Thursday, October 22, 2009

Ionworx ICE License security analysis re-review

Your reviewer re-reviews security claims found in latest IonWorx IceLicense:

Ionworx uses PE Compact to protect itself:



Then Ionworx uses TurboPower LockBox for it's protection scheme:



Most of IceLicense can be easily reversed:



Most of the protections against debuggers, Anti-cracks are mostly useless because they do not work against latest versions of those debuggers, anti-cracks. In fact, those debuggers and anti-crackers are so much more advanced they skip all the anti-debug, anti-(whatever) that IonWorx uses to protect itself.

In the picture above, shows two concurrent statements, "_TForm1_IceLicense1TrialExpired" calling @Dialogs@MessageDlg$qqrx17System@AnsiString19Dialogs (which is ShowMessage in other words)

with data at word_47EAC0 being moved into it. What is data at word_47EAC0? It is shown below in the same picture:

'Your trial period has been expired, please register now!'

Now suppose your reviewer flips some bytes to disable this message box, it can easily be done:



Maybe after given an extended trial, I should register IceLicense later...

Most of ICE License algorithms can easily be reconstructed back to original source codes.



Claims and counter-claims
ICE License does not live upto it's promise as a robust copy-protection scheme. Most of the users who buy this get burned or switch to other copy-protection schemes.

It does not give any security towards copy-protection. The methods, algorithms how ICE License works are easily reversible. The claims may fool a beginner with no knowledge of copy protection, but it cannot fool experts.

Anti-Debugging mechanisms can easily be bypassed, using knowledge of assembly. The Key Generator uses TurboPower LockBox (MPL). The run-time source code encryption is also false because it uses simple XOR instead of virtualization, code regeneration found in higher end copy protection mechanisms.

The claim of secure strings is based on TurboPower Lockbox package, not the original package itself. You can use TurboPower LockBox to encrypt strings securely.

ICE License is not the first to prevent Illegal license exportation, there are many others which actually work, such as WinLicense, ExeCrypt.

NetWork protection does not protect more than >= 255 computers because it uses NetBios.

Conclusion
Your reviewer is not out to take revenge on IonWorx, instead, it is to inform that most of the advertiser's claim are misleading and against careful checks, they are false.


March 2013 update
See updated article at Ionworx Re-review, Ionworx icelicense reveiwed
See Article corrections
See related article: Ionworx SerialSheild Review

Sunday, October 18, 2009

Perhaps an end...

Hi,

I am going on long journey and new job, new life, and all the old, this Delphi thing, i looked back at it, and looking forward at my new job, i can perhaps, forget about the old.

It had to come to an end somewhere, it was pointless to constantly complain about Delphi. The newer things, SilverLight, ASP.NET, C#, Cloud computing, have all taken over Delphi...

New developments are all C#, Java, PHP, Python, JavaScript, SQL, all server based, cloud-computing.

Does it matter at end of day? Only those who have means and money to finance the next round of software matter. Those who do not, just have to shut-up.

There are few jobs-openings in Delphi, there are few expert job openings in Delphi, only new job-openings are in C++ and NET... Even to write a basic website is in C#/Java/PHP/Perl/Python/RubyOnRails. Even to write a good game needs either DarkBasic or Visual C++ with Torque Engine.

Saturday, October 17, 2009

Vendor Hacking

Did you know if your website is probably leaking some confidential information?

Your reviewer looked at found several insecure websites owned by some Delphi vendors ... which could lead to unwanted logins and downloads.

Unfamiliar Questions
Q1: Is your website secure, like only you can Login into, or 101 people can illegally login from your site?

Q2: Did you ever consider updating that Windows server with all service packs, and with all updates?

Q3: Did you consider getting latest version of that forum you use, you know, like PHPBb, or latest Snitz forum before someone review your site for holes?

Q4: Did you ever consider securing MySQL access, so only you can use it, or is there 50 extra "guest logins" to access your forum, and possibly that private WordPress blog on your site? Also that private X-rated photoblog, or maybe Dear Diary site :)

Q5: Did you ever consider securing MSSQL access to your server, so only you can use it, Maybe someone from China or maybe South Africa can access your MSSQL server found on your server? Maybe they downloaded some extra stuff, like that version control backup!

Q6: Did you ever consider securing mail server, you know, someone else could be reading your email? (They do it by getting the mail, and then not deleting the content.)

Q7: Is someone else having extra access to your FTP site? Did Paul, John, or maybe Norman Bates (from Psycho) recently login or running a password attack exploit on your FTP? Have you consider getting an SSL/FTP site instead?

Q8: Did you ever consider buying a high-end firewall for your server and constant anti-virus scanning? you know, to prevent those extra ports from opening without your knowledge?

Q9: Did you ever consider looking at the Windows User list, are there more users than physical users?, More administrators than normal users?

Q10: Did you ever consider someone else maybe using your website or servers without your knowledge? Maybe there are extra unwanted directories or maybe extra ISO files for no reason? Did you look hard enough?

Q11: Does your server send spam without your knowledge? Or maybe have some extra unwanted IP address?

Maybe things go bonk at night, but really, have a hard review of security on your servers. But of course, for some vendors, your reviewer just keeps quiet...

Your reviewer, DelphiHater once told a few Delphi Vendors about some stupid security issue on their website, and was told to *********-OFF and get lost.

but really, who cares? they would shoot the messenger, maybe the vendor deserves it.

Vendor Fail

Your reviewer was thinking about some vendors who monitor rapidshare and other file-uploading websites. They would monitor them and then get the file deleted...

Here's an interesting suggestion, why not "do not" monitor them and allow unconditional downloading?

There's this thing called free-usage, you know, what the internet is? You give them all the months and months of hard work you did, only to get some technical support request on some warez forum, because your forum is filled with spam.

The people are asking, Request, this component, and it's your work. Should you allow them to have "unconditional and free access" to your months and months of work? They should be able to use it without problems, right?

The vendor there, didn't do such good job of testing, so the people who downloaded for free, they tested it well, and gave unbiased feedback. Like how it crashed, or how they replaced your components for another set of components, like your competitor's!, right!.

Or maybe, the vendor did not do such good job of documentation, and complain how the documentation is "pure garbage" and they needed to google around for answers. Or maybe there is simply no help files, no demos or nothing. Maybe some stupid DCUs nobody can even use.

Then, think about the costs. The vendor spend hours and hours writing the library, making component after component, and put a US$299 price tag for the library, which for some reason, nobody can seem to pay?

Then, think about it, the Euro 2599 cost for Delphi 2010, who is going to pay it? someone must have come up with the money to pay it... the rent for the vendor's house, or mortgage for the vendor's house?

Maybe it's time to have a hard look around, and maybe start considering another market, another job..., oh wait, maybe there's money from free, like:

1,000 downloads x 0 paid customers = US$0
10,000 rapidshare downloads x 0 paid customers = US$0

The components are free! The vendor is getting lots of unpaid customers but, zero paid customers!

Example Needs
Your reviewer was looking at "very urgent" need for BIDI (Bi_Directional) input, but sadly, none of the current developers, from DevExpress, TMS and even LMD do not have it. Why? Because none of those asking for it are willing to pay for it. No pay, no components.

Another example, is some funny times-table component, which is custom-made string-grid with custom-draw in it. Help me! I need this free of charge, can you help me? I won't even pay you for it, I'll spit on you when done, you won't even get any profits from the final work. :)

Another example, is Explorer Shell Namespace (Namespace) Integration. It's really easy in C++, but hard to do in Delphi because nobody bothered to translate the headers from C++ to Delphi (probably because the former Jedi person who did it got insulted, personal attacks), and the Jedi team then stopped the C++ conversions and focus on Jedit Component Library and J-VCL.

More Examples
I really need AppControls Delphi 2009/Delphi 2010 edition, the same one DelphiHater reviewed*! ... (Maybe the reason why there is no AppControls is because the vendor has no money to pay for the original version and cannot release a Delphi 2009 edition).

I also need either VCLZip or some Zipping tool for Delphi 2009/2010 with sources please! Or maybe MadExcept for D2009/D2009, please help me!

Conclusion
Help-me, I very, very much need help for free libraries and components, to build my product that sells for thousands of dollars, but nothing I will ever pay!

[* Your reviewer updated AppControls to D2009/D2010]

Friday, October 16, 2009

QA Dept: Skype review

Your reviewer had an itch for some VOIP ideas, so decided to look around.

The famous Skype uses:

Delphi 2007,
- TNT Controls, such as TNT Menus, TNTWideStrings, TNTShapeLabel, TNTLabel, TNTEdit, TNTRichEdit, TNTRegistry,

- Jedi Security Library, (some Jedi libs, like Windows Address Book interface; not all)

- TuboPower Abbrevia, ZLib 1.2.3

- Akadia XML (Freeware with sources)

- Indy, MD5, SHA, FGIntRSA (Part of Indy)

- Alcinoe CPUID

- Indy modified with ZeroC's ICE communication (www.zeroc.com)
[Did you see their forum, people were begging for a Delphi edition, but with no Delphi sales, no Delphi version :)]

- Global Sound library


Others:

- Older versions of Skype "used" to use Julian's WPTools, maybe it got replaced with Unicode TRichEdit.

Thursday, October 15, 2009

Fan mail: Add-in-Express copy-protection, BrickSoft copy-protection dissected

Your reviewer sees two gold standards in copy-protection, namely, Add-in-Express copy-protection and BrickSoft copy-protection.

It also gives some ideas to "other" Delphi vendors to make their products better and better.

Defense #1, is raising prices. Make those who want full sources pay more than a thousand dollars. That's the correct price to deter those warez teams. If you price it US$200 or US$300 dollars, do not be surprised warez teams using fake credit cards will start making those fake credit cards orders.

Defense #2, is address-verification. Verify those credit card holders so that anyone from Russia, such as Rocky ("Mr. Protas & Friends") can be easily found out. Why did your reviewer know about Mr. Protas? I guess someone had an insecure customer site and you could view all the blackedlist customers :)

Defense #3, is no support for unpaid users. Make them pay and give them a 30-days money back guarantee. Really good idea, since credit-card frauds will not get any support. That means those who get it "illegally" get no support what-so-ever.

Defense #4, make everyone who register on forum use their real name, so JohnDoe do not have a chance to hide.

Defense #5, is use on-line activation. Have a person who is from India and then use the software in Pakistan? No way, the setup will just fail. Since the "key" can be validated online (contrary to what they say), all it takes is just disable the customer and end of problem.

Defense #6, is use subscription model, make those who need it pay, really pay. Since those good-for-nothing customers who use pirated software won't pay, that cuts off a line of "updates" for them.

Defense #7, is use water-marking. Did you know that the source code files are watermarked? Maybe when you share your sources with the world, just remember that someone paid for it, and he's going to get his license canceled.

Defense #8, monitor RapidShare, and those file-sharing sites. Cut off those illegal downloads as quickly as they are uploaded.

Defense #9, call your customers. Even SMS them and ask them to type down the contents of SMS to email. It cuts down on software piracy by 99% since hand-phones can be much easily traced down to a RealName(tm) than some anonymous pirate.

Defense #10, copy-protect the BPLs and give BPL trials with very restricted sources. Make sure the design-time is copy-protected with multiple layers. That allows Delphi to load, and since Delphi is normally excluded from firewall, and make sure you call home every once in while, too.

Defense #11, give machine specific hardware keys to copy-protected BPLs. That means that the casual pirate cannot share his copy of Add-in-Express with someone else, such as his co-worker, or maybe the 20-people Development team in India using 1 copy of Add-in-Express. No, really.

Defense #12, since the BPLs are copy-protected with machine specific hardware keys, code is watermarked, it becomes much easier to trace down who leaked it, and of course, since the BPLs are copy-protected, it will not work. It means game-over for people trying to use the pirated versions.

Defense #13, is use different hardware specific keys for Armadillo. Contrary to what customers think, Armadillo still have some life in it, like stopping all but the most expert crackers. Anyone who spends a month trying to crack 5 or 6 copy-protected files with different Armadillo keys and strip-out the copy-protection will have a nice time, really nice time.

Defense #14, is use all the features in Armadillo, like nano-mites, code splicing. Then let it load into Delphi. Sure, it works 100%, but trying to crack it will be like, ...,

Defense #15, Use a large public key, like a 1024-bit primary key and private key for cryptography, and use proper methods to encrypt the files. (See #16)

Defense #16, Use real cryptography rather than funny XOR. Why did I mention funny XOR? to stop the idiots on the internet who decoded the DevExpress public-key and found the "private key" and started to issue licenses. Maybe "they" should consider setup DevExpress RU or DevExpress CN (China) :)

If DevExpress is reading this, they need to stop using funny XOR and consider two things:

- widen the key from 56-bit,128-bit,256-bit,512-bit,768-bit to 1024-bit key. Even consider 2048-bit key if piracy still persists.

- stop using XOR and simple algorithms. Try using better hashing algorithms such as SHA2 (instead of MD5) for authentication.

- copy-protect their files using Armadillo with machine specific keys.

Defense #17, goes to BrickSoft. For example, every time they connect on-line, it goes to their license server to validate the user, unless they pay for the US$5000 version.

Defense #18, in order to use a RAR password correctly, here is the correct instructions:

When you have RAR files, download the RAR passwords from on-line activation. Do not store them inside your setup. No on-line activation, no RAR password.

Since a RAR file can have multiple passwords, consider building a RAR file with 10 or 20 different passwords.

Defense #19, Remember to use SSL instead of HTTP for on-line activation, no really. Think about it.

Defense #20, Setup too many times, fail the on-line activation. Get the customer to mail about it. Sure, there will be some customers who would complain, but wh0knows?

Defense #21, read this blog, it will give you more money-making advice than you can ever think about.

Migration knowledge: Converting a 100-form IntraWeb site to C#/ASP.NET

This migration knowledge story probably would not even get published by Embarcadero, but worth telling.

Environment:
- Delphi Enterprise 2006 x 3 (US$2000 each),
- IntraWeb 2006 x 3 (Euro 1,199),
- UniDac 2006 x 3 license (Euro 399 each),
- TMS IntraWeb Component Pack Pro Site License (Euro 395),
- Fast Report Server (Euro 1,000),
Charged via MasterCard

The site that was to be published but was not. Your reviewer, being a Delphi fan, and 2 other Delphi developers embarked upon a journey better described as hell-raising experience: Convert a VB/ASP site into modern looking, Ajax-compatible site.

[At that time, we had DevExpress ExpressWeb, but stopped using it because it was no longer supported in Delphi]

We inherited the site from an Indian outsourcing company who failed to maintain it well, and from tried, at least tried to get it working with Delphi.

The initial development went well, and work started from days into weeks, then into months. the trouble started with the awful looking IntraWeb website design...

Take a look at "other" websites. How fast do they load? they load almost instantaneously. Take a look at IntraWeb website. How long does the default startup page load for your ISAPI website? (Approx 8-9 seconds).

Is there any way to beautify an existing IWPage, nope, except unless you get TMS IntraWeb Pro pack, since that allows you to access the scripting and script your site and web-elements. But joy turned to sadness when none of the Joomla! templates or WordPress basic HTML templates worked. Not even a basic layout (like the C#/ASPX master page worked).

Then we tried frames, but the frames support was minimal, and only IFAME support worked. Then we tried to link the front-end site to the back-end site, only to see the click from PHP only to go into to main default page (Can someone please ask ArcanaTech to UPDATE their libraries? It's now open-source and not updated so often and with little documentation)

The grids did not fare well towards large datasets. Go to any decent Ajax vendor website, and click on any of their web-based grids, chances are, they would load faster than the IntraWeb grids or even TMS IntraWeb grids.

Edit controls are so poor, even the IntraWeb and TMS IntraWeb pack leaves much to be desired. Could they at least not use decent colors instead of all gray? Even ExtJS and other Ajax libraries use decent buttons for their grids.

The logic was awry because back button was disabled. Sure, how would the customer feel if there was no back button? Then you would have to make all sorts of navigation layouts for this. Did I mention about the non-professional Outlook bar, or menus? Look at other web-based menu systems. I would consider it a joke.

One fine day, the customer could no longer tolerate the basic-looking website, and 100 Forms, all checked-in, we looked at Visual Studio ASP.NET Express

The very basic thing about Visual Studio is not that it's free, the thing works. You want a good ASP.NET website, within hours you can get the same effort.

- Let's talk about session handling, a dirty word in Delphi. Why is it that Delphi have no good session handling outside IntraWeb? Even the ISAPI examples are so plain, you might consider them good for simple sites. With ASP.NET, you have various methods of session handling. To be fair, IntraWeb have various handling methods, but no control over the back button.

- Let's talk about Browser. Suppose you use Chrome on an old IntraWeb site, no dice, you have to upgrade. Use Chrome on an old ASP.NET site, it works without problems. Since IntraWeb controls the environment, and browse specific, you get all sorts of problems for no reason.

- Let's talk about Data. Pump up a 50 page (page 1..50) with 50 items each. Tell me any IntraWeb example that does this with live data and with 10 or 20 concurrent users. Did anyone try? or did nobody try because there are no known working IntraWeb site (even AracanaTech and TMSsite is ASP.NET) to try this out. Why not ask Borland to change their QA Central to IntraWeb? that would be real test :)

We were surprised by fast development pace (BTW: Order the book "NET 2.0 for Dephi Developers", the poor person who wrote this book reported poor sales) and fast compile time.

The heresy that goes around is that C# compiles longer than Delphi/Intraweb does and takes longer, well, if Delphi/IntraWeb is so good, why are there not more sites?

Conversion tips:
- To start, the equivalent of TIWPage, TIWForm in Dephi is ASPX form, or *.aspx files.

- There are no IntraWeb "master" pages or template layouts. The equivalent is ".master" files in ASPX.

- There are various grids and edit controls you can use. Ajax, C#-based ASP.NET grids, and nice edit controls. Did anyone ever notice the Atlas Ajax site? Shhh, keep it a secret from Delphi developers...

Conversion took two months, but that two months were gushing with praise from the owners of the site, and after 9 months, the site broke even.

It was really Delphi that could, if IntraWeb could fix those flaws, but sadly, the C# version was much better.

Delphi: Playing games

Your reviewer was looking at some ALM (Ailing, Lamenting and Moaning) from game developers trying to use Delphi to make games.

Delphi Game Development. End.

Your reviewer takes look Delphi to develop games... The first thing your reviewer noticed is lack of usable game engines or mostly "samples" or very basic demos.

First is the SpriteCraft engine, from a one-page website (make that two if you consider the ftp listing) and unclear project development status. It is not updated to Delphi 2009, and without any decent documentation or examples, your reviewer will have to pass.

The next is andorra, but program against a DLL and with some wierd interface, DevIL.dll, FreeImage.dll, why not link directly to all of those libraries and make your program open-source? Many issues, such as using DLLs, pixel collision issues, memory leaks, non-existent level editor, sprite render (you do-it-yourself) to name a few.

The next is DelphiX, or UnDelphiX, the once updated and seem to require everyone else to publish an unofficial patch or something else to update it. It got so bad, that some people stopped using it due to bad headers/ non-supported featured. Since it was never completed, maybe the results are non-completed Delphi games?

The next is Aspyhre, but not complete, if you dig around, there is a Sprite/Title editor, casual GUI interface, but no good collision engine or fully working game example? What returns are there to develop an Astroids demo or simple non-working Diablo-game?

The next is GLXTreem but that goes into a missing website. Oh well...

Delphi Hater presents...
Your reviewer was looking for a game engine, a solid good game engine that he could develop with using Delphi D2007/D2009/D2010, and even give some money to it going to make a game, but by the looks of how the Delphi gaming community is going, it looks much worse.

Your reviewer googled around and found few quiet sites - PascalGameDevelopment and some game forums.

Your reviewer Downloaded UnDelphiX then SongBeamer's D2009/D2010 DirectX translated headers, then tried GLScene (is there not a library that does both DirectX and OpenGL)? then tried Aspyhre, but ran into sound problems, sprite problem, world map problems. It simply took too long to develop an equivalent "Hello World" game.

There's GameMaker A7/A8 engine, but the "Delphi" part are plug-ins. Ditto for RPGMaker, they call it DLL add-ons and program using Lua/Python.

Your reviewer looked around, notably DarkBasic, C++/Torque and Unity Engine/C++...


Thinking twice...
Now starts the review. Suppose you want to develop a game, what would you do?

- use Delphi and get bad results, mediocre, for making simple games?
- use DarkBasic and their Gaming SDK?
- use Visual C++ and get Torque/Unity/Blender game engine?

then I came back and read about the students who posted on Embarcadero's forums who wanted a copy of Delphi to make games, and wonder if it was all a bad dream, that no-matter how good Delphi was, because of high prices, little-or-no-gaming-support it could be simply wishing thinking.

Playing the devil's advocate, suppose DelphiHater makes game with Delphi, but all the profits would be eaten up by development costs, or maybe the game would fail (what's the difference It could be WorseThanFailure?)

For Delphi, it would be better for playing around, and nothing really serious for game development.

Monday, October 12, 2009

Tales from the Scene #6: Theory & Practice #1

Your reviewer shares some thoughts about Pirates of the Deli'burn.
Your reviewer pretends to a Captain of the British Navy studying them.

Most of them are novices, like Guybrush Threepwood, the wannabe pirate and take the easy way out on things.

Tale #1 required some explanation, so I will give examples.



Example #1: Addictive Software, spell checker.
It's easy to find non-legal copies of Addictive Spell Checker with sources. Google for:
""Addictive Spell Checker" warez"
""Addictive Spell Checker" rapidshare.com"
""Addictive Spell Checker" rapidshare.de"

This Delphi vendor uses Innosetup and Password. Download Innounp* and then extract the files. Mr. Glenn Couch, if you are reading this, please use another copy protection scheme.

* References:
innoup - http://innounp.sourceforge.net

DelphiHater gives some advice:
- Mr. Glenn Couch, you might want to consider checking your customers for "unclean" and "non-contactable" customers.
- Have you considered giving your "newer" customers a phone call or customers and watermarking files? That would greatly deter on fraudulent customers.
- Have you considered using BPL-only trials?
- Have you considered on-line activation?



Example #2: AidAim.com, Custom setups
It's easy to find non-legal copies of Accuracer. Google for:
""Accuracer" warez"
""Accuracer" rapidshare.com"
""Accuracer" rapidshare.de"

This Delphi vendor uses Custom Setup (with flaws). Mrs. Ella Pellaman, if you are reading this DelphiHater gives some advice:

- Consider checking your customers for "unclean" and "non-contactable" customers.
- This vendor uses custom-setup, with one flaw: files are not watermarked after installation.
- While AidAim contacts customers, allowing full access to their customer download site is inviting trouble, is it not? Have you considered putting serial number check before allowing access to download site?
- Have you considered using BPL-only trials?
- Have you considered on-line activation?




Example #3: AppControls.com, Innosetup
It's easy to find non-legal copies of AppControls. Google for:
""AppControls" warez"
""AppControls" rapidshare.com"
""AppControls" rapidshare.de"

This Delphi vendor uses Innosetup. Mr. Alexey K., if you are reading this DelphiHater gives some advice:

- Use another installer instead.
- Watermark files after installation.
- Have you considered using BPL-only trials?
- Have you considered on-line activation?




Example #4: RemObjects, Wise Installer
It's easy to find non-legal copies of RemObjects. Google for:
(you know...)

This Delphi vendor uses Wise Installer. Mr. Cornelius, if you are reading this DelphiHater gives some advice:

- If you use Wise unpacker, you can unpack all files. Why bother with setup?
- Use another installer instead.
- The website has flaw: You can re-construct the URL and download the setups :)
- Does not watermark files after installation.
- Mostly using XOR
- Have you considered using BPL-only trials?
- Have you considered on-line activation?




Example #5: DevExpress, custom setup.
It's easy to find non-legal copies of DevExpress.VCL. Google for:
(you know...)

This Delphi vendor uses custom setup. Mr. Julian Bucknall, if you are reading this DelphiHater gives some advice:

- Don't put all sources into 1 RAR file (the RAR password is easily found out).
- Don't use XOR (LOL)
- XOR, like XOR Machine Name,
- XOR, like XOR RAR Password
- Put a dead man's switch to prevent people from abusing the SSL activation service
Have you considered GeoIP and blocking repeat failures?
- Don't put newer downloads for non-active customers :)
- Consider watermarking files



Example #6: TMS, innosetup.
It's easy to find non-legal copies of TMS. Google for:
(you know...)

This Delphi vendor uses innosetup. Mr. Bruno, if you are reading this DelphiHater gives some advice:

- Consider using another installer. People just use innounp and extract all files. The installer cannot even watermark files yet :)
- Don't put newer downloads for non-active customers :)
- Have you considered using BPL-only trials?
- Have you considered on-line activation?




More to come...

:)

Sunday, October 11, 2009

Tales from the scene #5: How not to criticize this blog

Your reviewer got some emails and some flak*

(* flak: Soldiers of Fortune, reader replies)

Every now and then, there would be some feeble-minded person who would just say, this blog is full of hearsay, or not accurate.

Here's some suggestion for those who want to criticize this blog:

1) Be specific. There are over 50 articles on this blog, and if it's one article where the facts are inaccurate, you can point it out:

- There were several corrections, spelling-mistake fixes, date-error fixes, factual inaccuracies corrected for the TurboPower article.

[Can someone inform person who is saying it is inaccurate that factual inaccuracies were fixed?]

- There were also corrections made for other articles as well.

- Corrections will be made, and scheduled.

2) There is right of reply. You are most welcome to slam this blog, and for this blog to publish facts defending the articles itself.

3) This blog is not interested in name-calling, mud-raking, personal attacks, or insults. Every time there is "intelligent discussion" about problems and issue with Delphi, it degenerates into mud-slinging, insults and personal attacks.

This blog focuses on facts, articles to debunk these people...

If the tool is soooo good, everyone should be making thousands of dollars, there would be excellent libraries, professional people, the kind you meet in freemason lodges or the Borcon conventions, thousands of people would attend them...

Instead, it degenerated into loss, poor-quality libraries, "Delphi forums" would be best called "dens of thieves" and nothing but cheating and stealing is common practice.

If a student who comes out from University comes and become a Delphi developer, only to learn his masters download pirated material, use all pirated software, the student will ask himself what future he has with his poor salary and poor work?

If the masters only depend on stealing and cheating, what will become of them?

I don't know the answer, but for DelphiHater, it seems to be easier for a camel to go through the eye of a needle than for a rich man to enter the kingdom of God...

Many of those people who developed in the 1980's, 1990s are now in their 40's, 50's and 60's... What are you going to do when you "get there?" Tell everyone you were part of the "scene" - ROR, TMG, FCN, DND, FLT, had "slots" and "rights"?

If you have no sin, cast the first stone, there is really no need to uphold the law (Thou shalth not steal, Thou shalth not bear false witness...)

What will you tell the priest when you go to confession? or when will you get "right" with your life?

4) Morality aside, your reviewer welcomes your comments.

To come:
Your reviewer is digging up financial information about Developer Express (surprising information), supposed Delphi-usage in Skype (Delphi-ICE (the protocol Skype uses), Global Sound licensing), Julian Zierch WpTools review (and suggested corrections to Julian's website), Smells like Team Spirit Nevrona, Delphi Economics Part 2, More people exposed, Delphi 2009, Update 5&6 review, SVCom review.

:)

Saturday, October 10, 2009

Tales from the scene #4 - Freebies

Has anyone wondered why nobody in Delphi community gives free components anymore? Your reviewer, DelphiHater will tell very dark tale.

Replying to Mr. DelphiLover (or one of Mr. DelphiLover's friends et al). there's always some kind of community project which for some reason, would require paid components and paid libraries, some free webhosting.

(Don't be surprised that one of Mr. Delphi Lover's friends/ or himself is organizing one right now...)

The tale goes back 8 or 9 years ago, in the wild, wild west of the internet. Many years ago, the there were these kind souls which would want to make those open-source projects and then use a bit of "paid" Delphi libraries here and there, and then post on their website they used this or that, etc.

In those days, there were plenty of open-source projects going along, when it seemed better to make open-source projects and somehow, paid libraries got in the way of doing business. Some kind souls would ask those paid-libraries vendors for a free version of their product in return for some blurb on their website that they used this, that, etc.

Some of those suckers were Mr. Tim Young (ElevateSoft), Mr. Glenn Couch (ESB Consult), Mr. Franciso Sanchez (Billenium Effects), Mr. Serge (Dream Company), Mr. Roy Woll (Woll2Woll) and Mr. Ray N. (DevExpress), Mr. Serge (TRichView), Mr. Mike S. (Scalabium), Mr. Vincent P. (of AToZed) to name a few.

The tale would go in this manner, there are kind souls who wants to make an open-source product and had some fetish "need" for using paid libraries and asked in return to make products which would benefit everyone.

What happened was opposite instead. Anyone remembers those days when the vendor released it, a few days later, the "free" version of his products would start floating around?

One of the vendors who got poor sales was Billenium Effects, Mr. Franciso Sanchez. He "used" to entertain those requests for free versions until he (and some other vendors) registered himself into those "Delphi Forums" and found the same culprit releasing his product for free... One of the more outspoken vendors, Mr. Vincent (AToZed) posted on the newsgroup about it. The word spread around, and from what DelphiHater knows, that kind soul (et al), lost almost all his "licenses".

Now you know why nobody gives free licenses, even for open-source projects...

... and, coming back to DelphiHater's reply to DelphiLover's question, the last version that was leaked out from ElevateSoft was DBISAM v4.28, and since the leak was shut down (wonder why?) there have been no leaks since then.

For AdinExpress, the files were watermarked. your reviewer, DelphiHater compared his version of AdinExpress 2007/2008/2009 files to DelphiLover's AdinExpress 2007 "free" to know that...

For DvaExpress, nobody is paid subscriber, otherwise, they would know about the components posted as attachment to DvaExpress private forums. They are interesting and useful.

DelphiHater can easily get support from Mr. Hoffman, Mr. Cornelius and Mr. Diman. and access more expensive libraries, such as Kaka Ez-PlanIt.

до встречи,

:)

QA Dept: Softel vdm's Delphi components

Tales from the scene #3
Has anyone ever wondered what happened to Softel vdm's Delphi components and why they are C++, ActiveX, DLL, NET component vendor instead?

Your reviewer, DelphiHater remembers many years ago (almost 6 years ago?) Softtel sent an email newsletter to everyone that they would discontinue their Delphi VCL products in favor of their C++ products. They mentioned they stopped it due to piracy and since nobody was buying their native VCL libraries, they would discontinue it.

References:
http://www.ddj.com/cpp/184403700 - SftTree/VCL 4.0

Wednesday, October 7, 2009

Fan Mail and Tales from the Scene #2

Q: What are your thoughts about people on those [non-legal sites]?

:) Let me take for example, DBISAM 4.28 or Add-in-Express 2009, none of those people have it. DBISAM costs US$529 (The minimum source code option). None of them are kind souls who will give out the source code for free after paying for it. That leads me think two things: They are just beggars waiting for another crack, patch to get them going along until someone "helps" out. When DelphiHater started recommending BPL for trials, lots of people started to have big problems compiling their EXEs.

These people have no ability to install BPLs or use DPKs or understand complex things. They don't understand developing a nice product takes 6 or 9 months while making a crack only takes a few days (and no profit). Suppose you hire someone, would you hire an experience person or someone who cannot even update code from Delphi 2007 to Delphi 2009? Or ask them to write new VCL component... maybe results are big mess because person is incompetent or lazy.

These people complain they earn low salary, but if you look closely, many of them are more interested to play World of Warcraft, buy iPods, and do everything else. They can probably download everything, and at end of day, everyone loses, the vendors like Developer Express, TMS, ElevateSoft lose money due to such people (and will not even pay for anything at all). The company that makes Delphi will report poor sales, and eventually no money for good jobs. Then people are begging for TurboDelphi or reduced costs. With such bad sales, nobody wins...

- no job (or low salary),
- no sales (or poor sales)
- no profits (or losses)
- prices will go up because of low sales

means fewer and fewer companies use Delphi. now even Universities do not teach using Delphi at all, which is even better.

Why not ask some of the people to "donate money" to vendors who make components to keep them alive?, they will think it's stupid, but look closely, all of them have no interest to pay anything at all. Some of the people experience hardship because their business shut down, or get fired from job, but think about it.

Think really long and hard, the future is coming soon, maybe DelphiHater knew something.

Website Obituary: TurboPower.com criticisms

DelphiHater thanks readers for pointing out factual discrepancies about TurboPower. DelphiHater want to mention couple of points:

a) The review was quite respectful, and this site does not have any swear words like the Linux Hater's blog. So you might to take look at characters of those who call this site "troll" and other swear words. Think about it...

b) Any volunteers who wants to port Opherus grid to Delphi 2009? Very few people did so, most of them have errors or partially complete files.

c) Anyone wants to check the other reviews - ProfGrid's DHTMLEdit review, or ShellPlus review or IonWorx review, or AppControls review? DelphiHater would love to get some criticisms on those reviews.

d) This website focuses on money aspects as well. Tell me anyone who can live on US$400-US900 a month as a Delphi developer [Going rate for Delphi developer now-a-days].

e) Notably, while everyone says it's here-say, DelphiHater wonders if anyone tried using any other interrupt than Int 10h to access video, or Int 2Fh to access mouse or COM I/O port or Int 21h to access DOS services? You can always feel free to try this under Windows 95/98/ME. maybe you might get some real answers yourself instead of saying it's here-say.

f) Some people criticized about LMD. Around the time TurboPower went bust, LMD had purchased ElPack. For Dream-Company, I wonder why they went out of business? Did anyone bother to ask Mr. Serge (Dream-Company Owner) before he quit?

g) DelphiHater welcomes your criticisms to the TurboPower website obituary. By making it more and more accurate, there will be less room for people who just say "Delphi is the best" or "Delphi forever".

After all, how can large company like TurboPower who creates so many libraries go out of business?

If you look at DevExpress, they changed their sales tactics and notably, if you are DevExpress subscriber, you can always hear Mr. Julian Bucknall lament about poor Delphi sales and how NET sales saved DevExpress in the DevExpress private forums...

Financial criticisms

DelphiHater would like some honest down-to-earth criticisms on financial aspects stated on this blog.

Whenever DelphiHater talks money, is it not true that someone has to pay for something? Who pays for your salary? Who pays for the goods? Maybe the spirit of Delphi that lives on some half-dead website or open-source (free) products pay for it!

Take hard look. If you don't pay your bills, what happens? Either you will lose your house or car, or get really depressed trying to pay all the bills... Or wait! The spirit of Delphi is around us, and by magic, money comes in!

:)

14 reasons to loathe Delphi 2009, Delphi 2010

1a. Delphi 2009 help is one of the worst help. It is still not fixed.

1b. To be fair, Delphi 2010 have around 10,000 topics marked "You are invited to contribute to our documentation by submitting your comments, questions, and input to the Documentation". Can Embarcadero at least hire more people who can at least spend some time to document the Delphi VCL?

2a. Borland/DevCo(nonsense company)/CodeGear/Embarcadero not support for Delphi 2006, also, do not support Delphi 2005 anymore. Any requests for updates for Delphi 2006 will be, upgrade.

2b. Is there any reason why the Embarcadero Delphi and C++ builder Architect edition costs Euro 3499? Why don't they provide Delphi 2009 Update 5, 6 instead of making new version of Delphi?

3a. Delphi 2009 does not support NET well. (it's still in beta)

3b. Delphi 2010 dumped the Delphi.NET compiler and replaced it with RemObjects. That means nearly everyone who uses Delphi.NET older versions gets screwed. Anyone interested to use Prism when everyone is using C#?

4. Delphi 2009, Delphi 2010 does not support Vista compressed-icons.

5. Delphi Jobs. What Delphi jobs?

6a. Did anyone notice hundreds of bugs not fixed in Delphi 2009 (Hint: See the QC)

6b. Some bugs were fixed, but still plenty to fix. If so, should I wait until Delphi 2013 or maybe 2015 before I "upgrade"?

7. Multiple undo-redo in forms for the IDE? not here. (what a joke BTW)

8. 64-bit? when? maybe in the year 2012? It's already 2007, 2008, 2009, and coming 2010 soon. Delphi 2010 is still 32-bits. When will this be ready?

9. Why do I have to buy full version of IntraWeb to get technical support?

10. Why should I buy US$100++ a year subscriptions for third-party libs?

11a. if I hated delphi, I would be called a troll, trouble-maker on the Embacardo
newsgroups. Why don't TeamB cancel these insults? no, they won't.

12. If the Delphi version is released more than 1 year than the person purchasing the SA, he has to renew and has no new version of Delphi (very stupid, IMHO).

13a. Delphi Generics.Collection. Documentation?

13b. All the bugs that are in Delphi 2009 for Generics are fixed in Delphi 2010. Do you feel lucky?

14a. Why do I have to buy ModelMaker, TwoDesk-Castalia... Why can't Embarcarado simply add those features to the IDE?

14b. Related question. How much more money do you have to pay for each additional user to use Delphi?

Saturday, October 3, 2009

Fan Mail and Tales from the Scene, #1

Your reviewer got some emails and questions from several "non-legal" sites. Here are ways for vendors to fight back:

Q: How do I monitor RapidShare to check if my [components/libraries] are pirated?


Step 1:
Google for your [component/library] and enter "http://rapidshare" or some file-uploading site.

In one notable example:
http://www.google.com/search?q=kbmMemTable+%22http%3A%2F%2Frapdishare%22&btnG=Search&meta=

Step 2: Make an alert for so that Google notify you of this.

Step 3: Write an email to http://rapidshare.com/abuse.html with all the required information.

Q: How do I monitor [sites] which require to register?

Step 1: Use a free-email address provider and create a new free email account.

Step 2: Participate in board discussions, and answer replies (you really do not have to upload anything; just reply to 10 or 20 forum posts).

Step 3: Click on the "Hi Thanks" to see offending link (i.e., your software being pirated).

Step 4: Get the link and see previous question.

Q: What should I do with IP addresses?

Step 1: Once you get IP address, you can then google their IP address or go to those IP -to- City (such as MaxMind.com) or IP -to- country location.

Step 2: See your customer base. If that person is from that area/city/state/country, just disable the account.

Step 3: As added bonus, announce to the MSFT or Borland newsgroup this person pirates
software and inform other software vendors.

Q: What kind of software allows you to make setups on demand?
Step 1: You can make that logs-in to Windows and run a batch process from IIS.

Step 2: From the script, run the setup package and insert the necessary variables.

Q: What setup software should I avoid?

You should avoid MSI because MSI can be easily decompressed. Most of files are in one big CAB file.

Step 1: Extract the CAB file from MSI
Step 2: Extract the files from CAB file.
Step 3: If the MSI contains source codes in non-encrypted, you can guess what will happen next.

You should avoid Innosetup because there's Innounp (Innosetup Unpacker) and that can strip a password-protected setup within minutes.

You should avoid Wise because it does not store it's hash tables correctly. The password is hashed into a number.

That is: If you know the hash of ANY one of the files and the original content, you can compute the hash of the password. Since the hash of password is all that is needed to unlock the files, if you have both trial and full-version using same files (same readme, same help files, etc.), you can obtain the rest of the full-version files.

You should avoid InstallAware because on installation, it simply extracts everything to a temp directory. So suppose you have both trial and full-version in the setup, you can imagine lots of people looking at the temporary directories for some reason.

Q: Should I use PKZIP?

See above. Paraphrased:
You should avoid PKZIP because it produces weak-keys.

That is: If you know the contents of ANY one of the files and the original content, you can compute the hash of the password. Since the hash of password is all that is needed to unlock the files, if you have both trial and full-version using same files (same readme, same help files, etc.), you can obtain the rest of the full-version files.

Q: What are your thoughts about those [sites]?

DelphiHater thinks they are "honeypot" sites and the free-for-all is "sugar-cane". Do I need to say more?

:)

Friday, October 2, 2009

Website Obituary: MaxComponents.net

MaxComponents review

Going, going, ...
MaxComponents on their website, dated 31st August 2009 they were leaving the Delphi business on 31st December 2009. DelphiHater hopes they leave and close down. Why bother running a losing business and make losses every year? Maybe Java and NET developers have it better...

Magic Numbers
There are an estimated 1.75* million Delphi Developers but unfortunately, none of them have enough money to spend to keep MaxComponents afloat and hence, MaxComponents are doing the right thing - stop Delphi development, close the business and for the owners, lay off the Delphi developers who work for them, re-think what went wrong and probably find new jobs.

* Michael Swindell, VP for Products and Stragegy at CodeGear

MaxComponents joins other companies - AHM (Alexander Melhorn) of TritonTrools, BuyPin (BuPack), ObjectiveSoftware Ltd (ABC Components) who have stopped developing libraries for Delphi, simply because the money was not there.

For those Delphi developers who cannot understand this, why not make a fund so that Delphi developers "donate" some money every month and give to this company? Or give some Delphi remote tasks to this company? Or maybe support them financially by buying their components and programs? Or give them a few thousand dollars (preferably interest-free and debt-free) money every month to survive...

There are 1.75 million developers. Say, only 50% are interested, so that leaves appox 500,000 developers who are willing to pay for . If 500,000 developers pay US$50, MaxComponents would be US$2,500,000 dollars richer.

The reality is, there are not 1.75 million developers. According to BlaisePascal Magazine, they give conservative 10% of the Delphi community(1) interested in their Magazine. 10% of 1.75 million is only 175,000 developers.

DelphiHater thinks 0.01% of 1.75 million Delphi developers are active developers willing to pay money. That 0.01% of 1.75 million gives quite reasonable numbers - 17,500 developers. That would translate well into BlaisePascal's 2000 Subscriptions(1) and approx 16,000 maximum downloads(1).

1) Estimated readers are 10% of Pascal and Delphi Community
http://www.blaisepascal.eu/index.php?actie=advertprices/priceinform

Quickly Reviewing E.S.T. Help Author Pro.
Your reviewer sees it's TRichViewEdit (TRichViewEdit, TRvRuler, TRvStyle, TRichViewActions) components with Toolbar2000 (TTbxbutton, TTbxToolbar) components from DelphiGems (TVirtalTreeView), and Addict Spell Checker made into an EXE file.

E.S.T. Help Author Pro lacks PDF support, Style Support. It does not work on Vista and XP (crashes under non-administrator mode).

[Your reviewer thinks:
If anyone buys TRichView, Toolbar2000, Addict Spell checker, and write Help Authoring Tool, maybe they will share the same fate?]

Quickly Reviewing mxLicense.
MxLicense does not have any EXE or binary copy protection facilities. 'Nuff said.

Quickly Reviewing TmxSideBarPro
Not much value. There are plenty of Outlook bars in the Delphi market.

The freeware are not worth reviewing. They are not updated to Delphi 2009 and no new developments for quite some time.

Loss and Gain
Your reviewer thinks the owners would gain much more by quitting and laying off all the Delphi Developers under their care and find a regular C# or Java job. The owners could make more money from C# or Java as an employee than just Delphi-alone employer (who have to pay the bills).

:)