Options']:='DENY';
d['Strict-Transport-Security']:='max-age=3600';
d['X-Content-Security-Policy']:='default-src ''self''';
d['X-Content-Type-Options']:='nosniff';
d['X-Download-Options']:='noopen';
d['X-XSS-Protection']:='1; ''mode=block''';

location: freeware > xxm
created: 31/03/2014 17:08:01 « modified: 31/03/2014 17:08:01 weight: 0

RegEx Golf

Spoiler alert (don't look below if you indend to have a go yourself first)
this is how I got 3003 points and all green checkmarks on http://regex.alf.nu/ with only about half an hour wasted.

---

1.  Plain strings (205)
Warming up:
    a?foo
2.  Anchors (208)
Yes, I know about anchors:
    k$
3.  Ranges (202)
And about ranges:
    [a-f]{4}
4.  Backrefs (201)
And about backrefs:
    (...).*\1
5.  Abba (188)
Had to look up negation for this one since I generally do that in periferal logic
    ^(?!.*([aeio])(.)\2\1)
6.  A man, a plan (162)
What's the plan? And a little cheat to nip that one on the right that ends with p
    (.)(.)((.)\4|.?)\2\1([^p]|$)
7.  Prime (262)
All odd numbers except 2 and 25 and multiples of 3
    ^(?!(xxx){2,}?$)(?!x{25}$)(xx|x(xx)+)$
8.  Four (182)
Four vowels? Except the latin tree
    ([aeiou])(?!.*eae)(.*?\1){3}
9.  Order (179)
I'm getting lazy, just fiddled around with classes to get this one
    ([a-c][c-f]|[l-o]o|h[io]|[st]y)
10. Triples (565)
Tired even, just did a blunt force on this one, I don't know how to make regex'es do math, still a nice score though
    ([03]0[369]|402|[035]1[25]|390|175|^953|^32|[06]0[02]$|7[258]0?$)
11. Glob (310)
Just enumerating combinations here, could perhaps be shorter but I'm thinking about grabbing a bite in a minute
    ^((.+) matches \2|\*(.{3,6})\*(.*)? matches .+\3.+\4.*|(.+)\* matches \5.+|\*(.+) matches .+\6|^[b\*][ipr].+)$
12. Balance (283)
Oh this one is just a trick from the book
    ^(<(<(<(<(<(<(<>)*>)*>)*>)*>)*>)*>)*$
13. Powers (56)
Only I forgot how to recurse expressions
    ^((((((((((x)\10?)\9?)\8?)\7?)\6?)\5?)\4?)\3?)\2?)\1?$

location: spotted on the net > IT-related > development related
created: 20/12/2013 17:20:54 « modified: 22/12/2013 23:03:02 weight: 0

Bitcoin Grant: funding the future

http://bitcoingrant.org/

Realistisch gezien, maak ik geenenkele kans. Maar, stel! Stel dat het mogelijk zou zijn dat je uit het anonieme een bedrag krijgt per maand waar je comfortabel kan leven, om in ruil je tijdens de kantoor-uren in te zetten voor het constructief meewerken aan een of meer open-source projecten. Hoe zou dat in het echt werken? Ik vroeg me recent al af als ik eventuele winsten die ik dit jaar zou halen op de stijgende Bitcoin koers moet aangeven aan de inkomstenbelasting. Hoeveel is het forfait eigenlijk? Ik denk niet dat ik dat zal bereiken, maar toch. Zou de fiscus het snappen? "Waar komt dat geld van? Is het zwart?" Eeuh, nee, ja, misschien, ik weet het niet. In theorie kan je het zelfs niet weten. Gezien er geen bedrijfsvorm is die je als werknemer inschrijft, zal dit als zelfstandige moeten. Gemakkelijker gezegd dan gedaan in ons apenlandje, en best met wat gevolgen. Zoals wat je moet afdragen aan de sociale kas en ervoor zorgen dat je boekhouding klopt voor onder meer BTW. Urgh. En als dat in de vorm van een eenpersoonsbedrijf moet moet dat waarschijnlijk met een businessplan, en marktonderzoek? Hoe ligt open source software in de markt? Dat alleen al ligt moeilijk want dat zorgt niet rechtstreeks voor je inkomsten. Bon, overdag braaf gaan werken en 's avonds als hobby wat sleutelen aan een sourceforge/github/codeplex dingetje lijkt plots al bij al zo slecht nog niet.

location: spotted on the net > IT-related > development related
created: 8/04/2013 19:50:27 « modified: 8/04/2013 19:50:27 weight: 0

"database locked" errors with SQLITE_CONFIG_SERIALIZED

I've been impressed by sqlite3 ever since I get to know about it. It's open source, and even more it's really put in the public domain completely avoiding the licensing headache. I haven't read the source in great detail, but as I understand it it's all in a single big file! Even how it works internally is impressive.

Since I didn't like the options available, I created my own very thin wrapper for sqlite3.dll without much trouble. Only in this one multi-threaded application, I've run into an occasional "database locked" error, so I had to search documentation and source for what I can do about it.

Working with other database solutions, I've had the common sense of using a database connection for each thread, so each could work with the database undisturbed by eachother. As it turns out this is not required with sqlite3! As stated with SQLITE_CONFIG_SERIALIZED, which is the default setting, you're better off using a single connection over all threads. Indeed in my case it solved the "database locked" errors.

location: Application Development > Data Storage > SQLite
created: 23/03/2013 22:36:26 « modified: 23/03/2013 22:36:26 weight: 0
tokens:

Delphi's TDateTime in a datetime column: how to manipulate from SQL?

Thanks to sqlite's manifest typing, it's possible to insert Delphi's TDateTime values in a field defined by SQL as datetime. I was using this for a while without any problem before I found out sqlite was actually storing a floating point value. There may be a problem though when you try to manipulate these dates with SQL. I searched around for a suitable conversion, and using default sqlite features, I came up with this code:

datetime('1900-01-01','+'||myDateField||' day')

where myDateField is a column or value of type datetime.

location: freeware > TSQLite
created: 19/03/2013 22:25:01 « modified: 19/03/2013 22:25:01 weight: 0

How to create a shell extension context menu.

I've put it up here, but since it's a pretty good boiler plate code, I'll put it up here as well. Include a unit like this one into an ActiveX library. I especially had a though time to get the values right that are based on idCmdFirst and get sent back when a menu item is invoked. Something that gives pretty strange results if you don't get it right.

unit demoContextMenu;

interface

uses
  Windows, Classes, ActiveX, ComObj, ShlObj;

type
  PItemIDList=LPCITEMIDLIST;

  { TContextMenu }
  TContextMenu = class(TComObject, IShellExtInit, IContextMenu)
  private
	Files:TStringList;
  protected
	{ IShellExtInit }
	function IShellExtInit.Initialize = SEIInitialize;
	function SEIInitialize(pidlFolder: PItemIDList; lpdobj: IDataObject;
	  hKeyProgID: HKEY): HResult; stdcall;
	{ IContextMenu }
	function QueryContextMenu(Menu: HMENU; indexMenu, idCmdFirst, idCmdLast,
	  uFlags: UINT): HResult; stdcall;
	function InvokeCommand(var lpici: TCMInvokeCommandInfo): HResult; stdcall;
	function GetCommandString(idCmd: UINT_Ptr; uType: UINT; pwReserved: PUINT;
	  pszName: LPSTR; cchMax: UINT): HResult; stdcall;
  public
	procedure Initialize; override;
	destructor Destroy; override;
  end;

const
  Class_ContextMenu: TGUID = '{put a new GUID here by pressing Ctrl+Shift+G}';

implementation

uses ComServ, SysUtils, Registry;

procedure TContextMenu.Initialize;
begin
  inherited;
  Files:=TStringList.Create;
end;

destructor TContextMenu.Destroy;
begin
  Files.Free;
  inherited;
end;

function TContextMenu.SEIInitialize(pidlFolder: PItemIDList;
  lpdobj: IDataObject; hKeyProgID: HKEY): HResult; stdcall;
var
  StgMedium: TStgMedium;
  FormatEtc: TFormatEtc;
  i,c:integer;
  s:string;
begin
  if lpdobj=nil then Result:=E_INVALIDARG else
   begin
	FormatEtc.cfFormat:=CF_HDROP;
	FormatEtc.ptd:=nil;
	FormatEtc.dwAspect:=DVASPECT_CONTENT;
	FormatEtc.lindex:=-1;
	FormatEtc.tymed:=TYMED_HGLOBAL;

	Result:=lpdobj.GetData(FormatEtc,StgMedium);
	if not(Failed(Result)) then
	 begin
	  c:=DragQueryFile(StgMedium.hGlobal,$FFFFFFFF,nil,0);
	  for i:=0 to c-1 do
	   begin
		SetLength(s,1024);
		SetLength(s,DragQueryFile(StgMedium.hGlobal,i,PChar(s),1024));
		Files.Add(s);
	   end;
	  ReleaseStgMedium(StgMedium);
	  Result:=NOERROR;
	 end;
   end;
end;

function TContextMenu.QueryContextMenu(Menu: HMENU; indexMenu, idCmdFirst,
  idCmdLast, uFlags: UINT): HResult; stdcall;
var
  h:HMENU;
  i:integer;
begin
  i:=1;
  h:=CreatePopupMenu;
  AppendMenu(h,MF_STRING,idCmdFirst+i,'Menu item one');      inc(i);
  AppendMenu(h,MF_STRING,idCmdFirst+i,'Menu item two');      inc(i);
  AppendMenu(h,MF_STRING,idCmdFirst+i,'Menu item three');    inc(i);
  InsertMenu(Menu,indexMenu,
	MF_BYPOSITION or MF_POPUP or MF_STRING,h,'DemoContextMenu');
  Result:=i;
end;

function TContextMenu.InvokeCommand(var lpici: TCMInvokeCommandInfo): HResult;
  stdcall;
begin
  Result := E_FAIL;
  //not called by application
  if HiWord(Integer(lpici.lpVerb))=0 then
	begin
	  Result := NOERROR;
	  case LoWord(Integer(lpici.lpVerb)) of
		1:;//perform action one (use data in Files:TStringList)
		2:;//perform action two
		3:;//perform action three
		else Result := E_INVALIDARG;
	  end;
	end;
end;

function TContextMenu.GetCommandString(idCmd: UINT_Ptr; uType: UINT;
  pwReserved: PUINT; pszName: LPSTR; cchMax: UINT): HResult; stdcall;
begin
  if idCmd=0 then
   begin
	if (uType=GCS_HELPTEXTW) then
	  StrCopy(pszName,'Perform one of several functions on files');
	Result:=NOERROR;
   end
  else
	Result:=E_INVALIDARG;
end;

type
  TContextMenuFactory = class(TComObjectFactory)
  public
	procedure UpdateRegistry(Register: Boolean); override;
  end;

procedure TContextMenuFactory.UpdateRegistry(Register: Boolean);
var
  ClassID:string;
  r:TRegistry;
begin
  if Register then
   begin
	inherited UpdateRegistry(Register);

	ClassID := GUIDToString(Class_ContextMenu);
	CreateRegKey('*\shellex', '', '');
	CreateRegKey('*\shellex\ContextMenuHandlers', '', '');
	CreateRegKey('*\shellex\ContextMenuHandlers\DemoContextMenu', '', ClassID);

	CreateRegKey('Folder\shellex', '', '');
	CreateRegKey('Folder\shellex\ContextMenuHandlers', '', '');
	CreateRegKey('Folder\shellex\ContextMenuHandlers\DemoContextMenu', '', ClassID);

	if Win32Platform=VER_PLATFORM_WIN32_NT then
	 begin
	  r:=TRegistry.Create;
	  try
		r.RootKey:=HKEY_LOCAL_MACHINE;
		r.OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions',True);
		r.OpenKey('Approved',True);
		r.WriteString(ClassID,'DemoContextMenu Shell Extension');
	  finally
		r.Free;
	  end;
	 end;

   end
  else
   begin
	DeleteRegKey('Folder\shellex\ContextMenuHandlers\DemoContextMenu');
	DeleteRegKey('*\shellex\ContextMenuHandlers\DemoContextMenu');

	inherited UpdateRegistry(Register);
   end;
end;

initialization
  TContextMenuFactory.Create(ComServer, TContextMenu, Class_ContextMenu,
	'', 'DemoContextMenu Shell Extension', ciMultiInstance, tmApartment);
end.

location: Application Development > Programming Languages > Object Pascal > Delphi > ActiveX / COM objects
created: 12/11/2012 16:41:31 « modified: 12/11/2012 16:42:58 weight: 0
tokens:

E-mail over HTTP

It might be a stupid idea, but why has no-one ever thought of mapping SMTP/POP3/IMAP onto HTTP. (Or has someone?)
I know, there's a lot on the blogosphere about e-mail and it being broken in all kinds of ways, or not at all, but I don't want to touch upon that.

What I think it really is about is a clean straight-forward way of sending asynchronous messages to eachother. SMTP was created specifically for that. But it is getting old. Really old. Even so, it is based on a number of even older protocols (RFC822, anyone?). It's only normal that protocols cooperate or are based on eachother, but some are clearly established and are a really good fit for most if not all situations and environments, and some are established but happen to be the least worse solution that is available, just waiting to get replaced by something better, as soon as the folk could agree on the replacement.

HTTP was designed to transport hypertext. At first from a server to a client, but basically in any direction. And thanks to MIME, anything really. And face it, isn't almost all of our e-mail in hypertext nowadays? So HTTP and SMTP may have a lot in common, except HTTP has seen a lot more evolution as far as I know, both in design and in support by hardware and software.

How would it work? Just like an MX-record, something else (HTMX-record?) could point at a URL for the domain of an e-mail address. (And I mean full URL: http/https, (sub)domain, path, etc...) So the sender starts a request:

POST /incomingmail HTTP/1.1
Host: example.com
From: "John Doe" <john.doe@acme.us>
To: "James Day" <james.day@example.com>
Subject: Meeting invitation about some project
Date: Sat, 29 Sep 2012 15:38:11 +0000
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: deflate
Content-Length: 1234

At this point the server can respond with '100 Continue' or a suitable error code when spam detection or a blacklist does its job.

Same for POP3/IMAP: much like this REST thing that's getting so much attention, HTTP verbs GET and DELETE should be all you need to sift through the wad of timewasters people send you daily.

But, off course, it's just an idea. I've got lots of interesting stuff to work on before I'll put time in this probably, but if you think it's a good idea, let me know.

location: Opinions > Computer related > Internet
created: 30/09/2012 1:35:03 « modified: 30/09/2012 1:35:03 weight: 0
tokens:

"Even snel een login-procedure maken"...

Ik dacht 'ik bouw even snel een login-procedure op die website', niets van. Laat dat 'even snel' maar weg, en 'login-procedure' is volgens de regels van de kunst ook niet meer wat het was als je het vergelijkt met begin de jaren 90. Laat ik dan even snel even een exhaustieve lijst proberen op te stellen: (Als ik iets vergeet geef me een seintje!)

• Login form:
  • vakjes: "Login" (of "e-mail"?), "Wachtwoord"
  • knop: "Aanmelden"
  • checkbox "Aangemeld blijven"
  • CSRF bescherming op het form
  • een "Ik heb nog geen login" link (op de juiste manier!)
  • een "wachtwoord vergeten" link
  • (optioneel aanmelden met OAuth en links naar de usual suspects van tegenwoordig: Google,Facebook,Twitter...) [Dit heb ik nog nooit echt gedaan dus weet ik voorlopig niet wat dit verder inhoudt, vul ik mogelijk later nog aan]
• Login:
  • CSRF bescherming controleren, gepaste melding bij falen, (inbraakpoging melden/mailen/loggen?)
  • user data opzoeken aan de hand van login (of e-mail)
  • wachtwoord controleren, eerst met geschikte salt een hash maken
  • wachtwoord klopt:
    • sessie-user-data laden en doorsturen naar hoofdpagina, of originele URL als er naar het login-form werd doorgestuurd.
    • was "Aangemeld blijven" aangevinkt: token uitvinden en cookie zetten, toevoegen aan DB
    • (ergens tonen wat de vorige login op de account was)
  • klopt niet:
    • doorsturen naar login-form met de melding dat het niet klopt. (Hier is naar het schijnt één melding "Ongekende login of onjuist wachtwoord" beter, zodat niet kan worden nagegaan of iemand wel een account heeft.)
    • (klopt al een paar keer niet: tijdelijk toegang ontzeggen? inbraakpoging melding/mailen/loggen?)
• Nieuwe gebruiker form:
  • login, met script en call om te controleren of de login nog beschikbaar is
  • wachtwoord, twee keer, met script om te controleren of ze gelijk zijn
  • eventueel extra script met controle op kwalitelt: hoofletters en kleine letters en minstens een cijfer en/of leesteken, minimum lengte
  • (eventueel een CAPTCHA)
  • e-mail en script om te controleren of het wel 'x@x.x' is
  • e-mail nog eens tegen de schrijffouten
  • naam, adres? nog dingen? (en dan is er ook deze)
  • (wachtwoord-herinner-hint? zoals "de naam van je eerste huisdier/schoonmoeder/school/werk"...)
  • CSRF bescherming op het form
  • knop: toevoegen (altijd handig: onsubmit script om de knop disabled te zetten, tegen dubbel-posten)
• Nieuwe gebruiker maken:
  • CSRF bescherming controleren, gepaste melding bij falen, (inbraakpoging melden/mailen/loggen?)
  • (CAPTCHA controleren)
  • Gegevens aan de DB toevoegen, wachtwoord opslaan als een hash met geschikte salt.
  • (ofwel direct ook sessie-user-data laden, ofwel liever:)
  • e-mail sturen met een URL om de account te laten activeren
• URL specifiek om nieuwe accounts te activeren via link in mail met een specifieke lange random code
• Wachtwoord vergeten:
  • ofwel e-mail alleen en wachtwoord resetten met iets random (ook hier beter altijd zeggen dat een mail is verstuurd, ook als de e-mail helemaal niet in de DB zit) ,
    plus in de mail de uitleg wat te doen als dat ongevraagd is gebeurd
  • ofwel hier werken met de wachtwoord-herinner-hint [moet ik de details nog eens van opzoeken]
  • CSRF bescherming (eigenlijk gewoon iets globaal op alle forms)!
  • (eventueel CAPTCHA?)
• Bij nieuwe sessie (eerste bezoek aan de site):
  • Is er een "aangemeld blijven" cookie? Opzoeken in de DB, sessie-user-data laden en cookie vervangen met een nieuwe token, aanpassen in DB.
  • Geen cookie? Doorverwijzen naar login form (hou de eerste URL bij!)
  • (Of is er een 'anonymous user' account die je eerst kan laden tot iemand manueel inlogt?)
  • (In mijn geval was er ook een mogelijkheid om de gebruiker automatisch te herkennen als er met NTLM op IIS was aangemeld)
• log-off functie
  • log-off link met echte sessie-invalidatie
  • eventueel ook een keuze-optie om de automatic-login-cookie te verwijderen
• DB tabel user
  • login (controle uniek!)
  • wachtwoord (eigenlijk de hash van wachtwoord en salt)
  • e-mail adres
  • naam, adres? nog dingen?
  • wachtwoord-herinner-hint?
  • nog gegevens?
  • statistiek: originating IP, user-agent, aangemaakt op, gewijzigd op
• DB tabel 'user automatisch aanmelden' (er is duscussie over, maar ik denk dat een aparte tabel nodig is, ikzelf heb inderdaad thuis en op het werk aparte computers die ik wil ingelogd hebben en de rest niet)
  • user id
  • token (zoals verondersteld ook in cookie bij user)
  • statistiek: originating IP, user-agent, aangemaakt op, laatst gewijzigd op
• Beheer
  • lijst gebruikers, manueel toevoegen, wijzigen, verwijderen, wachtwoord resetten, (nog?)
  • lijst/controle automatisch aanmelden
  • wat doe je met stoute gebruikers (deze zeker eens lezen!)
• 'get my data': exporteren van alle data, zie http://www.dataliberation.org/

• 'delete my data','delete my account': alles wissen (of alleen de account disablen? anonymiseren?)

location: www.yoy.be > users > StijnSanders > IRL
created: 15/09/2012 16:32:15 « modified: 29/09/2012 11:29:56 weight: 0
tokens:

BSON and arrays

 Dear Mr. Sanders:

location: freeware > TMongoWire
created: 8/07/2012 7:50:12 « modified: 8/07/2012 7:50:12 weight: -100

Force Application.Run to skip the message loop (from within OnCreate event handler).

Warning: this is a very specific hack an may not apply to other situations.

For a number of projects that check for an update of the program executable on the central file server, from within the main form's OnCreate event handler, I was searching for a way to 'skip' Application.Run; when an update is found. I was using "raise EAbort.Create('Auto-update available.');" already to skip the remainder of the OnCreate event handler, but back in the project source (.dpr), Application.Run would start and perform the message loop. I used PostQuitMessage before, but that doesn't seem to always work, a better way would be to skip the message loop altogether.

I used "if SelfUpdateAvailable then Application.Run;" for some time, but in any new project that would use the auto-update mechanism, you would have to remember to put it in, or the support-calls after the first update for the program would remind you, or have you wondering first what's wrong with the auto-update this time. Anyway, it's better to leave the .dpr just the way Delphi hands it to you since it will modify it later when you add forms or data modules.

So I figured out I could disarm Application.Run by calling this from the 'start auto update' code:

  Application.ControlDestroyed(Application.MainForm);

This causes Application.MainForm to be unassigned, and Application.Run to skip starting the message loop, mission accomplished.

location: Application Development > Programming Languages > Object Pascal > Delphi
created: 10/05/2012 13:13:32 « modified: 10/05/2012 13:14:52 weight: 0
tokens:

MetaKeys

Download: MetaKeys_setup.exe ~672KB
MetaKeys is a resizable, customizable on-screen keyboard.

location: freeware
created: 17/04/2012 22:30:50 « modified: 26/02/2013 18:53:47 weight: 0
tokens: references:  

How to recreate 70's 'programming conditions'

When getting my batchelor CS, we were the last batch to get COBOL. (They replaced it with Java the next year. And Pascal with C++ as well, by the way.) It feels like I was the only one that understood the code width was limited to 72 characters and had to start at position 8, just to be sure it would fit on Hollerith cards. We had all the modern editors and compilers of the age, so I never worked with cards and tape.

I searched around a bit back then, and remember reading about how hard programming was back in the 70's (pre-dating my existance). COBOL was there just to make the process somewhat easier, and serve as a stepping-stone to a working result so you wouldn't have to do it all in raw processor-code. You still had to 'write' the program, prepare it as a stack of cards, get over the the card-reading office in time for when you're on the schedule (don't drop the cards!), wait for mainframe time to get around to having the compiler run on your code, and just hope and pray you finally would get something else back than a print-out of syntax errors. If the mail-boy didn't misfile it.

I remember even earlier on errors would arise because cards would get out of order (like I said, don't drop the stack, which regretfully unfortunately did happen), or even worse no compiler-errors arise and it only later gets apparent when the program behaved unexpectedly. (Did they even do debugging back then?) This was easily (...) solved by introducing code-line-numbers and have the (pre-)compiler order the lines from the input-file by number.

So I was wondering, in this day and age of virtual reality, advanced computing and online gamified educational experiences, would it be interesting to have something so us youngsters could appreciate how it was back then, by trying to recreate how it was to code. I'm not so much thinking about an emulated PDP-11 with a hall of tape stations. I'm more thinking of cubicles, internal mails, stacks of cards, print-outs, fighting for a few minutes of terminal access...

It's just an idea though. I'm afraid I don't have the time and skill to create a game like this.

location: www.yoy.be > users > StijnSanders > nice idea's but no time to spend on them
created: 16/04/2012 11:17:11 « modified: 16/04/2012 11:17:11 weight: 0
tokens:

MetaClick

Download: MetaClick_setup.exe ~677KB
MetaClick does mouse clicks for you when you're unable to click, or when clicking is an opeation that takes a lot of effort.

When the mouse pointer stops moving, MetaClick counts down a fixed interval and orchestrates a mouse click. This may cause you to click more than normally, but there's a lot of space to direct the click to when you don't need the click (e.g. the application caption bar), and if you think about it, in most cases you move to somewhere to click there. Switching modes enables double-clicks, drag operations, and rolling the scrolling wheel!

location: freeware
created: 12/04/2012 18:18:36 « modified: 20/02/2013 21:53:36 weight: 0
tokens: references:  

md5.pas

This is odd, it looks like there isn't an open source md5.pas unit. And by open source I mean under a permissive license or without copyright or licensing. So I set out to write my own and share it here. I based it on the original RFC, and even more the description than the reference implementation, because it uses a few of those C tricks I don't like. I hope it's performant enough, in case you're demanding performance of it. I've done some testing myself, but if you detect any kind of issue, please let me know.

md5.pas with MD5Hash for strings, sometimes used with passwords

md5Stream.pas with MD5HashFromStream which takes any kind of stream (TFileStream, TMemoryStream...), and optionally a preset number of bytes to take from the stream (from the current position!).

Enjoy. 

Update: since MD5 and SHA1 are really similar, I've done the same for SHA1 and added sha1.pas and sha1Stream.pas.
Update 2: since I needed it for something else, I've added RIPEMD160 as well. And while I'm at it SHA256 as well

md5.zip (12KB)

location: freeware
created: 16/02/2012 20:26:41 « modified: 6/05/2014 19:07:31 weight: 0
tokens: