How to find bad JPEG files in a directory – via Delphi (Source Code)

UPDATE: Source, EXE and ZIP updated to include new corruption detected routine…

Let’s just dive right into this one…
Here is the exe:
http://www.TheCodeCave.com/downloads/delphi/BadImageFinder.exe

Here is the Zip of the exe, forms and source:
http://www.TheCodeCave.com/downloads/delphi/BadImageFinder.zip

Here’s an image:The main screen

Here is the source for the main BadImageFinder_Main.pas file… (Hope this helps!)
Continue reading How to find bad JPEG files in a directory – via Delphi (Source Code)

Impressions of the Developer Studio 2006 World Tour

1. Abstract

The Borland Developer Tools Group is doing a world wide tour to demonstrate the usability and productivity of the Borland Developer Studio. They are also trying to send a clear message to their devoted developers that the Delphi divestment doesn’t denote Dooms Day.

2. Overview

I attended the May 31, 2006, Columbus, Ohio event hosted by Anders Ohlsson. Anders’ official title, with Borland, is Staff Engineer. But it’s worse than that. He’s really in marketing.
Despite that, he’s congenial, intelligent and knows his stuff fairly well.

During the presentation he fielded many questions from the the audience. One thing that surpised me was the standard response to questions that he could not answer. He didn’t say contact support or even look at the FAQ on our website. Consistenly he said “Go to the blogs.”. I even doodled that in big bold letters across the top of one of my pages of notes. Go to the Blogs” was the response to questions ranging from specific code upgrade issues to queries like “What’s the latest dirt on Dev Co?”.

BTW, the most important place to look for answers is the blog of Borland’s Chief scientist Allen Bauer, “The Oracle of Delphi”. He’s who has most freely discussed matters regarding the spin off of the developer tools. NOTE: Anders’ wording and hesitation in that sentence led me to believe Bauer had been a bit more liberal with discussing the matter than he had been been authorized to OR perhaps that the tighter leash on everyone else was chaffing a bit.. It was clear that there was definitely a list of items that could (and likewise could not) be discussed by Borland employees.

Continue reading Impressions of the Developer Studio 2006 World Tour

Copy To Clipboard in HTML

or Speed blogging Exposed…
or “Copy as Text Link” and “Copy as Image Link” Blogging Tools explained.

Usually when I post something technical, I include a detailed rambling explaniation of how it does what it does. In the post “Copy as Text Link” and “Copy as Image Link” Blogging Tools” I created a batch file that did some neat stuff. But I didn’t give a full explaination of the details. Now I will.

The batch file did the following neat stuff…
1. Used Environmental variables to create HTML files in a standard Windows directory
2. Dynamically add string and DWord registry entries
3. Demonstrated adding menu items to Maxthon & Internet Explorer (Unfortunatly these do not show up in FF or Opera.)
4. Displayed different contexts based upon what was selected.
5. Launched another IE window that does not effect the output but does process information selected in the first.
6. Demonstrated how to copy HTML source to the paste buffer via HTML and javascript.:
7. Copied text to the clipboard, formatting it into HTML

Not bad for a small batch file.

So, here’s how the magic was done…

First, the easy stuff. The batch file creates two text files. That is done using the redirection symbol (aka the output to file symbol) which is > (aka the Greater Than sign). The Greater than sign appends the displayed results directly to a file. Two greater thans in a row cause the file to be recreated. I use the Echo command to echo (go figure) text to two HTML files I will be creating. Since I use >> in the first line, those files will always be recreated if the batch file is run again.

Because HTML also uses GT and LT symbols, they must be denoted as literal symbols. That is done with the carot symbol ^. Thusly
[dos]
echo ^>%windir%\web\copytextaslink.htm
echo ^

[/js]

As you can see, the bulk of the file is JavaScript. The second line clearly declares it so. However, instead of putting Language=”JavaScript” (which is the old school way of doing things and how I learned originally), I should have specified it as a MIME type like this Type=”text/javascript” The end result is the same, however eventually the old language option will be dropped.

Another option that you might not be familiar with is the defer flag. This is a browser load time optimizer. It tells the browser that the contents of the script will not effect the layout of the page and therefore the browser can continue drawing the page.

The process is also pretty easy to follow because it uses Microsoft’s DOM technology. DOM is the Document Object Module and allows IE to handle all web pages as if it were Object Oriented. You can reference the document and the various parts/divisions of any web page. And that allows you to directly access properties or methods of these objects.

So what the code above does is asks for the document in the parent window (the one in which you right clicked). It then asks for the current selection (if any). It then gets the current selection as text and then asks for the clibboard object for the current window. At that point it is a simple call to SetData and the selected text is added (with a few additions) to the clippboard. There isn’t much more than that. One thing that should be noted is that the type of data in the clibboard must be specified, in this case, as text. You can read more about the other types of data that a clib board can handle in my article about Clipboard manipulation with Delphi HERE:

The second file proceeds much the same way except that it goes further into the DOM and retreives the Height and Width of the original image so that the pasting of the tag in your blog can include that information (most specifically, the aspect ratio.

[js]


[/js]

That’s it for the HTML. The only thing left is to create a couple of triggers to activate those two files. That’s done through the registry.

Internet explorer reads through the registry each time it pops up a menu. It first decides what is clicked and then looks at the registry entries under HKey_CurrentUser\Software\Microsoft\Internet Explorer\MenuExt\ all of the menu items that match the type of selection. MSDN has a full article that explains this in detail HERE, however, the following table is probably all you’ll need:

Context Value
Default 0x1
Images 0x2
Controls 0x4
Tables 0x8
Text selection 0x10
Anchor 0x20

So, the last step of the process is to route the text to the text processing HTML and the img tag source to the image text file.

That’s done in these two lines…
[dos]
reg ADD “HKCU\Software\Microsoft\Internet Explorer\MenuExt\Copy Image as Lin&k” /ve /t REG_SZ /d “%WINDIR%\web\copyimageaslink.htm” /f
reg ADD “HKCU\Software\Microsoft\Internet Explorer\MenuExt\Copy Image as Lin&k” /v Contexts /t REG_DWORD /d 2 /f
.
[/dos]

That’s it! You’ve got your full walk through! Any questions?

NOnces have arrived in WP

WordPress 2.03 is a critical security release. It eliminates the HTTP Referrer check and replaces it with a nonce system. What is a referrer check? Well, it is an attempt to confirm that an administrative action is being taken by an administrator instead of an automated bot. It was a good first step, but it didn’t go far enough and it did not work for everyone. Many systems are stripping of the referrer check. So WP2 didn’t initially work for a lot of people. Additionally, referrers, the browser’s way of indiciating where you came from, are easily forged.

Browsers really do tell a website alot about where you came from. For instance, I can tell which search engine people used to get to my site and what their search words were. Then you can use a tool like AWStats to give you a report. For instance, these are the phrases used to reach my website this morning:

Keyphrases used on search engines  
19 different keyphrases Search Percent
hiphopcaucus 2 9 %
menuext javascript 2 9 %
code cave 2 9 %
clipboard from delphi notepad 1 4.5 %
generating nonce with php 1 4.5 %
hiphopcaucus bot 1 4.5 %
timage in delphi 1 4.5 %
test.txt notepad.exe 1 4.5 %
timage assign 1 4.5 %
php5 binary location 1and1.com 1 4.5 %
neat eye [nitaigouranga@aol.com] 1 4.5 %
isbn vs. asin 1 4.5 %
binary blue scheme 1 4.5 %
level mode super gerball 1 4.5 %
event.srcelement.tagname firefox 1 4.5 %
mark edington 1 4.5 %
paste clipboard from delphi to notepad 1 4.5 %
delphi php developer programmer washington dc 1 4.5 %
paste clipboard from delphi notepad 1 4.5 %

That’s kind of neat, but it is a little bit of an invasion of privacy. Well, at least some people would think so. So, referrers are on their way out and Nonces are on their way in.

A NOnce, a Number variable meant to be used Once, is a temporary key that is passed along with the web page and is used to prove that the action taken was initiate from an administrator page. Basicly WordPress generates a unique number for you and passes that to your browser. Then when you take a secured action, your browser must pass it back. It’s another method for the same goal. Aditionally, a NOnce expires. So, even if someone grabbed it, it would soon go bad.

Why is this important? Why should this release be applied? Well, in short, one could pretty easily erase any post on any blog with an earlier version of WP. I’ve worked at creating an attack that could dynamicaly erase all posts at once, but that was blocked due to other difficulties. So the attacks must be made a post at a time, but that is still a pretty big vulnerability.

Now don’t go all APE on WordPress. The fact is that the web is not a secure place. You should backup your DB, no matter what software you use, regularly. And if you don’t, what you lose is your gone because of your own (in)actions. Besides, how many posts have you had that have been vandalized/erased? None? Well, then calm down, install the update and all will be fine.

The latest in the stable 2.0 series, 2.0.3, is now available for download. This is a bug fix and security release, and is recommended for all WordPress users. In addition to an issue that was raised on Bugtraq a few days ago, we’ve also backported a number of security enhancements from 2.1 to further enhance and protect your blog.

If you are interested in how these enhancements to WordPress security came to pass, look into the archives of the WP Hackers email list and you can see some of the details.
This is a good place to start…
http://comox.textdrive.com/pipermail/wp-hackers/2006-April/005666.html
Look for the thread labeled “Rethinking check_admin_referer()” and you can read along php coders (myself included discuss the issue…

Here’s the link for the download: http://wordpress.org/development/2006/06/wordpress-203/
If you want to get a smaller version of it, with only the changed files, go here: http://markjaquith.wordpress.com/2006/06/01/wordpress-203-upgrade-changed-files-zip-changes-diff-changed-files-list/
I haven’t verified his file. So, you should do so on your own, or just bite the bullet and upload the whole release.

I’ll let you know over the next few days how much better this version of WP is.