ElevateDB

Elevate Software announces V2.27 release of ElevateDB

ElevateDB is licensed per-developer, and includes royalty-free distribution. License management isn’t required at all.  The software is written for Delphi development and brings out the ability of handling multiple users for a small company.  Flexible database commands allow SQL-like searches, modifications and extractions.  Great product for a small amount upfront.

The following are breaking changes in 2.27

  • The XML output from the EXPORT TABLE SQL statement now includes a top-level “table” element in order to properly adhere to the XML specifications and allow exported XML files to be properly validated.
  • Comparisons between timestamp values and date values now ignore the time portion of the timestamp value and only compare the date portion of the timestamp value with the date value.

2.27 New Features

  • New VCL TEDBDataSet Import and Export methods have been added to allow for the import/export of files to/from TEDBTable, TEDBQuery, TEDBScript, and TEDBStoredProccomponents.
  • A new LOG EVENT SQL/PSM statement has been added in order to allow SQL/PSM routines (scripts, procedures/functions, triggers, and jobs) to log information, warning, and error events directly to the logged events for the current ElevateDB configuration.
  • There are new VCL TEDBEngine AddDayTimeToDateTime, AddDayTimeToTime, AddYearMonthToDate, AddYearMonthToDateTime, SubtractDateFromDateAsDayTime, SubtractDateFromDateAsYearMonth, SubtractDateTimeFromDateTimeAsDayTime, SubtractDayTimeFromDateTime, SubtractDayTimeFromTime, SubtractTimeFromTimeAsDayTime, SubtractYearMonthFromDate, and SubtractYearMonthFromDateTime methods that allow for basic interval math directly from native code, in addition to SQL.
  • As noted above in the breaking changes section, you can now directly compare the date portion of timestamp values with date values.
  • ElevateDB now logs warning events to the logged events for the current ElevateDB configuration when a database is opened and the database path does not exist, or if the database catalog does not exist.
  • The ALTER INDEX and ALTER TEXT INDEX SQL statements no longer alter the entire index when only the description is changed.

Critical SQL Server Patches for Meltdown and Spectre

There are two new possible viruses Meltdown and Spectre that can lead to dangerous situations on your SQL server by attacks. The following summary allows you to review and decide how to patch your systems.  All SQL DBAs need to take action to make sure that they have backups as well as protecting the current systems.

Microsoft SQL Server 2016

 

SQL Server Versions Affected

This is a hardware issue, so every system is affected. SQL Server running on x86 and x64 for these versions:

  • SQL Server 2008
  • SQL Server 2008R2
  • SQL Server 2012
  • SQL Server 2014
  • SQL Server 2016
  • SQL Server 2017
  • Azure SQL Database

It is likely that SQL Server 2005, SQL Server 2000, SQL Server 7, SQL Server 6.5 are all affected. No SQL Server patches are coming due to the age and since they have been out of commission for the past few years.

Note: according to Microsoft, IA64 systems are not believed to be affected. If you have SQL Server 2008, 2008 R2, 2012, 2014 you’ll have to wait on SQL Server patches.  You can continue to visit the Microsoft web site for when the patches will become available.

SQL Server Patches

There is a KB (4073225) that discusses the attacks. You can read that in

Here are the patches as of this time:

We will update as more patches become available.

OS Patches

The Window KB for guidance is 4072698.

Here are the OS patches that I’ve been able to find.

Using Delphi XML Mapper

Embarcadero Enterprise Studio package contains a wonderful utility that can assist any Delphi developer with the ability of importing a XML document for the sole purpose of using it within a datagrid.  Displayed below is a simple SSH cheat XML document that was created using Excel and will be used.

The purpose of this entire exercise to get the XML data into a clientdataset so it can be used in a datagrid.

 

XML Mapper is a stand-alone tool located in the bin folder or you can click on tools and you will see the item called “XML Mapper”.  The tool allows any type of XML document file to be converted over to a data packet file (*.xml,*.cds), schema files (*.dtd,*.xdr,*.xsd), repository files (*.xrp) and transformation files (*.xtr), or vice versa where you can load a datapacket back into an XML file.

Once the file is loaded, you have the ability of viewing either the document or schema view by clicking the tabs below on the left side.  The tabs on top are DTD, XDR or XML-Schema as displayed below.

 

Create and test transformation

  1. First select the radio button that indicates what the transformation creates:
  • Choose the Datapacket to XML button if the mapping goes from data packet to XML document.
  • Choose the XML to Datapacket button if the mapping goes from XML document to data packet.
  1. If you are generating a data packet, you will also want to use the radio buttons in the Create Datapacket As section. These buttons let you specify how the data packet will be used: as a dataset, as a delta packet for applying updates, or as the parameters to supply to a provider before fetching data.
  2. Click Create and Test Transformation to generate an in-memory version of the transformation. XML mapper displays the XML document that would be generated for the data packet in the Datapacket pane or the data packet that would be generated for the XML document in the XML Document pane.
  3. Finally, choose File > Save > Transformation to save the transformation file. The transformation file is a special XML file (with the .xtr extension) that describes the transformation you have defined.

 

The image below shows the mapping  with the field types and the lengths.

 

Upon clicking on the button the result is displayed with the XML data mapped to the particular field.  So now i can save this as a datapacket file and have my clientdataset read the information.

Here is a simple application that will display the XML on a datagrid.

So just follow these simple steps to create an XTR file from XML in Delphi using XML Mapper:

1. Open the XML Mapper Tools from RAD Studio.

2. Load the XML document.  All the nodes will appear on the left section of XML Mapper.

3. Right click on left section and select “Select All Children” option or simply click on each field.

4. Hit “Create and Test Transformation” button in the middle section of XML Mapper.

5. You can than save the Datapacket to a XTR file for use in your application.  It is that simple.

Click on the logo for more information

 

Delphi

 

Apple Offers Apology, Replacement Deal for Tired iPhone Batteries

Apple has finally told everyone that they slowed down your smart devices due to batteries that no longer could no longer perform up to speed.  iPhone users also got a $29 battery replacement deal.

Message sent

The message sent to all users had the following:

“We know that some of you feel Apple has let you down, we apologize.”

“First and foremost, we have never—and would never—do anything to intentionally shorten the life of any Apple product, or degrade the user experience to drive customer upgrades, Our goal has always been to create products that our customers love, and making iPhones last as long as possible is an important part of that.”

Purchase a replacement battery

The apology does not help anyone who purchases a device between $600 to $900 dollars finding out there is only so much you can do. iPhone users is the $29 battery deal which will allow owners of the iPhone 6 and later to replace the batteries in their phones at a $50 discount. The deal lasts for a year, after which Apple will apparently hike the replacement cost back up to $79.  As always, the push for updating iOS came into sight as well.

The apology falls short of telling anyone they are sorry for slowing your device nor does it indicate that their battery stinks, in which case everyone knew.  This is why there is a class suit filed December 21st in Los Angeles as well as Chicago and New York getting involved.

Users of iPhones older than the iPhone 6, iPads and MacBooks aren’t included in the battery deal. However, Apple does offer battery life extension tips for these devices.

 

Microsoft releases PowerShell script for purpose of testing of Meltdown and Spectre

PowerShell

With the latest news concerning the possible attacks within your computer hardware Microsoft has jumped on providing a PowerShell Script to give a user basic knowledge whether they are vulnerable.  Baron Software followed the guidelines and can attest that it does work providing the end user with information but it doesn’t really tell the end user what to do.  This is almost like being in a bomb shelter waiting for the explosion to happen.

Commendable for Microsoft

Microsoft, at least gave something to work on while hardware manufacturers have to come up with a plan on protecting the end user.  That should be happening in the next few weeks to months but also be aware that countless folks that have older equipment which is no longer supported can be left out.

3 Point Plan

  1. Verify that you are running a supported antivirus application before you install OS or firmware updates.   Make sure you have the latest Anti-Virus software installed and updates are applied.
  2. Apply all available Windows operating system updates, including the January 2018 Windows security updates.
  3. Apply the applicable firmware update that is provided by the device manufacturer.  Wait until the manufacturer issues the release and you review it.  Do not apply out of fear due to the fact that if the firmware is updated and a problem occurs it is possible that the machine can become unusable.

Remember the attacks can only occur if you allow applications from the outside to be executed on the computer as well as leaving it open to the internet by keeping your router unprotected.

Windows PowerShell

The following steps were performed on a Windows 10 Professional machine so be aware of what operating system you have installed.  This does not hurt or disable anything but instead provides information.

  1. Press the Windows key and type PowerShell.
  2. Right click the PowerShell shortcut and select Run as Administrator.
  3. Type Install-Module SpeculationControl and press Enter.
  4. If you are prompted to install the NuGet provider, type Y and press Enter, and repeat if you are warned about installing from an untrusted repository.
  5. With the installation complete, type Import-Module SpeculationControl and press Enter.
  6. Type Get-SpeculationControlSettings and press Enter.

When executing these steps, there is a possibility that the execution policy will not allow it.  Microsoft provides the following information on setting the execution policy for the current user or machine, once again it does not damage anything and you can revert the policy back.

Following steps to save current policy, run the script and revert back.

 $SaveCurrentExecutionPolicy = Get-ExecutionPolicy

Set-ExecutionPolicy AllSigned -Scope Currentuser

Import-Module SpeculationControl

Get-SpeculationControlSettings

# Reset the execution policy to the original state

Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

Get-SpeculationControlSettings Output

What does this all mean.  Displayed below you will see that the machine this was executed on needs to update the firmware and that is in a holding state until the vendor gets back.

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.

BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True

Now you have a taste of what PowerShell can do for you and it is installed on most machines with the latest operating systems and it is a valuable asset to replace good old DOS command.  Go ahead and review what was written to prepare your work place for safety.

How to Protect Your Home Router from Attacks

Protecting everything at your home is essential to your daily life at this point.  You are now using a router in your home for everything from smart devices (ipads, iphones, android devices), printers and workstations. Now is the time to follow these simple instructions.

Choosing a router

You get what you paid for.  Simple term for simple things, you go cheap and you can expect anybody on the outside to attack your internal structure.  Keep in mind you want a solid piece of equipment that provides you with the utmost security and closing down users from the outside.

Change the default admin password

Everybody makes the mistake of not changing a default password when installing a new router.  Big mistake.  Keeping the default password simply allows outside attackers to log into your router and inflect damage.  Choose a strong password and, if given the option, also change the username for the default administrative account.

Secure the administrative interface

Many routers allow users to expose the admin interface to the internet for remote administration and some older devices even have it configured this way by default. This is a very bad idea even if the admin password is changed, because many of the vulnerabilities found in routers are located in their web-based management interfaces.

 

Shutting down services not needed

Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they’re actually needed. UPnP service should never be exposed to the internet as well.  In simple terms, keep only the services you need open otherwise close them down.

Secure, Secure and Secure more

Make sure you set up your router with a robust password that is difficult to crack but easy enough for you to remember.  Use alphanumeric characters as well as special characters and finally upper and lower case mix.  If you do not need the guest account to be open then close it.

Additional information can be located here

 

 

 

 

Meltdown and Spectre vulnerabilities

Recently, two critical vulnerabilities were discovered in modern processors. Dubbed “Meltdown and Spectre”, these processor chip vulnerabilities are found on personal computers, mobile devices, and in the cloud.

What is Meltdown

Meltdown exploits a flaw in out-of-order execution, a performance feature found in many modern processor chips. The researchers who discovered it have confirmed that it affects every Intel processor since 1995 (with the exception of pre-2013 Intel Itanium and Intel Atom processors). However, they added that it remains unclear whether ARM and AMD processors are also affected by the vulnerability.

If successfully exploited, an attacker can obtain a copy of the entire kernel address space, including any mapped physical memory, in other words, any data stored in memory at the time of the attack.

What is Spectre

Spectre  has a similar outcome but works in a slightly different way, and exploits a flaw in processor design to trick an application into leaking information stored in memory.

According to the team who discovered Spectre, virtually all modern processors are affected by the vulnerability, including Intel, AMD, and ARM chips. Once again, the vulnerability is operating system agnostic.

Now, the best thing to do at this point is to make sure your workstations are up to date with anti-virus packages and be careful with installing applications from unknown vendors as well as attachments.

Get the latest Anti-virus package.

Baron Software does recommend using Symantec/Norton anti-virus package due to the reliability and updates provided.  The support team at Symantec works countless hours to provide security but you need to understand that if you allow a application to be installed then nothing will help you but a removal tool.

 

ZDNet predicts will 2018 see the death of printers and email in the workplace?

Well as it is expected to come the latest predictions are coming out of the wood work.  ZDNet has predicted that the end of email and the printer in the work place is a thing that will occur within the near future.  Baron Software predicts that neither will be gone at least for another 10 to 15 years.  This theory is solely based on government agencies that still have to provide letters as well as documents for the people.

Sure people can open PDFs on their terminals for review a document but still the old hard copy has to be provided during internal meetings, letters, manuals, etc.  People tend to use their smart devices a lot more to reduce the amount of reading and with each generation it does change.

Older or Younger time to deal with it.

The older workforce still have to review printed documents for the most part as well as they are still the sole folks that purchase newspapers and books.

ZDNet does use the 2017-2018 State of Enterprise Work Report to provide the intelligence to back the issue that productivity drops when a worker needs to review their emails coming from various people which could take up a solid amount of time.  This argument has gone on for the past 5 years and a company actually needs to understand how to make emails work for them by simply laying ground work on reducing the static generated by various parties.  As you may know multiple people within a email trail will place comments extending the email’s life cycle.  If the company was taught correctly that the initial email should not request comments or thoughts but instead do it within a meeting.  From there delegate the person who will be heading the group for that particular project.

The minute the original email opens up a conversation on thoughts or ideas, this can create numerous waste of time types of emails with no thought pattern or just complaining.

Final thoughts or should i send you an email ?

Within the organizations or corporate world there are groups that tend to do things for political reasons for additional power or to enforce the demise of a leader.  The company should teach employees how to reduce the amount of unnecessary emails as well as printing out pages for no reason.  Keep it simple and productivity will increase.

There could be books written on this type of subject but would it be done electronically ?

What to do if your database seems slow

Quite a few times during a business day or even after hours, you have noticed that your database requests or queries tend to be slow with the results.  This could be that your database has become bloated with constant usage.  There are a few things that the IT / DBA or you, can do to resolve these possible serious issues.

Databases work almost like people, they tend to keep inactive data that uses disk space, poor design and even the over-indexing of tables which could be some of the reasons for poor performance to outright collapse.

Step one – inactive data to archives.

The first step is to research whether there is too much inactive data.  This is data that is no longer part of the active processing that takes place such as medical records from several years ago.  You need to keep them but should something from 2001 be kept in the current production database.   That data can easily be placed in a separate archive database that can be used for historical matters.  It can be accessed at any time as well as cutting the backup time for the production database.  In the long term this information can either be purged or put into archive backups saved off line.

Step two – Indexing

 

The second step is to research whether you have way too many indexes on tables that are not used, or on columns no longer important.  Indexes slow down write operations, lead to frequent deadlocks or other different issues that occur.  There are multiple websites that provide scripts to check on index performances, you can click here to view one of them.

Any sort of performance testing has to be done over time and cannot be concluded in minutes (naturally a bad index or query can be noticed by the time it took to completion).  For instance performance might decrease if the indexes are heavily fragmented.  For the Microsoft SQL server you can use the sys.dm_db_index_physical_stats system function to detect the index fragmentation especially if it is over 30 percent.

Final Step – Poor Design

Finally poor database design will always be the main culprit in any database package.  Regardless of the testing you cannot make a bad structured layout look like a swan unless a major overhaul occurs.  You can also simply have memory issues that affect the overall performance or older servers that need to be replaced.

The best thing for any developer to make sure that they lay out the design before going to work and this will cut down 60 to 70 percent of trouble.  The leftover 30 percent is just good old data that needs to be dealt with loving care.

 

Development

Almediadev announces update to StyleControls V3.81

New features

Version  3.81

 

* added: TscExPanel.OnCaptionDblClick event

* added: TscExPanel.ChangeRollStateWithCaptionClick property

* improved: TscGPCheckBox, TscGPRadioButton controls (bidi support + support of Layout property)

* fixed: drawing of styled TscStatusBar when some panel has width = 0

* improved: support of TscStykeManager.StyleArrowType property in styled forms and controls

* improved: scaling of TscTrackBar, TscDBNavigator with VCL Styles

* updated: help and some demos