To content | To menu | To search
2012, Tuesday January 17
By A.Bouchez on 2012, Tuesday January 17, 23:02 - Open Source libraries
The Open Source SynDBExplorer tool has been enhanced these days.
Main new features are:
2011, Friday December 30
By A.Bouchez on 2011, Friday December 30, 10:49 - mORMot Framework
A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.
The issue finds particular exposure in web server applications and/or frameworks. In particular, the lack of sufficient limits for the number of parameters in POST requests in conjunction with the predictable collision properties in the hashing functions of the underlying languages can render web applications vulnerable to the DoS condition. The attacker, using specially crafted HTTP requests, can lead to a 100% of CPU usage which can last up to several hours depending on the targeted application and server performance, the amplification effect is considerable and requires little bandwidth and time on the attacker side.
Source: #2011-003 multiple implementations denial-of-service via hash algorithm collision
2011, Sunday December 11
By A.Bouchez on 2011, Sunday December 11, 09:59 - Pascal Programing
To my understanding, the so-called "strong-typing" feature is one big benefit of the Delphi object pascal language.
As stated by wikipedia:
Most generally, "strong typing" implies that the programming language places severe restrictions on the intermixing that is permitted to occur, preventing the compiling or running of source code which uses data in what is considered to be an invalid way. For instance, an addition operation may not be used with an integer and string values; a procedure which operates upon linked lists may not be used upon numbers. However, the nature and strength of these restrictions is highly variable.
Some Delphi users may find this is a limitation of the language, in
comparison with other "fashionable" script idioms (like Python, Javascript of
Ruby). For me, runtime strong typing (alla Python or Ruby) is not true strong
typing. Simon Stuart just
proposed a smartstring kind of string, which is in fact a
weakstring type. As far as I understood his point, he wanted to
get rid of all the warnings emitted by Unicode-version of the Delphi compiler,
about explicit string conversion.
In fact, I use to go in the opposite direction. For wide projects, strong-typing is one of the big benefit of using Delphi (like other main "serious" languages like Java, C, C++, Ada or C#).
2011, Thursday December 8
By A.Bouchez on 2011, Thursday December 8, 10:09 - Pascal Programing
Among all trolling subject in forums, you'll find out the great Garbage Collection theme.
Fashion languages rely on it. At the core of the .Net and Java framework, and all scripting languages (like JavaScript, Perl, Python or Ruby), you'll find a Garbage Collector. New developers, just released from schools, do learn about handling memory only in theory, and just can't understand how is memory allocated - we all have seen such rookies involved in Delphi code maintenance, leaking memory as much as they type. In fact, most of them did not understood how a computer works. I warned you this will be a trolling subject.
And, in Delphi, there is no such collector. We handle memory in several ways:
class
or globally;class instances allocated on heap - in
at least three ways: with a try..finally Free block, with a
TComponent ownership model in the VCL, or by using
an interface (which creates an hidden try..finally
Free block);string, array
of, interface or variant kind of
variables.It is a bit complex, but it is also deadly powerful. You have several memory allocation models at hand, which can be very handy if you want to tune your performance and let program scale. Just like manual recycling at home will save the planet. Some programmers will tell you that it's a waste of cell brain, typing and time. Linux kernel gurus would not say so, I'm afraid.
Then came the big Apple company, which presented its new ARC model (introduced in Mac OS X 10.7 Lion) as a huge benefit for Objective-C in comparison with the Garbage Collection model. And let's face it: this ARC just sounds like the Delphi memory model.
2011, Tuesday December 6
By A.Bouchez on 2011, Tuesday December 6, 22:08 - mORMot Framework
In mORMot, all the methods available to handle many-to-many
relationship (ManySelect, DestGetJoined...) are used to
retrieve the relations between tables from the pivot table point of view. This
saves bandwidth, and can be used in most simple cases, but it is not the only
way to perform requests on many-to-many relationships. And you may have several
TSQLRecordMany instances in the same main record - in this case,
those methods won't help you.
It is very common, in the SQL world, to create a JOINed request at the main "Source" table level, and combine records from two or more tables in a database. It creates a set that can be saved as a table or used as is. A JOIN is a means for combining fields from two or more tables by using values common to each. Writing such JOINed statements is not so easy by hand, especially because you'll have to work with several tables, and have to specify the exact fields to be retrieved; if you have several pivot tables, it may start to be a nightmare.
Let's see how our ORM will handle it.
2011, Sunday December 4
By A.Bouchez on 2011, Sunday December 4, 09:46 - Pascal Programing
I'm a long-time registered user of Total Commander.
This tool is my daily file manager. I never use Windows Explorer, since Total Commander is just faster, more easy to use (especially with the keyboard), has a lot of plug-ins. I even created my own plug-ins to access some custom file formats, and navigate into them just like with any folder. And it includes a lot of well written commands for FTP access or file comparison, which made other tools (like WinMerge) unnecessary.
There is a new beta version of Total Commander available, which targets Windows 64 bit. I just thought: 'Whoo, this is a real-world Delphi XE2 64 application'. I downloaded and tried it. Worked as expected, and integrates seamlessly with Windows Seven (for the shell extensions). Then I took a look at the executable... and discovered it was not compiled with Delphi XE2... but with FPC !
2011, Wednesday November 30
By A.Bouchez on 2011, Wednesday November 30, 06:36 - mORMot Framework
A nice framework user, named esmondb, did write and publish some JavaScript code to handle our RESTful authentication mechanism.
It seems to work well, and implements all secure hashing and
challenging.
Our authentication mechanism is much more advanced than the one used by
DataSnap - which is a basic HTTP authentication with the password
transmitted in clear (this is the reason why it shall better be used over
HTTPS, whereas mORMot can be used over plain HTTP).
Resulting JavaScript code seems not difficult to follow, even for a no
JS expert like me.
2011, Sunday November 27
By A.Bouchez on 2011, Sunday November 27, 23:39 - Pascal Programing
Delphi is sometimes assimilated to a RAD product - and this is a marketing
label - but IMHO Delphi is much more than RAD.
With Delphi, you can make very serious and clean programming.
Including SOLID style of coding.
The acronym SOLID is derived from the following OOP principles (quoted from the corresponding Wikipedia article):
If you have some programming skills, those principles are general statements you may already found out by yourself. If you start doing serious object-oriented coding, those principles are best-practice guidelines you would gain following.
They certainly help to fight the three main code weaknesses:
By A.Bouchez on 2011, Sunday November 27, 07:21 - mORMot Framework
The prototype of these method has been modified, to supply an additional
aSession: cardinal parameter: this is a CODE BREAK change and you
shall refresh ALL your server-side code to match the new signature.
2011, Wednesday November 23
By A.Bouchez on 2011, Wednesday November 23, 08:37 - Pascal Programing
Luigi Sandon wrote on Embarcadero's forum:
And then you ask yourself: "why use a native compiler if its code may be even slower than jitted one?". Hope the new developers will also develop better and faster code - and not viceversa.
Embarcadero is just following the Wirth's law slower than others:
"Software is getting slower more rapidly than hardware becomes faster"
Speed is only a matter of compiler for mathematical computing intensive
tasks.
Most of the time, in real apps (like business apps), the main speed issue is
more the framework size (and the number of dll invoked), memory consumption,
and general design (e.g. how caching and SQL are written).
Delphi, Java or .Net can do slow apps.
Delphi, Java or .Net can do fast apps.
You can do small and fast stand-alone apps with Delphi, running from Windows
2000 to Windows 8.
It is not possible with Java nor .Net.
This is the main difference IMHO with native code and JIT - about memory use, ease of distribution and no need of an external runtime framework.
2011, Tuesday November 8
By A.Bouchez on 2011, Tuesday November 8, 21:51 - Pascal Programing
The currency type is the standard Delphi type to be used when
storing and handling monetary values. It will avoid any rounding problems, with
4 decimals precision. It is able to safely store numbers in the range
-922337203685477.5808 .. 922337203685477.5807. Should be enough for your pocket
change.
As stated by the official Delphi documentation:
Currency is a fixed-point data type that minimizes rounding errors in monetary calculations. On the Win32 platform, it is stored as a scaled 64-bit integer with the four least significant digits implicitly representing decimal places. When mixed with other real types in assignments and expressions, Currency values are automatically divided or multiplied by 10000.
In fact, this type matches the corresponding OLE and
.Net implementation of currency, and the one used by
most database providers (when it comes to money, a dedicated type is worth the
cost in a "rich man's world"). It is still implemented the same in the
Win64 platform (since XE 2). The Int64 binary
representation of the currency type (i.e. value*10000
as accessible via PInt64(aCurrencyValue)^) is a safe and fast
implementation pattern.
In our framework, we tried to avoid any unnecessary conversion to float
values when dealing with currency values. Some dedicated functions
have been implemented for fast and secure access to currency
published properties via RTTI, especially when converting values to or from
JSON text. Using the Int64 binary representation can be not only
faster, but also safer: you will avoid any rounding problem which may be
introduced by the conversion to a float type. Rounding issues are a nightmare
to track - it sounds safe to have a framework handling natively a
currency type from the ground up.
2011, Thursday October 27
By A.Bouchez on 2011, Thursday October 27, 05:17 - Pascal Programing
From a StackOverflow question about a freezing Delphi application, I posted some experiment-based debugging tricks.
May help any developer in his/her fight against random bugs...
2011, Sunday September 25
By A.Bouchez on 2011, Sunday September 25, 21:46 - mORMot Framework
Our Client-Server ORM framework is now available in revision 1.15.
This is a major upgrade of the framework:
TModTime / TCreateTime kind of fields;By A.Bouchez on 2011, Sunday September 25, 19:54 - Pascal Programing
You know all that one of the most exciting features of Delphi XE2 is the
MaxOSX Cross-Platform feature.
You've got the UI part,
that is FireMonkey, but underneath, you did have some RTL modifications in
order to let our Windows-centric solutions be OSX ready.
The first main step was to make our code speak with the "Objective-C" way of coding.
Objective-C is the primary language used for Apple's Cocoa API, and it was originally the main language on NeXT's NeXTSTEP OS. It's some object-oriented C variant, but something other than C++ or Java. In fact, Objective-C sounds more like a SmallTalk variance of C than another C++/Java/C# flavor. For instance, the Objective-C model of object-oriented programming is based on message passing to object instances: this is just another way of doing it. It has some advantages, and disadvantages (I don't want to troll here) - but it is definitively nice. And the memory model is just something else, more close to our reference-counting way (as in Delphi interface implementation) than a garbage collector.
By A.Bouchez on 2011, Sunday September 25, 13:59 - SQLite3 Framework
In case you were redirected from the previous "Synopse SQLite3
framework" category link, here is the new thread to be used instead:
http://blog.synopse.info/category/Open-Source-Projects/mORMot-Framework
Since revision 1.15 of the framework, it is able to connect to any database engine (therefore is not limited to SQLite3), and is now called mORMot.
By A.Bouchez on 2011, Sunday September 25, 10:49 - Synopse PDF engine
For our PDF generation Open-Source library, this is a small fix update.
It can now be compiled under Delphi XE2.
But it's still working from all previous IDE versions, starting with Delphi 5,
and still 100% free - released under GPL/LGPL/MPL license, choice is yours.
2011, Wednesday September 14
By A.Bouchez on 2011, Wednesday September 14, 20:31 - mORMot Framework
In computing, internationalization and localization (also spelled internationalisation and localisation) are means of adapting computer software to different languages, regional differences and technical requirements of a target market:
Our framework handle both features, via the SQLite3i18n.pas
unit. For instance, resourcestring defined in the source code are
retrieved from the executable and can be translated on the fly. The unit
extends this to visual forms, and even captions generated from RTTI.
In short, making your software open to any language is handled by the framework, from the bottom-up.
2011, Monday September 12
By A.Bouchez on 2011, Monday September 12, 23:13 - Pascal Programing
Unfortunately, Delphi's 64-bit compiler (dcc64) and RTL do not support
80-bit extended floating point values on Win64, but silently alias
Extended = Double on Win64.
There are situations, however, where this is clearly undesirable, e.g. if
the additional precision gained from Extended is required.
The Open-source uTExtendedX87 unit provides a
replacement FPU-backed 80-bit Extended floating point type
(TExtendedX87) for Win64.
2011, Sunday August 28
By A.Bouchez on 2011, Sunday August 28, 08:57 - Pascal Programing
Writing working multi-threaded code is not easy - it's even hard, as as a Delphi expert just wrote in his blog.
In fact, the first step into multi-thread application development could be:
"protect your shared variables with locks (aka critical sections), because you are not sure that the data you read/write is the same for all threads".
The CPU per-core cache is just one of the possible issues, which will lead into reading wrong values. Another issue which may lead into race condition is two threads writing to a resource at the same time: it's impossible to know which value will be stored afterward.
2011, Saturday August 20
By A.Bouchez on 2011, Saturday August 20, 10:24 - Open Source libraries
We already shipped a sophisticated set of logging classes some month ago.
Since then, its features have been enhanced, and the system has been deeply interfaced with our main ORM framework. Now almost all low-level or high-level operations can be logged on request.
But since the log files tend to be huge (for instance, if you set the logging for our unitary tests, the 6,000,000 unitary tests creates a 280 MB log file), a log viewer was definitively in need.
« previous entries - page 1 of 7