Kas Ob.

What happen when you run the IDE as Administrator ?

Hi, @ErikT , I would suggest : 1) Make WireShark your close and trusted friend, get familiar with it and use it extensively, depend on its result to diagnose what do you see against what you get. 2) Get familiar with nmap https://nmap.org/ , there is many resources to get you started, it is open source and great tool with many feature, use WireShark to understand its packets and get ideas from it, nmap has many ways (documented and undocumented) to scan an IP and even detect firewall presence on a remote IP.

Hi, @alogrep Did you used "Run as Administrator" on the installer when installed the IDE ?

This way better than depending on creating the file, BUT ... What/where is the locked file ?, who created it ? Here few scenarios should be a protentional problems: 1) Application/installer first run done by an administrator, will the locking file be accessed or lockable by others ? 2) What happen if user using RDP ran the application which either created that file or locked that file ? Anyway, my hate for file or registry locking is the need for more scenarios/situations to consider.

Hi, What should/can happen with file locking in case of the owner application crash or system power failure (eg. unexpected restart) ? I prefer prefer memory locking or shared memory locking, but with extra step like have a background thread acting like watch dog and make sure there is time out or constraints to keep the lock active and control or process -> exiting/finishing/wrapping up/reporting/terminating/(asking the user for interaction).... As or file locking if you prefer it, then make sure to have some data in it like the owner PID (process ID) or the time of system started, both.... You need to think about different scenarios before committing to potentially permanent locking like files and registry, for me they are somehow risky and dangerous.

Thank you ! That is the word i was looking for.

Please try this instead procedure TForm1.Button3Click(Sender: TObject); var s: AnsiString; ServerKey: string; begin s := AnsiString(edit1.Text); ServerKey := Base64Encode(SHA1ofStr(s)); Memo1.Lines.Add(ServerKey); end;

I don't see any bug or wrong here, used the same 3 lines like yours and the same value. On other hand if ICS Base64 encoding is broken then it is amazing to perform anything at all !

This means the size of memory being used is very limited, or somehow limited and contained. In this case i would suggest to start to adjust the old code first to maintain huge block of memory enough for these structures, then replace all the pointers with relative address pointers, by that i mean all will point to SOME_ADDR + BASE_ADDRESS, as such the address pointers could be only 32bit, while BASE_ADDRESS is irrelevant and will be applied once by the code after allocating the memory (aka after loading or transferring the whole block). This will allow you to compress the used memory, but under condition that you don't use the default memory manager and allocate these record/structures on you own. But again, before streamed/serialized you could transfer the structures and replace all the pointers with relative ones to the base, which be default could be 0.

I really hate that !, "no range no value" does sound like undefined behavior. For me, always one of two for a search result : 1) return (-1) for not found or a valid index in a simple and plain list, array.... , same with pointers and linked list return 0 for not found, can be checked with Assigned. 2) return a boolean true for success with var parameter for index, internal associated data....structures, pointers...could also return a pointer and the next one or the previous in one go...

The only thing that makes sense given what you have described is if there is a local AV/Firewall running on the client machine that is blocking the connections from TIdHTTP directly, but has an exception which allows Fiddler to make connections. I second that, it is app control by either Windows Firewall or Defender or 3rd party firewall. Remember that the default behavior on Windows can be adjusted with a policy, so the firewall could blocking public access for outgoing, while allowing home network and/or private network, this explain that behavior, so the old application have a policy while the installed local proxy adjusted its firewall role. in other words the application that using this DLL is marked by firewall or some security software, and it might be not visible in the simple outgoing roles setting.

Hi, I am having hard time understand the problem or the proposed solution, so to recap what i get you have non-overlapped integer ranges in a list, and want to implement the best solution to check for an integer to get its range if exist, right ? In that case then make sure to sort them by the left side ( the start point of the each range), and check for the middle item in that list for the required value, by checking i mean use >Ri or <Li "here Li and Ri are start of and the end of range i, i in the range [0..Last] which is the list of ranges, starting i with (Last div 2)" then based on these comparison you either get i the range, or the value is in bigger i or smaller i ( i will become i div 2 or i+(Last-i) div 2 ) , repeat. This will should be fast to handle even thousands of ranges.

For plain text editor it is indeed strange, but NotePad++ is not plain text editor it is more like everything editor with huge plugins database. I think i saw that behavior in editing Word documents and in editing HTML, it was useful to change font style and color in one go. TRichView doesn't support such multi selection, but might be easier to emulate selection by simply highlighting.

Hi, While having the full HTTP request and including the HTTP header for the response is best for switching between the connections type, you can do this by striping all of that and changing the request to pure and simple JSON ,(like a JSON object with a field called apicmd and its value is codelookup with a second field numhistory ), here i want to point an important thing is to put a separator for this simple API request like one CRLF or double CRLF to indicate the end of the request, same can be with the response, also want to point that is very important and will pay in future to put the request parameters in the response for each request, this will prevent the confusion and remove all the tracking for request-response pairs, web socket allows you to send many request from the client and the server can response when it is ready and doesn't require serialization, some queries might/could be executed on the server different threads but the response always known for the client. Not really important, but i prefer to send one request establishing the timeout and the frequency of the ping to be expected, this way, server have some knowledge on how to handle stale connections, remember that web sockets connection will stale without ping, so the best approach here is make sure the client to ping periodically, and the server will close the connection if this period violated, the ping form the client could be 3 minutes and the server will close the connection on 5-6 minutes if nothing being received in that period(ping or not).

He was asking about the memory leak and i pointed where the leak came form, an AV is his wrong design/approach.

It is from the above that this is one time leak, which is caused by not freeing the stringlist class operator TTaskDialogParams.Finalize(var Dest: TTaskDialogParams); begin // Dest.CustomButtons.Free; end; So where is the problem ? What happen if you did uncomment that line ?

Nice thing with async networking is that you can start many connections simultaneously and react for connection/timeout in event handlers. In fact, it is amazing it is 8ms not 50-200ms for TCP first packet, TCP have Nagle algorithm enabled by default, even with TCP_NODELAY enabled on the socket for the TCP, there is 3 ACK packet for establishing and connecting, which is unneeded for merely a ping simulation, or just checking for presence. I always send my ping (or keep alive on TCP or UDP) with current tick on the and measure against the response, this simplify the tracking for timeout, with this you have two mechanism to check one on pong and the other on background thread periodically checking (1/5 of the allowed timeout time ) for timeout, such thread is needed if IOCP is used, but otherwise i use the events on socket poll or the overlapped operation to trigger timeout from the last ping and mark the connection as down/lost. Again the best way to do it is with UDP and broadcasting on the broadcast IP for the network.

Hi, Well, while waiting for Angus or François to answer, i can give a few thoughts: 1) Ping is ICMP not UDP and not TCP. 2) There is no down side to use it at all, on the contrary most firewalls by default allowing it on local net (NAT) 3) You need the LAN subnet mask (aka range) and you can scan them, also no downside, but i am talking here about ICMP, and migt work for UDP too, in case UDP then it must be your own protocol/message. 4) If the devices you are looking for are running your application, then don't use ICMP, switch to UDP and broadcast, this will be faster and more accurate as your LAN router (or switch) will forward these on your behave, and your application on other devices can answer or just broadcast too. 5) there is ways to detect invisible devices (device with black hole firewall) and even know what system they are running, but this somewhat harder to implement in Delphi, you can test such functionality with nmap https://nmap.org/ https://github.com/nmap/nmap it is really fun to play with !

Good question ! The thing is AES is an algorithm, not a solution, and not all protection library, look at it as a brick in a wall, so encryption is defined and there is padding algorithm also a brick and should go in such wall when needed, libraries that use algorithm should and must provide padding algorithm or at least have one included and activated all the time. So when even you want to encrypt then pick a library that provide both, like mORMot2 it has all these bricks, and i think it have also a higher level implementation to provide both encryption and padding in one class, but that for Arnaud to answer. Now for salting as term in encryption, it is about obfuscating or mixing, so it is about changing the value by adding entropy, it doesn't matter at the beginning or at the end, may be it is just hash step after the fact with extended value, like hash the password then calculate the hash of that hash with the user name. As for IV mentioned by Arnaud, IV is crucial to be used right with cipher blocks, it is critical as the key itself, and the rule is you must not use the symmetric key twice for encryption unless IV is different or unique, so random is not necessary, and just a serial number will do, but again IV in AES (as example) is block and should be 16 bytes long, so i would use the index (or a unique identifier ) in the users/password database to then hash it into 16 byte long IV, then encrypt the user personal data there (or his cards...). One very important note, IV is not secret and it doesn't need to be, meaning it is absolutely safe to be public as the encrypted data, the key on other hand should not be leaked, but for IV you can ship the encrypted data with its IV without a problem. Because the rule is don't use the key twice, so we can instead of changing the key we change the IV and keep the key, this is usage is to prevent the very powerful deferential analysis attack, also comparison leak attack. Hope that clear things.

Hi, Not sure what is your question is, but from what Arnaud wrote and where did he mentioned the salting, i can expand on this, The only place he mentioned salting is storing password, and the right way to store password is not to store them to begin with but to store something unique like a hash form them, this will eliminate the possibility get the password in its readable form, also will protect against dictionary attacks, also to store the password it is better to salt it first meaning if you users had the same password like this great one "12345" then the hash will be different because they were salted by adding something to them like the their login name ! before hashing, this will render dictionary attacks useless, even for the administrator or who people who can access the DB, it is useless and leaking such DB will be useless too, in case users used their password in different online accounts or services. AES is symmetric block cipher, will operate only on block of bytes, 16 bytes to be exact, so if you are going to encrypt "Tommi" then you need to pass it within 16 byte block, here comes the question what to be filled with the rest of this 16 byte and how the decryption process will recognize it was "Tommi" and remove the extra bytes, because AES decryption is also works only on 16 bytes blocks, padding is the solution, pkcs7 is the best to solve this, just remember when using encryption to check the padding algorithms.

Sure and agree, just more portability and in case Dave will be faster.

@Daniel Looking at this lookup result C:\Users\Kas>nslookup -type=TXT -debug delphipraxis.net 1.1.1.1 Server: 1.1.1.1 Address: 1.1.1.1#53 ------------ QUESTIONS: delphipraxis.net, type = TXT, class = IN ANSWERS: -> delphipraxis.net text = "v=spf1 a mx ~all" ttl = 86330 -> delphipraxis.net text = "google-site-verification=axHu87aSc4n6ry1pc4VMwdNcEsrBD8WbBeYO-jA1sl0" ttl = 86330 AUTHORITY RECORDS: ADDITIONAL RECORDS: ------------ Non-authoritative answer: delphipraxis.net text = "v=spf1 a mx ~all" delphipraxis.net text = "google-site-verification=axHu87aSc4n6ry1pc4VMwdNcEsrBD8WbBeYO-jA1sl0" Authoritative answers can be found from: I see few problems: 1) The TTL is way long, i prefer 6 minutes at most instead of 24 hours. 2) there is Sender Policy Framework (SPF) and it is correct, but it is useless in this format, literally it is saying i am here, nothing else, accepting/allowing form any IP ("~all" parameter will relax the usage too much too), doesn't help at all, mx in this format with the actual domain also saying SMTP mx domain can send an email using this domain, but reverse resolving the IP will result in your other ".eu" domain !!.... in short this SPF can/should be better and more secure, hence will help a lot with spam flagging. 3) No DomainKeys Identified Mail (DKIM) ?! 4) No Domain-based Message Authentication, Reporting and Conformance (DMARC) ?! Here is headers i got from an email form this forum Authentication-Results: spf=none (sender IP is 138.201.18.17) smtp.mailfrom=mail.danielwolf.eu; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=delphipraxis.net; Received-SPF: None (protection.outlook.com: mail.danielwolf.eu does not designate permitted sender hosts) // these are values from Outlook (the general score) X-MS-Exchange-Organization-PCL: 2 X-MS-Exchange-Organization-SCL: 1 X-Microsoft-Antispam: BCL:0; So to break these 1) SPF should be more restrictive at least, it should list the IPs that SMTP will use, mx field is good but as mentioned above, it should be pointing to the actual mx for this domain not leaving it to the receiver to guess. 2) DKIM is helpful and will not cost you anything, just one extra layer of authentication like SPF. 3) DMARC will consolidate the SPF and DKIM together and provide one brilliant way to saty on top of things by reporting. Suggestions: 1) If you can then transfer your domain to more robust and concrete domain registrar, my self since moving all my domain to CloudFlare DNS, i never looked back, even if i am not using their services like protection of any, i just want them to serve domains and have control with API over my DNS records and subdomains. 2) change the TTL to shorter period, and here you must be very careful, if you want to start enhancing and tweaking your domains and DNS record, make sure it is 1 minute and wait until that 24h to pass then tweak it, don't touch it today if you decide you tweak something. 3) Enhance the SPF, most likely you have static IP for the mx which also serving another one or more, it is acceptable to be more than mx record on one IP, but declare these IP for each domain/subdomain, another tricky thing here, if you are allowing sending and using IPv6, then you should be 100% it will not change, it is static and controlled by you, or just disable it, also you can use and IP or a range, both will be OK and better form leaving it empty for any IP. 4) DKIM, well it is as simple at it sound generate key with hash... there is so many resources on internet so i am not getting there, on side note we can ask Angus to expand his built binary tools to include generating DKIM key, if i would do it it will be on his style with many checkboxes and radio buttons, i love doing that, "Just don't use any online service to generate the key !" use command for OpenSSL or ICS or what ever local for you. 5) there is so many to explain what mx in the SPF and its interaction with DKIM should be, but if you are delegating the sender for your domain lets say delphipraxis.net to Gmail or Outlook, it can be secure and validate , but one of these (SPF or DKIM) will fail as per designed, hence DMARC will come to rescue, also there is many resources on how to do it right, i love https://dmarcian.com/ it is free and can be paid if you prefer, DMARC will inform the receivers of email sent from your servers/SMTP.. to report the failures and may be even the success, the reported data are not private, so you should not care about an IP trying to spam other impersonating your domain, dmarcian have tools to analyze your domain parameters, so it will help you a lot, and if you used it right then services like GMail will email you back on daily/weekly/whenneeded basis a report of success delivery and failure or most important the spam recognized as pretending to be you, you can also receive these report and parse them on you own, it is just more beautiful to see their charts in work ! Extra info : About reducing TTL: TTL is there to prevent DNS attacks, yet it is two side blade (it can be debated both ways), so in my opinion the longer TTL was helping in the past, but not so relevant in modern days with DNSSEC and DNS-over-HTTPS (DoH), and here is the thing building an attack on mail/mx DNS with very shorter is rendered useless with the existence of SPF, DKIM and DMARC ! I see you are using Gmail site-verification and it is good wo work with Gmail, but that is not enough, they still have their own score, and the above will help, OutLook on other hand does use these record in their score system and consolidate with their own register method attached to your account and verified for more https://sendersupport.olc.protection.outlook.com/snds/JMRP.aspx Some additional reources https://en.wikipedia.org/wiki/Sender_Policy_Framework https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail https://en.wikipedia.org/wiki/DMARC https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-spam-confidence-level-scl-about?view=o365-worldwide https://support.google.com/a/answer/174124?hl=en https://support.google.com/a/answer/2466580?sjid=17120824358789328945-EU Hope that helps, not only for Daniel !

I would suggest to ditch the stack and return to heap, but without allocation, see, i have very similar to David implementation, (David's can be refactored easily to do so), with differences that i refactored the converting code into a function take a pointer to 24 char ( two in fact one ansichar and one widechar) this function take three parameters : 1) pointer to this buffer ( hence it could be on stack or on the heap) guaranteed by the caller to have the space of 24 char or 24 byte based on the version. 2) the value to parse 3) var to receive the length in char, this will be as same as the result but in chars, to trim in char in case needed. the result will be in byte the actual length being used, to trim in bytes in case needed. with such you can convert your csv numbers at really great number with 0 allocation per operation, and you don't need the limited stack space. example SetLength( T, 24 ); LenByte := IntToStrMem( T[1], Value, CharsLen); SetLength(T,CharsLen); // or // Loop over this, for buffer (as in array of bytes) LenByte := IntToStrMem(@Buffer[P], Value[i], CharsLen); Inc(P,LenBye); Buffer[P]:=','; Inc(P); .... //use PBufferWC : PWideChar; .. LenByte := IntToStrMem(PBufferWC, Value[i], CharsLen); Inc(OverallLength,LenByte); Inc(PBufferWC,CharsLen); PBufferWC^:=','; Inc(PBufferWC);

Also thank you for this link, it is nice reading.