Angus Robertson

15:33:40 Request from 209.141.46.116 (), Host=TELECOM: http://2573636313/ GET

15:33:40 !!! Application Server Exception Big - Integer overflow
15:33:43 Restarting Server After Errors

Guess we need to validate silly URLs more carefully. 

Angus

14 minutes ago, Attila Kovacs said:

Are you sure? Never seen that.

Absolutely, I keep the four targets files that Microsoft deletes when it you re-install or patch framework v2, they are in a Microsoft folder atter all, so maybe it was Borland's error. 

Angus

There are subtle changes with new versions of windows.

Getting the actual windows version is much harder than it used to be since Windows now fakes old versions to keep old applications happy. 

Auto running from the registry is harder if your application has admin rights, since that is something hackers try to do to gain admin rights. 

There must be a list of these things somewhere, these are just two in the old application I'm maintaining today.

But generally, Delphi applications compiled 20 years ago still run today, as do new applications compiled with 20 year old compilers (mostly). 

Never used .net, but I know security holes are fixed every month, and Microsoft keeps breaking Delphi 2007 by regularly deleting the  Borland.*.Targets files from the Framework directory.  I would never sell an application that Microsoft can so easily break. 

Angus

The distribution does not include any .lib files, they are presumably built when you build the C++ packages.

Angus

Disabling Windows Update is an art, Microsoft does keep trying to restart it afer any updates are installed manually, and there are two services to stop.  I've not recently tried to stop Update, but Firewall has not run here for three years.

Angus

Surely disabling the Windows Update and Windows Update Medic Service services through the registry should be sufficient to stop them working.  That's the only way to stop Windows 10 Derfender Firewall interferrng with internet connections, even if turned off. 

Angus

I was updating the check alive capability of one of my applications to add IPv6 support this week, so created a new ICS component TIcsInetAlive to check for IPv4 and/or IPv6 internet
connectivity, using Ping and/or HTTP, defaulting to  www.msftconnecttest. com run by Microsoft for Windows 10 alive checking, online and offline check intervals may be set, event when online changes.   In SVN now.  There is a demo in OverbyteIcsHttpRestTst.dpr.

It is also a sample for using TSslHttpRest, needing only a few lines of code for HTTP requests. 

Angus

I've just written a new TIcsInetAlive component, will be in SVN shortly, it measures the round time for ping and HTTP requests, and these are my results from Windows 10 over FTTC to a London data centre where Microsofts hosts this domain. 

08:31:24  Check Alive Ping to www.msftconnecttest.com (13.107.4.52) took 5 msecs
08:31:24  Check Alive to http://www.msftconnecttest.com/connecttest.txt (13.107.4.52) took 16 msecs
08:31:49  Check Alive Ping to ipv6.msftconnecttest.com ([2a01:111:2003::52]) took 5 msecs
08:31:49  Check Alive to http://ipv6.msftconnecttest.com/connecttest.txt ([2a01:111:2003::52]) took 15 msecs

Note HTTP is the complete lookup DNS, connect, get a page, close cycle, not just send and receive a packet. I'm only timing with ticks, not performance counter, but I believe ticks are reasonably accurate in modern versions of Windows.

Angus

I don't believe ICS has any OS checks between Windows 7 and 10, only back to XP, nor does it check for 32-bit or 64-bit versions of Windows, and no conditional Win64 code for TWSocket. But the Windows winsock code is 12 years younger so maybe different. 

Are you sending packets using simple TWSocet functions, using IP addresses not domain names?

Angus

The Dxx projects are Delphi, CBxx are C++ Builder.  Looks like I put an extra D in the name, should have been OverbyteIcsCB101Run.cbproj, but evewn that is missing, so try Packages\OverbyteIcsCBXe3Run.cbproj and Packages\OverbyteIcsCBXe3Design.cbproj.  We are dependent upon C++ users to supply packages for new compilers, and it does not happen often enough.

Angus

Indeed, lets hope Embarcadero uses it to bring some long neglected RTL files up to date.

Also OpenSSL, but dare not ask them anything new, so far behind on 3.0.

Angus

Thanks, I'll update the DllSuffixes for the next release of Delphi.  I added support for DDService in Delphi 10.4 last summer.

Angus

Unless you need FMX support, you would be better installing the VCL only packages, they are less complicated.  But we don't seem to have them for 10.2 and later, so try using OverbyteIcsCBD101Run.cbproj and OverbyteIcsCBD101Design.cbproj

Sorry, I don't use C++ so can not help you any further.  We are dependent upon ICS users for C++ support.

Angus

Add recent: to the start of the account user name, no spaces.

Angus

Quote

But not all servers reply to ping request...

www.msftncsi.com and ipv6.msftncsi.com both respond to ping. 

Angus

Rather than accessing Google, you should check http://www.msftncsi.com/ncsi.txt and http://ipv6.msftncsi.com/ncsi.txt  which are the Microsoft Network Connectivity Status Indicator web pages used by almost all Windows installations every few seconds for many years to detect network connectivity for IPv4 and IPv6 (one or other may not work). They are designed for heavy use, and return a two word text page.

While you can use TCP to open a web page, there is a long timeout trying to connect, 30 seconds or more, so it's faster to use ICMP ping, to www.msftncsi.com, look at the OverbyteIcsPingTst.dpr sample, with ping you can set a five second (or less) timeout to get a quick response.

Angus

The original example was a short POST URL with parameters sent as Json, which can easily be encypted in numerous ways for privavy, base64 does not protect anything.  Advantage of using JOSE is the use of standard libraries.  Not sure why one would want to prorect a simple login page URL. 

Angus

Quote

It is impossible for a server to detect middle man when the secure connection is TLS/HTTPS with only server side certificate authentication

Which is why many servers insist on using JOSE technologies such as Json Web Signing which means the headers are signed with a password or private key before being sent, so can not be changed without the server knowing, this is how Let's Emcrypt and OAuth1/2 work.  Or Json Web Encryption if you don't want the headers read. 

Angus

Sorry, my fault, seems the latest version never made it to master or SVN,  Will be fixed real soon, once I get SVN installed on my new development PC, such a pain building new systems. 

Angus

Quote

I did have to add `TIcsRestEmail` to the parameter list of the RegisterComponents() procedure call in `OverbyteIcsReg.pas`

The comments at the top should say: Sep 2020  V8.65  - Added TIcsTwitter and TIcsRestEmail, unless you have an older version?

Angus

That particular demo is obsolete and no longer works, since it does not support SSL, and that is needed for Google and almost everyone else nowadays.  I really should remove many of the old files from the ICS distribution, if there were more hours in the day...

ICS has a new SSL REST and Json demo, OverbyteIcsHttpRestTst.dpr, you should be able to use the GUI to make the same search as the old demo.

Angus

Displaying a replacement password character could be done by editing the form in the program resources, but would mean changing each TEdit component separately.  I guess developers should really set the replacement character before display to stop editing, to overcome that would mean a lot of debugging. 

Of course all executables should be code signed against tampering, and the hash should be checked by the program itself before it runs, ideally the certificate as well.  I have a little unit that does that. 

Angus

Your port access might be blocked by Windows Firewall, which can only be turned off completely on Windows 10 by disabling the service in the registry.  But that should not give an exception, just fail to work. 

My comment about AnsiStrings was for unicode compilers, not Delphi 7.  You can write Windows services  in Delphi 7, very few Delphi applications benefit from the extra memory supported by 64-bit. 

If it was my project, I'd simply replace those old TCP components with ICS, if you are using only UDP there is nothing complicated.  But the problem may be unrelated to UDP, hard to tell from your description.

Angus

The main issue updating from Delphi 7 to Delphi 2009 or later is unicode, strings are now two bytes per character, all all TPC/UDP communication is a stream of bytes.  

Changing all Striing definitions to AnsiString may work, although that will depend on how TServerSocket was implemented in unicode compilers, never used it myself since I've been using ICS for over 20 years instead.  For project maintenance, I'd just stick to Delphi 7 under Windows 10, it still works today, no benefit in changing compiler unless you plan a lot of new development with new components. 

Angus

In ICS, there is a function that includes code attempting to open an IPv6 UDP socket, which fails if there are IPv6 addresses, you'd need something similar, if Indy does not have a similar function. 

            s := Ics_socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
            Result := s <> INVALID_SOCKET;
            if Result then begin
                Ics_closesocket(s);
                GIPv6Available := 1;
            end
            else
                GIPv6Available := 0;

Angus