All posts by onlyconnect

borland, delphi, software development

Why the change of CEO at CodeGear?

1 Comment

CodeGear has a new CEO. But why? There’s the usual bland stuff in the press release:

Today we made a change to the leadership team at CodeGear.  Jim Douglas is joining as CEO of CodeGear.  Jim will be responsible for driving CodeGear to the next level, building on the solid foundation and momentum achieved by the CodeGear team under Ben Smith’s leadership.

Departing CEO Ben Smith has a blog entry that is no more revealing.

Judging by comments on the Borland newgroups, developers are fearing the worst. The problem: a change of CEO is a sign of instability, when CodeGear customers need reassurance that their preferred tools are in good hands. I didn’t see any previous suggestion that Smith’s appointment was intended to be short-term.

To make matters worse, there are signs that both Delphi for PHP (see here) and Delphi 2007 (see here) were released too quickly – especially Delphi for PHP. Strategically unwise.

There’s still nothing to touch Delphi for native Windows (if you don’t need 64-bit). And tackling PHP tools is a great idea. But in a difficult market the company cannot afford many slip-ups.

 

Uncategorized

The search for the new client runtime

Some interesting posts recently about the connected client wars:

Ray Ozzie interview from Knowledge@Wharton.

Commentary from Ryan Stewart – subscribe to his blog if this stuff interests you, and it should.

Commentary from David Berlind

Why a new client runtime? It’s because of certain desirables:

  1. Designer freedom – think multimedia, effects, custom controls.
  2. Zero deployment – It Just Works, not ardous setup routines with weird error messages.
  3. Web storage – most data belongs in the cloud, it’s safer there.
  4. Local storage – for offline use and performance.
  5. Cross-platform – for all sorts of reasons: Apple resurgence, Linux desktop improving, inherent client agnosticism of the Web. Windows-only doesn’t cut it.

I’d add, and this is a techie point, an XML UI. XML makes huge sense for defining a user interface. Think of the history here: in the beginning we had text (DOS etc). Then we got pixels (Windows API), supplemented by arcane ideas like dialog units to make it vaguely scaleable. Then we got layout managers – Java’s AWT and Swing. Fundamentally right but awkward to code. Now we combine XML and layout managers – easier to code, better for visual designers. The best yet.

I dont care as much about the language. Java, C#, JavaScript (ECMAScript 4.0, ActionScript 3.0) are all workable. Just-in-time compilation is important; but all of these have that.

Of course the new client runtime is an old client runtime. Flash, transmuted with Flex and Apollow. Microsoft .NET, transmuted with WPF and given some belated cross-platform appeal with WPF/E. And not forgetting Mozilla XUL, which ticks most of the boxes but lacks the marketing effort and tools that are making waves for Adobe and Microsoft.

In some ways this looks like a battle that is Adobe’s to lose. It has designer hearts and minds, runtime deployment, cross-platform all sewn up. That said, I really like WPF; it has been mostly lost in the Vista fog but will emerge; maybe Mix07 will help (now sold out, apparently). Good WPF apps are amazing; and Microsoft has armies of .NET developers out there, and a great tool in Visual Studio – but stumbles on (5) above.

Watch this space.

 

Technorati tags: , , , , ,
internet, software development, web authoring

Delphi for PHP first impressions

35 Comments

I tried out Delphi for PHP for the first time this weekend.

Install on Vista was smooth. The setup installs its own copy of Apache 2 and PHP 5. A few minutes later and I was up and running.

The IDE is Delphi-like. Here is a scrunched-up image to give you a flavour:

 

I have a standard application I build when trying out a new development tool. It is a to-do list with a listbox, a textbox, and buttons to add and remove items from the list. I started well, and soon had the controls placed, though they are tricky to line-up nicely. I resorted to setting the Left property as the snap-to-grid did not work for me.

Then I double-clicked the Add button. As expected, I was greeted with an empty Click handler. What to type? After a little experimentation I came up with this:

$this->lstItems->AddItem($this->ebItem->Text,null,null);

When you type ->, the editor pops up autocomplete choices. Nice. I clicked the run button and the application opened in my web browser. I set a breakpoint on the line; that worked nicely, especially after I displayed the Locals window so I could see the value of variables.

The next step is to implement removing an item. This is fractionally more challenging (I realise this is little more than Hello World), since I need to retrieve the index of the selected item and then work out how to remove it.

I am embarrassed to admit that it took me some time. Yes, I tried the documentation, but it is terrible. Unbelievably bad. Someone ran a thing called Doc-O-Matic over the code. Here’s the entire description of the ListBox control:

A class to encapsulate a listbox control 

There’s also a reference which lists methods, again with a one-line description if you are lucky. Here’s the one for ListBox.getItems:

This is getItems, a member of class ListBox.

I gave up on the docs. I had figured out AddItem; I had discovered that the itemindex property has the index of the selected item; but there is no RemoveItem or DeleteItem. I went back to basics. The ListBox has an _items member field which is an array. In PHP you remove an item from an array with unset. I resorted to editing the VCL for PHP by adding a RemoveAt method to CustomListBox:

function RemoveAt($index)
{
unset($this->_items[$index]);
}

Note that I am not proposing you do the same. There must be a better way to do this. I just couldn’t work it out quickly from the docs; and I was determined to get this up and running.

Here’s my code for removing an item:

$selindex = $this->lstItems->itemindex;

if ( $selindex > -1)
{
$this->lstItems->RemoveAt($selindex);
}

Now my app worked fine. What about deployment? I used the deployment wizard, which essentially copies a bunch of files into a directory, ready for upload. There are a lot. 44 files to be precise, mostly of course the VCL for PHP. Still, it was painless, and you can configure a web server to share these files between different applications.

All I needed to test it was a web server running PHP 5.x (it will not work with PHP 4). Fortunately I had one available, so I uploaded my first Delphi for PHP application. It looked good, but although it worked on my local machine, the deployed app throws an error when you click a button:

Application raised an exception class Exception with message ‘The Input Filter PHP extension is not setup on this PHP installation, so the contents returned by Input is *not* filtered’

I note that this user has the same problem. My hunch is that Delphi for PHP requires PHP 5.2 – I only have 5.1 at the moment.*

In addition, I don’t like the way the default deployment handles errors, by publishing my callstack to the world, complete with the location of the files on my web server.

How secure are all these VCL for PHP files anyway? What assurance do I have about this? Will they be patched promptly if security issues are discovered?

Important questions.

There will be plenty more to say about Delphi for PHP. For the moment I’m reserving judgment. I will say that the release looks rushed, which is a shame.

Update: I’ve now seen a fix posted to the Borland newsgroups for the input filter exception, showing how to remove the code which raises it. However I suggest you do not apply this fix, for security reasons, unless you are deploying on a trusted intranet. It is vital to sanitize PHP input on the internet.

*PHP 5.2 is not the answer. It could even be a problem. Delphi for PHP ships with PHP 5.1. There is an input filter extension which you can add for PHP 5.x; see http://pecl.php.net/package/filter. However these are built into PHP 5.2; but the version used by VCL for PHP is old and seems to be incompatible. What a mess.

Technorati tags: , , ,

delphi, software development

SQLite: what a difference transactions make

I received an email from something trying my simple Delphi wrapper for Sqlite. He wanted to add a million rows to a table of 10 columns of doubles, but was disappointed with the speed.

I tried with your SQL commands from the wrapper and just for 10000 elements it took me for ages…

I had a hunch that wrapping the inserts in a transaction might solve this one, and so it proved. The difference is staggering.

10,000 rows in 2 seconds, 1 million in under a minute.

Without the transaction it takes, well, forever, as the email says.

Worth noting if you use Sqlite; and in fact, many database engines behave like this. The reason I guess is that if you do not explicitly place a sequence of SQL statements within a transaction, then each statement is in effect its own transaction. That means the database engine has a lot of housekeeping to do in order to ensure that the changes were really written to disk, and in opening, writing and closing the journal file.

 

Technorati tags: , , ,
internet, software development, web authoring

Try Delphi for PHP for one day

1 Comment

Codegear is offering a free trial of Delphi for PHP … for a single day:

Long enough to evaluate a developer product? To my mind this is taking RAD a step too far. Just as well, since, this is what I got when I tried to download it:

This means one of two things. It either demonstrates the huge interest in Delphi for PHP, or the unfortunate lack of scalability in CodeGear’s server applications. Which, it appears, are not coded in PHP.

To be fair, the product has just been slashdotted. The thread is not especially illuminating so far, though I thought this was a telling comment:

For a reference, this is how this looks in plain PHP (granted no MVC and so on, but for the sake of example..):
<?php echo “Hello World” ?>
What does Delphi do?

  1. Loads several thousand lines VCL code
  2. Loads all the menu, form, container and “external” controls, although they’re not used (thousands of lines of code)
  3. The Hello World is a label (no simpler way) which has around 50 properties (color, bg color and what not) defined in an XML file. I left all at defaults, but never mind. The file is loaded, parsed.
  4. The Label class inherits from CustomLabel, which inherits from Components which inherits from other stuff I didn’t even bother check, it goes through all properties, and figures out after a lot of thinking that it should print the words “Hello World”.

Yes, that’s the trade-off with frameworks, though some are better than others. Now we need some counter-examples. Anyone?

 

Technorati tags: , , ,
software development, windows

Don’t call your Windows app UpdateAnything

I wrote a little Windows utility that updates a file. It’s safe and harmless; it just modifies a file which is in my user documents folder. I called the utility UpdateMSI. Under Vista with UAC enabled, running this app throws up a dialog:

An unidentified program wants access to your computer

But why? Simple: Vista inspects the name of the executable, notes that it includes the word “update”, and concludes that it needs local administrator rights.

On the face of it, this is silly. First of all, Vista is wrong: my app does not need admin rights. Second, it is infuriating that I am not given any choice in the matter. The UAC dialog says “Cancel” or “Allow”. It does not include the option to run with my normal user rights.

Microsoft did this in an effort to detect setup applications; the word “setup” has the same effect. It will trigger if the word is anywhere in the executable name. I tried it with WorldCupDatePicker.exe – same result.

Surely it would not have been too hard to give the user a say in this? Just a checkbox that says “Let me run this how I want on my computer”? You can disable UAC of course; but I’m not going to do that; overall it’s a good feature.

If you wrote the app, there is a fix. You have to embed a UAC manifest in your application. There are simple instructions here, though note that these explain how to force the UAC prompt, not how to suppress it. If you don’t want to run as admin, modify the line:

<requestedExecutionLevel level=”requireAdministrator”/> 

to read instead:

<requestedExecutionLevel level=”asInvoker”/>

Bottom line: always include a manifest.

Technorati tags: , ,
software development

A common-sense introduction to software factories

If you’ve been intrigued by Microsoft’s idea of integrating software factories into Visual Studio, you might want to read this mini-series by Edward Bakker and Jezz Santos:

The motivation behind this effort has been that we’ve recognised that there is little practical information helping ordinary professional developers on getting started with building and understanding software factories. We have had quite a head start on this and wanted to share our knowledge and experiences with you and the community to promote the uptake of building factories, which in turn should promote the adoption of software factories and the industrialisation of software in general. This series was created in a format that asks a logical sequence of questions that you might have when trying to figure out how to build software factories today.

Pretty good as a guide for the perplexed. A couple of other links. Jeremy Miller explains why he is sceptical:

The big hangup that I have with software factories is that I think some atrociously bad systems are going to be created by blindly following the “guidance” from the software factory.  Also, *who* is building the guidance in these software factory thingies?  Are they really good enough to do that?  Is my system really suitable for a generic set of patterns?

I also liked the comment to his post which asks about:

Microsoft software which uses the product (other than demo, please):

I’m reminded of when I asked Scott Guthrie what modeling tools were used by the ASP.NET team. His answer: a whiteboard.

Finally, RegDeveloper editor David Norfolk has some comments on UML and MDA arising from the article.

 

Technorati tags: ,
internet, software development, web authoring

Delphi for PHP is done

Hot on the heels of Delphi 2007, CodeGear has announced the completion of Delphi for PHP. Apparently download purchasers can buy immediately.

The name is controversial: this product uses neither the Delphi IDE, nor the Delphi language. Rather, it is inspired by Delphi; maybe it was created with it too. I guess it would have used the Delphi IDE had it not been a third-party buy-in; perhaps it will in future.

The associated library, called VCL for PHP, is meant to be open source; but its home page on SourceForge remains empty at the time of writing.

More when I’ve had a chance to try it out; again, I’d be interested in hearing from early adopters.

 

Technorati tags: , , ,
software development, windows

Automating development: Software factories for Visual Studio

The Register has my piece on software factories, based on an interview with Jack Greenfield, a Microsoft software architect. Greenfield talks about a 40% – 80% productivity gain.

If you’re not familiar with this stuff, a bit of orientation may help. When Greenfield talks about software factories, he means both factory instances, which automate the building and customization of specific types of application, and also factory-making tools, which let you create or adapt factories to suit your specific needs. And when Greenfield talks about the factory “runtime”, he means the infrastructure in Visual Studio and its SDK that lets you put your factory to work.

You can actually play with this stuff now. The runtime is called the Guidance Automation Extensions and the authoring tool is the Guidance Automation Toolkit; perhaps one should add the Domain-Specific Language tools. All can be downloaded. You can also download the first four software factory instances. If anyone has tried these and has comments, I’d love to hear from you.

I was intrigued by the internal debates Greenfield mentions. He says it was a mistake to ship the “White Horse” modeling tools in Visual Studio 2005 (Design for Deployment) as a fixed set which are used only occasionally. He is now focused on shipping tools to make and customize tools, a strategy which he believes has more future.

We will always need tools; improvements are welcome. That said, I am also reflecting on the lesson from Qcon: the human factor counts most.

 

internet, security

Don’t just blame users for woeful security online

The BBC this morning reports that many net users are not safety aware. The piece is based on research by Get Safe Online, a UK Government-sponsored initiative to promote internet safety. More details of the survey are here. I’m intrigued by a couple of these figures. Apparently 45% of internet users only connect to “secure” wi-fi networks outside the home. That’s surprising since most public wi-fi is not secured; but why would you trust the security of someone else’s network anyway? I’m in the 55%.

There’s also some figures on passwords, showing that nearly 25% of users have a single password they use everywhere. Even more surprising, another 25% claim to use a different password for every site. It’s a mess either way. We will never get even a moderately secure internet without better authentication.

The key question, as this Get Safe Online press release observes, is about who should take responsibility for online safety – meaning everything from viruses and fraud to predatory chatroom impostors. Here are some popular candidates:

  • The ISPs
  • The banks (presumably for financial safety)
  • The individual
  • The security companies – Symantec, Sophos etc.
  • The operating system vendor – Apple, Microsoft etc
  • The Government – let’s regulate

I guess the answer is “all of the above”, though the role of security software is vastly exaggerated, especially that of anti-virus software which in reality does not work well – see Ed Bott’s recent piece The Sorry State of Security Software.

User education is welcome though anyone with technical knowledge will likely find the homely advice doled out by a site like Get Safe Online frustratingly inadequate. Online safety is difficult for all sorts of reasons. One problem is that users get confronted with decisions they are not equipped to make. Another issue is that even conscientious and informed users are forced to compromise in order to get their work done, like the occasion last week when Thawte advised me to turn off my firewall in order to buy its product.

The Internet will never be safe, but it can be made better. Strong authentication, no more passwords. Digitally signed emails. Networks of trust. Secure operating systems. It’s no good just blaming users, many of them are doing their best.