Author of Bare Game, the first SDL 2 based pascal framework. I am please to announce the launch of a new initiative to promote Free Pascal and Lazarus. The hub of this initiative is http://www.getlazarus.org (http://www.getlazarus.org/)


The get Lazarus initiative aims to an reintroduce Lazarus to the software development world. To aide in this endeavor we've created our own special Lazarus bundles for Windows, Mac, and Linux with test versions of Free Pascal 3.0 Lazarus 1.4. We believe these bundles are the easiest Lazarus environments to install ever, and they won't interfere with your existing Free Pascal and Lazarus environments. We've also built-in support for full cross compile between platforms by default.


Our initiative hub http://www.getlazarus.org (http://www.getlazarus.org/) is built on a new custom wiki engine which allows for creation of some highly interactive wiki pages. The showcase page http://www.getlazarus.org/community/showcase is a good example of this.


We also have a new Lazarus forum http://www.getlazarus.org/forums themed to match the initiative. We're going to be looking for forum moderators and official wiki administrators soon. See this forum topic for consideration http://www.getlazarus.org/forums/viewtopic.php?f=1&t=3


And finally we are forming a professional Free Pascal and Lazarus consultant network for select few community members. Members will be invited to participate in commercial software projects as requests are filtered through our site.


Thank you to everyone for your attention and thank you for helping to promote Free Pascal and Lazarus! It's a great time to be a Lazarus fan!

The site looks great :) I thought Lazarus promotion was doing fine already but the more the merrier :D I've signed up to the forums and assuming the site takes off I'm quite happy to provide technical assistance to other members. Providing you don't try and make any money from the Lazarus + Freepascal development teams hard work of course ;) I note that while you mention both Lazarus + Freepascal, there's no links at all to the project sites, something that if you're really trying to promote Lazarus, would be a good idea. You don't want to be another codetyphoon I assume!

I note that while you mention both Lazarus + Freepascal, there's no links at all to the project sites, something that if you're really trying to promote Lazarus, would be a good idea. You don't want to be another codetyphoon I assume!

This also brings some concerns in me. And these concers become even stronger after reading the legal section of the webpage which in short guards site owners from just about anything.
So I went and done some more digging about the site domain and found out that there is already a similar domain http://getlazarus.com/ hich is offering something compleetly different. Now while this is not ileagal in most countries it is uncommon. And I do remember that there were some lawsuits about IP rights violation in similar cases (big companies involved).

So in short I must say that I'm a bit skeptical about this. But that is just my opinion.

EDIT: On GetLazarus webpage authors claim that they are offering Lazarus 1.4 version but latest version available on SourceForge is still 1.2.6.
EDIT2: Oh and latest official version of FPC is 2.6.4. while autors of GetLazarus website claim thir pachage include FPC 3.0

Would somebody care to eplain to me how something like this is posible? How can they offer newer versions of Lazarus and FPC than they are even available through their official sites?

EDIT: On GetLazarus webpage authors claim that they are offering Lazarus 1.4 version but latest version available on SourceForge is still 1.2.6.
EDIT2: Oh and latest official version of FPC is 2.6.4. while autors of GetLazarus website claim thir pachage include FPC 3.0

Would somebody care to eplain to me how something like this is posible? How can they offer newer versions of Lazarus and FPC than they are even available through their official sites?

FPC 3.0 is the most current branch, it mainly brings better Unicode support but other than testing it's not reccomended for use. I'm not sure about Lazarus 1.4 but I'm guessing that's the latest development branch too.

They're unstable and shouldn't be used for production. Hopefully nobody will have a bad experience with these unstable versions being promoted or the site will have the opposite effect!

I'd personally like to see links to the project pages on the front of this new site. There's no good reason not to.

The section on 'Consultation' annoys me as well, there's no such network as is claimed as the site has only just started also it seems like an attempt to hoover up skilled Lazarus developers and offer them as a service. There's nothing wrong with this per-say but given there's no links to the much larger and official communities I would interpret this as a scam on the Lazarus name that attempts to paint itself as the official point of contact for the software in the hope that commercial users seeking help will be misled into thinking that this is the only way to get help.

Since they plan to charge for consultation, does that mean if I offer help to somebody looking for it on the forums that my posts will be deleted? being as it detracts from the business model of the site?

--

I'm sure our friend sysrpl doesn't intend such nefarious schemes so I look forward to seeing the Lazarus and Freepascal projects clearly linked to on the main page. It is after all a 'Lazarus Initiative' and what could be better to get people using Lazarus than linking up as much of the community as possible? :)

From the development Environment section :

"Lazarus can be used to develop commercial software without restriction. You can sell your applications without the need to pay us for anything."

Note the use of the word "us".

Sounding more and more like an attempt to appear like it was the official Lazarus site. Given the consultation section and no links to the official projects?

I'll wait a few weeks to see how the owner operates the site but if it continues to look like a scam I'll take action to ensure that people are not duped.

@phibermon
You are FPC/Lazarus user right? Have you seen any post on their official forums mentioning this in any way?

EDIT: Also what do you know about Bare Game?
It seems that the same user is also the author of Bare Game which is just a prebuild package of FPC/Lazarus and SDL 2 library.
And based on the Bare Game website http://www.baregame.org/ they are interested in using of the newly created comunity of http://www.getlazarus.org (http://www.getlazarus.org/) for developing a new version of Bare Game.

I am, I used to be a developer as well although not for a few years (busy with my engine etc) I've not see any mentions of the 'getlazarus' site at all.

It's quite common for an individual to paint themselves as a group or organization (delusions of grandeur) so that's just a bit of self promotion in an attempt to be entrepreneurial, no harm done. It is dishonest however. I don't post as "phibermon software" talking about how the 'team' is developing the engine in order to seem more professional in the attempt to garner a larger user-base or prestige.

Loads of people do such things though, I find the attempts to be fairly obvious, transparent and a little bit sad. Honesty is the best policy. This is the programming world, such car salesmen tactics don't work on programmers, we're not stupid :)

---

I've seen the posts about Bare Game, I did rather like the easings demo, a nice way to demonstrate how various curve equations appear when animated.

But other than that I'm not interested at this stage, I'm currently working on transform feedback accelerated vector field optimizations to various path finding algorithms, specifically to handle real-time path finding on procedurally generated terrains and planets. Before that I implemented volumetric shadows with multiple light sources for my particle system. I have very few people to discuss such things with, none in the Pascal community. It's great to see all the new engines and things come out for Pascal but it'd be nice if there were more people into the bleeding edge stuff, I have nobody to talk to :\

The site looked quite polished and "professional", but I didn't really get to read all the text. Now it seems to be down. The author also made a leddit thread (http://redd.it/2uq3o7), where they briefly mentioned that GetL is not the official thing. Not sure what to think of it all.

EDIT: Oh, my bad, the site works, but only with "www". The "about us" and other pages contain your typical "I want to sound professional without releaving a thing about myself" blabber. And the forums already got their share of viagra spambots. I guess I was right to put professional in quotes.

If there's something fishy going on then it'll be apparent sooner or later. If it's a legitimate attempt to spread the word of Lazarus without trying to monetize upon it then I'm all for it :) but with 'Codetyphon' blatantly trying to take credit for other peoples work I'm a little weary of people that package up Lazarus + Freepascal. There are full binaries available for every platform on the official site, a 'get lazarus' initiative does not need to repackage, certainly such an initiate should link to the original sites if the purpose was to promote Lazarus.

The fact as I mentioned earlier that the site using wording such as "us" in reference to Lazarus is at least cause to suspect that it might be a way of tricking unwitting users as being the official site. The 'consultation' section is also suggestive of an attempt to monetize upon this potential deception. "These people made Lazarus, they must be good, I'll pay their consultation fee" etc

Just for the record I offer consultation for free ;) and their offer of 'vetting' potential employees would be illegal to act upon in both America and the United Kingdom due to the data protection laws in both of those countries. At best they can offer a vetting service only in the country in which they are based having a legal contract with the client company and full disclosure of that relationship to the potential employee (and that persons written, signed consent) Also anybody involved in the vetting process would have to be employed by one of the two, you can't just ask some random on the web to pour over somebodies personal details given in confidence by way of an application.

EDIT : From his Reddit post :

"One of my enhancements was to add in the anchor docking layout"

That's not *your*enhancement, that's been part of Lazarus for a while, you just enable it as part of the build. Which you did, but have worded your post as to suggest you created it.

Call me crazy but when enabling an option in a program, I don't then claim to have "enhanced" the program.

The site looked quite polished and "professional", but I didn't really get to read all the text. Now it seems to be down. The author also made a leddit thread (http://redd.it/2uq3o7), where they briefly mentioned that GetL is not the official thing. Not sure what to think of it all.

EDIT: Oh, my bad, the site works, but only with "www". The "about us" and other pages contain your typical "I want to sound professional without releaving a thing about myself" blabber. And the forums already got their share of viagra spambots. I guess I was right to put professional in quotes.

Yeah it all smells very fishy. Maybe it'll turn out to be a selfless attempt to better promote Lazarus but I doubt it.

I'm currently working on transform feedback accelerated vector field optimizations to various path finding algorithms, specifically to handle real-time path finding on procedurally generated terrains and planets. Before that I implemented volumetric shadows with multiple light sources for my particle system. I have very few people to discuss such things with, none in the Pascal community. It's great to see all the new engines and things come out for Pascal but it'd be nice if there were more people into the bleeding edge stuff, I have nobody to talk to :\

I could go and discus pathfinding algorithms with you. Probably my knowledge isn't as good as your but still. So yeah you have somebody to talk to if so desired. ;)

I could go and discus pathfinding algorithms with you. Probably my knowledge isn't as good as your but still. So yeah you have somebody to talk to if so desired. ;)

Hey I love to talk about programming :) If you ever want to chat about designs and ideas then I'd love to :)

My name is Anthony Walter. I'm the owner of getlazarus.org, as well as the creator of baregame.org. I say this because I am not trying to hide. Just do a WHOIS on my domains. I've been running ad free software sites for more than fifteen years. All I've done is offer my projects to others for free. More than ten years ago I offered a great package of components on my blog:

http://www.codebot.org/delphi/

There zero ads on or asking for money on anything I've created on that site, and I never felt like I've taken undo credit or tried to steal from anyone, only give to people. Next on to Bare Game, it has been out for two years now and in that time I've never asked for a thing. The site has remained ad free, and all my sources have been hosted free and open. I'm not received much appreciation for it, but it doesn't bother me, as long as people are able to make use of what I've created. And now there is getlazarus.org, where care was taken to be free and open as well. Everything I've done is and has been on github, including my modifications in changes.diff. When you install my bundles, you get everything I have made. Heck even the windows installed script is online. I link to the github project page on my site.

https://github.com/sysrpl/Codebot.Setup

Even my website engine, which I wrote myself, is open and free on github .It's been free there for about a month now:

https://github.com/sysrpl/Codebot.Sharp/tree/master/Codebot.Web

Regarding the anchor docking comment on reddit you references, I said I "add in THE anchor docking layout", not MY. As in, my scripts/bundles make anchor docking THE default mode, as opposed to how Lazarus usually ships, which is multiple window mode. I didn't think people would take "THE anchor docking layout" to mean I am claiming to have created it.

Regarding the other domain, getlazarus.com, I'm not affiliated with it. I saw it existed before I purchased getlazarus.org last Saturday and didn't think it would be a big deal if someone other than me owned the .com TLD

Regarding the forums and spam, I've changed the default captcha to Q&A, removed up the spammers accounts, and deleted their posts. Mistakes happen, please foregive me.

Regarding the usage of "US" or "WE" when describing getlazarus.org, it's meant to infer a community initiative, rather than one person saying it's about ME, when it's not.

I said to an interview with a online Pascal magazine earlier today:

"I bought my first Mac in late 2013 just to complete the cross platform bridge. In the end, it's really all to much for one person (me) to handle, between my normal real life responsibilities, work, and my side projects (I'm no spring chicken). My hope in creating the get Lazarus initiative was to re-invigorate the Lazarus community, find some people in the community to mentor, and hand off these projects for them to maintain, rather than let everything I've privately worked on in the past fade away benefiting no one."

I hope this clear things up.

Edit: And about the legalese on my site, all we are saying is there are NO warranties, and don't try to hold us accountable if anything goes wrong. It's standard stuff.

welcome back sysrpl i was alway's impressed with the bare game engine even thought I never got it to compile. my fault really because I'm not using the trunk version of fpc. I am a little disappointed at the welcome you recieved, I think you deserve better. anyway it is good to see your back and I hope things go a little better this time.

@sysrpl
First I would like to apologize for my initial skepticizm. As phibermon noted in one of his earlier posts there was a group in the past that tried to earn money on others hard work by offering slightly modified lazarus as their own product.
I think that you can understand that pascal game development comunity can not afford to knowingly or unkowingly advertize such group as it would seriously hurt our image with rest of pascal comunities. That is the main reason why both phibermon and me who are staff members of PGD site reacted this way.
I hope thee are no hard feeling from your toward us becouse of that.

Now in order for you to avoid rasing similar skepticizm with other pascal comunities or other pascal develoeprs I'm going to give you next few friendly recomendations:
1. As phibermon also stated it would be good if on your sites (both GetLazarus and Bare Game) you clearly state that you are only providing modified versions of FPC and Lazarus projects which are mainly maintained by their developer groups. Don't forget to provide links to heir official websites.
2. You should alow potential users to clearly see what changes have you made to both Lazarus and FPC before packing them into your project.
3. You should clearly define intetnions of the comunity you are creating.
4. You should post links to already existing comunities so it doesen't seem as you are trying to overtake them
5. You should cmore clearly define what "consultation services" do you provide on how would that work. If you want to charge for these that is your choice but you should make potential users aware of this and how would the price be defined in such case.
By folowing these sugestion I think you can greatly improve your image to the rest of the pascal comunity which I belive is something that you would want to do.

@SilverWarior;

Thank you for your considerate reply. We've been discussing things both on the official pascal+lazarus mailing lists, as well as on forum.lazarus.freepascal.org

What I suggested and and others agreed to was to, like any other wiki, provide extern hyper links, the ones with orange arrows next to them. These extern hyper links are keyed on the word "Lararus" linking it to www.lazarus.freepascal.org (http://www.lazarus.freepascal.org) on any page the first time the word appears (unless it's bolded as a topic first). This same rule applies to "Free Pascal". With the help of some editors, we've already got this done.

With regards to the changes we've made to Lazarus, they are mostly covered in the What's New page. There are some technical details where I personally believe super user rights should not be required to install software if it can be avoided, and to this end I've made the installers always keep everything confined to one folder off your $HOME folder. Anything that needs to change is in that folder and it doesn't interfere with any other folder on your computer, save for optionally installing an easily accessible shortcut (totally optional). If you want to get rid of our bundle, just delete that one folder and it's gone. On Windows I do install create start menu items, just for convenience so users can go to Start and type "Laz" and see the words "Lazarus 1.4 Test". In that case running the uninstaller deleted the start menu folder as well.

Another point, all out changes are in changes.diff which is the preferred method to share modifications wit the Lazarus and the Free Pascal teams. The changes.diff comes with every install and is located in the root of the lazarus folder. On Linux we actually just ship the source and build everything for you, applying:

patch -p0 -i $BASE/lazarus/changes.diff

in our install script, which is hosted here github and clearly denoted on our site:

http://github.com/sysrpl/Codebot.Setup/blob/master/linux/install.fpc-3.0.linux.sh

Now whether we are going to repeat everything stated above somewhere on getlazarus.org is being considered. I personally weigh in on No, as I prefer to keep things simple and unencumbered with unnecessary information for the majority of our visitors, though we haven't fully decided yet.

And finally, with regards to codetyphon, yes we are aware of them. Your concern is understandable and well founded. I don't know how to communicate any degree of trust on this issue other than to say, look at my previous work, look at the fact that I don't sell anything on any of my site, be they ads or software. All I can say is I understand your concern.

Ok :) my apologies also for my initial skepticism, I look forward to seeing links to the official project pages on your site. Given your commitment to open source and the Lazarus project itself, I'm sure you wouldn't want anybody to mistake getlazarus.org for the actual project pages, especially since you plan to monetize on the community with your consultation plans. It could easily be misconstrued as an attempt to mislead people, which given your comments you'd surely be horrified at the prospect of.

EDIT : I see you have now changed the front page and linked 'Lazarus' and 'Free Pascal' to the official project pages :) (it may help people if you included some text specifically stating that these are the official sites)

I wish you the best of luck with your initiative and I will try to put some time aside to provide technical assistance on the forums :)

Oh, my...

12 years and that's the best you can come up with? aren't you the guy that 'makes' codetyphon?

Oh my... again

That's George Takei's catchphrase - I see re-appropriation is a hobby of yours.

Seriously though it would be interesting to hear where you stand on the subject of misrepresentation when it comes to open source projects.

Do you think it's morally correct? what benefits do you feel it brings to the community?

@sysrpl - I downloaded your windows version of the Lazarus install file and then scanned it with Avast!...no issues. So I installed it, but during the install and for a while afterwards, I keep getting Avast blocking threats like "Win32:Evo-gen" malware in various .exe files in various subfolders of the install...is this a false positive?

I want to trust you, but have to ask :)

cheers,
Paul

@paul_nicholls: I have no idea where those messages originate. It might be a false positive, or maybe my system is compromised, that is I have a virus which somehow has infected the files I am distributing, which I guess isn't a complete impossibility.

Let me go over how I generate the final setup.exe for Windows.

On a development Windows 7 machine I first download the bintools from the official free pascal locations. Then I download free pascal 2.6.4 win 32 bin from sourceforge. Finally I download silk svn command line tools from the silksvn website. I put all of them in my path and open a cmd terminal.

Making fpc 3.0.1:

I cd to path_to and svn checkout a free pascal fixes 3.0 branch revision. I cd to path_to\fpc, make all, then make install INSTALL_PREFIX=path_to\fpc. Then I make crossinstall CPU_TARGET=cpu CPU_TARGET=os INSTALL_PREFIX=path_to\fpc for all cpus and targets. Next I copy the cross compilers to path_to\fpc\bin\i386-win32. Then I copy all the libs for each cross compile target to lib folders. Files like libX11.so libpthread.so, which I didn't compile myself, but downloaded from a bundle on a cross compile website.

Making lazarus 1.4:

I remove fpc 2.6.4 from my path, and add path_to\fpc\bin\i386-win32. I fpcmkcfg a new fpc.cfg in that same folder. I cd to path_to and svn checkout a lazarus trunk branch revision. I then cd lazarus, copy changes.diff there, and run patch -p0 -i changes.diff. Then I make all, lazbuild components\anchordocking\design\anchordockingdsgn. lpk, make useride, and finally I strip all exe in path_to\lazarus. I copy in my premade config folder, which contains window layouts, preferences, builds modes already setup.

Clean up:

I delete all svn files from path_to\fpc and path_to\lazarus. This frees up maybe 100MB or more of space in the final release. Next I delete a lot of fpc intermediate files used when making the compiler. Next I delete a lot of pas files for architectures I don't see being used for cross compile uses, like MIPS cpu and others, saving up even more space.

Making setup.exe:

I run inno setup, copy in this script https://github.com/sysrpl/Codebot.Setup/blob/master/windows/setup.iss, and press build. After five minutes or so setup.exe is created which is then uploaded to an amazon s3 bucket for distribution.

Now back to, is there a virus? Maybe, I mean I am using a lot of tools I didn't write myself, like silksvn, bintools, the sourceforge stuff, even a downloaded inno setup. Maybe my system has a virus from some other piece of software. I am not totally sure. What I can do though, if your AV is reporting a problem and it's a decent AV, and if other people report similar problems is take a new pc, install a fresh copy of windows, get just the tools I've outlined above on it, repeat all those steps, and deliver another setup.exe, and you can check if your AV software reports the same problem. In that case either the AV is wrong or a tool along my chain of dependencies has a virus.

In either case, I run a virus scan on my development system every Sunday morning at 3:00AM, which is about 24 hours away. I will consider perhaps a better AV software before then, allowing it to run tomorrow morning. I will look if anything is reported and copy those results back to this thread.

Edit: I forgot to mention, I also distribute a tool called FART http://fart-it.sourceforge.net/ in the fpc bin folder to replace config paths with locations on my development pc (C:\Development\RC1) and your chosen install location.

I downloaded your windows version of the Lazarus install file and then scanned it with Avast!...no issues.

I also downloaded it and scanned with Eset Smart Security 5 a few days ago and it didn't detect any problem even thou I have it configured to also scan for potentialy dangerous applications (which sometimes returns false positives). Yes I do know there is a newer version out, I have it installed in my other boot, but this one still has fully updated virus definitions. So the only reason why this one ight fail to detect a potentially harmfull program is due to failing to properly extract the installer program for scanning.


So I installed it, but during the install and for a while afterwards, I keep getting Avast blocking threats like "Win32:Evo-gen" malware in various .exe files in various subfolders of the install...is this a false positive?

I have also tried installing it in a virtual machine where I purposly don't have any AV installed, becouse I wanted to monitor all registry and file changes with another program to see what changes might be done to my system. But unfortunately I wasn't able to compleete the process becouse I didn't had large enough hard drive space available for my virtual machine.

So today I will try and repeat hte process after assigning larger hard drive space to my virtual machine and compleete the analysis.
Also I will try to instal it in another virtual machine that has fully updated AV to se if it might detect anything.

As for the Eset Smart Security that I'm using I must say that in the last five years that I own this laptop and still have initial instalation of Windows 7 I failed to fully protect me only three times.
In two times it failed o detect those nutorious whose only purpose is to try and convince you to go and buy a fake AV software. And the main reason why it failed to recognize them as potential dangerous programs is becouse they actually arent.Yes they are nutorious becouse they prevent you from normaly using your computer by slosing your programs, opening its own windows, etc. But this is pretty hard to detect becouse most of these programs actually simulate user input for their actions. That is why if you are fast enough with your computer you can safetly kill them yourself.
But in one time Eset Smart Security did fail to properly stop a rootkit but it still emited a warning about it being potentially dangerous so I could get rid of it by launching a clean OS from a CD (Boot CD with a Windows XP) and then deleting registry entries ad deleting the rootkit files.
So when you take into account that I knowignly expose my computer to posible infections by conecting various USB flash drives or external hard drives that I know that they probaly contain lots of infectious files since I have used them for making backup copies of data that was stored on other infected computers I must say that my AV is doing an excelent job.

Anywhay after I compleete my test I will let you guys know about my findings.

Great everyone and thanks for the help. I started a write up of a new wiki page with step by step guide on how to "make it yourself". Hopefully this makes everything we do clearer and more open.

We will walk Windows users through every step used to make the same Free Pascal and Lazarus in our ready made bundles. The difference being is the guide will walk users through using bintools, svn, and a working fpc 2.6.4 from sourceforge to recreate our bundles from svn sources. I know there was some initial concern we are offering something different at getlazarus.org, but our guide will show you the exact steps used to make our Windows bundle so that if you want, you can just make it yourself.

When the guide is done it will be linked prominently near the top and at the bottom (under see also) in our setup page http://www.getlazarus.org/setup.

Linux users can "make it yourself" right now by just looking at setup.sh source on github:

https://github.com/sysrpl/Codebot.Setup/blob/master/linux/install.fpc-3.0.linux.sh

The only difference is in the above script and the forthcoming Windows guide is that we really didn't think it would be ethical for each Linux setup on our website to leach the bandwidth from free pascal's svn servers. As such, we compress the revision sources to a 7z archive after removing the previously mentioned (detailed in my last post) unnecessary svn and unit files. We then host those files in an amazon s3 bucket for redistribution, and do a build from source just like in the Windows steps in our guide.

You can see this in Linux setup script on github script at line 145:

wget -P $BASE $URL/fpc-$FPC.7z


Which in the script's context expands to:


wget -P /home/username/Development/FreePascal http://cache.getlazarus.org/archives/fpc-3.0.7z

I just finished my initial analysis and I'm wondering why is your setup changing settings of my internet explorer?


isolation_full HKEY_CURRENT_USER\Software\Microsoft\IEAK
isolation_full HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard
Value=ShellNext
REG_SZ~http://www.getlazarus.org/installed/?platform=windows#2300
Value=Completed
REG_BINARY=#01#00#00#00

isolation_writecopy HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Value=FullScreen
REG_SZ~no#2300
Value=Window_Placement
REG_BINARY=#2c#00#00#00#02#00#00#00#03#00#00#00#ff #ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#58#0 0#00#00#74#00#00#00#b0#02#00#00#08#02#00#00

isolation_writecopy HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings
Value=MigrateProxy
REG_DWORD=#01#00#00#00


Changing any registry setings regarding Internet Connection Wizard or Proxy settings is a big NO NO as this is most commonly used by various programs in atempt to hijack your computer.

Now I haven't figured out which part of the instalation makes these changes in the registry but they are enough for me to consider your setup dangerous.

Why are you forcingly opening your webpage after the instalation has been finished? I realy hate that.
And finally don't use third party software like "Fart" for changing path destinations. You can achieve all that directly from Inno setup. If it can't be achieved from the UI directly you can write a special Pascal Script code to do that. If my memory serves me corectly the use of pascal script alows you to edit both registry and ini files in the same whay as if you would do it in your Delphi or FreePascal program.

EDIT: The registry changes have been tracked with WMWare ThinApp aplication.

And now off I go instaling this in another Virtual machine with a working anti virus software to see if it would give any warnings.

EDIT2: Running setup on my other virtual machine with anti virus software hasn't caused the same registry change as I shown above. I belive that this registry change was actually made by internet explorer itself when it failed to show the web page during the first test becouse that Virtual machine didn't have access to internet while this one has.

EDIT3: Just finished instaling and later deep scaning of entire virtual machine and my Anti Virus (Eset Nod 32) hasn't raised any warnings.

@paul_nicholls
Can you please export your log from Avast so that we can see which files did it detect as potentionally harmfull. This would be verry helpfull in determining if those are false positives or not.

I installed the linux version,didn't like the anchor docking so I removed it. but I still can't get the bare game to compile maybe because of changes to the fpc? when do you plan to release the new version ?

@SilverWarrior: Actually those changes aren't bad. I'll show you why and where, the exact location where the changes occur. I'm actually relived you did this because it means everything is normal, so thank you for your research.

Line 59 of the Inno installer setup https://github.com/sysrpl/Codebot.Setup/blob/master/windows/setup.iss

Filename: "http://www.getlazarus.org/installed/?platform=windows"; Flags: shellexec runasoriginaluser

This line causes the default browser, in your case Internet Explorer, to open this page when install is complete http://www.getlazarus.org/installed/?platform=windows

The WindowPlacement key is written by Internet Explorer itself to record its last position on the screen.

The MigrateProxy key is set when you create a new account, or in your case open Internet Explorer for the first time:

http://support.microsoft.com/kb/2587595

@Carver413: My next project is a new versions of Bare Game. This new version has tons of new functionality including:

everything visual is based on shaders now
custom vertex types and vertex buffers
easy to use render to texture commands
animation storyboards
animation tracking support added to many properties such as
- camera position, heading, and field of view
- sprite position, origin, color, scale, rotation
- font writer insert positions, text angle, character angle, kerning, fore color,shadow color
- 2D brush color
- 2D pen color, and width
- sound channel pan, volumes, and position
much improved sound mixing timing
- user programmable sound samples
- programmable musical note generation examples functions
- easy to use 3D positional sound
new resource manager with built in compression and packing
- you simply put images, sounds, anything else into project/resources, and they get compressed into your exe/program as resources when you build
prebuild skybox class

I'm sure there is a bunch more. If anyone here wants to help me in this project, maybe with testing, or actual coding, let me know.

Edit: I've added the above to http://www.getlazarus.org/forums/viewtopic.php?f=17&t=13

And finally with regards to Bare Game, the previous version, much like getlazarus.org downloads, shipped the compiler and IDE. This is going to change in the next version of Bare Game. It will simply be a package you install. The package will still include the same extensions from the original Bare Game, which were new "Bare Game project" and "Bare Game unit" templates available as extra options in the Lazarus "New..." dialog.

Here's the manual setup guide for Windows I previously mentioned. If you're uncomfortable running automated installers on getlazarus.org, the guide below has step by step instructions on how to make everything yourself from svn sources.

http://www.getlazarus.org/setup/making/

Again, for a Linux guide, just consult the Linux setup script which contains similar steps along with comments.

https://github.com/sysrpl/Codebot.Setup/blob/master/linux/install.fpc-3.0.linux.sh

@SilverWarior - I have attached a screenshot of the files my Avast put into the virus chest...I don't have the actual files anymore as I uninstalled it.
@sysrpl - thanks, I will have a look at the setup guide you made for Windows :)

http://i.imgur.com/1ZOuw8A.png

cheers,
Paul

@SilverWarior - I have attached a screenshot of the files my Avast put into the virus chest...I don't have the actual files anymore as I uninstalled it.

Based on quick look it seems that Avast put every *.exe file that was extracted with setup progarm into quarantene. This might have to do something with Avast comonly recognizing Inno setups as potentionaly dangerous files.
If you look aroud the web there are multiple reports about Avast raising false positives for Inno setups if they are not digitaly signed.
I gues Inno setup might have been used often for distributing various virus infected instalation in the past especially since it is freware.
Another reason for this might be the ability for Inno setup to use Pascal Scripts which means that makes it more difficult for AV software to make early heuristics tests. Especially if scripts are stored in text forn and compiled at runtime. I'm not sure about that.

Anywhay absed on my tests I preformed I don't think any of those files are actually infected. But I can't be 100% sure about that becouse no AV is perfect.

I googled win32:evo-gen. The first result is the page below.

http://malwarefixes.com/threats/win32evo-gen-susp/

That page says win32:evo-gen is a threat identified by Avast Anti-virus products, it recommends first using norton power eraser. I ran power eraser and it brought back the list below after reboot.

http://www.pascalgamedevelopment.com/attachment.php?attachmentid=1351&stc=1

I'm not sure what to think, because two of those items I compiled 7 years ago on a different machine and just unpacked them on Friday. The rest were built a few days ago. All of them are not identified as having a virus, only that they are suspicious or something thereof. Here is a report for one item.

c:\users\gigauser\desktop\shellpth.exe
____________________________
____________________________
Developers: Not Available
Version: Not Available
Identified: 2/6/2015 at 12:46:06 PM
Last Used: 2/6/2015 at 12:46:06 PM
Startup Item: No
____________________________
____________________________
UNKNOWN
Number of users in the Norton Community that have used this file: Unknown
____________________________
UNKNOWN
This file release is currently not known.
____________________________
UNPROVEN
There is not enough information about this file to recommend it.


Further research, according to wikipedia: http://en.wikipedia.org/wiki/Norton_Power_Eraser

"If it is in the list of bad applications, it is marked for deletion. If it is unknown and not in any list, it is reported as suspicious but not marked for removal ... Power Eraser is very aggressive[1] to unknown threats which are not whitelisted and are instead marked for removal or sent for analysis."

So it would seem according to wikipedia the items identified by norton power eraser are unknown. To me it doesn't sound like they're infected given how aggressive norton power eraser can be, and that they were marked for removal rather than deletion.

Further googling searching for win32:evo-gen reveals many links to people using avast anti-virus getting win32:evo-gen false reports often. i'll keep scanning, but at this point I'm feeling more like my system isn't compromised. I'll continue to try differing virus scanners and report back here.

Thanks for the updates sysrpl, much appreciated :)

cheers,
Paul

Thanks SilverWarior for your hard investigation work too! :)

cheers,
Paul

@sysrpl - I'm running into issues when I try and follow your instructions here:
http://www.getlazarus.org/setup/making/

at this point:

cd fpcmake all & make install INSTALL_PREFIX=%BASE%\fpc

I get a whole bunch of errors like below:

Error makefile 2843: Command syntax errorError makefile 2844: Command syntax error
Error makefile 2845: Command syntax error
Error makefile 2853: Redefinition of target 'UTILS'
Error makefile 2853: Command syntax error
Error makefile 2854: Command syntax error
Error makefile 2855: Command syntax error
Error makefile 2856: Redefinition of target 'IDE'
Error makefile 2856: Command syntax error
Error makefile 2857: Command syntax error
Error makefile 2858: Command syntax error
Error makefile 2863: Redefinition of target 'UTILS'
Error makefile 2863: Command syntax error
Error makefile 2864: Command syntax error
Error makefile 2865: Command syntax error
Error makefile 2866: Redefinition of target 'IDE'
Error makefile 2866: Command syntax error
Error makefile 2867: Command syntax error
Error makefile 2868: Command syntax error
Error makefile 2871: Command syntax error
Error makefile 2872: Command syntax error
Error makefile 2873: Command syntax error
*** 1344 errors during make ***


C:\Development\FreePascal\fpc>

Any ideas?
cheers,
Paul

Make sure "cd fpc" and "make all" are on separate lines. Also before you do "make all", check that you are in the new "fpc" folder. Type "fpc -iV", it should return 2.6.4 at that point, otherwise you path order is messed up. Type "echo %PATH%" and paste the result back here.

I did do "cd fpc" and "make all" on separate lines, but when I tried the "fpc -iV" it said it couldn't find fpc...

Here is my path from the command line (I haven't closed or changed it since I tried compiling fpc):

C:\Development\FreePascal\fpc>echo %PATH%C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Jav
a\javapath;C:\Program Files (x86)\CollabNet;C:\Embarcadero\Studio\14.0\bin;C:\ Us
ers\Public\Documents\Embarcadero\Studio\14.0\Bpl;C :\Embarcadero\Studio\14.0\bin6
4;C:\Users\Public\Documents\Embarcadero\Studio\14. 0\Bpl\Win64;C:\Program Files (
x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;
C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\Sys tem32\WindowsPowerShell\v1.0\;
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program File
s\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\I
ntel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) M
anagement Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\
x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\R
emObjects Software\Oxygene\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files
(x86)\Windows Live\Shared;C:\Program Files (x86)\CineForm\Tools;C:\Program File
s (x86)\QuickTime\QTSystem\;C:\Program Files\Calibre2\;C:\Program Files\Microsof
t SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Bin
n\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Progr
am Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\C2J\Bin;C:\Android\android-sdk/
tools;C:\Android\android-sdk/platform-tools;C:\Program Files (x86)\Java\jre7\bin
;C:\Program Files (x86)\Java\jdk1.7.0_17;;C:\HaxeToolkit\haxe\;C:\Ha xeToolkit\ne
ko


C:\Development\FreePascal\fpc>

cheers,
Paul

I googled win32:evo-gen. The first result is the page below.

http://malwarefixes.com/threats/win32evo-gen-susp/

That page says win32:evo-gen is a threat identified by Avast Anti-virus products, it recommends first using norton power eraser. I ran power eraser and it brought back the list below after reboot.

First thing you need to note about Anti Virus software manufacturers is that each of them has its own naming of the malvare viruses families. What is virus family? That is basically just a group to ease up the naming and grouping up the viruses with common capabilities.
So if you will keep googling "win32:evo-gen" you will always be getting results related to Avast as this is the way they named such malware family.

Second thing. If you can't see "shellpth.exe" on your desktop as normal file (it might be hidden) then your system is most likely infected. Especilly becouse it seems that Norton found this file on athleast two different places.

Third thing. I personally recomend you to stay away from Norton. Why? I have seen it delet many files that were false recognized as dangerous and it sometimes does this even without a warning. On my friends computer it was literaly breaking drivers for a TV Tuner card which was leading to constant system crashes during watching the TV. And I must say that it took me the whole day to figure that out.
Another thing about Norton is that even when you decide to go and uninstall it it doesen't always removes itself compleetly which could sometimes be causing system instability. Athleast that was quite common in older versions. I must admit that I haven't worked on a computer protected with Norton for quite a time now.

Could you somehow pack those files and upload them somewhere on the interent so I can have a closer look at them? I don't recomending you sending them through E-Mail. If they are infected it could lead to your E-Mail getting on a black list.


I'm not sure what to think, because two of those items I compiled 7 years ago on a different machine and just unpacked them on Friday. The rest were built a few days ago. All of them are not identified as having a virus, only that they are suspicious or something thereof. Here is a report for one item.

The fact that those files were compiled long time ago has no effect. Viruses most commonly migrate first to recently accesed files. So when you have extracted those the virus (if you have one) could detect that and thus inject its own code into them.
Most commonly this is done by simply adding aditional code to the end of the file and changing the default enty point to virus code itself. This gurantees that even if you managed to stop the virus executing one of such files would start it again.


I'll continue to try differing virus scanners and report back here.

I hope you are not just installing new AV programs one by another. Doign so could actually prevent them from working properly. Why? It is posible that one AV software detects a cleaning atempt of another as potential threat to your computer and thus could try and block it. And this could be detected by another one as atemt on disbling it. So you could end up in a continous loop of one AV trying to kill another whoich would most likely lead to bringing your computer almost to a halt.
Yes I have seen this first hand.

@paul_nicholls
I have quite some knowledge in dealing vith various virueses and malware software becouse lots of my friends had problems with them in the past.
And since I'm pretty curious guy I didn't just go and run an AV scan to clean the computer but actually try to find ot from where did the those viruses spread and how.
Once I even had a chance to analyze and finally clean a nasty virus (Sallinity NSF) that has been first detected on the web just three days earlier. But I did have an advantage since I had the initial file from which it spread. I even had to use HDD recovery proces to get it back becouse once the virus spread it has deleted it to cover its tracks.
So I try to help if I can with this. Besides it has been some time since I had last been doing any virus cleaning. What is the main reason for this? Actually I don't know. Whter my firends learned to surf the web more safetly or the ESET is doing a good job in keeping their computers clean as it does with mine.

@sysrpl
Since you are prepared to test other AV's I strongly recomend you try ESET AntiVirus 32 or ESET Smart Security if you also want a Firewall Protection. if you decide to go with ESET Smart Security I recomend you set Firewal to itneractive mode as Automatic mode isn't good enough. Athleast not for my high standards. But ineractive alows you to create specific blocking/exception rules as you go.

But if your computer might have realy been infected by some nasty virus like a Rootkit you would have to run a clean system from some Boot CD and then preform cleaning. I'm personally using Ultimate Boot CD with Windows Xp as botable OS and specially prepared ESET Antivirus 32 so ti can be run without prior instaltion (I used WMWare ThinAp for this).

If you need any more information or help about this feel free to ask.

Paul: Ouch I'm sorry. I've seen this problem before and am 100% sure of the problem. Your PATH is too long, seriously. When you open a cmd window, some of those entries are being ignored.

http://superuser.com/questions/635082/too-many-folders-in-the-path-variable

You can copy your existing path to a text file, delete a bunch of entries. Add sliksvn and fpc.2.6.4 to the front. Type "fpc -iV" and see if "2.6.4" is returned. the proceed as normal. When done, re-edit your path, but I'd consider making different command prompt shortcuts with different path variables to reduce the size permanently.

Your PATH is too long, seriously. When you open a cmd window, some of those entries are being ignored.

http://superuser.com/questions/635082/too-many-folders-in-the-path-variable

but I'd consider making different command prompt shortcuts with different path variables to reduce the size permanently.

I agree with @sysrpl on this. I'm wondering how you haven't already expirienced problems with other programs due to this already. Delphi is known to be especially touchy about this.