DelphiCon 2020 – 17 – 19 november

DelphiCon 2020Volgende week start de DelphiCon 2020 van 17 tot en met 19 november. Een online conference alleen over Delphi en niets anders dan Delphi.

Met ondermeer een sessie van Alister Christie met code en demos uit zijn boek Code Faster in Delphi. Ook een mooie sessie van Andrea Magni over zijn boek Delphi GUI Programming with FireMonkey. Ik kijk ook uit naar de sessie van Primož Gabrijelcic over zijn boek High Performance Delphi. Het is heerlijk om goed en mooi leesvoer te hebben over Delphi.

Heb jij of je klant net een 4K scherm gekocht? Neem dan ook even een kijkje bij de sessie van Ray Konopka over Leveraging High DPI in VCL Applications.

En mocht je ooit een keer een bug introduceren in je code dan kun je zeker de sessie van Bob Swart waarderen over Real-world CodeSite Logging Techniques.

Het volledige programma vindt je hier:

Vergeet ook niet de Delphi 10.4.1. compiler en LSP patch te installeren die vandaag is uitgekomen. Hierin wordt een bug gefixt in record alignment die je lastig kan vallen.

Code Faster in Delphi by Alister Christie

Code Faster in Delphi by Alister ChristieHave you ever wondered what an experienced Delphi developer knows about how to code in Delphi? Particularly how to code FASTER in Delphi? This book has you covered!

Alister kindly invited me to read pre-press versions of this book and having seen it evolve into what it is now, I can only say it’s absolutely worth your time. In fact, you’ll probably regain the time spent reading this book in the first week after, when you apply its knowledge. It’s probably a Timey-Wimey kind of thing where you gain more time by using some time.

Alister Christie is a writer, but also an experienced Delphi developer and trainer and overall good guy. When we visited his family home in New Zealand his enthusiasm and vibrant energy combined with his kindness made it a very special experience for us.

For me this book is now a staple, a standard book every Delphi developer should have. Read it, I’m sure you’ll agree.

Delphi 10.4 Sydney

Delphi 10.4 Sydney has all the right ingredients. From support for Android OpenJDK up to the soon to be required iOS Storyboard; it’s all there. The all new LSP adds syntactic sugar and the per control Windows VCL styling is the finishing touch.

For me the timely support for iOS storyboard is the winner, as Apple requires us to start using this on June 30th.

Support for Android OpenJDK is very cool, as this opens up the Android environment even more. Although you could already customize and modify just about anything in Delphi on Android (adding APIs and even CPU code), this makes it easier still.

And what about this LSP, the Language Server Protocol? We now have all kinds of syntax, code, class completion and what not in multiple LSP processes! This is also very open, allowing you to add your own. Most important for you as a developer, it’s asynchronous, so you’ll never lose keystrokes again, when code completion kicks in.

Starting from this release we now have the same classic unified memory model for all platforms. This means that you no longer have to write specific code for ARC (Automatic reference Counting) anymore, because its gone (except for strings and interfaces). If you’ve adhered to the CTFF (Create Try Finally Free) pattern on mobile platforms there is no need to change any code, if not, you may want to add a Free at some places in your source code.

Last, but not least, per control Windows VCL styling. It’s now possible to use multiple VCL styles in one application at the same time, even on the same form. This will allow you to mix and match your main VCL style with form specific styling to better match specific styling of certain third-party controls you can not VCL style themselves. Finishing touch indeed.

All features can be found right here:

You can download Delphi 10.4 Sydney from the new customer portal here: The online web installer and the offline ISO installer are now compatible with one another. The ISO file contains the files the web installer would otherwise download, so you can choose the method you prefer.

DAPUG Denmark – October 2019

This year Jens Fudge kindly invited both Cary Jensen and me over to present at the DAPUG workshop in Denmark on October 22nd and 23rd.

On the first day we’ll have separate sessions. Cary takes the lead with all things FireDAC while I’ll cover webservices, client apps and progressive web apps. The second day we’ll be presenting together. These sessions will be very dynamic indeed, as we’ll not only cover the subjects as planned, but also interact with the audience to get the most out of Delphi for their code.

As a teaser; did you know you can search for all occurences of substrings in a book of a million words in just microseconds?

The details of the program for these two days in Denmark is listed here:

Additionally both Jens and Cary will be speaking at this years EKON 23.

Delphi Day 2019 – May 9 in Brussel

Get ready for the future with the sessions of the Delphi Day 2019.

We kick off with a session about RAD Server. Start using webservices now, with this easy turn-key solution. Delphi Rio Enterprise includes a single-site deployment license for unlimited users, so you can start using it for free. In my session on RAD Server i’ll cover the architecture and how and why its (now) fast, unrestrained and easy to setup and maintain.

In the following sesions, Bob Swart will help you modernize your Delphi language, making your code and applications ready for the future. Bruno Fierens is going to show you how to add HTML5 and JavaScript Apps to your application framework. Unlocking new options and possibilities for your customers. Jan Jacobs will show you how they used a SaaS and a combination of Delphi, nodejs and mongodb to create a high-performance cloud based transaction engine for retailers and webshops.

The focus of my afternoon session is future proofing your application architecture for 2020, a 2020 vision! I’ll demo several techniques to achieve this, like parallel code with TTask, visualization of workflow, adding spotlight search, companion apps and other quick-wins and tips

More information and registration can be found here:

CodeRage 2018 – 4-6 December 2018

CodeRage 2018 is just around the corner!



The complete schedule:

This CodeRage I’m showing you how to build microservices and how to consume them from desktop, Android mobile and using a HTML / JavaScript web app. The web app uses TMS WebCore and PAS2JS, but goes beyond basic coding as it also shows you how to convert the web app to a Progressive Web App, or PWA for short

The boilerplate code is of course available for download, please use it to jump start your own software.

Oh, and the nice thing about PWA, an Android device will offer the user the option to install the web app as an actual app with an icon on the start screen. Good stuff!

Register here, it’s free but infinite value for money:

Delphi 10.3 Rio

Delphi 10.3 Rio has been released today!

The most awaited new feature is of course support for Android 8 and 9. As you may recall Google made changes to its requirements for new apps in the app store. These requirements are now all met. Please remember to also use the new PermissionsService.RequestPermissions to request permissions for the app at runtime.

If you’re into nitty gritty details, the internal coding for parameters of methods has changed, allowing better compatibility between C++ and Delphi. What it boils down to is that for 64-bit code more parameters (between 5 an up to 8 byte in size) are now passed to functions using CPU registers, where they would previously be passed as pointers to the actual data. This speeds some code up quite a bit. (sorry messed this up) using pointers to the actual data. This only influences your Delphi code if you use Assembler or direct addresses, usual pascal code needs no modification.

There are also some changes in the way that JSON is serialized. If you are using REST webservices with clients you may need to update both to Rio at the same time, to achieve interoperability. This mainly affects JSON serialization that internally uses RTTI. Its more efficient, but may break some existing code.

For the full list of new things take a look at

Delphi Academy start volgende week

Delphi Academy is een geheel vrijblijvende en voor stagiairs, afstudeerders, scholieren gratis toegankelijk opleiding tot Delphi developer.

Delphi Academy LogoIn een eerdere meetup met Delphi MVPs hebben we het erover gehad. Zou het niet mooi zijn als er een open opleiding zou bestaan om je te scholen tot Delphi developer?

Delphi Academy is zo’n een traject, en in 3 maanden worden de deelnemers opgeleid tot junior Delphi developer. Lukt het je alles mee te doen, aan het eind weet elke werkgever; deze kanidaat weet al heel veel.

Je kunt echter ook gewoon deelnemen aan enkele van de trainingen of course en praktikum dagen. De trainingen zijn Open voor deelname vanuit het bedrijfsleven, de overige zijn voor Stage, voor stagiairs en afstudeerders of voor iedereen die affiniteit heeft met ICT en zich wil omscholen.

En ja, het is echt vrijblijvend, geen verplichtingen achteraf.

Doe je ook mee?

Meer informatie en inschrijven:

Meltdown, Spectre and Delphi

Don’t panic. 😉

All applications are vulnerable to Spectre attacks.
Unfortunately this also includes applications written in Delphi. Does this mean Delphi developers have been on high alert the past few weeks? Well, it all depends. If you’re creating software for a high-risk business with a large user base and public deployment, then probably yes. But in most cases it’s a no.

As you may already know, its sibling called Meltdown (Rogue data cache load, CVE-2017-5754), can be completely fixed with updates. Most of these are already available, so update your computers. Use some care though, some of these patches have been reported to cause reboots and blue screens on specific CPU versions from both Intel and for AMD as reported by Microsoft.

However, Spectre attacks can not really be mitigated with microcode updates or operating system updates alone. That’s because it attacks at the way that most CPU’s optimize code execution, which is not something you can simply turn off. The simplest CPU’s are the only ones that are not affected, as you can read in this rather easy to read article on RaspberryPI.

The Spectre attack requires the hacker to construct a specific attack for each specific piece of software. Setting this up takes some work as you need to trick the existing application to leak its information via a side channel attack through repeated iterations of having it call into specific instructions. In other words, suppose a vulnerable instruction sequence would be triggered by a click on a specific “button”; the hacker would have to write some code that would keep clicking this “button” while data is leaked from the applications protected memory locations.

This means the hacker would have to analyze the application beforehand and write an exploit specifically for this application, and somehow persuade the end-user to run this exploit side by side with the vulnerable application. This takes some serious effort. In fact, if you can already get such an exploit to run in the same user space, there are many more ways of attack that are far easier to perform. This means that a Delphi (or any other)  application with a small user base, say below 10.000 users and/or those without public deployment (not in any app store) have a relatively low risk of being attacked. It’s still possible though, just not very likely.

Does this mean we could just do nothing, like go Niksen? Well, that’s not exactly what I meant. What if someone analyzes the compiled code for one of the most popular used components of Delphi and writes an exploit for that? This hasn’t happened yet, but given time, someone will find a way to more easily exploit Spectre in a generic fashion. Need an example? The past weeks you could already exploit Spectre by just running JavaScript inside a browser, as described in the paper. Yes, this does mean that the Delphi TWebBrowser component, which is just a window to the underlying OS browser architecture, was vulnerable. Hopefully you’ve already got your browsers updated.

Ok, so what can we do? For variant 1 of Spectre (Bounds-Check bypass, CVE-2017-5753) Intel suggests using a LFENCE instruction. There is a compiler switch, that was previously undocumented that results in adding these LFENCE instructions for the MSVC compiler. In Delphi you can just add LFENCE instructions in your code using


but I’m not sure if you can place these LFENCE instructions in between pascal statements at exactly the right positions for this to always work out as we want. If I translate the example Microsoft uses for Bounds-Check bypass into Delphi:

if (untrusted_index < array1_length) then
  value := array1[untrusted_index];
  value2 := array2[value * 64];

this results in the following view in the disassembler:

This looks OK, the LFENCE is placed at the same location as in the Microsoft example, so you could modify your existing sources with this code. Still, it’s probably better if adding these LFENCE instructions were handled by the compiler.

Google has proposed a solution on a compiler level to prevent the branch-target-injection variant of Spectre (CVE-2017-5715) using retpoline. Open source versions of the code have already been submitted to LLVM and GCC. However, there is no easy way to modify your Delphi code to introduce this solution. The indirect branch that is vulnerable is generated by the compiler, for instance when you write polymorphic code that calls a overridden virtual method of a subclass such as described in Google’s example. For the Delphi developer that’s just one line of code, with no easy way to add this new calling construction. This one needs to be handled by the compiler and for LLVM and GCC this change is being evaluated.

If this all works out that means we will have an option to mitigate these two variations of Spectre attacks on existing applications by just recompiling that application. These solutions could become part of all compilers out there, including all of the Delphi tool chains, LLVM-based or not. My preference would be to add this as a Compiler Option similar to the one we had for the Pentium FDIV bug. Because just like the FDIV bug, Spectre will also disappear with newer CPU’s that handle things a little differently, and then you can choose to disable that option again.

If you’re into a challenge and want to know more on the details of Meltdown and Spectre I suggest reading the original posting on Googles Project Zero page.