If you see a "security warnings" in Delphi IDE don't worry. The Embarcadero domain SSL certificate expired, was renewed, but not applied to all web properties. Some sites (GetIt and Quality) are affected. Fix coming, apologize. BTRW, we are updating Community and EDN portals
Thank you
ReplyDeleteDid somebody fall asleep at the wheel or not mark the calendar? Not good.
ReplyDeleteFull professed, just like with Embarcadero forums.
ReplyDeleteMarco Cantù give a look at xenforo.com if you dont know about it, it's a reliable and professional forums platform
ReplyDeleteIt is so annoying it pops up when i open a project. I can understand you have to connect to your servers for showing upcoming events and other data. But why do you have to CONNECT to EMBARCADEREO server when i open a project. So I disabled bds.exe From Windows Defender Firewall.
ReplyDeleteWhat do you mean, "don't worry". Of course people should worry! You can't implement security by saying "don't worry".
ReplyDeleteFerhat Alkan I also saw that when opening a project. There are all kinds of thoughts swimming in my mind as to why this is necessary. What gets me is the number of times that popup occurs when you open GetIt or the Platform Manager. In my opinion Embarcadero needs to do some explaining.
ReplyDeleteWhy do you not simply completely disable the welcome page? This is possible via registry
ReplyDeleteI strongly suggest to provide a simple, functional and complete OFFLINE Welcome Page. As I switched to Daniel Wolfs wuppdi Welcome Page quite a while ago I am not affected by this glitch.
ReplyDeletedanielwolf.eu - Meine Vorstellung einer Willkommens-Seite
Uwe Raabe Thanks Uwe for that information. I installed it. Looks good and simple. No more popups.
ReplyDeleteDavid Heffernan agree 100%. There's no way for the average user to know if the security warning is because of someone's incompetence, or because the site has been compromised; and so asking then to ignore warnings is just laying the foundation for future problems. My servers use scripts to automate the cert renewals, so I never have to remember to do it myself -- can't embarcadero do something similar?
ReplyDeleteScott Pinkham professionalism is not for everyone
ReplyDeleteBTRW? Acronyms should be banned. People shouldn't be so lazy as to not take the time and effort to express themselves without any ambiguity, especially in a professional setting. Then again, who lets their certs expire?
ReplyDeleteallacronyms.com - BTRW abbreviation stands for Brush Tailed Rock Wallaby
More EMBT incompetence. Easy to blame on IT but without competent management anything can happen.
ReplyDeleteNo apology either. That sends a message.
Jennifer Powell: Re-read the post and you'll notice that Marco Cantù actually did apologize.
ReplyDeleteChristian Conrad This group is not the approproate venue for Embaracdero notifications to active users. It is a serious enough matter to be informed by email, none of which has been received.
ReplyDeleteJennifer Powell
ReplyDeleteI agree that an email to all potentially affected customers would have been warranted.. G+ is only home to a fraction of the Delphi/C++ EMBT customers (< 9850 out of the supposedly over 2 million), so not the appropriate place to notify users of a security issue. It's not the first time EMBT has had security issues, or outages of forums and services. It sounds like they either have no change management /IT department, or they are incompetent. IT should know a server is down before any customers do, and have preventative measures (monitoring, fail-over & redundancy) to prevent that. While I sympathize with Marco as having to answer to the public, EMBT should have some sort of communication guidelines in place that would have prompted a security bulletin email to it's users. All of this reflects poorly on EMBT.
I honestly think Embarcadero would have been sensible to communicate via email to all customers if there was a security breach, a thread to customers, or similar -- unlike the owner of this online forum ;-)
ReplyDeleteBut this wasn't the case. While it was certainly very bad to have customers see the problem and worry about what's up, the IDE simply stops communicating when the certificate is invalid (as it was, it was expired), and so there was no communication with the GetIt system during that time.
Also, we have used multiple communication channels on social media to reach customers.
Marco Cantù But we "didn't know" if there was a security breach and realistically still don't. It may be fair to say that there wasn't however.
ReplyDeleteBut get this: that was a Godaddy cert. Godaddy is one of the best providers to inform you when a product is about to expire. For certs, you will get a notice 3 months in advance of its expiration. Then you will get notice 1 month from expiration. Then you will get a notice 1 week before expiration. The two days before expiration you will get another.
Finally, you will get an expired notice on the day it expires.
So, tell me, if you can, just exactly how all that slipped by Embarcadero?
Marco Cantù Never mind. I just sent Randy Jacobs and email to see if he could provide an answer.
ReplyDeleteEmbarcadero IT renewed the certificate in time. They failed to update the certificate on some web properties.
ReplyDelete