Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
Thanks, Jaap. Added my comment regarding the issue existing in Win 8.1 and looking forward to swift resolution. Lars On Fri, May 12, 2017 at 11:46 PM, Jaap Karssenberg < jaap.karssenb...@gmail.com> wrote: > See also https://github.com/jaap-karssenberg/zim-desktop-wiki/issues/29 for > discussion on this issue > > On Fri, May 12, 2017 at 11:18 PM Lars Shirey > wrote: > >> Brendan, >> Not sure what's up but with the newest version 0.66, I can no longer >> copy/paste the contents of a note, any note, to another app i.e. Notepad++. >> However, I have no issue copying a note's content to a new ZimWiki note. As >> I use zimwiki for writing drafts before posting to their final resting >> place i.e. email, FB post, etc, this is a serious issue for me. >> So far, the only work-around I've managed is to export the note as HTML, >> open it in a browser and then select all, copy & paste. >> >> Any ideas what's up? >> >> Lars >> >> >> On Sun, May 7, 2017 at 9:47 PM, Brendan Kidwell wrote: >> >>> VirusTotal.com reports non-zero "probably harmless" scores for many of >>> the dependencies of my Windows build process, even though I'm almost >>> certain the sources of those dependencies are not tainted. VirusTotal.com >>> reports that (as of today) Baidu and Bkav virus scanners find "harmful" >>> code in these Zim installer. Other than abandoning all of my tools, I do >>> not know how to move forward with this problem. >>> >>> Starting with this release I am no longer signing the installer >>> packages, and while I believe they are free of harmful code, I can't >>> promise that I am correct. You must make your own determination about >>> whether you should use my packages or not. >>> >>> Special thanks to Stephen Dintaman for assistance with this build cycle. >>> >>> I have posted the Desktop and Portable installer packages, such as they >>> are, on http://www.glump.net/software/zim-windows . >>> >>> The packages were built on a fresh Windows 7 64-bit virtual machine, and >>> they should work on any 32-bit or 64-bit version of Windows that is still >>> supported by Microsoft. >>> >>> Brendan Kidwell >>> >>> >>> ___ >>> Mailing list: https://launchpad.net/~zim-wiki >>> Post to : zim-wiki@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~zim-wiki >>> More help : https://help.launchpad.net/ListHelp >>> >>> >> ___ >> Mailing list: https://launchpad.net/~zim-wiki >> Post to : zim-wiki@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~zim-wiki >> More help : https://help.launchpad.net/ListHelp >> > ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp
Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
See also https://github.com/jaap-karssenberg/zim-desktop-wiki/issues/29 for discussion on this issue On Fri, May 12, 2017 at 11:18 PM Lars Shirey wrote: > Brendan, > Not sure what's up but with the newest version 0.66, I can no longer > copy/paste the contents of a note, any note, to another app i.e. Notepad++. > However, I have no issue copying a note's content to a new ZimWiki note. As > I use zimwiki for writing drafts before posting to their final resting > place i.e. email, FB post, etc, this is a serious issue for me. > So far, the only work-around I've managed is to export the note as HTML, > open it in a browser and then select all, copy & paste. > > Any ideas what's up? > > Lars > > > On Sun, May 7, 2017 at 9:47 PM, Brendan Kidwell wrote: > >> VirusTotal.com reports non-zero "probably harmless" scores for many of >> the dependencies of my Windows build process, even though I'm almost >> certain the sources of those dependencies are not tainted. VirusTotal.com >> reports that (as of today) Baidu and Bkav virus scanners find "harmful" >> code in these Zim installer. Other than abandoning all of my tools, I do >> not know how to move forward with this problem. >> >> Starting with this release I am no longer signing the installer packages, >> and while I believe they are free of harmful code, I can't promise that I >> am correct. You must make your own determination about whether you should >> use my packages or not. >> >> Special thanks to Stephen Dintaman for assistance with this build cycle. >> >> I have posted the Desktop and Portable installer packages, such as they >> are, on http://www.glump.net/software/zim-windows . >> >> The packages were built on a fresh Windows 7 64-bit virtual machine, and >> they should work on any 32-bit or 64-bit version of Windows that is still >> supported by Microsoft. >> >> Brendan Kidwell >> >> >> ___ >> Mailing list: https://launchpad.net/~zim-wiki >> Post to : zim-wiki@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~zim-wiki >> More help : https://help.launchpad.net/ListHelp >> >> > ___ > Mailing list: https://launchpad.net/~zim-wiki > Post to : zim-wiki@lists.launchpad.net > Unsubscribe : https://launchpad.net/~zim-wiki > More help : https://help.launchpad.net/ListHelp > ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp
Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
Brendan, Not sure what's up but with the newest version 0.66, I can no longer copy/paste the contents of a note, any note, to another app i.e. Notepad++. However, I have no issue copying a note's content to a new ZimWiki note. As I use zimwiki for writing drafts before posting to their final resting place i.e. email, FB post, etc, this is a serious issue for me. So far, the only work-around I've managed is to export the note as HTML, open it in a browser and then select all, copy & paste. Any ideas what's up? Lars On Sun, May 7, 2017 at 9:47 PM, Brendan Kidwell wrote: > VirusTotal.com reports non-zero "probably harmless" scores for many of the > dependencies of my Windows build process, even though I'm almost certain > the sources of those dependencies are not tainted. VirusTotal.com reports > that (as of today) Baidu and Bkav virus scanners find "harmful" code in > these Zim installer. Other than abandoning all of my tools, I do not know > how to move forward with this problem. > > Starting with this release I am no longer signing the installer packages, > and while I believe they are free of harmful code, I can't promise that I > am correct. You must make your own determination about whether you should > use my packages or not. > > Special thanks to Stephen Dintaman for assistance with this build cycle. > > I have posted the Desktop and Portable installer packages, such as they > are, on http://www.glump.net/software/zim-windows . > > The packages were built on a fresh Windows 7 64-bit virtual machine, and > they should work on any 32-bit or 64-bit version of Windows that is still > supported by Microsoft. > > Brendan Kidwell > > > ___ > Mailing list: https://launchpad.net/~zim-wiki > Post to : zim-wiki@lists.launchpad.net > Unsubscribe : https://launchpad.net/~zim-wiki > More help : https://help.launchpad.net/ListHelp > > ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp
Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
Thank you for looking into this and sharing your Microsoft conversation here. As far as I can tell, you are looking at the process where Windows authenticates the source of an executable. This is not relevant to my process. Getting a proper certificate to sign software so that Windows recognizes the cert that was used to sign it always costs money. I'm not willing to spend my money or the project's money on this process, when other operating systems have different processes whereby you can publish signed applications without paying money. Additionally, if I'm not mistaken, ALL versions of Windows continue to allow end-users to install ANY Windows applications they choose, whether they are properly signed or not, provided the end-user has sufficient local rights to do so. We will not be signing our releases to make them authenticated in the Windows install process unless someone else wishes to take over the Zim for Windows release process from me. I feel it's not worth the price and it's not necessary. What I AM concerned about but have no energy to fight with is the number of ANTI-VIRUS tools out there that claim that Zim's installers' components (the NSIS installer script builder and the PortableApps.com launcher) are malware. As these malware accusations are made against the Zim packages, I am no longer signing the releases with my (free-of- cost) GPG key, due to the fear-uncertainty-and-doubt involved. If YOUR anti-virus solution does not detect the installer as malware, and YOU decide this is a safe course of action, YOU should install my package and use it. If someone wants to pick a fight with the anti-virus tool vendors that accuse NSIS and PortableApps.com of being malware, they're welcome to try it. I can provide details of the accusations that need to be disputed. On Wed, May 10, 2017, at 17:57, Marcio Segura wrote: > I contacted Microsoft about this issue and following is their answer: ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp
Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
I contacted Microsoft about this issue and following is their answer: Please note, Microsoft does NOT offer whitelisting for vendor’s products. Reputation for products offered is established by how your download is used by the Internet Explorer, Edge and the SmartScreen® Service intelligence algorithms. Downloads are assigned a reputation rating based on many criteria, such as download traffic, download history, past anti-virus results and URL reputation. This reputation may be based on the downloaded program or can also be assigned to the publisher, based on digital certificate information. Downloads that are digitally signed allow a publisher’s reputation to be applied to all of their signed downloads. All certificates, renewed as well as new, need to establish reputation. However, a renewed certificate, especially one that uses the same details as the old certificate, will gain reputation more quickly than a new one. Many signing certificates are valid for long periods, so certificate renewals are not typically very frequent. While reputation is being gained, users are able to download and install your applications despite the message that the application is unrecognized. To do so: - Edge browser – View downloads - access the Hub (Favorites, reading list, history and downloads), click Downloads and then right-click on the file listed and select Run anyway. - IE browser - View downloads and select Run under Actions for the listed downloaded file. Once the certificate has gained reputation, any applications signed with it will have the benefit of that reputation, so no warning will be shown to users downloading or installing the application. A certificate can be used to sign multiple applications. Another option you may want to explore is obtaining an EV Authenticode certificate. An application signed with an EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or Authenticode certificate. EV code signing certificates are now being issued by Symantec, DigiCert, and GlobalSign. The feedback tool for SmartScreen is still in place to report possible false warnings about phish or malware. Those warnings include a link to a form to submit a report. Application Reputation warnings are meant to inform end users when applications do not have known positive reputation. This doesn’t mean that the application is definitely malicious, only that is “unknown”. In many cases, especially if a certificate has been renewed, reputation is gained very quickly, and don’t require any review or intervention. Here are some references that may provide more information: - https://blogs.msdn.microsoft.com/ie/2011/03/22/smartscreen-application-reputation-building-reputation/ - https://blog.digicert.com/ms-smartscreen-application-reputation/ - https://blogs.msdn.microsoft.com/ie/2011/05/17/smartscreen-application-reputation-in-ie9/ - https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx. Sincerely, Microsoft Malware Protection Center De: Marcio Tibirica Para: zim-wiki@lists.launchpad.net Enviadas: Terça-feira, 9 de Maio de 2017 0:15 Assunto: Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download Brendan, I downloaded the installer file of desktop version and tested it for virus infection in two different ways. The first test was a local scan using Windows Defender that is installed in my machine (Win10 32-bit). The second test was an on-line scan with Kaspersky VirusDesk. In both scans no trace of infection was found, but if I try to run the installer it is blocked by Windows Defender which informs the following: Application: ZimDesktopWikiPortable_0.66.paf.exe Supplier: Unknown Supplier Maybe it is just a case of registering the software supplier in MS database? Or, maybe some information that must be embedded in the package? I don't know how this work. Anyway, I have sent the suspicious installer file to the Kaspersky virus lab and they probably will be able to find any "harmful code", if any. I'll keep you informed in case they send me an answer. By the way, who is going to take over Windows package creation for next Zim release? Regards, mtibbi === Em 08/05/2017 00:47, Brendan Kidwell escreveu: > VirusTotal.com reports non-zero "probably harmless" scores for many of > the dependencies of my Windows build process, even though I'm almost > certain the sources of those dependencies are not tainted. > VirusTotal.com reports that (as of today) Baidu and Bkav virus scanners > find "harmful" code in these Zim installer. Other than abandoning all of > my tools, I do not know how to move forward with this problem. > > Starting with this release I am no longer signing the installer > packages, and wh
Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
Or you can try https://www.microsoft.com/en-us/security/portal/developer/ContactUS.aspx . Tell me if it worked. De: Brendan Kidwell Para: zim-wiki@lists.launchpad.net Enviadas: Terça-feira, 9 de Maio de 2017 14:31 Assunto: Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download On Mon, May 8, 2017, at 23:15, Marcio Tibirica wrote: > In both scans no trace of infection was found, but if I try to run the > installer it is blocked by Windows Defender which informs the following: > Application: ZimDesktopWikiPortable_0.66.paf.exe > Supplier: Unknown Supplier > > Maybe it is just a case of registering the software supplier in MS > database? Or, maybe some information that must be embedded in the > package? I don't know how this work. I have only ever signed the installer packages using GPG as a separate file. I have never enclosed a signature and x.509 code signing certificate in the executable file itself. As far as I know, it still costs money to acquire an x.509 certificate suitable for signing Windows executables. "Supplier: Unknown Supplier" has little to do with virus scans. Windows is saying that the package's publisher is unidentified, and it really is unidentified. > By the way, who is going to take over Windows package creation for next > Zim release? Unknown, at this time. ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp
Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
Brendan, is it related to PAD Validation? See it in http://publisher.appvisor.com/I am new at distribute software and I am following this issue that are also happening with my softwares. I saw that it is good to publish softwares in this repository. Do you know about it? De: Brendan Kidwell Para: zim-wiki@lists.launchpad.net Enviadas: Terça-feira, 9 de Maio de 2017 14:31 Assunto: Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download On Mon, May 8, 2017, at 23:15, Marcio Tibirica wrote: > In both scans no trace of infection was found, but if I try to run the > installer it is blocked by Windows Defender which informs the following: > Application: ZimDesktopWikiPortable_0.66.paf.exe > Supplier: Unknown Supplier > > Maybe it is just a case of registering the software supplier in MS > database? Or, maybe some information that must be embedded in the > package? I don't know how this work. I have only ever signed the installer packages using GPG as a separate file. I have never enclosed a signature and x.509 code signing certificate in the executable file itself. As far as I know, it still costs money to acquire an x.509 certificate suitable for signing Windows executables. "Supplier: Unknown Supplier" has little to do with virus scans. Windows is saying that the package's publisher is unidentified, and it really is unidentified. > By the way, who is going to take over Windows package creation for next > Zim release? Unknown, at this time. ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp
Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
On Mon, May 8, 2017, at 23:15, Marcio Tibirica wrote: > In both scans no trace of infection was found, but if I try to run the > installer it is blocked by Windows Defender which informs the following: > Application: ZimDesktopWikiPortable_0.66.paf.exe > Supplier: Unknown Supplier > > Maybe it is just a case of registering the software supplier in MS > database? Or, maybe some information that must be embedded in the > package? I don't know how this work. I have only ever signed the installer packages using GPG as a separate file. I have never enclosed a signature and x.509 code signing certificate in the executable file itself. As far as I know, it still costs money to acquire an x.509 certificate suitable for signing Windows executables. "Supplier: Unknown Supplier" has little to do with virus scans. Windows is saying that the package's publisher is unidentified, and it really is unidentified. > By the way, who is going to take over Windows package creation for next > Zim release? Unknown, at this time. ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp
Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
Brendan, I downloaded the installer file of desktop version and tested it for virus infection in two different ways. The first test was a local scan using Windows Defender that is installed in my machine (Win10 32-bit). The second test was an on-line scan with Kaspersky VirusDesk. In both scans no trace of infection was found, but if I try to run the installer it is blocked by Windows Defender which informs the following: Application: ZimDesktopWikiPortable_0.66.paf.exe Supplier: Unknown Supplier Maybe it is just a case of registering the software supplier in MS database? Or, maybe some information that must be embedded in the package? I don't know how this work. Anyway, I have sent the suspicious installer file to the Kaspersky virus lab and they probably will be able to find any "harmful code", if any. I'll keep you informed in case they send me an answer. By the way, who is going to take over Windows package creation for next Zim release? Regards, mtibbi === Em 08/05/2017 00:47, Brendan Kidwell escreveu: VirusTotal.com reports non-zero "probably harmless" scores for many of the dependencies of my Windows build process, even though I'm almost certain the sources of those dependencies are not tainted. VirusTotal.com reports that (as of today) Baidu and Bkav virus scanners find "harmful" code in these Zim installer. Other than abandoning all of my tools, I do not know how to move forward with this problem. Starting with this release I am no longer signing the installer packages, and while I believe they are free of harmful code, I can't promise that I am correct. You must make your own determination about whether you should use my packages or not. Special thanks to Stephen Dintaman for assistance with this build cycle. I have posted the Desktop and Portable installer packages, such as they are, on http://www.glump.net/software/zim-windows . The packages were built on a fresh Windows 7 64-bit virtual machine, and they should work on any 32-bit or 64-bit version of Windows that is still supported by Microsoft. Brendan Kidwell ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~zim-wiki Post to : zim-wiki@lists.launchpad.net Unsubscribe : https://launchpad.net/~zim-wiki More help : https://help.launchpad.net/ListHelp
