Delphi After Borland

Borland recently announced that they are selling their suite of developer tools and wish to focus on their application lifecycle tools.

As a long time Delphi developer this could be a good thing. Borland had not been paying these tools enough attention of late. Plus given Borland’s recent habit of changing names (Borland -> Inprise -> -> Borland) they may even end up reacquiring the product line!

Borland have stated that they will only sell them to a company that would actively develop the products so they will not be mothballed.

Least Priv part 2

I have been trying to find a comprehensive list of the windows permissions and their effects.
This is proving hard to do.

I found the following  in an old mcsd study guide (WMA I and WMA II – Prendergast) :

Window NT – Everything is secure within Windows NT. The security issues are oftern the system manager not understanding how to secure the system.

The problem is that there is no one place to find the documentation to be able to secure a WIndows 2000 or above machine – especially when you include Active Directory.

This is especially fun when windows helpfully performs actions on your behalf silently.
This can cause deployment nughmares.

For example when you use DCOMCNFG to specify the identity for a COM object and specify the password it quietly grants you the “log on as a batch job right”. When active directory is involved in the mix it notices that acording to it’s information (gpo) that you should not have that right and takes it away. This can cause an application to fail  upto a day after it was deployed and tested. This gets really fun when the deployment engineer has now left the country.

I have also been looking for the means to determine  what Privilege are requested.
Finally I have found it!

Under Local Security Settings| Local Policies | Audit Policy there is an option to “Audit privilege use”
Between the settings of audit on success and audit on failure we now have enough tools to identify the use of privileges. This information is written to the event viewer | security section (a point that is not clearly documented anywhere that I could find on the msdn site).

Least Priv

This is a blog dedicated to least priv.
I have a customer that wants to know the minimum priv that an existing application uses.
I am trying to collect the tools needed to investigae this.

This is the sysinternals utility that will detect security related items.

This is a link to a wmi query that lists the required permissions when an operation has failed.

Company Wide Language Standardisation

This is recent slashdot article on Company Language Standardisation.

Over a couple of years the company that I work at has through acquisition managed to move from having 3 main languages in use to 6 main langauges. This has made development and maintenance more difficult, especially as some of the acquired code was produced by less experienced developers.

I can see the need for having appropriate languages for their problems.
However there should not be two langauges in the same niche.

A company should either pick VB.Net or C#.

Personally I would lean towards C# but then I have had some bad experiences with the quality of VB.NET code that I have seen.

There are  some arguments for allowing Java and C# within an organisation to allow the use of the associated technology stacks.

A company also needs a native language for the platforms that they are using (for those times when the frameworks don’t cut it) – for windows Delphi or C++ cover this field.

I would also recommend the use of a scripting language for support tool purposes.
Currently I use a mix of Tcl/Tk/Expect and Python.

Overall a company should use a limited set of languages to maximise the number of developers that can work on a given project. There should be one language in any given niche – but don’t limit youselves too much.

XSLT Considered Harmful

Warning XSLT can seriously twist your brain.

XLST was hailed at the end of the 90’s as being the uttimate tool to transform XML.
Theoretically you can use it to transform any XML into any other other format.

It can be very powerful (look at Code Generation).
However it needs to be treated especially carefully and be properly supported by unit tests of the transforms. Just because some clever code can be written does not mean that it should. Don’t take too many shortcuts.

Here is a useful python script that will make life a little easier:

import os

def XPathToXML(XPath):
   s = XPath.split(“/”)
   for x in s:
      print (“<“+x+”>”
   for x in s:
      print (“</”+x+”>”

if __name__ == “__main__”:

This little beauty will take an XPath fragment such as
a/b/c and return:
Which is just what the doctor ordered when creating XSLT test data.