Angus Robertson

Since 95% of new features in ICS relate to SSL/TLS, those that only need limited features and no SSL/TLS may as well stick with old versions. 

Sure there are applications that don't need SSL/TLS so it is optional in most components, the issue is whether those components should be compilable without the SSL./TLS code to save space, at the expense of extra complexity and riskier maintenance, thousands of conditional statements.  Simply, it wastes my time. 

Angus

Thanks, I'll look at the various package issues before the final V8.71 release when I update them all with new components.

Done the defs file, but it just missed an SVN update, next time. 

I rarely test without USE_SSL, it will disappear from the next major release since very little of the internet works without SSL/TLS nowadays and all the conditionals and extra classes make maintenance and upgrades a nightmare.

Angus

This particular web site is aimed at the UK market and has little interest for those outside the UK, it contains information about UK telephone and broadband networks. Some information is free but limited, businesses pay for access. 

But some users try multiple IP addresses to get around my counting accesses against IP addresses, and Tor is easy for them (I assume).  I just went through the 50,000 accesses sequentially to my database to find Tor exit nodes.

I did accidentally block access to British Telecom at the same time, got a phone call from their network people asking why their staff could no longer access my site (for free)...

Angus

My Delphi web servers have an IP blocked list which hackers get automatically added to based on several criteria, any path with filers ,php, .pl., /,,, ;echo, mysel, etc,since there is no CGI or Perl or MySQL on the site, also if they access pages by IP address instead of the correct domain name using SSL.  I also block Tor exit nodes, to try and stop IP blocked users using alternate access. 

Blocked IP addresses are cleared from the list 24 hours after their last access, and any accesses have a response delayed by one minute, so try and slow down the avalanche of requests hackers make, often hundreds a minute.  Currently 179 IP addresses blocked on my main site.

Angus

You need to request a download password on the TMagRas page, and then go to https://www.magsys.co.uk/delphi/dfiles/default.asp

Sorry about password nonsense, it's to stop Google scanning my files and falsely black listing my site again.

Angus

The Magenta TMagRas component will connect to any VPNs created by Windows, although I stopped testing it several years ago when the last public dial-up internet service in the UK closed, despite what the web page says, source code is now free from my download page. 

Angus

Quote

Where is the blocking function ?

Also wouldn't be nice to have a timeout for that ? 

Reverse DNS is WSocketResolveIp, forward DNS is WSocketResolveHost, blocking means no timeout is possible, unless you mess with registry settings that affect every other application on the PC. 

Angus

ICS deliberately does not offer sync version of the low level Winsock functions, only high level protocols like HTTP and FTP. 

There is a blocking version of DnsLookup, but no timeout is possible since the OS function waits up to 30 seconds or more for DNS servers to respond to queries, So you need to implement your own abort on timeout.  Or use the TDnsQuery component

Angus

Yes, I have a page password protection ISAPI filter running on my public W2022 servers, but the DLL date stamp is May 2005 so not built with a recent version of Delphi, still works fine after all these years, as good applications should. 

Angus

The new ICS WebSocket Client component is now in SVN and will be zipped overnight.  

See top of OverbyteIcsWebSocketCli.pas for information on how to use it, sample is a new tab in OverbyteIcsHttpRestTst.dpr.

I'll look at the ICS WebSocket Server next week, it needs to be brought up to date. 

Angus

ICS is mostly even driven, you never put delays in events since that upsets the protocol. 

So it's really down to how you queue your emails, delay sending them after an error, I mostly use triggers tested in a single once per second timer event, there are several functions in ICS for setting and checking triggers.  Except for TIcsMailQueue which uses real date/times checked in a thread.

How many emails (megs) are you sending each minute?  It must be a lot to cause the mail server queue to run out of disk space continually. 

Angus

Agree, essentially nothing to fix in ICS, it's a server issue, Google brings up a vast number of responses for the error in Exchange.  Hard to tell if it's a real problem with the server being overwhelmed or artificial because it considers the email volume abusive. 

Restarting your service merely causes a delay in sending email so the server is content again. 

So you need to slow down the rate at which you send emails.  Perhaps send one email per session, if you are sending multiple emails with one connection, Or just wait a second or two between emails, If you get an error sending email, close the session and start a new session.  Much easier to test if you have access to the real server.

Are you using the TIcsMailQueue component?  It is designed for this sort of activity and will retry emails that fail on a schedule over many hours.  But it does not currently have a means to so down flow to one server.   It will use multiple servers if one gives an error.

Angus

The new ICS websocket client is done, just updating the REST sample with a websocket tab, day or two.

Angus

All of my Windows service applications are built as dual desktop/services, with a minimal GUI, TMemo and a couple of buttons, so they can be fully debugged in Delphi and also installed to run as background services. 

20 years ago I used the Aldyn SvCom service framework, now I use DDService.  ICS includes a REST web server sample using DDService.

Angus

9 hours ago, HTMLValidator.com said:

Although my 64-bit app builds are crashing (32-bit works)..

There were a lot of low level changes relating to destroying components this week in SVN that have made some of my Win64 applications a lot more stable.  You might want to try the overnight zip.   And more HTML changes due shortly. 

Angus

The IcsShellExec function moved units in V8.69, it is now in OAuth, but perhaps you have an old HttpRest unit with it still in?  Or an old DCU.

When installing a new version of ICS, it's always safest to use the Build Group pane to build all four versions of all packages, just wish it installed them as well. 

Angus

ICS has never been available from GitHub, someone must have stolen it and reposted it there without permission. 

We use a private SVN server, https://svn.overbyte.be/svn/ use the ICS branch. 

But I prefer to add patches using WinMerge comparing complete old and new units (no diffs), so please email complete units with your new code commented so I know why it is there.  My email is in various ICS units and the readme.

I suggest you look at the OverbyteIcsHttpProt,pas unit in SVN today, there were a many changes yesterday from another contributor. 

Angus

I've started converting ICS VCL sample applications to FMX, using VCLToFireMonkeyFormConvtr.exe from: http://www.innovasolutions.com.au/delphistuf/ADUGVCLtoFMXConv.htm

or  https://github.com/rogerinnova/Delphi-Firemonkey-Dunit

It is very basic, search and replace using an INI file, not looked at the Github version, but the zip download was for XE5 and the INI file needed several changes to bring to cope with the latest FMX forms.  I mapped TListView to TStringGrid, TRadioGroup to TListBox, TBitBtn to TButton, TComboBox to TComboEdit, TRichEdit to TMemo, TPageControl to TTabControl, and a few other things.   TGrid would be better than TStringGrid, except it uses virtual data (which the help fails to mention) which needs a lot of rewriting. TRadioGroup is the biggest problem, visually you can do it, but there is no simple ItemIndex to use, so TListBox with or without a separate caption is easier.  

I can share my INI file is anyone wants it, but it's a work in progress, several more samples to convert.

Angus

The wiki server hardware has been rebuilt recently so has been off-line on and off, but ICS can also be downloaded from my server at:

https://www.magsys.co.uk/delphi/magics.asp

Angus

ICS will shortly have a new websocket (WSS) client component. 

One of our long term users has kindly contributed code extracted from a working application and a new test application which works, it will take me a few days to check throughj the source and test it thoroughly.  I will then also look at our existing websocket server which is very old code, and try to bring that up to date with SSL/TLS. 

Angus

Server sockets tend to only raise errors when they are processing data, not sitting idle listening. 

There are really only two solutions, send wake up data periodically to the server socket, or check a last received time stamp if you expect data every five minutes or something, or perhaps a combination of the two.   

Wake up testing can be added with a few lines of code using TSslHttpRest for HTTP or TIcsIpStrmLog for simple ASCII which I believe HL7 uses.  I had a problem with one of my web servers not listening after restart and added this in half an hour.  Then discovered I was incorrectly setting a firewall rule on startup. 

If TWSocket has stopped listening, you can try closing and re-opening, but it's safer to restart the application, which is easy with a Windows service, just set service properties to restart after five seconds, and stop it.  My servers send an email when this happens so I know to check the logs for why, the OverbyteIcsDDWebService sample illustrates this. 

Angus

There are simple ways to download a file with zero error handling, and proper ways. 

Without error handling, unexpected things can happen.  My PC crashed out of disk space a few weeks ago.  Eventually I discovered the Sage accounting software had downloaded 11,000 copies of a tmp file, totalling over 400 gigs, over a couple of days, in background.  No error handling and a lousy design, expected better from a company that charges hundreds of pounds to get a new software version that supports TLS/1.2. 

Angus

Don't often look at map files, but you are correct, the TRestOAuth object and new OAuthForm are being dragged into the ICS web server sample. 

I don't believe OAuth is referenced anywhere, but all units using TSslSocketServer bring in TSimpleWebSrv to handle automatic SSL/TLS certificate ordering, and that that is in the same unit as OAuth.  Unless you un-define AUTO_X509_CERTS. 

I've been under the impression for 20 years that Delphi only linked in objects that are actually referenced and ignores unused ones in shared units, but perhaps that has changed?  And maybe that is why applications built with new versions of Delphi become bloated in size. 

If linking is broken, I could move TSimpleWebSrv back to the REST unit (where OAuth used to be) or to a separate unit. 

I try to avoid lots of small units to simplify maintenance and needing to change over 100 runtime packages each time I add a new unit, but that has to happen for the next ICS release to add the new OAuth forms. 

Update: looking at some code, the OAuth stuff is being brought in to support automatic SSL/TLS certificate ordering from a German company CertCentre who sell Sectigo and DigiCert certificates, whereas most people probably only need Let's Encrypt.  I'll look at making CertCentre conditional. 

Angus

The OAuth unit uses TSimpleWebSrv which is a minimal overhead web server, not THttpServer. 

Angus

Looking into the strange host name ws.twelvedata .com posted here, in UTF-8 it is \x77\x73\x2E\x74\x77\x65\x6C\x76\x65\x64\x61\x74\x61\xEF\xBB\xBF\x2E\x63\x6F\x6D which includes a special symbol before the second dot, in UTF-8 xEF\xBB\xBF\ or #65279, which is the non-printing reserved Unicode symbol range. 

So you can not see it, but it copies and converts into an international domain name (like Chinese).  Potentially a risk for phishing, but no idea how it got into the original wss URL.

Angus