Ian’s May 2024 Meeting Summary

  • HTTP – why so complicated? – Richard Hatherall
  • Building an authenticator app that can do the processing for HOTP and TOTP which are commonly used for MFA Part 2 – Rob Lambden
  • Nullable types. Optional types. How have they been done? How should they be done? Are they the same? – Paul McGee

Ian’s Summary

Welcome and News

Jason did a very short intro session, skipping through the usual slides very quickly. He posed the question about timings, asking whether people would prefer longer breaks or more content, with a roughly equal split from those who responded.

There was then a brief discussions on the upcoming Grey Matter event in London and the event in Amsterdam in June. Richard is speaking at both and Conrad in Amsterdam.

On to the problem clinic by 12:15, where Neil opened with a question on the WinAPI and making a window “obvious” to the user. Rob described an issue with properties not being editable and Mark asked about alternatives to VMWare, as he thinks it will become too expensive. To finish, Martin showed the Starlink set up on the boat he was in.

HTTP – why so complicated? – Richard Hatherall

The first scheduled session was given by Richard Hatherall on THipster – an alternative, API-focused HTTP layer for Delphi. Most of the session was done with examples and looking at code, with just a couple of slides.

Richard began by asking why HTTP is so complicated for the user. With a simple demo using TNetHTTPClient, he showed the potential number of options, making it difficult to remember. There have also been breaking changes in recent versions of Delphi, TRESTClient in D10.4 and D11, and now TURI in D12, which has not done much for Delphi’s reputation for backwards compatibility.

THipster has been a long-running internal project and is taken from the Appercept framework, simplified and generalised. It retains the concepts of “Body” and “Response” for familiarity with existing HTTP frameworks and processes. By default it uses async calls, but can be used synchronously with the use of the AwaitResponse suffix; for example: THipster.Get(aUrl).AwaitResponse;

Most of the functional stuff has been put into a set of simple processes that can be chained together to build a more complex outcome, providing what is described as lightweight composable behaviour with middleware.

At first glance, this seems just as complex overall as the built-in HTTP components and, as with any new processes, it will take some getting used to, but it does seem to offer a degree of flexibility. Currently middleware includes authorisation, basic authentication, anonymous methods, form data serialisation and JSON serialisation.

Demos included a test project with common headers, various options for anonymous methods and a request scheduler.

Building an authenticator app that can do the processing for HOTP and TOTP which are commonly used for MFA Part 2 – Rob Lambden

The second session was given by Rob Lambden as Part 2 of his Multi-Factor Authentication process. This was presented as a cross platform (FMX) mobile app development exercise.

Rob began by pointing out that FMX is still a bit of mystery to traditional VCL developers and still has some issues. The project shown is being developed for use by Rob’s clients and intended for both app stores, but any Time Based One Time Password (TOTP) app should work. The app shows the passcode generated for the current account, with a countdown. It can generate codes for both HOTP and TOTP. At the moment, the app is missing QR codes and OTP Auth URIs, but they will be added.

The app uses SQLite to hold local settings, because it seems to be already installed on all mobile devices. It uses Rob’s data abstraction layer for the schema and intermediate elements. The UI has been kept as simple as possible, with a TreeView to show the data and a timer to trigger the updates.

Rob showed the app running in the IDE and explained how the display was handled. He showed the maintenance tab, which has details of the configuration of the authentication, changing the encryption type changes the displayed number. It can hold more than one account, each with its own settings, generating the validation number for the current account.

The layout of the storage layer and at the source code for the MFA objects in Delphi, were shown. It has HOTP and TOTP classes for appropriate generations. RTTI tagging allows the association of objects to specific structures. The storage layer can validate the database structure at the start and update it if necessary. There is also a cache folder specified and cross-platform version info, as Delphi holds quite different version info for each platform.

The session finished with a brief discussion on sliding tab changes on different platforms.

Nullable types. Optional types. How have they been done? How should they be done? Are they the same? – Paul McGee

The third session of the day was presented by Paul McGee on the subject of Nullable Types.

This is one for the theorists, given that nullable types do not exist yet in Delphi or FPC, although, for reference, they do exist in Oxygene, which is probably the most advanced Pascal variant out there. Nullable types have, or had been on the Delphi road map for years and a few old references were quoted. Note that Idera no longer provide road maps for any product.

Nullable or optional and is it the same thing? What is the actual purpose of it? These seem open questions at the moment. I am not sure that any answers were on offer, just a consideration of what might be. The Embarcadero QP page on the topic was shown, which did not seem to offer solutions either.

The handling of null values in C# was shown and discussed, with a link to a video on it. Nullable types have been in C# since 2005 and some code examples were shown. Is this an appropriate syntax and are the null operators available in C# the sort of things for Delphi? Jason said that he did not like the “??” syntax.

A reference was given to an old Coderage video from 2009 and a code example from Allen Bauer in 2008, with comments by others at the time, which was subject to discussion. Examples from a  nullable presentation around Spring4D were shown and discussed.

At the end, the talk drifted into functional programming and something called category theory, which seemed a bit off topic. Some code examples were shown, but the point was unclear.