Re: [fpc-pascal] Porting code from Windows D2007, missing Windows functions
Am 14.07.2016 07:08 schrieb "Bo Berglund": > > I am porting a Delphi2007 utility from Windows to Linux (Raspbian > Jessie). It uses a unit I have downloaded from the web, which was said > to support FreePascal too. > > But now I am getting a number of missing identifier errors as follows > Function calls: > - SetFilePointer > - GetFileTime > - FileTimeToLocalFileTime > - FileTimeToDosDateTime > - SetEndOfFile > > Constants: > - FILE_CURRENT > - INVALID_HANDLE_VALUE > > It seems like these are defined in Windows and now in FPC they are > elsewhere. Those functions and constants don't exist on non-Windows. Try to convert your code to one of the abstractions Free Pascal (and also Delphi) provides, e.g. FileOpen() and friends or TFileStream. > The uses clause of the unit has the following content: > > uses > {$ifdef MSWINDOWS} > Windows, > {$else} > LibC, <== Error here, not found > Types, > {$endif} > SysUtils; > > It could not find LibC and when I asked on the Lazarus list I got a > reply to try Unix and/or BaseUnix instead. But this does not work so I > guess these functions are in another FPC unit somewhere. > > What should I add to the uses clause in place of LibC to get it to > compile on Linux? The LibC unit only exists on i386-linux and only for compatibility for Kylix. Other than that you should consider that unit as deprecated and instead use units like Unix, BaseUnix or Linux, depending on what functionality you need. Regards, Sven ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Porting code from Windows D2007, missing Windows functions
Sorry, ignore my last message. I see your issue is with RPi (Linux) and not the Windows platform. Regards, Graeme ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Porting code from Windows D2007, missing Windows functions
On 2016-07-14 06:08, Bo Berglund wrote: > uses > {$ifdef MSWINDOWS} > Windows, Try changing that to {$ifdef WINDOWS} instead. Regards, Graeme -- fpGUI Toolkit - a cross-platform GUI toolkit using Free Pascal http://fpgui.sourceforge.net/ My public PGP key: http://tinyurl.com/graeme-pgp ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
[fpc-pascal] Porting code from Windows D2007, missing Windows functions
I am porting a Delphi2007 utility from Windows to Linux (Raspbian Jessie). It uses a unit I have downloaded from the web, which was said to support FreePascal too. But now I am getting a number of missing identifier errors as follows Function calls: - SetFilePointer - GetFileTime - FileTimeToLocalFileTime - FileTimeToDosDateTime - SetEndOfFile Constants: - FILE_CURRENT - INVALID_HANDLE_VALUE It seems like these are defined in Windows and now in FPC they are elsewhere. The uses clause of the unit has the following content: uses {$ifdef MSWINDOWS} Windows, {$else} LibC, <== Error here, not found Types, {$endif} SysUtils; It could not find LibC and when I asked on the Lazarus list I got a reply to try Unix and/or BaseUnix instead. But this does not work so I guess these functions are in another FPC unit somewhere. What should I add to the uses clause in place of LibC to get it to compile on Linux? I am using FPC 3.0 and Lazarus 1.6 on a Raspberry Pi3 with Raspbian Jessie. -- Bo Berglund Developer in Sweden ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Is there a way to interact with this list via the Web?
> Is there a way to interact with this list via the Web? Alternatively (if you prefer forum-like interface): http://free-pascal-general.1045716.n5.nabble.com/ -- View this message in context: http://free-pascal-general.1045716.n5.nabble.com/Is-there-a-way-to-interact-with-this-list-via-the-Web-tp5725707p5725709.html Sent from the Free Pascal - General mailing list archive at Nabble.com. ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Is there a way to interact with this list via the Web?
Thank you. On 7/14/16, Jonas Maebewrote: > Vasudev Ram wrote: >> Sorry, forgot to put the subject line earlier, so re-sending. >> >> On 7/14/16, Vasudev Ram wrote: >>> Hi list, >>> >>> Is there a way to interact with this list via the Web? > > http://blog.gmane.org/gmane.comp.compilers.free-pascal.general > > > Jonas > -- Vasudev Ram - Dancing Bison Enterprises - Python, C, Linux, databases, open source, ... - Web site: https://vasudevram.github.io - Blog: http://jugad2.blogspot.com - Blog subscribe: https://feedburner.google.com/fb/a/mailverify?uri=Jugad2-VasudevRamOnSoftwareInnovation=en_US About: http://jugad2.blogspot.in/p/about-vasudev-ram.html ActiveState Code recipes: https://code.activestate.com/recipes/users/4173351 ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
[fpc-pascal] Is there a way to interact with this list via the Web?
Sorry, forgot to put the subject line earlier, so re-sending. On 7/14/16, Vasudev Ramwrote: > Hi list, > > Is there a way to interact with this list via the Web? > > By interact, I mean, both read and post messages. > > I have seen the main page for the list, where one can subscribe, etc. > and do know that there are archives. But archives are only for > reading, and not in a convenient format like a NNTP newsreader or > email client. > > Is there any way (including third-party, such as Gmane or similar > tools), by which one can both read messages from, and write messages > to, the list, via the Web ? > > Thanks, > Vasudev Ram - Dancing Bison Enterprises > - Python, C, Linux, databases, open source, ... > - Web site: https://vasudevram.github.io ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
[fpc-pascal] (no subject)
Hi list, Is there a way to interact with this list via the Web? By interact, I mean, both read and post messages. I have seen the main page for the list, where one can subscribe, etc. and do know that there are archives. But archives are only for reading, and not in a convenient format like a NNTP newsreader or email client. Is there any way (including third-party, such as Gmane or similar tools), by which one can both read messages from, and write messages to, the list, via the Web ? Thanks, Vasudev Ram - Dancing Bison Enterprises - Python, C, Linux, databases, open source, ... - Web site: https://vasudevram.github.io ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
Tony Whyman wrote: What's interested me is how this thread has almost looped back to a recent thread on that steaming heap of brown stuff know as GTK and the attitude of the programmers behind it. It wasn't intentional :-) They make the point here that GTK is (too) complex and difficult to analyse hence setuid (and setgid) is bad on the grounds that no one knows how it could be mis-used. Assuming that this problem still exists in GTK2, it may get in the way of what otherwise could be a good way to solve the original problem in this thread. There's certainly still problems setting running something setuid root, I can't speak for using a less-privileged user. I think you might be able to work around some (but not all) of the issues using capabilities. The thing that I found most incredible about the attitude of the GTK developers was that they used the fact that Linux changes /internal/ interfaces as a precedent that they claimed justified their changing /external/ APIs (i.e. as available to application programmers). -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
What's interested me is how this thread has almost looped back to a recent thread on that steaming heap of brown stuff know as GTK and the attitude of the programmers behind it. I had a similar problem a few years ago whiich I wanted to solve by putting the passwords in an external file and using file permissions to hide it from the bad guys. The file could be owned and only readable by root, or better some ordinary user. The preferred solution was to make it read/write a non-login user and read only to a group but no one else. Users had to be members of the group to read it. Better still was to make the program setgid to that group, allowing anyone who could run the program (and login into the database) to get access to the password controlled info without being able to actually read the password themselves. However, GTK gets in the way of this because some bozo GTK developer thinks they should police use of setuid and setgid from GTK and will raise an exception if run from a setgid program. Google "gtk setgid" for examples. I can't see a security problem from setgid to a normal group - to me its a security mechanism, but you try telling that to the GTK team. Read http://www.gtk.org/setuid.html for an example of some incredibly muddled thinking. They make the point here that GTK is (too) complex and difficult to analyse hence setuid (and setgid) is bad on the grounds that no one knows how it could be mis-used. They then recommend writing an setuid backend in such situations, without recognising that all they have done is to move a problem rather than solve it. I wanted my program to be setgid so that only it could access privileged information. If I write a setgid backend program now I have to find a way of authenticating my GTK frontend to my backend (Oh perhaps I should have an embedded password). The point is that while it is reasonable for a developer to give guidance on what is good practice, actively stopping a user from using your code in a way that you do not approve is not just stupid and contemptuous of your users, it can actually get in the way of the right solution to a problem that you do not know about. Assuming that this problem still exists in GTK2, it may get in the way of what otherwise could be a good way to solve the original problem in this thread. Tony On 13/07/16 08:31, Mark Morgan Lloyd wrote: Michael Van Canneyt wrote: On Tue, 12 Jul 2016, Mark Morgan Lloyd wrote: Please excuse one of my regular silly questions. Elsewhere, a (former) Delphi programmer is uneasy having found that his binaries have had embedded SQL queries, passwords and so on visible "in clear" for the last 20 years or so. Can FPC be told to obfuscate ResourceStrings? No. The default value for resourcestrings is stored as-is in the binary. To solve this, I store the username/password encrypted in the binary as consts, and they are decrypted when needed. Sometimes it's difficult to avoid having to do that sort of thing, or obfuscating them in an external file. ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
Dennis Poon wrote: On the subject, can the OP simply use UPX to encrypt the executable binary. It won't be secured but no more unsecured than other simple solutions. I'm the nominal OP, but I raised the question in response to what an (ex-) Delphi programmer was asking elsewhere about obfuscators etc. for .NET which is what he now uses. He posts: "...particularly database access strings. I realised I had the passwords in plain text, so figured this must be a well-trodden path. Found a thread about it from 2006, with detailed discussion. Struck me as odd that ten years later it isn't automatically solved in Visual Studio." -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
El 12/07/2016 a las 21:39, Graeme Geldenhuys escribió: > No, but why the hell would you want to hard-code a password inside an > executable. Encrypt it externally and read it from a .INI file at > runtime (or prompt for a password). Even something as simple as > XorString() is better than nothing - compared to storing it inside your > source code. > > Regards, > Graeme Well, if you don't prompt the password, where do you store the password to decrypt the externally encrypted password? ;-) Whenever you try to hide something without storing the password in user's brain you are just ofuscating. A hard coded password is just another way of ofuscating strings, but with a higher level of ofuscation. My solution to store passwords was to store de password in a .INI file (i.e. user doesn't want to type the password, wants the program to remember it). The connection password was encrypted with a hard-coded password and stored in base64 in the in file. i.e. implementation Const _Password='48-49-50'; // hardcoded ofuscated 123, so in resources it is not plain function unofuscate(s):string; begin . end; procedure LoadData; begin IniPassword:=unofuscate(_Password); ConnectionPass:=SimpleDecrypt(Base64Decode(ini.ReadString('connection','pass','')),IniPassword); end; I always declared the password in the implementation section, (don't know where I read that that way there is not a recognizable symbol "_Password"), if I had to use it in several places, I used ($include pass.inc} My ofuscate function was a little more complex, and but anyway, any system that stores passwords without human intervention is inherently insecure. Well, it was long time ago. -- Saludos Santiago A. s...@ciberpiula.net ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
On 2016-07-13 09:54, Dennis Poon wrote: > May I know what OnGuard is? It was originally TurboPower OnGuard, but then released as open source software. It allows you to license your software in many different ways. eg: x amount of days trial, lease your software for a year at a time, x amount of uses before it expires etc. Source code: https://github.com/graemeg/onguard FPC Wiki page: http://wiki.freepascal.org/OnGuard Regards, Graeme -- fpGUI Toolkit - a cross-platform GUI toolkit using Free Pascal http://fpgui.sourceforge.net/ My public PGP key: http://tinyurl.com/graeme-pgp ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
Graeme Geldenhuys wrote: On 2016-07-13 08:31, Mark Morgan Lloyd wrote: Sometimes it's difficult to avoid having to do that sort of thing, or obfuscating them in an external file. You could use something like DCPCrypt to help the cause. Or you could follow similar tactics to what OnGuard uses - encode sensitive text in a data structure. At the very least use a const of bytes instead of clear text. For example: May I know what OnGuard is? googling it returns something irrelevant. On the subject, can the OP simply use UPX to encrypt the executable binary. It won't be secured but no more unsecured than other simple solutions. UPX is at http://portableapps.com/apps/utilities/free_upx_portable The original sourceforge.net link is dead, I don't know why. Dennis ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
Lukasz Sokol wrote: On 13/07/16 08:31, Mark Morgan Lloyd wrote: Michael Van Canneyt wrote: On Tue, 12 Jul 2016, Mark Morgan Lloyd wrote: Please excuse one of my regular silly questions. Elsewhere, a (former) Delphi programmer is uneasy having found that his binaries have had embedded SQL queries, passwords and so on visible "in clear" for the last 20 years or so. Can FPC be told to obfuscate ResourceStrings? No. The default value for resourcestrings is stored as-is in the binary. To solve this, I store the username/password encrypted in the binary as consts, and they are decrypted when needed. Sometimes it's difficult to avoid having to do that sort of thing, or obfuscating them in an external file. Could it help to try doing this after linking the program binary, to build the resources and scramble them using the program binary part checksum (or have it seed a PRNG and/or derive an encryption key / key pair from it) ? Not that I know how ;) and whether such a thing is viable at all - or desirable (since an executable would always have to be distributed with matching resources build). But how would that be for an idea ? ;) I wonder whether this could this be handled by a step related to i18n. The whole thing's a bit of a minefield, since there are hacking tools out there which can scan a binary looking for regions which are more random than expected on the basis that these might be things like crypto keys. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
On 2016-07-13 08:31, Mark Morgan Lloyd wrote: > Sometimes it's difficult to avoid having to do that sort of thing, or > obfuscating them in an external file. You could use something like DCPCrypt to help the cause. Or you could follow similar tactics to what OnGuard uses - encode sensitive text in a data structure. At the very least use a const of bytes instead of clear text. For example: const CKey : TKey = ($E5,$8F,$84,$D6,$92,$C9,$A4,$D8,$1A,$FA,$6F,$8D,$AB,$FC,$DF,$B4); Regards, Graeme -- fpGUI Toolkit - a cross-platform GUI toolkit using Free Pascal http://fpgui.sourceforge.net/ My public PGP key: http://tinyurl.com/graeme-pgp ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
On 2016-07-13 08:28, Mark Morgan Lloyd wrote: > In that case "No, but why the hell would *one* want to hard-code a > password [...] storing it inside *one's* source code." The English language is perplexing (ie: “clear as dishwater”). There are a 1001 rules and exceptions to the rules. Both our sentences are acceptable. Regards, Graeme ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
On 13/07/16 08:31, Mark Morgan Lloyd wrote: > Michael Van Canneyt wrote: >> On Tue, 12 Jul 2016, Mark Morgan Lloyd wrote: >> >>> Please excuse one of my regular silly questions. Elsewhere, a (former) >>> Delphi programmer is uneasy having found that his binaries have had >>> embedded SQL queries, passwords and so on visible "in clear" for the last >>> 20 years or so. >>> >>> Can FPC be told to obfuscate ResourceStrings? >> >> No. The default value for resourcestrings is stored as-is in the binary. >> >> To solve this, I store the username/password encrypted in the binary as >> consts, and they are decrypted when needed. > > Sometimes it's difficult to avoid having to do that sort of thing, or > obfuscating them in an external file. > Could it help to try doing this after linking the program binary, to build the resources and scramble them using the program binary part checksum (or have it seed a PRNG and/or derive an encryption key / key pair from it) ? Not that I know how ;) and whether such a thing is viable at all - or desirable (since an executable would always have to be distributed with matching resources build). But how would that be for an idea ? ;) el es ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
Michael Van Canneyt wrote: On Tue, 12 Jul 2016, Mark Morgan Lloyd wrote: Please excuse one of my regular silly questions. Elsewhere, a (former) Delphi programmer is uneasy having found that his binaries have had embedded SQL queries, passwords and so on visible "in clear" for the last 20 years or so. Can FPC be told to obfuscate ResourceStrings? No. The default value for resourcestrings is stored as-is in the binary. To solve this, I store the username/password encrypted in the binary as consts, and they are decrypted when needed. Sometimes it's difficult to avoid having to do that sort of thing, or obfuscating them in an external file. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Re: [fpc-pascal] Resource strings, passwords etc.
Graeme Geldenhuys wrote: On 2016-07-12 21:09, Mark Morgan Lloyd wrote:> I didn't say /I/ was the one doing it. I know and I wasn’t implying you. It’s a figure of speech. In that case "No, but why the hell would *one* want to hard-code a password [...] storing it inside *one's* source code." :-) -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] ___ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal