Comments for Sip from the Firehose

Comment on Tech Republic: A developer’s hands-on review of Delphi 2010 by Dmitry Streblechenko

Dmitry Streblechenko — Fri, 20 Nov 2009 17:35:19 +0000

@Zenon,
that’s what baffles me too: I thought the idea for Embarcadero as a company is too make money first and foremost, and there is a lot more money to be made in offering a 64 bit version of Delphi. Even in the most current version (Delphi 2010), there is absolutely nothing that you can do end-product functionality wise that you cannot do in Delphi 7, which quite a few developers are happily using.
64 bit is very different: no amount of raw Windows API or third party components would let you create a 64 bit executable.
That means no shell extensions for Win 64, no Office 2010 64 bit COM add-ins, and no standalone executables that talk to Office 2010-64 through COM.

Comment on Tech Republic: A developer’s hands-on review of Delphi 2010 by Zenon

Zenon — Fri, 20 Nov 2009 16:49:30 +0000

@Dmitry
The idea to have a Delphi/CPP Builder available not only for the Windows platforms but also for the others like Linux/Mac etc. is a good one assuming they have enough resources and determination to do it.

However, I fully agree that first and foremost they need to provide the full support for the Windows platforms which these days must include 64 bit compiler.

The real mistake they made was IMO not Kylix but rather the idea of going after .Net which dragged a lot of resources and in the end resulted in the infamous Delphi 8 release.

I think it is still not too late for them to recognize their mistake in prioritizing multiplatform support above Windows 64-bit support for the next Delphi 2011 release, and I HOPE they are flexible and courageous enough to reshuffle priorities and resources while there is still time to do that.

In the end Mac OS is only about 4% of the PC desktop market and it is not existing as a server, so even assuming 100% adoption of the Delphi on Mac platform this is pretty much insignificant if compared to potential locses on the Windows platform due to lack of 64-bit toolset.

Comment on Tech Republic: A developer’s hands-on review of Delphi 2010 by Dmitry Streblechenko

Dmitry Streblechenko — Thu, 19 Nov 2009 14:41:33 +0000

He forgot to mention what is still *not* there: a 64 bit compiler. I don’t know how a native Windows compiler can ignore 64 bit for so many years.
Delphi (or rather its product management) has a long history of pushing totally irrelevant ideas (Kylix?) while ignoring features that developers have been asking for years.
Now that Office 2010 is out (which comes in both 32 and 64 bit flavors), anybody who has an existing add-in written in Delphi is dead in the water. And Embarcadero does not seem to be concerned judging from the Delphi road map, which lists Mac support, but puts 64 bit at least a couple versions away.

Why would I even consider Delphi (which supposedly prides itself on being a premier native Windows compiler) if I cannot compile in 64 bits?

Comment on Tech Republic: A developer’s hands-on review of Delphi 2010 by fritz huber

fritz huber — Thu, 19 Nov 2009 12:38:55 +0000

Now if you just could make the darn thing cheaper, I’d buy in heartbeat.
But those prices keep pushing me towards MS and FOSS.

Most other companies have "individual developer" licenses for around 3-500 Euros.

Still, Delphi is great. I wish we used it at our company.

Comment on Your data, how you want it, where you want it, with DataSnap 2010 by Luigi D. Sandon

Luigi D. Sandon — Tue, 10 Nov 2009 14:10:55 +0000

1) HTTP authentication works if and only if you use HTTP. That’s not always the best solution, especially since HTTP is a stateless unidirection protocol. And what kind of HTTP authentication do you support?
2) If you have authentication, do you have authorization? Once a user is authenticated, how do you control which code he can call? Is each method call authenticaded and authorized, if needed? Sessions can be hijacked and redirected. Can filter be used to know which method is called by who, and return an error if the user has not enough rights? Have you a way to impersonate the security context of the caller on the server side, so his rights are checked while accessing other resources, especially using plain TCP/IP? Does the call dispatcher has hooks to control this?
Different users may have different rights. And this implementation can’t use any directory service to simplify user and rights management. Again, something to implement from scratch.
3) HTTP by itself does not implement nor failover nor loadbalace. If you tell me that IIS has way to implement them is another thing - but they are just at the HTTP transport layer and have no knowledge of what’s above.
4) I really wonder that people there are unable to understand your filter architecture is just a stopgap and unable to provide a way to implement real security. Please show me how do you implement the handshaking phase (exchanging session keys and the like) using filters. It coudl require several roundtrips to establish the security context.
Oh yes, I can write my handshaking methods, but it wouldn’t be as transparent as it should - each connection must perform the handshake calling the custom code.
5) "DataSnap simplify a lot the security implementation". Yes, it simplify everything up to the point there no security built-in.
6) "allow you to use other security layers like firewall, proxy, database encryption" I wish you could show how it could not allow them… given they are completely separate.
7) And above all: why should I spend a thousand euro more to buy a half backed solution and implement most of the security code myself? Both DCOM and WCF offer all above out of the box, and often transparently.

Comment on Your data, how you want it, where you want it, with DataSnap 2010 by Andreano Lanusse

Andreano Lanusse — Sat, 07 Nov 2009 05:51:01 +0000

Luigi you really need to study DataSnap 2010. I recommend you to watch the CodeRage videos about DataSnap.

"anyone can call into your server or tamper your data"
This is not true, there is a HTTPAuthentication on the server side, so you have the control on the server side to allow or not the access for the server methods.

Also, the HTTP protocol has control of the session, so you can define a timeout, control sessions, implement load balance, failover, etc.

Also, the filters is a important part of the security layer, where you can add any filter you wanna, in other worlds OPEN ARCHITECTURE

DataSnap simplify a lot the security implementation, and also allow you to use other security layers like firewall, proxy, database encryption, etc.

Comment on Your data, how you want it, where you want it, with DataSnap 2010 by Bruce McGee

Bruce McGee — Fri, 06 Nov 2009 16:34:04 +0000

Thanks, David (and Bob).

I’m glad to see DataSnap getting some love and appreciate seeing documentation and tutorials to help make these more accessible. Keep up the good work.

Comment on Your data, how you want it, where you want it, with DataSnap 2010 by Luigi D. Sandon

Luigi D. Sandon — Fri, 06 Nov 2009 14:59:52 +0000

"Your data, where you want, how you want it ". Your right. Or better, "Your data, where anybody wants, how anybody wants it" Because there’s no security built-in, your data are easily readable by anyone and anyone can call into your server or tamper your data. More "distributed" than this is really hard to have. And don’t start with the "you can filter data" refrain - it is not enough to protect the data exchange properly, unless much more code is written (and called) before even to send the first datum. And still there would be issues.
I understand you need to sell your actual product, but next time try to think about the *real* world before designing a solution. Security is no longer optional.

Comment on Your data, how you want it, where you want it, with DataSnap 2010 by David Intersimone

David Intersimone — Fri, 06 Nov 2009 14:37:13 +0000

"Security is no longer optional" - with DataSnap 2010 filters, you can easily create encryption filters, call Windows Crypto API, or use another encryption library. InterBase 2009 supports encryption at many levels in the database layer. Finally, you can also use HTTPS if you have a certificate for your Web Server.

The Filters for DataSnap 2010 were provided for just the security level you mention.

Comment on RAD Studio 2010 tour around the US in November and December by David Intersimone

David Intersimone — Tue, 03 Nov 2009 15:51:52 +0000

"Is the tour going to venture into New England or New York?" and "Anything planned for the Seattle area?" - we are looking at additional locations depending on our budget for travel. We will also do some online versions after the tour to hit everyone who couldn’t make it to one of the other locations. Stay tuned to the landing page for the US Tour for additional dates and locations.

http://www.embarcadero.com/rad-tour-2010-free-seminar