Rollo62

How is that possible ? I thought PAServer is a Macos binary, on x86, not a Java thingy ? At least I can see dylib's in the package content. Or do you found a new, ARM compatible PAServer somewhere ? I don't think Apple is emulating x86 assembler code on M1, or do they ?

Did you also set the location permissions (fine should be enough, but fine+coarse do no harm) ?

Is there a reliable table somewhere, for the references of different components, platforms, tools, etc., which where used in the IDE ? Would be very good to get an overview about that, to see what references especially could be problematic.

Even if it would not results in any fixes in the final launch. At least you could judge the impact of new versions on your own projects, and try to find workarounds early in time.

Waiting for Christmas eve, ..... lots of gifts, presents and good mood 👼

Hi there, I've tried to patch my Rx10.4.1 Enterprise IDE with the last available patches. One was older, for C++ only, and two new for Delphi LSP and Linux LSP. They all seems to be processed in the same way, I usually restart the IDE before doing such critical tasks. Of course initially all uninstalled, so I can do the selection in the GetIt page: after that, immediately a selection appears: !! I have chosen NO in all cases, to prevent any false automatism or blocked files from the IDE. Then I closed the IDE directly, and a batch command run appears which immediately seems to run another batch file, starting the real installation. !! But beware, before that is startet, the GetIt patch asks for a admin confirmation, in a hidden window: After confirmation, the real batch runs fine, and waits for 3 seconds after finished, to be automatically closed After that, restart the IDE, and the welcome page shows "up to date" While in the IDE's installation path, under _patch-backup, there were all the backup'd files listed As PeterPanino found out, in the German DP, these three folders seems to control the display of "INSTALLED" or "NOT INSTALLED" in the GetIt page. Just renaming these folders will change and control "INSTALLED/NOT INSTALLED", as it seems. With that procedure I've installed all patches without any hazzle so far. Hope that was helpful to you too.

Exactly. Unfortunately I was too lazy to make special effords to get a proper screenshot But I think everyone knows this UAC-thing.

https://stackoverflow.com/questions/6424510/removing-a-from-delphi-string

@Andrea Magni Will there be a PDF version too, at PacktPub ? I haven't seen any, only the "pre-order" books.

Thats the way I like to use it too. Unfortunately this is veeeery unreliable in the last versions, so I mainly changed my habits to use right click "Open Files at Cursor", which is not the same convenience. I hope one day the LSP will fix all that, and make "Ctrl+Enter for "Open File at Cursor" great again

Very nice work, would make a lot of sense with chakracore. From my understanding the chakracore project is stopped, although some additions were still done. Maybe you can update us on the status of chakracore, and its current use-cases ? Does it make sense to use it still in new projects ?

If you want to cross segments, the you probably need a central broker, like MQTT provides. But I think the original thread request stay inside a local segment, where UDP would be an option.

Not directly an answer to your question, but maybe some input. https://www.delphipraxis.net/194859-android-delete-wifi.html https://stackoverflow.com/questions/2318310/how-to-call-wi-fi-settings-screen-from-my-application-using-android https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#behavior-network

No, not in background. But in background you need maybe also other measures to keep Android awake.

@Remy LebeauI think you mean like above, inside an anonymous method.

You can change the anon-proc at runtime, if you mean that ... type TAnon = class FParam : Integer; FProc : TProc< Integer >; procedure Setup( AParam : Integer; AProc : TProc< Integer > ); procedure Call; end; ... procedure TAnon.Setup( AParam : Integer; AProc : TProc< Integer > ); begin FParam : AParam; FProc : AProc; end; procedure TAnon.Call; var LInt : Integer; begin LInt := Random( FParam ); if Assigned( FProc ) begin FProc( LInt ); end; end; procedure Test; begin TAnon.Setup( // This are params for the caller 100, // This is called back procedure ( AResult : Integer ) begin Label1.Text := Result: ' + AResult.ToString; end ); TAnon.Call; TAnon.Call; TAnon.Setup( // This are params for the caller 75, // This is called back procedure ( AResult : Integer ) begin Label2.Text := Result: ' + AResult.ToString; end ); TAnon.Call; TAnon.Call; end; Anon procs are especially useful when dealing with async callbacks.

Hi there, I always try to use 0-based strings in new code, making it more compatible with mobile platforms. What always nag's me there: property Chars[Index: Integer]: Char read GetChars; ... {$ZEROBASEDSTRINGS ON} function TStringHelper.GetChars(Index: Integer): Char; begin Result := Self[Index]; end; Why on earth Embarcadero did not implement the according SetChars function as well ? Is there any deeper conceptional issue I'm blind to see ?

With the default IDE settings. I usually work with the intended settings, without changing too much. This is for getting valid support answers. If someone changes everything and then something odd happens, he cannot expect to get reasonable answers from people which use the default settings. I assume the default settings are what the Embarcadero developers use too.

Exactly thats the code what I dislike, then better to have pointer math. But of coarse I have to use like that a lot too.

Thanks Remy, yes I'm aware of that fact. But dislike the 1-based approach very much (maybe from my old C/C++ background), and it leads always to headaches. I also try to avoid the {$ZEROBASEDSTRINGS ON} to keep everything most compatible. Especially I dislike mixing of 0- and 1-based in string and array access, so thats why I try to keep everything at 0-based, if possible, not to have the need for two different mindsets in place. Moreover the elegant index checking via Cardinal, as @Marat1961 described here (this was the one) is not possible in 1-based, which I use a lot, but rarely on 1-based strings for obvious reasons. The missing SetChars method is really annoying, because that means I would have to mix 0- and 1-based stuff in the String[] / Chars itself to gain read and write access, which I dislike even more.

I'm afraid the roadmap is delayed by the Coro.... !!#\-?§?/&§ Oh fuck, not again this phrase.

@David Heffernan Your're spot-on, I think thats the explanation. Moreover this thought leads to the safety on consts string objects.

Hi there, I want to use the TRestClient components mainly under mobile platforms (iOS, Android), and I want to enhance and ensure the security concept for a new app. So far that means I need to verify the certifications under all conditions, same like browsers do. Since I have seen issues with apps which doesn't check certificates properly, but since Rx10.2.2 there should be all the events in place now. The client throws an event OnValidateCertificate, which could be used to verify a certificate, I think that is the right one, not really the OnNeedCertificate event, as noted in the blog from Marco above. This event returns certain infos in the TCertificate object, which are helpful to identify and verify the certificates: TCertificate = record CertName: string; SerialNum: string; Expiry: TDateTime; Start: TDateTime; Subject: string; Issuer: string; ProtocolName: string; AlgSignature: string; AlgEncryption: string; KeySize: Integer; function IsEmpty: Boolean; end; Unfortunately there is no real simple way to check the certificate status provided, e.g. from a test-site like BadSsl.com. It seems that this can be achieved only by heavy OpenSSL and touching the OCSP protocol, maybe then the app can be able to check the full status correctly and completely. While on the other side the native browsers can do this easily, as a side-effect more or less. From my understanding of the System.Net libraries, their basic idea is to use the underlying OS SSL systems, which works well for the HTTPS connection part. But I cannot really find any simple way to make use of the underlying OS for checking certifications, even if everything for checking certificates, like OpenSSL, should be in place in the OS. So I think about using the browsers of the OS, which have such support integrated, and should be perfect candidate to check the status (Safari, Chrome). But there is also no easy way to get data from the browsers from an app either, or is there any documented way I haven't seen yet ? Moreover, even if there would be a way to get that data: Would the access to the system browser be considered as "safe", from a high security standpoint ? There could be still a man-in-the-middle attack taken place, although the risk is IMHO quite low. Is there any simple Delphi/FMX "certification checker" out there which I haven't seen yet, or do I have to re-invent the wheel ? Maybe some security experts have tips to flatten the way, to reach a high security certification of the apps.

Yes sorry for that, you're absolutely right. "check" is a too sloppy term for all these processes. What I meant by "check" was the whole process itself, including obvious steps, like expiry, and not so obvious tasks, like validation, revokations, ... all that you pointed out. Of coarse "expiry" check is an easy one, but parsing the revokation list is highly tricky. SecureBlackBox seems to be a good choice, since it supports all platforms I'm interested in Even if such thing is possible it is highly unrecommended, and in my opinion this is wrong.  I was afraid somebody would say so Well, I would not have expected that, but your opinion sounds reasonable. I usually look after the modern approach, when choosing a new techology. Indy is still around everywhere, thats fine too, but with HTTPS it always stood behind the new System.Net components, needed to carry all that OpenSSL stuff in the baggage. Not that I need to stick to TRestClient, but it looked to me more modern and I was very happy to see something like System.Net to ease such basic tasks, especially on mobile platforms. So also Indy and ICS could be the right choice too for making the connections, but isn't this in the end exchangeable, after the certificates were validated ? Then after validation the connection session is, and stays, safe ( of course not counting any TRestClient issues here ). Yes, thanks a lot. Unfortunately much to consider I always think, if security is so important and all want this, why the hell must it be that obfuscated ? I have to look into those options more deeply and check them out. Anyway, are there maybe any other configurations outside of Delphi, that might help ? Probably server-based security measures, with JWT access-token, separate authentication server, a 3rd party microservice or the like. Or specialized libraries from the local mobile platforms itself ? Yes also the server certificates itself may be compromized, but don't have all the cloud and service providers similar problems, when offering REST services to an app without a secure browser ? I think the cloud providers will have to force their users to close all security gaps, also to provide damage from themselves. Would the access-token and key exchange something that could ease or replace the whole security process, when moving to a more self-signed approach, like you described ? I think I could omit the CA root references at the moment, not sure if I will need them in a later scenario. If I consider an access-token as "small certificates", but without the overhead and easy to validate. I'm afraid then when I cannot rely on the HTTPS transfer, and need my own encryption in the transfer, also thats no easy path.

<OT> Have I ever noticed how silly "BING BING BING !" would sound </OT>