TMongoWire on jsonDoc v1.1.8
2018-11-01 17:24 mwjd118 [permalink]
→ TMongoWire commit 78c7c62: jsonDoc v1.1.8
I may have decoupled the bit that works with structured data (using Variants), and converts to/from JSON, into a separate project jsonDoc, and have converted TMongoWire to run on jsonDoc, I also should take the time to update TMongoWide when jsonDoc gets improvements. The fact is I'm doing much more with JSON than on MongoDB recently, so I risk letting this slip out of sight.
What I also should do is set the TMongoWire repository up so it uses the jsonDoc repository as a git module, but for now it's just about one single file so I'll see when I get to it (...).
Browsers with less and less UI...
2018-10-05 17:19 browserslessui [permalink]
Here's a wicked idea: With browsers trying to have less and less UI, the line of death getting more and more important to help guard your safety, and some even contemplating seeing the address bar as a nuisance — who types a full URL there nowadays anyways? — what if there was a browser that always opens fully full screen. No need for F11. You still need a back and a refresh button, and something that gives access to all the rest like settings, stored page addresses, and if you really really need it, the address of the current page. But it is hidden from view most of the time, except when you make a certain gesture, like a small counter-clock-rotation. It should look different enough so it contrasts with the page, and should be different every time, so it isn't corruptable by any webpage. And even then should be obviously not part of the page.
And people need to find it intuitive and self-explanatory.
Oh never mind.
Barney Cools: Tunes
2018-10-02 23:31 bct [permalink]
O jee, ik heb in een eeuwigheid niets meer geblogd over muziek! Terwijl er toch wel een hoop te vertellen is. Hoewel, zoveel nu ook weer niet. Na meer te willen weten over Oliver Koletzki, en SoundCloud ontdekt te hebben, kwam ik daar langs deze:
→ Barney Cools: Tunes
Eerst wist ik niet goed wat er van te maken, huis-mixes van een open-lucht-zwembad-beach-bar in Australië? Blijkt het een kleding-merk te zijn die ook mixes de wereld in zet. Tot nu toe vind ik ze behoorlijk de moeite. Op hun beurt zijn ze dan ook weer een manier om nieuwe artisten te leren kennen. Zoals Aeonix of Haert. Of dit pareltje... Of deze!
Verder vind ik het vreemd dat je zo weinig hoort van dat Chvrches nieuw werk heeft...
ECB should plan to issue a digital currency!
2018-09-18 00:07 nodraghi [permalink]
→ Reuters: ECB has no plan to issue digital currency: Draghi
Here's an idea. Just an idea, floating it here to see what you think, no concrete plans yet. The internet should float a new digital currency. "Wait, what? We have Bitcoin/Litecoin/Ether/... already, are those not internet's digical currencies?" I hear you think. Well, no. They're intended to perhaps become currency, but that kind-of totally failed. The world wasn't ready for Bitcoin when it hit us, and all the nice plans kind of prescribed to one day use bitcoin as currency, but as the hype and dust are now somewhat settling, it's clearly unfit for that purpose. It's still great at what it does though, and it could perhaps serve really well as something like gold: something that holds value you can buy and sell and will most probably get bought and sold in the forseeable future, according to current market behaviours. And there's the blockchain which it all runs on, it's a great proof-of-concept of a public ledger that some industrial settings could greatly benefit from, who knows perhaps in a slow movement from the fortified castle paradigm to the zero-trust concept.
But as a currency? No. Currency is allergic to strong ups and downs in the inherent value. "Didn't we have all this already, the US dollar doesn't have inherent value as well, since we've let go of the Gold Standard?" Well, no. The price of gold may now be free-floating, but since the entire US economy and a sizable part of the world's economy is running on US dollars, you could consider the entire economy as what's carrying the real value of all those dollars. I'm oversimplifying here, but some big large-scale economic metrics appear to work reversed for the US-dollar because of this. A currency as we know them now also had a central body that goversn both the internal use of it, and the powers that exert on it from outside, other currencies and macro-economic movements.
So here's my idea: because Europe is looking to do something about copyright on the web, and newspapers — and perhaps journalism in general — are struggling, something like the European Union should float a digital currency, specifically to make micro-transactions on the web. And I really mean micro. Listening to a song? Bam, something tiny moves from your online wallet to the musician(s). Viewing a video? Bam, something tiny moves from your wallet to actors, directors, lighters, screenwriters and background-painters. Read an article? Bam, you get the idea. How much? How many articles are in an avarage newpaper? How much does a regular newspaper cost? Calculate back from that to get a good first unit of value.
As an alternative way of payment, it could complement the Euro, and only later move up the ladder if there's a base of users with accustomedness. But to get there some important details need to be set up just right. It will need a governing something, but I wouldn't hand it over to Frankfurt. The time is right to involve the people. Bitcoin is doing just right without central oversight, but the required checks and balances need to be baked in. Anything new like this should also be design 'of and for the people'.It will need its proper legislation to get to serve as anything official, an get it accepted as a bearer of value, but by limiting who can exchange how much to and from real currency, for example a weekly global limit on conversion, could dampen the risk of large-scale mutations induced by panic. Or by limiting the maximum amount you could hold per user or per device or per account, could limit the importance of this new stream of cash in regard with the entire economy.
Also as an internet-centric application, every user wanting to participate needs to run the software, but it should be entirely open so each of us can govern that our security and privacy is catered for. Only then it's ready for designing the conduit with which you let the websites you visit know what credit you provide when consuming songs and articles. There needs to be something like a public ledger, since that would make it a new skool digital currency, but requiring every mobile device to keep a full copy of the ever growing full ledger is absurd. And it is also limiting the maximal number of transactions that can get processed in limited time, so that needs to get decentralised as well. I'm not sure how, but I'm sure there are people smarter than me that have been deep enough into the theoreticals that could draft what it takes.
But I'm just dreaming aloud here. Innovation hurts and is hard work. And there are always those that don't want anybody to challenge the status quo.
Update: look, look, this is also about something like that!
"Leren programmeren is even belangrijk als leren lezen schrijven"
2018-09-11 14:38 nwsprog [permalink]
→ VRTNWS: Leren programmeren is even belangrijk als leren lezen schrijven
O jee. Hoe gaat het lesmateriaal daarvoor er uit zien? Wie zou dat kunnen samenstellen? En wat gaan ze geven als programmeren, want het is intussen best een behoorlijk breed kennisdomain met veel onderverdelingen. Bepaalde dingen van het computerwereldje liggen bepaalde mensen zelfs beter dan andere dingen. Denk maar aan het verschil tussen taal-vakken en wetenschap-vakken.
Maar misschien nog belangrijker: zit er ook een stuk etiek in? Je kan alles programmeren wat je maar wil, en dus ook programma's die doelbewust misbruik maken van het vertrouwen van de achteloze gebruiker. Of erger nog, schade berokkenen. Om nog maar te zwijgen van de recente revelatie dat alle complexe software die werkt op maatschappelijke data blijkbaar ook latent racisme en discriminatie braafjes toepast zonder verpinken.
Toen ik het middelbaar doorworstelde hadden ze net een vak 'technologische opvoeding' ingevoerd. We hebben een bureaulamp gemaakt. En iets gedaan met blauwe bakjes met in het groot "OR" en "AND" op. Het zou uiteindelijk een verkeerslichtje moeten doen maar dat werkte niet (meer?). En er was ook iets met kleine baksteentjes en lijm in plaats van mortel, maar dat had het gelukkig niet gehaald van de onzin-filter die de professionals vooraan in de klas gelukkig aan de dag leggen.
Ik herinner me dat we enkele jaren later toch al wat puntjes konden verdienen met een mooie pivot-chart of een etiketten mail-merge. Dus ergens denk ik als ze nu eerst zien dat scholen iets gemakkelijker wat computers in de klassen krijgen, dan zal de rest wel volgen.
Waarom niet gewoon zomaar wat belastingen bij?
2018-09-08 16:50 belasting [permalink]
Iedereen met een laag loon gewoon een bedrag bij geven is een slecht idee. Alleen al vanwege het drempeleffect. Voor iedereen net boven de limiet voelt heel sterk dat ze net uit de boot vallen, iedereen net onder de limiet zal vreemd genoeg zelfs een inspanning moeten doen om iets minder te verdienen om het voordeel te behouden. En in een situatie waar je net de grootste moeite hebt om aan een inkomen te raken, is dat ongewenst en het zelfs ontwrichten.
Ik dacht een tijdje terug aan een ander voorstel. We betalen in theorie allemaal inkomstenbelasting. Zelfs al is dat de ronde som van 0€, je doet jaarlijks een aangifte van dingen die belast worden of je een vermindering opleveren. Stel dat de berekening no zo wordt aangepast dat het finale cijfer voor iedereen nog eens door een formule moet van de tweede graad. Een dergelijke parabolische exponentiële Curver kent een verloop met opstaande armen zowel links als rechts en een breed diep dal. Mits te kiezen voor specifieke factoren in de formule kan je dat zo mikken dat een origineel bedrag van 0€ uitkomt op 500€ (of meer), en dan gradueel naar beneden gaat, misschien zelfs onder nul voor de modale burger met een gemiddeld loon, en daarna terug omhoog voor de veelverdiener, en bijgevolg extreem hoog voor de absurd onbeschaamde geldscheppende.
Dit plan lijdt niet onder nadelige gevolgen van een opgelegde drempelwaarde, maar valt mogelijk wel door de mand als je rekening houdt met de gewoonte van mensen die met meer geld omgaan dan de modale burger om creatieve boekhouders aan te spreken zodat er een aanzienlijk deel toch niet onder de inkomstenbelasting valt.
Maar ik ben dan ook geen doorwinterde legistator die daar wel iets op kan bedenken.
Done! Feeder now on PostgreSQL
2018-08-31 20:25 feederpq [permalink]
Tadaa! Thanks to DataLank, I was able to switch feeder from SQLite to PostgreSQL in roughly one evening. You just need to change
coalesce, (and SQLiteData.pas for LibPQData.pas ofcourse) and storing Delphi's TDateTime values now map to genuine
timestamp values, so it's a little different to do arithmetic with...
But I was getting some 'database locked' errors, so I guess it was the best thing to do, since SQLite works really well but isn't quite designed for use by a website, let alone multiple processes. Sorting by timestamps appears to take a little more processing power than I was expecting, so I may try to change back to storing them as double (since that's also the value TDateTime uses internally), or I may just be missing an index that could speed up the query. It takes some investigating to find out, but that's for another day...
Update 2018-10-12: With some regret, I need to inform you that I have switched back to SQLite, perhaps for the time being. Though operation was acceptable, I noticed quite some performance was lost on queries that depend on the values in the fields of type timestamp without timezone. I've had a look if I could fix this by adding indexes, but wasn't successful. I was also thinking about changing the date-time fields to float, as that's what's actually used in the Delphi code that handles the values, and would probably get better performance in comparing and sorting in PostgreSQL, but the time it would take to switch that around would exceed the time it takes to switch back to SQLite. And switching back to SQLite offers a situation that has shown to perform well in all cases. With this switch I can find some time (somewhere?) to read up on PostgreSQL and timestamp fields, and what I'm missing that was causing some queries to take abnormally long. The query that averages times between posts, prior to checking feeds for new posts would regularly take over 100 seconds, a query that SQLite would only take seconds over.
"How can i do C++ for free?"
2018-08-30 10:54 freecpp [permalink]
Someone at work asked me "Is there a way to do some C++ for free?", and told me to mail some links. I did and thought it's a kind of nice overview, so I post it here as well.
If you're looking for a free C++ development environment, the first thing I can think of is:
but one of the main trendsetters has ofcourse always been Microsoft Visual C++, you can obtain here:
or ex-Borland's version with language extensions to make its UI designer work:
if you're willing to get to work with just a compiler, then this one is getting good remarks recently, not only because it's giving usefull error messages:
but there are plenty more:
https://www.embarcadero.com/free-tools/ccompiler (or perhaps this one https://edn.embarcadero.com/article/20633 )
(or the list from the creator of C++ itself: http://www.stroustrup.com/compilers.html )
but C++ is getting some negative remarks lately:
so what is recommendable to learn? currently good candidates are:
RSS is far from dead!
2018-08-08 00:55 feeder [permalink]
I've been using RSS/Atom feeds on and off since I've learned about them. A long time ago, Google had a nice feed reader, but decided to discontinue it. Users were left to search something new, and I settled on The Old Reader, combined with gReader since I had a smartphone, and all was well. For a while. After some time you notice you still get disturbed by some tiny issues you can't seem to get to go away, either with tweaking the configuration or with Stylus. So what does a developer do? Start to think about developing their own solution. Then plan to develop their own solution. Then develop their own solution. So I'm somewhat proud to present this little thing I've been tinkering on in off-hours the last month:
I have a live version to try out here: http://yoy.be/home/feeder/ but it uses the neighbouring instance of tx for authentication. I should enable Google/Facebook/Github OAuth things instead, but finding out how that works is a few items lower on my wish-list (of things I wished I had the time to put into).
I wanted a feed reader without the extra's. I wanted to mark items as read that move out of view by scrolling down, and plays somewhat nice with the surrounding HTML and the browser. For now I like how it works. There's an issue with emoji's that apparently get eaten by UTF8Decode, but that could be a bug that got solved since good old Delphi 7. But now that Delphi has a community edition, I think I should bring most if not all of my other projects to this version instead of sticking to Delphi 7... But that's another story. (One you might notice some time in the future on my Delphi RSS feed...)
How to do timezones?
2018-07-17 23:53 timezones [permalink]
I feel stupid. I guess I've been put out of my comfort zone. I was thinking about doing something, and then I did, and I thought I'll just primarily make it work for me, but then I noticed "new" items were still two hours behind. Ofcourse that's due to the bias against UTC we have here in my current local timezone. So there you have it. All my programming career, I would just parse dates, and stop before this "+0200" or "-0900" thing that's there at the end. So the right thing to do is go all the way, and with a little effort make it work correctly for not just me, but for any user of this little thing.
But how? I remember these drop-downs with timezones where I typically look-up Brussels or Paris. But it's summer daylight-saving-time for the moment. So it switches to and from only one hour between UTC twice a year (until policy changes), how do I keep track of that? Is there something that I can have the system do this automatically for me? It feels like these are things I should have known all along, but dont. I guess I'll have to start reading somewhere...
StackOverFlow/Delphi: new blood?
2018-07-12 21:30 sodnewbies [permalink]
→ Stack Overflow — Newest 'delphi' questions
Am I seeing this correctly? I've been following this page somewhat less closely lately, but the majority of new questions is by people with not too high of a reputation score. And that's actually a good thing. Let me explain:
A while ago it looked like we were 'past StackOverflow peak'. StackOverflow started as an alternative to outperform all other question-and-answer sites for techies, by having a really well developed reputation system that allows a community to self-regulate. And it did. Both the reputation-system created a really fine repository of good questions and good answers, and all other question-and-answer websites were oblitherated (at least from the google top results on typical search-queries).
A few years later, StackOverflow appeared to struggle with having lost it's reason d'être: people with actual questions would easily mistake StackOverflow as a forum and saw most questions rapidly closed and reprimanded for not attaining an expected level of quality the community would hold to. This is a bad deal for newcomers and in general a source of bad feelings. They know about this over at StackOverflow. And have committed to take action. I haven't kept up to speed about what they're exactly plannig to do, but it could already be working.
Specifically for the questions tagged 'delphi', it's not only good that this way more people that just started collecting a reputation saldo, are posting valid questions and are getting helpful responses; I also think you can derive from it that more people are getting into Delphi. It's not up to me to tell whether that's in part because the most recent Delphi versions also successfully target mobile platforms, but if it's true I'm glad to know more people are about to experience the solidness of the Delphi eco-system, both in tooling and available components, and in solidity and reliability of your final result you're offering your users.
2018-07-06 21:29 whatsyourstyle [permalink]
→ Firefox and Chrome Pull Popular Browser Extension Stylish From Their Stores After Report Claimed It Logs and Shares Browsing History, Credentials — Slashdot
→ “Stylish” extension with 2M downloads banned for tracking every site visit — Ars Technica
Oh, what's this? Note to self: switch to Stylus, (also here and here)
Another store from the trenches: GDI vs PDF
2018-07-06 18:31 gdipdf [permalink]
One of the great things about Delphi is this object-oriented way of manipulating things called the Visual Component Library. There's much more to it than that, but in a sense you could describe it as a wrapper around Windows API's. One of these is GDI, it's old but it's still there and used for graphics and text-layout. It was born, way back when, from the idea of What You See Is What You Get (WYSIWYG) taken even further and that the same program logic could work for display on screen and writing to a printer. Delphi's VCL declares the TCanvas class you can use to design the output, and wether you pass a Printer.Canvas, Screen.Canvas, Form.Canvas or Bitmap.Canvas shouldn't really matter. This works great for forms and reports.
But in the printing business, there's much more than forms and reports to put on paper. Over there the PDF reigns supreme. It performs a similar task, but originated out of a very different set of parameters. A big module we created of the production software at work generates them according to specifications. How this works is very different as the components that make up a PDF document are constructed one by one and this doesn't look like the work you normally would do with a TCanvas instance.
But now and again these two worlds need to bridge over to eachother. One day I had to keep automatic PDF archive copies of some reports, and discovered the great SynPDF project from the same people that created the mORMot framework. It offers a TCanvas instance (
TPdfDocumentGDI.VCLCanvas) that you can pass to code that knows what to with a TCanvas reference. It works great.
I haven't needed to think about crossing the two the other way round, but recently I noticed a collegue did, and he also found a simple straight-forward solution for the problem: You can just ask the PDF reader on the system to render a PDF to a printer. It's as simple as starting a process with:
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /n /t "<document to print>" "<printer name>"
"C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe" -print-to "<printer name>" "<document to print>"
This works just great and even doesn't add too much code to your program. You may need to include the PDF viewer installer with your installer, but that's a minor issue and perhaps not even required as most people have a PDF reader installed by default.
2018-06-23 00:31 dirdiff535 [permalink]
→ DirDiff v188.8.131.525
There was a bug when diff-ing more than 2 files or folders, where lines matching between other files than the first/left one would show as matched.
Delphi project and subversion: set the build number to revision number
2018-06-09 09:37 dsvnbuild [permalink]
At work, we have a number of interrelated projects in a single subversion repository. We've agreed to change the build number in the project's version properties to the current revision number of your work folder. And specifically not the revision number you might predict your changes will land in when you commit them.
We're currently a rather small team so it may be tempting to assume you'll just get the next revision number, but we stress newcomers to ignore that urge. As long as we're a small team, this works manually, but if we grow we should move over to scripted version resource entries and commit hooks that update the build number automatically.
So with a major and minor version of 2.0 for example, and a release number of 8, the full version could look like "184.108.40.206873".
This way of working has a number of advantages.
The binaries that get used in production, but exert a bug in their behaviour, show with their full version number (and the previous version number from before the bug occurred) the vicinity of revision numbers that introduced the code change that may lay at the cause of the bug. To get the exact revision number, you need to look up the SVN log (or blame) of the
.dproj file, but it's quite sure it's a number closely above the number in the version. We've stressed second line support personnel to list this number when reporting the bug, which helps when researching reproducibility.
But even long before that, when it happens two (or) more of us inadvertently make changes to the same project, we either started from the same revision number in the work folder and see when comitting that something has to get merged and it does so automatically or we get a merge conflict; or we started from different revision numbers and get a conflict right away or a message that we're over due for an update to or work folder.
As I said we're a small team for the moment and it rarely happens so it saves us an update task with risk of conflict before we commit, and in general we can split the work that needs to be done between us so we shouldn't make changes to the same projects.
Then again, if the team would ever grow to something like really big, we would probably have to switch to something else than subversion, or even repositories per project, who knows...
GMail: make the labels list compacter
2018-06-08 10:32 GMailLabelsCompacter [permalink]
If you remember from before, I have so much labels in GMail that I didn't like that the box to change the labels on a message with, is so small. Stylus to the rescue.
Now there's this new GMail design, and even in compact display, the list of labels on the left doesn' fit my screen. Also I don't like the font the subject line is rendered in. So a bit of inspection later, I add these lines to my overrides:
padding: 0px 0px 0px 64px;
font-family: "PT Sans", sans-serif;
padding: 0px 12px 0px 32px;
padding: 0px 12px 0px 48px;
2018-05-21 20:18 aes101 [permalink]
I noticed something was wrong with the key generation schedule in my AES implementation. I had a close look with the FIPS 197 example vectors at hand and fixed it. I still should make some time to run it under pressure and see how it relates to reference implementations and popular implementations.
2018-05-03 22:43 xxm450 [permalink]
For a while I thought there's not enough there to have a full release, but with the switch from XML to JSON, and NTLM and WebSocket support in xxmHttp and xxmHSys2, plus all the minor changes and tweaks that improve performance and security, it turns out to be quite a formidable release. Regretfully, by finally deciding to have all string arguments
const anyway, any project's xxmp.pas will have to change. A long time I was hesitant about this because I feared binary incompatibilities, but I've tested all permutations between caller/called with/without
const, and it all works. Except when building old code with the new xxm.pas will serve you with this minor one-time inconvenience of having to add
const yourself to the arguments... I've thought about trying to create something automatic — like the XML to JSON converters — but since you're quite free to modify
xxmp.pas to your liking, it may be more complex than it seems. (If you would like to see this anyway, let me know and I'll put some time into that.)
It's advised to do an extensive test-run with this new version before you update the live environment. If anything unexpected turns up, let me know!
→ xxm v220.127.116.110 (→gh) (→sf)
What do you think I should do?
2018-04-20 23:26 sendfile404 [permalink]
Dilemma, dilemma! What should I do? Sometimes, you need to have a certain URL in a web-project that just serves op the contents of a local file. You could try to have the file in a static section of the website, or even a sub-domain for static content (if your budget allows it), but then it's out there for anyone. Best is to have a request be processed dynamically, so you can do some server-side logic first, for example to do authentication control, or generate the file first (perhaps with a graphics library?). That's where the
SendFile method of the
IXxmContext comes in. The code that implements it is pretty straight-forward:
procedure TXxmGeneralContext.SendFile(const FilePath: WideString);
if State=ctHeaderNotSent then FSingleFileSent:=FilePath;
SendStream(TStreamAdapter.Create(TFileStream.Create(FilePath,fmOpenRead or fmShareDenyNone),soOwned));
If the request's header has not been sent already, the private value
FSingleFileSent is set to the file path, assuming the request is meant to have this file's data as response data. This is used for error handling and logging.
SendStream is called, which takes an
IStream pointer, so a
TStreamAdapter is used to wrap around a
TFileStream, with ownership so the last
IStream._Release will call the file stream's destructor.
One thing that's missing here perhaps is trying to figure out if the HTTP response header
Content-Type is set to some suitable MIME-type for the file, but this is so untrivial that it's best left to the developer. So give it a second of thought when you're coding a call to
So about this dilemma I'm having. Just imagine for a second you have this code in a project. Attention: this is very bad practice! It should be glaringly obvious to everybody that doing this opens the back door wide open and people with malicious intent can access any file they want on the machine, include system files, so please don't ever really do this:
Yikes. Very very bad! I feel dirty just for typing that, but just as an example, this code has a high probability of trying to open a file that doesn't exist, or otherwise have the
TFileStream.Create throw an
In that case, would it be better if xxm answers with a proper HTTP 404 (page not found) response? Now default exception handling kicks in, and left unhandled (hint) xxm will fashion a HTTP 500 response for you with the exception data. There's also a bit that will see if your local fragment registry can load a fragment for
'404.xxm' that lets you design a nicer 'page not found' page than the default, but I'm having a hard time to guess if that would be something unexpected for someone somewhat new to xxm, calling
SendFile on an inexistant file for the first time...
I'd love to hear from anyone on this, but for now I'll just let it be like this and let the normal exception play out, if any.
But wait, there's more. Deep burried within the dark corners of the Windows API, there's a thing called TransferFile. It basically lets you tell the system to take a file handle and a network handle and stream all the data from the one to the other, as much as possible right from the kernel. The way the friendly people over at Microsoft worked it out, and tied it to the running system so it would only work on Windows Server versions, makes it kind of unsuitable for where I want to take the xxm project.
But wait, there's more. You may have noticed the web-sphere is gripped with a frenzy for all things asynchronous. There are a few good things there, but it is mainly the best way to serve a magnitude more of concurrent requests by the same server. The short story is you try to avoid waiting on the system while it waits on network or disk. The long story envolves completion ports or libuv, but is in essence unfit to combine with what xxm is doing: having a separate DLL with code you just call to have a response generated for a request, since to do it properly every request to the operating system needs to be re-routed over your job/thread/task/fiber/yarn-management.
This shouldn't hold me back to get as close as possible to the middle ground between the two, where you have the option to build a response, but can hand over a (file)stream and have the HTTP server spool that as it sees fit, once the situation really is just that straightforward. But this may be what xxm 2.0 could be about, if there ever will be something like that.
HTTP+HTML+Delphi authentication (how xxm does it)
2018-04-13 14:26 xxmauth [permalink]
→ Daraja Framework: HTTP+HTML form-based authentication
Jikes! This is strange. Yes you could go ahead and have a page with a login-form, that posts onto a handler that checks your password, and throws a 401 when it fails. But is that really what you need? I thought 401 is there to elicit the user's HTML-client (a.k.a. browser) to show a modal form asking for a password before re-posting the request. Just like xxm's Basic Authentication demo does, and it does this right at the center of the project, before your request is routed to any page or resource, so that all requests to the project need authentication. Also this way you don't need to code a check IsAuthenticated on every page or resource.
But — again — is this really what you need? The public nowadays doesn't respond well to systematic authentication like that, and also makes it impossible to do anything on the website while not being authenticated (yet). It's better form to welcome new users with a nice 'create new account' button (More about that here.) and perhaps more information on what's on offer, next to the logon form for existing users (with extra options like 'stay logged on on this station' and a 'forgot my password' link). There's an example in xxm's Session demo: The opening page has a log-on form, and
Login.xxm does the rest. It doesn't really check user-account and password here as it exceeds the purpose of the demo.
To show you a working demo, you should have a look at tx: It has a central redirect for any page request from a user that should authenticate first; the logon-form with extra options to show users as a normal web-page; checks the entered password agains a properly salted hash and then redirects you to the page you came in for originally...
And there's much more to tell about authenticating users. I've tried to make a list here (it's in Dutch though), and that doesn't even scratch OAuth(2) yet...
Before I forget, did I mention xxm comes under a permissive MIT license? So you don't need to buy a commercial license!
Do I also need a four-letter-acronym to be cool these days?
2018-03-30 22:47 xx4la [permalink]
→ Reddit: Any drawback to using Wordpress in front of a MERN application?
MERN?! What's that?
Oh, I get it! It's one of those four-letter-acronyms that describes your software stack. The first one, and as it happens also the one I started on was:
But trying things out on my own, I didn't get a hang of that Linux bit. I still blame the folks that sneered me off with "start with typing
man man at the prompt". So I got stuck being a
but later regained my poise and sting with
which worked great for a while, but I moved on. Not quite with the hot and happening new one:
but closer related to other desktop application work I was doing in Delphi. Having done some raw networking, and some raw HTTP, but also the IIS API, and implemented Internet Explorer's IInternetProtocol, and FireFox' nsIHttpChannel (before they chucked XPCOM somewhere after version 3.6 and starting the rapid release schedule), and something something HTTP.SYS, I decided to start something to model all the common bits into one single interface so you could easily switch between implementations and environments. And hot-swap a binary without taking down the webserver/webservice. And do that after an automatic compile when you changed a file and refreshed your browser. And have a mix of HTML and server-side logic into the same files like PHP and ASP (and Cold Fusion...) And still have full response streaming, and not a big hard templating thing churning on a request first before being able to spew out the response in one go... And have a few of the basic things in place to help you with security to prevent malicious requests.
So I created xxm. And websites with it. Such as tx. So I guess I should invent suitable fout-letter-acronyms as well, then:
Hmm, doesn't really sound all that great... Never mind then. I'll just enjoy it if xxm could serve as a solution for anybody in the very small niche of people that do both high-level server-side stuff with Delphi, and high-level dynamic-web-stuff, and want the two closely knit together...
Gedaan met diesels?
2018-03-01 22:07 nmdiesels [permalink]
→ VRT NWS: Gaan we onze afgedankte diesels naar Afrika sturen?
Zie, ik moet echt precies op het juiste moment om een benzine-wagen gevraagd hebben... Eind vorig jaar was het tijd voor een nieuwe lease-contract op het werk, dus dacht ik vragen staat vrij. Ik doe op vier jaar ocharme iets van een enkele omtrek om de aarde, dus geeft me asjeblief toch een wagen op benzine. Al was het omdat het inderdaad te voorspellen was dat dit jaar de dieselprijs (eindelijk!) de benzine-prijs zou inhalen. Daarnaast is er nog het kleine netelige feitje dat de wasem uit de pijp bij een dieselwagen blijkbaar behoorlijk wat smeerlapperij bevat. Ik zou niet zover gaan om dieselrijders te veroordelen voor deelname aan moord, maar jammer genoeg is er wel een relatie vast te stellen tussen luchtvervuiling en de sterftestatistieken.
Tot nu toe beklaag ik het me niet. Wel weet ik nu iets wat ik graag iets vroeger had geweten: Met een gemiddelde van 5,5 liter per honderd kilometer voor een diesel, en — voorlopig toch nog, dit nieuwe rijtuig moet zijn eerste 30 megameter nog volmaken — 7,5 bij een benzine-motor, is het omkeren van het verschil tussen diesel- en benzineprijs op slag verworden tot een psychologische grens. Wat niet wil zeggen dat heel misschien ik nog aan mijn gemiddelde rijstijl kan sleutelen om meer dan een grote 600 kilometer per tankbeurt er uit te krijgen.
Een heel klein iets waar ik mee zit, en ik niet direct weet aan wie ik het zou kunnen vragen is het volgende: Ik merk een klein verschilletje in gedrag van de aansturing bij het koppelen. Bij het versnellen en schakelen in de eerste drie versnellingen, lijkt de motor net even naar adem te happen voor het koppel zich aandient. Ik heb al geprobeerd of ik misschien het aankoppelpunt verkeerd inschat, of ik iets meer of net minder het gaspedaal moet geven net voor het koppelen, maar ik vond nog niet wat best werkt. Ik weet ook niet of het vanzelf zou verdwijnen als de motor wat is ingewerkt, of ik het spontaan onbewust leer vermijden, maar voorlopig is dat zo wat het enige wat me opvalt aan de wagen. Dat en dat ik goed het hoofd er bij hou om van die groene tuiten te nemen bij het tanken, niet meer die dikke zwarte. Zelfs die vind ik beter ruiken dan vroeger...
Best practices for user account management
2018-02-27 11:17 i3036bis [permalink]
→ Google Cloud Platform Blog: 12 best practices for user account, authorization and password management
Bon, ik moet dringend de lijst die ik hier opgesteld had nog eens bijwerken met de hedendaagse methodieken...
Alles op krediet in Amerika!
2018-02-08 20:55 amcred [permalink]
→ Talks at Google: Frank Abagnale: "Catch Me If You Can" @43:15
Dat het zo erg is wist ik niet. Ten eerste, heel de video is zeker de moeite. De mens van de film "Catch Me If You Can" vertelt zelf wat er eigenlijk is gebeurd. Mensen vinden zo in de doorsnee geniaal wat hij gedaan heeft, maar hij zag het vooral als een vorm van overleven. De elementen brachten hem door samenloop van omstandigheden ertoe om te doen wat hij deed, en een deel was onethisch en zelfs crimineel, maar hij heeft zijn straf uitgezeten. Zo laat hij het toch uitschijnen, want wat zeker is is dat hij slim is. Wat vast staat is dat hij echt geslaagd is aan de balie. En hij met recht en rede intussen jarenlang ervaring heeft uitgebouwd in financiële fraude.
Dus dat precies hij uitlegt dat hij alles op krediet aankoopt — en zelfs kredietkaarten voor zijn zoons voorzag vanaf het kon — lijkt wel heel erg vreemd voor deze gemiddelde Europeaan. Blijkbaar zitten de Amerikanen met iets als de "credit-score" en kom je in problemen als die te laag is. Wat ben ik blij dat wij dat niet hebben. Als ik het juist begrijp is het in Europa minder de gewoonte om veel op krediet te kopen, toch in België, maar Amerika zit blijkbaar vast helemaal aan de overkant van het spectrum. Daar is het gebruikelijk om je diep in de schulden te gooien als je beslist verder te studeren. Heel erg vreemd.
Waar zit het verschil dan? Met de recente grootschalige privacy-inbreuken die ze daar hebben (hoewel we er intussen ook bij ons enkele kennen!) zijn nogal wat bank- en rijbewijs-gegevens van modale mensen in slechte handen gevallen. En blijkbaar heb je daarmee genoeg om kredietlijnen te openen in naam van andere mensen en met het geld te gaan lopen! Ik neem aan dat dit in Europa toch iets beter is geregeld. Ik denk dat ik nu iets beter snap dat je daar beter af bent om meer op krediet te doen, maar als er zoveel spelers in zijn dat het een rommeltje wordt, dat het bij wijze van spreken langs de straat begint rond te slingeren, dan hoop ik van harte dat er daar toch een paar zijn die er in slagen om het uiteindelijk bij te sturen.
Update: Quartz: Guess which foolish strategy people most often use to pay back credit card debt Blijkbaar zijn de credit-cards daar zo ingeburgerd dat ze anders werken dan hier. Je krijgt een kredietlijn en kan kiezen wanneer je hoeveel terugbetaalt. Ze heffen er in bepaalde gevallen natuurlijk interesten op, wat je best probeert te vermijden, maar het zijn dus extra dingen om in de gaten te houden.
A thin wrapper around SSPI SChannel.
2017-12-30 22:57 schannel1 [permalink]
I thought, if you already have something that does work over a network socket, can you have it encrypted of a TLS connection? If you search, you van find a lot, mainly using OpenSSL. If you read on a bit, you learn about LibreSSL, but if I understood correctly, Indy can't use that since it needs specially patched DLL's, that are stuck on some old version sadly enough...
But, I always keep searching for the thinnest possible wrapper. If there's a way to carry less bloat, or use an even thinner library, then yes please.
So I thought, Windows by itself, or at least some Microsoft things, make calls to the outside world over a TLS-line from time to time. So there has to be a DLL that does all the work for those. It would be strange if it exists, but it's not opened up. Some more searching leads to the realisation it's this SSPI thing that keeps turning up. There's a thing called SChannel you apparently need, but it's not as easy as just replacing your connect/recv/send calls...
Once there was a time when Microsoft wasn't quite planning to keep the 'network subsystem' to themselves, leaving the option open to get some from a different supplier. (Once there was a time it wasn't the matter of course that networking plays over TCP/IP/Ethernet, but that's another story altogether.) You still see that in the SSPI story. You're supposed to call a central function first to see what's available (by which vendor). Once you've tracked down the DLL you need (secur32.dll), you see it just has all you need right there in the exports table (and even just patches them on through to sspicli.dll, at least since some recent Windows version). So in the hope to have some simplification, I think I have now a basic minimal wrapper around the required calls to make it work, added to the minimal things I had in there to talk to WinSock2:
github TMongoWire commit d2c99a...
I hope this performs as expected, as I still have to put it through some more testing in different conditions, but that'll be for another day. And as the current season would have it, perhaps for another year. If you find anything, feel free to launch github issues or pull requests. Happy New Year.