Jump to content

Darian Miller

Members
  • Content Count

    583
  • Joined

  • Last visited

  • Days Won

    14

Everything posted by Darian Miller

  1. Darian Miller

    Code Review for Delphi and Pascal

    Note that Ian recently did a webinar on this topic with a guy from: https://dersecur.com/main Apparently they have a Code Analysis security tool with support for Delphi.
  2. Darian Miller

    Code Review for Delphi and Pascal

    Sonar is a widely used tool. This is the latest plug-in to use: https://github.com/integrated-application-development/sonar-delphi There are a handful of GitHub repos with sonar-delphi but this one has combined all the changes into one and is being actively developed. Kiuwan is a specific tool for application security and it is an Idera brand...but they don't support Delphi code scanning. I've asked them multiple times for Delphi support over the last few years, and it's always been 'on the radar' but no progress has been made as far as I can tell. https://www.kiuwan.com/ See their FAQ for programming language support: https://www.kiuwan.com/docs/display/K5/FAQs+-+Frequently+Asked+Questions I believe they do offer Exe scans... I don't recall as it's been a year or so since I last looked at them. The problem is that most of these advanced tools simply do not support Delphi and I haven't seen anyone else push to get support added. (Another example: https://docs.snyk.io/getting-started/supported-languages-frameworks-and-feature-availability-overview) There are companies out there where you can submit your Windows executable for runtime analysis. They typically charge for each scan. Most seem to be obscure, potentially hard to find, and expensive. I just did a Google search and found these potentials (which I haven't used at all and do not necessarily recommend - but it should get you started.) https://secureteam.co.uk/services/application-penetration-testing/desktop-application-security-assessment/ https://cobweb-security.com/service/desktop-application-security-assessment/ https://roundsec.io/desktop-application-security-assessment/ One of the old-school leaders of software analysis is "Understand" from https://scitools.com/ Here is their supported languages list, which includes Delphi: https://support.scitools.com/support/solutions/articles/70000582794-supported-languages If you are looking for general static code analysis, the best source for Delphi is: https://peganza.com/ You can use static code analysis tools like Sonar, Understand, Peganza to satisfy some security audits as well as they want you to have some automation to trigger anomalies and non-standard coding practices. The current trend is to build these tools into the IDE so that your code gets flagged for security issues while you are editing it and many of the obvious issues are mitigated before the code is committed. For Delphi, this includes Pascal Expert (https://peganza.com/products.html#PEX) and FixInsight (https://www.tmssoftware.com/site/fixinsight.asp) In general, some of the things to look for: https://owasp.org/www-project-desktop-app-security-top-10/
  3. Darian Miller

    What's the general opinion on v12?

    Check out the What's New page: https://docwiki.embarcadero.com/RADStudio/Athens/en/What's_New But RAD Studio 12 does have some rough edges. See my wiki page for a few regressions: https://github.com/ideasawakened/DelphiKB/wiki/D29.ATHENS.12.0.0.0 Patch 1 (https://github.com/ideasawakened/DelphiKB/wiki/D29.ATHENS.12.0.0.1) fixes some of those, but some important ones remain. Update 1 was released 6 months after RS 11. So playing a guessing game...since RS 12 was released in early November, April might be a good guestimate for RS 12 Update 1 where most of the rough edges should be worked out.
  4. Darian Miller

    Can't complete installation of RAD 10.4

    This is due to their extended server outage. Most servers are back online but the GetIt server for 10.4 is not. To use the online installation features, you'll have to wait. Otherwise, use my.embarcadero.com and download and install from the ISO. https://ideasawakened.com/post/embarcadero-network-issues
  5. Darian Miller

    Embarcadero Sample Debugger Visualizers

    There is source in the Visualizers folder: Embarcadero\Studio\23.0\source\Visualizers It doesn't include the .dpk though.
  6. Darian Miller

    What new features would you like to see in Delphi 13?

    My top 3 'wish' list items: - MCCGA. Make ctrl-click great again (and actually work.) - A code formatter that handles all language features. AND don't add another language feature that isn't accompanied with an update to the code formatter to support it. - Refactoring tools that handles all language features. AND don't add another language feature that isn't accompanied with an update to the refactoring tools to support it. You have to be able to navigate code and I have wasted too many hours of life with a ctrl-click that does nothing. You shouldn't have to spend precious brain cycles on code formatting tasks. If refactoring doesn't work - the IDE doesn't work. Others: - Much more focus on debuggers - Quality, quality, quality - Keep current with platform support
  7. And it's been nearly two weeks since that blog update without a peep (publically) about GetIt other than Ian being bombarded and saying they are working on it. 2 hours is bad downtime. 2 weeks without an update for an outage lasting 24+ days and counting.... well, I have no response. If you avoid GetIt and discuss Quality Portal - the timeline on Jan 27 was "now" and "by next week, we'll have the new portal in place and we'll have a new blog post..."
  8. Delphi 12 seems to have more than a normal amount of regressions. I've listed some of them on its wiki page on GitHub: https://github.com/ideasawakened/DelphiKB/wiki/D29.ATHENS.12.0.0.0 GetIt being down stops fixes for these regressions being released. There aren't workarounds for all of these issues.
  9. As far as we know, it could be another 3 weeks. They could have screwed up the replacement system and it's not ready for the spike in traffic it is about to receive. It certainly can be difficult to validate new systems. 17,000 views of their blog post and it hasn't been updated since Jan 25th. That is truly astonishing. It makes zero sense to me.
  10. DocWiki is back online... but not GetIt (yet)
  11. Assumedly so - as DocWiki has been down all day
  12. All true, and we're all probably used to a blip here and there ... perhaps even an overnight, or full day of downtime. But when was the last time you experienced a two week+ downtime for a technical product? Their outage blog post has 13,000+ views and it hasn't been updated since the 25th. There has been another post on the 27th about Quality Portal being moved (1500 views) but what in the world is going on with GetIt? It's got to be rough on @Ian Barker as he probably gets to hear very loud complaints from around the world and he hasn't been given the target date to see GetIt back online otherwise he would have shared it by now. Meanwhile, he's giving live webinars and trying to stay positive. Kuddos to Ian.
  13. Darian Miller

    Quality Portal going to be moved

    There are a few contenders. The thing that puts JIRA over the top for many is the integration with Confluence. This one looks pretty nice: https://linear.app/ But lately I've just been using GitHub's simple issue tracker for personal stuff (and JIRA at work) In my last job, I wrote our ticketing system (in Delphi) and after a decade it had 400,000+ tickets in it and we were very productive using it as it was customized to our way of working and I simply got used to it and prefer nothing else. Switching to the JIRA takes effort as everything feels a little slow/clunky.
  14. Darian Miller

    Quality Portal going to be moved

    I sure hope that's not the case... I mean, people make fun of JIRA all the time but it does have some pretty powerful features. I think JIRA sucks and JSM sucks what JIRA wouldn't. It looks like we may be in for a huge loss of publically accessible information (years of data to be removed from public access AGAIN) and a much crippled support system... all to save some money? I'll attempt to withhold more judgement until we see more... maybe we will all be pleasantly surprised. One can hope.
  15. DocWiki is down again, and the Quality Portal is in read-only mode. Blog updated: https://ideasawakened.com/post/embarcadero-network-issues
  16. Nope. "Soon" is all we can hope for. https://ideasawakened.com/post/embarcadero-network-issues
  17. Darian Miller

    docwiki

    Network issues on their side
  18. That's not exactly true as you can earn up to $5,000/year. His app is making less than $400/year so it should qualify. The frustrating problems with Community Edition is that it's not kept up to date, there is zero transparency on future updates, and updating licenses has never been very smooth.
  19. Darian Miller

    Is there a Delphi "subprocess" library?

    There's quite a few options out there. I wrote a related blog post and provided some example code: https://ideasawakened.com/post/use-createprocess-and-capture-the-output-in-windows
  20. Darian Miller

    Your experience with custom styles - do they work well?

    So what happens when you drag your window from a non-High DPI monitor to a High DPI monitor and vice-versa? Do you get a lag and a bunch of flicker?
  21. Darian Miller

    Delphi 12: Install Packages inconsistency?

    To be fair, I believe it's always been this way and you are asking for new behavior and if it's something that can be achieved for those that want this behavior with a manual tweak to the setup, then there a lot bigger fish in the ocean of Quality Portal.
  22. Darian Miller

    Delphi 12: Install Packages inconsistency?

    You could probably change the .PAS extension to load RAD Studio with a different environment established - basically no packages by passing in an laternate registry key and 'np' for no welcome page...so it could probably be close to what you want.
  23. Darian Miller

    Gitlab-ci & MSBUILD & Library path

    Ah - "Expected configuration file missing - C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Embarcadero\BDS\22.0\EnvOptions.proj" See my blog post for setting up Jenkins, it has the workaround: https://ideasawakened.com/post/getting-started-with-ci-cd-using-delphi-and-jenkins-on-windows "Copy the EnvOptions.proj file to the APPDATA folder of the user account which will execute the builds. (For example: C:\Users\JenkinsUserName\Roaming\Embarcadero\BDS\21.0) If you have custom paths for libraries and component packages, edit the DelphiLibraryPath for each target platform that you will use to match your build machine paths. You will get a warning message in your builds if this file is not found..."
  24. Darian Miller

    ANN: Native X.509, RSA and HSM Support for mORMot

    Wow - this seems awesome!
  25. Darian Miller

    GRPC Client

    Not much info but FWIW, here's someone attempting it using Grijjy (https://github.com/grijjy/DelphiScalableClientSockets) https://stackoverflow.com/questions/53977759/google-speech-api-grpc-sync-request-processes-first-words-only
×