Discussion:
[tw] [TW5] Twixie - Solve the saving problem - New release 0.5.24
(too old to reply)
i***@newsfromgod.com
2015-12-17 03:51:47 UTC
Permalink
Hi,

   This is a Christmas gift for the TW5 community! I really like TW5, but
it has one major entry barrier: the saving problem, and the need for
backups. I wanted some family members to use TW5 to take notes, but having
to install browser add-ons, and having to make backups really was too much
for them.

Twexe solves that with a new/old concept: A single file /EXECUTABLE
/tiddlywiki. It comes ready to use with the regular empty wiki, just
download, run it, and voila! Backups and saving occurs automatically. You
can also convert any tw5 wiki that you have into a single file executable,
it will then allow automatic saving and backups.  See the screencast demo
on the website below for more information and to download it.

Here are the features:


* Automatic backups
* Automatic saving
* No browser add-ons needed!!
* Works on Linux and Windows
* Single file executable, can be moved, copied, etc.
* Wiki is compressed, occupying less space on your disk (sometimes even
a third of the space!)
* Converts /any/ Tiddlywiki5 file to a single file executable , no need
for special tiddlywiki plugins
* Automatically uses the saving tab in the control panel (there you can
specify a backup directory if you don't like the default)
* Easily save the html wiki file from the executable twexe (if you need
it for some reason)
* Opens up the possibility to run external executables from your wiki
(to draw charts, etc.) - stay tuned!!
* Supports external images (i.e. with _canonical_uri field)

You can see a screencast demo and download it at the following page:

https://ihm4u.github.io/twexe/

Twexe liberates your wiki from the browser limitations, while working with
the wiki in the same way we all like.

Hope you enjoy and Merry Christmas!!!
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/20151216225147.Horde.iiTofe5S2FdFFLxyYLCPOA8%40www.newsfromgod.com.
For more options, visit https://groups.google.com/d/optout.
Tobias Beer
2015-12-17 11:41:18 UTC
Permalink
Hi ihm,

Congratulations to creating *twexe*,
it appears to very much simplify getting started
for anyone looking to "just use that wiki" in ways
we could use TWC when browsers were less restrictive,
e.g. "just hit save" / "yes, it creates backups if you want it to" (back
then even rss).

Two questions for the moment:

1. Can the user specify a backup directory (rather than have backups
saved alongside the wiki)?
2. How is it that *_canonical_uri* only works after reload? What do you
need to do to make it so?

One major benefit over TiddlyDesktop appears to be:
You simply use your favorite browser ...to search, zoom,
and all that stuff that TiddlyDesktop doesn't implement (yet).

It's great...

1. to simply be able to save entire wiki's rather than tiddlers
2. to have automatic backups
3. to not (necessarily) fiddle with any command-line but just click-open
a file
- which starts that custom server
4. how (I assume) you massage in the right server settings to any
tiddlywiki file that we want to use that way
- and turn it into the kind of executables tweze creates

PS: The amount of (Pascal) code to this is quite mind-boggling. :D

Good stuff!

Best wishes,

Tobias.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/5878ae04-d013-417e-82e4-d4323bd73854%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
i***@newsfromgod.com
2015-12-17 17:05:24 UTC
Permalink
Hi Tobias,
Post by Tobias Beer
Hi ihm,
Congratulations to creating *twexe*,
it appears to very much simplify getting started
for anyone looking to "just use that wiki" in ways
we could use TWC when browsers were less restrictive,
e.g. "just hit save" / "yes, it creates backups if you want it to" (back
then even rss).
Yes, the good old days of no browser restrictions :)
Post by Tobias Beer
1. Can the user specify a backup directory (rather than have backups
saved alongside the wiki)?
Yes, in Control Panel -> Saving -> Backup Directory. Just put the
directory name in there.

BTW, you can also change the "Upload Directory" to something other
than '.' and it will
also automatically save the html file with the name in "Upload
Filename". I use this myself
to write the webpage for github gh-pages.
Post by Tobias Beer
2. How is it that *_canonical_uri* only works after reload? What do you
need to do to make it so?
Reload is needed only when the _canonical_uri field is added or
changed. Afterwards it doesn't need
reload.

The reason is that I want to keep the server simple, so it only
processes one request
at a time. When the _canonical_uri is added it receives two requests:
one to save the wiki
and one to get the image. The browser doesn't get an immediate
response for the image because
the server is saving the wiki; this is why a reload is needed.

I could solve it with multi-threading, but this opens the door to
instability and many
possible bugs that I want to avoid. There are other possible
solutions, but since it only
happens when the _canonical_uri is added or changed (no reload is
needed after you have
created the tiddler with the proper _canonical_uri field) it is really
not a big issue,
especially since we get much more stability that way.
Post by Tobias Beer
You simply use your favorite browser ...to search, zoom,
and all that stuff that TiddlyDesktop doesn't implement (yet).
Yes, also it is a very different model. A twixie is an executable
wiki, you can move it, copy it
rename it, and use it just like you use a wiki. Tiddlydesktop is a
whole application. In addition a Twixie is 1MB whereas Tiddlydesktop
is 30MB and it is not meant to represent a single file wiki.

Twexe also upgrades automatically, something harder to do with TiddlyDesktop.
Post by Tobias Beer
It's great...
1. to simply be able to save entire wiki's rather than tiddlers
Oh yes, that is true, I didn't think about this...
Post by Tobias Beer
2. to have automatic backups
3. to not (necessarily) fiddle with any command-line but just click-open
a file
- which starts that custom server
I wanted users to have it really easy :)
Post by Tobias Beer
4. how (I assume) you massage in the right server settings to any
tiddlywiki file that we want to use that way
- and turn it into the kind of executables tweze creates
There are a lot of "tricks" behind the scenes :) hehehe
Making a self-modifying executable in a safe way is not such an easy
thing to tackle.

Thanks!!
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/20151217120524.Horde.NqpcZx3F5X0D153Jy_mtH6A%40www.newsfromgod.com.
For more options, visit https://groups.google.com/d/optout.
Tobias Beer
2015-12-17 17:35:26 UTC
Permalink
Hi ihm,
Post by i***@newsfromgod.com
Post by Tobias Beer
1. Can the user specify a backup directory (rather than have backups
saved alongside the wiki)?
Yes, in Control Panel -> Saving -> Backup Directory.
Just put the directory name in there.
Very cool that you fully support these settings.
Well, kinda makes sense. After all, you implemented a slim server for it.

BTW, you can also change the "Upload Directory" to something other
Post by i***@newsfromgod.com
than '.' and it will also automatically save the html file with the name
in "Upload
Filename". I use this myself to write the webpage for github gh-pages.
Interesting, atm I'm fully working with the node server and fine with it.
Well, actually, I do prefer to work on .tid files.
However, for a non-dev end user, this is just great,
especially the ability to still auto-generate the html alongside
and perhaps have some ftp client auto-publish that to the web
<http://stackoverflow.com/questions/11803482/how-to-automatically-ftp-files-that-i-am-editing>
.

A bit of testing...
I happened to delete the password in the ControlPanel for saving,
now I only get the download dialog.
I figured, ok I just try entering "twexe" and it saves the wiki.
Actually, any password will do. A bit odd, but ok.
Perhaps an option to actually set a true password may be good...
to prevent overwrites on a local network.

It's great that I can set upload and backup-dirs as I want,
decouples the exe from the wiki. Kudos.

One (obvious) thing that won't work is having two twexe run at the same
time.
Perhaps you can have some error handling as to
whether or not a given port is actually available and,
if not pick the next one, e.g. 8081...
Or is the port already configurable somehow?

Best wishes,

Tobias.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/4d46dc7e-d818-406a-8bbe-de9a1fcc95d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
i***@newsfromgod.com
2015-12-17 18:19:38 UTC
Permalink
Hi Tobias,
Post by Tobias Beer
Very cool that you fully support these settings.
Well, kinda makes sense. After all, you implemented a slim server for it.
:)
Post by Tobias Beer
However, for a non-dev end user, this is just great,
especially the ability to still auto-generate the html alongside
and perhaps have some ftp client auto-publish that to the web
<http://stackoverflow.com/questions/11803482/how-to-automatically-ftp-files-that-i-am-editing>
Great! Thanks for the stackoverflow link, I didn't know about some of those
programs!
Post by Tobias Beer
A bit of testing...
I happened to delete the password in the ControlPanel for saving,
now I only get the download dialog.
I figured, ok I just try entering "twexe" and it saves the wiki.
Actually, any password will do. A bit odd, but ok.
This is done on purpose, it will only save automatically if you set
the wiki name in the saving tab to 'twexe'. This is the default
added by the twexe executable. It allows the user
to also sporadically change the Wiki Name and save it to a PHP UploadPlugin
compatible server. Then the user can change it back to 'twexe' and it
will save
to the local twixie automatically again.
Post by Tobias Beer
Perhaps an option to actually set a true password may be good...
to prevent overwrites on a local network.
Yes, I may add this later when I make a twexe TW5 plugin that
includes options and other features.
Post by Tobias Beer
It's great that I can set upload and backup-dirs as I want,
decouples the exe from the wiki. Kudos.
One (obvious) thing that won't work is having two twexe run at the same
time.
Perhaps you can have some error handling as to
whether or not a given port is actually available and,
if not pick the next one, e.g. 8081...
Or is the port already configurable somehow?
This is already working, did you try it? It should pick the next
available port.
Post by Tobias Beer
Best wishes,
Tobias.
Thanks!
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/20151217131938.Horde.GnbKRyfUyHMSuJwjMGEuDtF%40www.newsfromgod.com.
For more options, visit https://groups.google.com/d/optout.
Tobias Beer
2015-12-17 18:31:50 UTC
Permalink
Hi ihm,
This is already working, did you try it? It should pick the next available
port.
Wow, cool! At some point the twexe console showed me some very red lines
and I didn't pay close attention and hap-hazardly assumed it was all about
how I was already running one server, so I closed it.

Ok, so this error happens when you try to run two twexe.exe *with the same
name*,
but from different folders *at the same time*:

<Loading Image...>

There is no reason I called the folder *tiddler*... would have better been
*test*.

Best wishes,

Tobias.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/d456b26c-38cf-4986-90f9-22215a1a9a57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
i***@newsfromgod.com
2015-12-17 19:18:55 UTC
Permalink
Post by Tobias Beer
Hi ihm,
This is already working, did you try it? It should pick the next available
port.
Wow, cool! At some point the twexe console showed me some very red lines
and I didn't pay close attention and hap-hazardly assumed it was all about
how I was already running one server, so I closed it.
Great!
Post by Tobias Beer
Ok, so this error happens when you try to run two twexe.exe *with the same
name*,
<https://lh3.googleusercontent.com/-biibSnzw1RU/VnL-520-ZTI/AAAAAAAAB80/mqcIW9909Ig/s1600/error.jpg>
Oh yes...it assumes them to be the same twixie because they have the
same name....
I'm glad you caught this one!! You're amazing catching corner cases!!
I post a fix asap....

Thanks
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/20151217141855.Horde.jktuqdL6IOOIAnKIQnVS_Is%40www.newsfromgod.com.
For more options, visit https://groups.google.com/d/optout.
i***@newsfromgod.com
2015-12-17 22:18:59 UTC
Permalink
Hi Tobias,
Post by Tobias Beer
Ok, so this error happens when you try to run two twexe.exe *with the same
name*,
<https://lh3.googleusercontent.com/-biibSnzw1RU/VnL-520-ZTI/AAAAAAAAB80/mqcIW9909Ig/s1600/error.jpg>
OK, fixed in version 0.5.25, could you try it?

Thanks!
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/20151217171859.Horde.iPHqs2wziESinirEOCmTWIG%40www.newsfromgod.com.
For more options, visit https://groups.google.com/d/optout.
PMario
2015-12-17 20:38:24 UTC
Permalink
Hi ?@newsfromgod,

I think your program has some clever ideas, __but__ I also think, there is
a lot of room for improvements: see: https://github.com/ihm4u/twexe/issues/1
Twexe solves that with a new/old concept: A single file *executable*
tiddlywiki. It comes ready to use with the regular empty wiki, just
download, run it, and voila! Backups and saving occurs automatically. You
can also convert any tw5 wiki that you have into a single file executable,
it will then allow automatic saving and backups. See the screencast demo
on the website below for more information and to download it.
I think your implementation could be similar to tiddly desktop, but it
should really stop to create unsigned, untrusted executables.
- Automatic backups
- Automatic saving
- No browser add-ons needed!!
- Works on Linux and Windows
- Single file executable, can be moved, copied, etc.
- Wiki is compressed, occupying less space on your disk (sometimes
even a third of the space!)
All the above functions are cool, but the next one has the potential to
explode right in front of our faces!
IMO we should not train our users to activate unsigned executables, if they
want to work with a single HTML file.
- Converts *any* Tiddlywiki5 file to a single file executable , no
need for special tiddlywiki plugins
outch. I think this is and will cause a big security problem.
- Automatically uses the saving tab in the control panel (there you
can specify a backup directory if you don't like the default)
- Easily save the html wiki file from the executable twexe (if you
need it for some reason)
That's a good one. Your backups may be .twz for tiddlywiki-zipped and be
registered by the OS. So if you click it, it can open one and only one
executable. ... How do you intend to support and update all the backup
exes? The next version will make all backups obsolete! .. IMO we have an
update problem here!
- Opens up the possibility to run external executables from your wiki
(to draw charts, etc.) - stay tuned!!
hmmm, calling and activating other exes from possibly untrusted source.
really?
- Supports external images (i.e. with _canonical_uri field)
I do like Pascal a lot. I learned programming with this language. .. but
please let's discuss the behaviour of your program first.

And please deactivate the download links until we could discuss my
concerns.

kind regards
Mario
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/bdf7d527-e5f9-4408-8385-5016113177d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
i***@newsfromgod.com
2015-12-17 21:45:12 UTC
Permalink
Hi PMario,
Post by PMario
I think your implementation could be similar to tiddly desktop, but it
should really stop to create unsigned, untrusted executables.
Microsoft themselves distributes untrusted executables, just download:
and run https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

And you will see that the dialog window pops up saying it is an untrusted
executable downloaded from the internet.

Unlike Microsoft, all the source code is freely and openly available
at github so that
anyone can see what it does, and change it if they want.

Thirdly, it binds only to 127.0.0.1 which prevents any external
attacks from the network.

Fourthly, I am willing to add any other security features you think
may be needed.

It does produce a new executable to keep with the single file principle, but
the new executable doesn't include new executable code, only zipped
data appended
to the end of the executable.

You can compare the bytes of the two files and see that they differ
only at the
beggining of the appended zip section.

If I wrote malicious code I would not make the source code available
like it is, and
would not make a public announcement like this. As a matter of fact I
originally wrote it
because I was thinking of a family member that has a hard time with
computers, and
I wanted something easy for them. I just made it available to the
community because
I thought it would be useful.
Post by PMario
How do you intend to support and update all the backup
exes? The next version will make all backups obsolete! .. IMO we have an
update problem here!
The exe upgrades itself like firefox and a lot of other software does. Yes,
I need to add an option to turn it off if the user wants to, that will
come when I do a TW5 plugin for it.
Post by PMario
- Opens up the possibility to run external executables from your wiki
(to draw charts, etc.) - stay tuned!!
hmmm, calling and activating other exes from possibly untrusted source.
really?
The executable to be called will be specified by the user
*explicitly*, so that means the
user knows the executable that is being called because the user is the
one calling it.

For that matter, the node.js server can also do malicious things under
the covers if it wanted to,
but the source code is available and anyone can see what it does.

Registering a different extension doesn't make it more secure. If it
had malicious code inside
it would run anyways after the extension was registered.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/20151217164512.Horde.mgSWy1D3WvnBR1YoA1PaolZ%40www.newsfromgod.com.
For more options, visit https://groups.google.com/d/optout.
Felix Küppers
2015-12-17 23:26:50 UTC
Permalink
Hi @ all,

what @ihm4u has created is really inspiring and I can tell it has
involved much thinking. It's great to see somebody developing cutting
edge solutions for TiddlyWiki (tidgraph, twexe)!

Regarding Mario's criticism:

I agree with ihm when he says that all binaries in the world are
potentially dangerous.

However, I can understand that Mario issues a warning because:

TW itself so far has been based on script files only. twexe is binary.
In this special case it is not a sufficient to say "look at the code,
it's online" because the binaries presented in the demo wiki are
already compiled. However, I also understand it defeats the purpose of
your project to tell people to read your code first and the compile it
themselves to be on the save side.

Second, there is actually a binary file that is not auditable called
twexe.res – so even if I checked and compiled the code myself, I would
not know how this file behaves (maybe your IDE created this file or it
contains a thumbnail image?).

In any case, great project/idea, thanks for sharing, and sorry for the
criticism – it's just precaution.

-Felix
Post by i***@newsfromgod.com
Hi PMario,
Post by PMario
I think your implementation could be similar to tiddly desktop, but it
should really stop to create unsigned, untrusted executables.
and run
https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx
And you will see that the dialog window pops up saying it is an untrusted
executable downloaded from the internet.
Unlike Microsoft, all the source code is freely and openly available
at github so that
anyone can see what it does, and change it if they want.
Thirdly, it binds only to 127.0.0.1 which prevents any external
attacks from the network.
Fourthly, I am willing to add any other security features you think
may be needed.
It does produce a new executable to keep with the single file
principle, but
the new executable doesn't include new executable code, only zipped
data appended
to the end of the executable.
You can compare the bytes of the two files and see that they differ
only at the
beggining of the appended zip section.
If I wrote malicious code I would not make the source code available
like it is, and
would not make a public announcement like this. As a matter of fact I
originally wrote it
because I was thinking of a family member that has a hard time with
computers, and
I wanted something easy for them. I just made it available to the
community because
I thought it would be useful.
Post by PMario
How do you intend to support and update all the backup
exes? The next version will make all backups obsolete! .. IMO we have an
update problem here!
The exe upgrades itself like firefox and a lot of other software does. Yes,
I need to add an option to turn it off if the user wants to, that will
come when I do a TW5 plugin for it.
Post by PMario
- Opens up the possibility to run external executables from your wiki
(to draw charts, etc.) - stay tuned!!
hmmm, calling and activating other exes from possibly untrusted source.
really?
The executable to be called will be specified by the user
*explicitly*, so that means the
user knows the executable that is being called because the user is the
one calling it.
For that matter, the node.js server can also do malicious things under
the covers if it wanted to,
but the source code is available and anyone can see what it does.
Registering a different extension doesn't make it more secure. If it
had malicious code inside
it would run anyways after the extension was registered.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/BLU437-SMTP984152EACD8711BE196A3ECEE00%40phx.gbl.
For more options, visit https://groups.google.com/d/optout.
i***@newsfromgod.com
2015-12-17 23:41:06 UTC
Permalink
Hi,
Post by Felix Küppers
involved much thinking. It's great to see somebody developing cutting
edge solutions for TiddlyWiki (tidgraph, twexe)!
Thanks
Post by Felix Küppers
I agree with ihm when he says that all binaries in the world are
potentially dangerous.
BTW, TiddlyDesktop also includes an untrusted binary, NW.exe
If you get rid of Microsoft named "untrusted" software you will not have
99% of the open source software in windows.
Post by Felix Küppers
Second, there is actually a binary file that is not auditable called
twexe.res – so even if I checked and compiled the code myself, I would
not know how this file behaves (maybe your IDE created this file or it
contains a thumbnail image?).
This binary file is generated by the Lazarus IDE, those that have done
windows development
know it's a 'resource' file, and it does not contain executable code.
I don't even need to have it as part of the source code because it is
generated
by the Free Pascal tools, you can check yourself free pascal resource
files here:

http://wiki.freepascal.org/Lazarus_Resources#FPC_resources

I just happen not to have it listed in the .gitignore file, so it got
included in
the project.

To verify that it is not dangerous you can delete it and recompile the project
and you will see that it gets generated by the Lazarus IDE.
Post by Felix Küppers
In any case, great project/idea, thanks for sharing, and sorry for the
criticism – it's just precaution.
Yes, I understand we need to be really careful here. My only idea was to make
TW5 much more user friendly.
Post by Felix Küppers
-Felix
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/20151217184106.Horde.9ZuQggE2xpnKI0fV5z2JrKd%40www.newsfromgod.com.
For more options, visit https://groups.google.com/d/optout.
PMario
2015-12-18 13:08:07 UTC
Permalink
Hi,
Post by i***@newsfromgod.com
and run
https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx
Yes, I know and that's a shame.
Post by i***@newsfromgod.com
And you will see that the dialog window pops up saying it is an untrusted
executable downloaded from the internet.
Yes, and imo that's a problem, because our users will be trained to ignore
this dialog. I'm sure many windows users don't read warning dialogs at all
and just click ok, which opens the door for yet a new additional browser
toolbar ;)

Unlike Microsoft, all the source code is freely and openly available
Post by i***@newsfromgod.com
at github so that
anyone can see what it does, and change it if they want.
That's good and you should add a license file and a readme to your repo.
I didn't say, that your code is not safe. I have concerns about the
mechanism you choose to spread the app.
Post by i***@newsfromgod.com
Thirdly, it binds only to 127.0.0.1 which prevents any external
attacks from the network.
Fourthly, I am willing to add any other security features you think
may be needed.
I think the backup files should be plain text files. eg: empty-x-y-z.html or
empty-x-y-z.html.zip if you like to compress them.
I also think, that backups should be stored in a sub folder. Plain text
files can do no harm at the moment and it's very likely, that they don't
harm in the future 20+ years.


TiddlyWiki uses plain html files, because there are a lot of advantages.

- html is plain text and human readable, with every simple text editor
- plain text will be easy readable for the next 20++ years
- plain text is agnostic to operating systems.
- HTML works on any platform that has a browser.
- it's easy to send text files per mail. They are not blocked by corporate
firewalls
- it's easy to verify if 2 files contain the exact same content.
- So verifying if a local empty.html is the same as github empty.html is
easy
- comparisons are human readable.
- ...

All of the above is _not_ true for executables.
Post by i***@newsfromgod.com
It does produce a new executable to keep with the single file principle, but
the new executable doesn't include new executable code, only zipped
data appended
to the end of the executable.
Yes. So the executables are duplicated all over the places and for normal
users, it's impossible to check, if only the content is modified or the
.exe was modified too.

Tobias mentioned, that executables may be safe, if I trust the source. IMO
they are not.

- Let's say I trust your github repo and I can download the program from
there. Let's name it twexe.exe
- Let's say I like the program and your future license allows
redistributing, I trust myself so I can download twexe.exe from my
forked repo too.
- Let's say the "man in the middle" also likes the program. He modifies
it and distributes it as. twexe.exe


- I download and rename my local version to myContent.exe and add some
tiddlers.
- I send myContent to tobias per mail.

I think all of this behaviour is fine, and imo totally real world
behaviour. So it should be fine. right?

Let me ask 3 very simple questions:

- How can Tobias check, if I didn't mess with the executable, and it is
save to use it.
- How can Tobias be sure, that myContent is a child of twexe.exe from
ihm4u and not from the "man in the middle"
- How can our users do the same?

You can compare the bytes of the two files and see that they differ
Post by i***@newsfromgod.com
only at the
beggining of the appended zip section.
Yes I can, but does your family?
Post by i***@newsfromgod.com
If I wrote malicious code I would not make the source code available
like it is, and
would not make a public announcement like this.
I don't know. ... You joined github in October <https://github.com/ihm4u>.
There is no real name and no e-mail address. ... I don't know you.
Post by i***@newsfromgod.com
As a matter of fact I
originally wrote it
because I was thinking of a family member that has a hard time with
computers, and
I wanted something easy for them.
I love the idea, to make it easy for users to work with tiddlywiki. I
actually thought quite some time about it, if I should raise my voice.
There have been several hours between creating the issue on github and my
post there in the group.

I choose to start the discussion, because I have concerns about the
approach that was chosen. I'm fine with something that is similar to
tiddly desktop and I still think your program has potential, but I think,
there should be only one app that can work with standard or zipped html
text files.
Post by i***@newsfromgod.com
I just made it available to the
community because
I thought it would be useful.
As I saw your announcement I thought: "Great, that's an interesting
approach". As I saw the video and thought about it:.. "uuups, I'm
concerned"
Post by i***@newsfromgod.com
For that matter, the node.js server can also do malicious things under
the covers if it wanted to,
but the source code is available and anyone can see what it does.
As I see it, nwjs it is signed
<https://github.com/nwjs/nw.js/issues/3454#issuecomment-147933335>. .. But
we still need to find a convenient way to verify, if tw plugins are safe to
use. There is no "chain of trust" that we can use to verify the stuff at
the moment.
Post by i***@newsfromgod.com
Registering a different extension doesn't make it more secure. If it
had malicious code inside
it would run anyways after the extension was registered.
That's right, but there is only one executable, that needs to be monitored.

regards
mario
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/1ce991f8-297d-4726-bdb7-56d81723932f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
i***@newsfromgod.com
2015-12-18 14:20:16 UTC
Permalink
Hi PMario,
Hi,
On Thursday, December 17, 2015 at 10:45:21 PM UTC+1,
Post by i***@newsfromgod.com
and run
https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx
Yes, I know and that's a shame.
Yes, and imo that's a problem, because our users will be trained to ignore
this dialog. I'm sure many windows users don't read warning dialogs at all
and just click ok, which opens the door for yet a new additional browser
toolbar ;)
So you agree that Microsoft distributes "untrusted" executables, but then
why do you make such a problem about twexe? You would have to go after
Microsoft and
all the millions of open source developers out there that have "untrusted"
executables.
(including Jeremy with TiddlyDesktop)
Unlike Microsoft, all the source code is freely and openly available
Post by i***@newsfromgod.com
at github so that
anyone can see what it does, and change it if they want.
That's good and you should add a license file and a readme to your repo.
I didn't say, that your code is not safe. I have concerns about the
mechanism you choose to spread the app.
I can put links to download the file as a zip file, just like
TiddlyDesktop does. This does not increase security, but it will
help people that are worried about dialog boxes.

I will add the MIT license to the repo.
I think the backup files should be plain text files. eg: empty-x-y-z.html or
empty-x-y-z.html.zip if you like to compress them.
I also think, that backups should be stored in a sub folder. Plain text
files can do no harm at the moment and it's very likely, that they don't
harm in the future 20+ years.
As I mentioned in the thread, you can choose your backup directory and
you can have twexe store the html files directly.
TiddlyWiki uses plain html files, because there are a lot of advantages.
- html is plain text and human readable, with every simple text editor
- plain text will be easy readable for the next 20++ years
- plain text is agnostic to operating systems.
- HTML works on any platform that has a browser.
- it's easy to send text files per mail. They are not blocked by corporate
firewalls
- it's easy to verify if 2 files contain the exact same content.
   - So verifying if a local empty.html is the same as github empty.html
is
easy
   - comparisons are human readable.
- ...
All of the above is _not_ true for executables.
I am not writing a replacement for tiddlywiki, I think tiddlywiki is great
as it
is. If you don't like twexe, don't use it, but don't prevent others from
using
it if they want to.
Yes. So the executables are duplicated all over the places and for normal
users, it's impossible to check, if only the content is modified or the
.exe was modified too.
They are not copied all over the place. It is very structured and
organized:
1. The user can specify the backup directory where they want executables
backups to go
2. The temporary files are all stored under one directory in the operating
    sytem temp directory

That's it.
  - How can Tobias check, if I didn't mess with the executable, and it is
save to use it.
  - How can Tobias be sure, that myContent is a child of twexe.exe from
ihm4u and not from the "man in the middle"
  - How can our users do the same?
This is not a problem with twexe or tiddlywiki. Any download from github or
any other web
source has the same problem.I can fork TiddlyDesktop and the same problems
you talk about will show up.
Post by i***@newsfromgod.com
For that matter, the node.js server can also do malicious things under
the covers if it wanted to,
but the source code is available and anyone can see what it does.
As I see it, nwjs it is signed
<https://github.com/nwjs/nw.js/issues/3454#issuecomment-147933335>.  ..
Just to make things clear to you, so that you can see TiddlyDesktop NW.EXE
is NOT SIGNED:

1. Download sigcheck from
https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx
   - This is a Microsoft Signature check tool, which people knowledgeable
about
     "security" should know about.
2. Download TiddlyDesktop version 0.8
3. Run sigcheck against the nw.exe INSIDE TiddlyDesktop
4. Just to save you the time here is the output:

Sigcheck v2.30 - File version and signature viewer
Copyright (C) 2004-2015 Mark Russinovich
Sysinternals - www.sysinternals.com[1]

Z:\tmp\tiddlydesktop-win32-v0.0.8\nw.exe:
        Verified:       Unsigned
        Link date:      1:30 AM 7/29/2015
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    32-bit

Microsoft Signature verification tool says TiddlyDesktop NW.EXE is NOT
SIGNED. If you have
such a problem with unsigned executables you should ask Jeremy to stop
distributing TiddlyDesktop
also.

By the way, let me know if you are willing to buy a certificate for twexe
and
pay for the fees and the possible periodic renewal charges. I will be happy
to
sign twexe to make you happy. The name of two vendors are Verisign and
Thawte
if you want to look into it. I am not sure, but I think the certificates
need to
be renewed periodically. You should buy a certificate for TiddlyDesktop
also.

If you continue to have security concerns about twexe, just point to one
line in the
source code that does a malicious thing, and I will be happy to erase or
modify
anything you want.

All the other things that you mentioned are concerns with any software
downloaded from internet,
including TiddlyDesktop, and they have nothing to do with twexe
specifically; as Tobias pointed out.

Thanks


Links:
------
[1] http://www.sysinternals.com
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/20151218092016.Horde.He95BEFBynHIzK5RTLqiYk1%40www.newsfromgod.com.
For more options, visit https://groups.google.com/d/optout.
Tobias Beer
2015-12-18 14:22:28 UTC
Permalink
Hi Mario,
Post by PMario
- How can Tobias check, if I didn't mess with the executable, and it is
save to use it.
- How can Tobias be sure, that myContent is a child of twexe.exe from
ihm4u and not from the "man in the middle"
- How can our users do the same?
I cannot check if you messed with the executable or some "man in the
middle" did.

It all boils down to this:

1. Do I trust Mario?
2. Can I be sure Mario is only using the official twexe?
- I can always ask.
3. Did I get that file in a safe manner?
- There'd have to be some some nifty packet sniffing + modifying.

If I can answer the above questions with *yes*, then I feel fine.

Perhaps there really is no need for twexe to be a single file.
But then again, let's assume twexe worked with some wiki.html files.
If it is still allowed to execute local fs stuff,
then we haven't achieved anything much in terms of security
by extracting the wiki from the executable.

I do agree, it's highly unusual for an exe to write to itself.
On the other hand, that is what we are ourselves,
We are "executbles" that write to ourselves (our memory). :D

So, again, it boils down to trust:

- Can I trust myself with ...my executing taks ...and
...my memory management?
- Can I trust someone else with ...their executing tasks ...and
...their memory management?

Sure, if I cannot, the risk of being involved with myself or someone else
increases steeply.
Being able to tell if I am cheating myself (e.g. procrastination) or being
cheated on sure is helping.

However, even if the twexe was separated from the wiki,
I had no way of telling if some wiki I am given will cheat on me once I
open it in twexe.
What is true, though, is that I can perfectly open the wiki as an html file
sand-boxed in the browser with no major OS risk involved.

Best wishes,

Tobias.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/4d5cde37-4288-4422-ad9e-44926b0de709%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tobias Beer
2015-12-17 23:43:20 UTC
Permalink
Hi Mario,
outch. I think this is and will cause a big security problem.
There are a billion ways to get viruses or other malicious code.
I do not see why I would be concerned about twexe not being "signed".

You appear to address a theoretical vulnerabilities, rather than an actual
one.
What you are literally suggesting is that one would never know if a twexe
is compromised.

That can obviously only be the case if you got it from a source you should
not trust.
So, rule #1, don't use executables from sources you do not trust.
That goes for every bit of executable, twexe, tiddlydesktop, your browser,
any executable piece of software, signed or otherwise.
This, however, has nothing whatsoever to do with twexe.

Best wishes,

Tobias.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/c4a62836-4fa0-44ba-80fc-d4d849f615c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tobias Beer
2015-12-18 00:07:26 UTC
Permalink
Also, the fact alone that twexe is or may be capable to run other
executables, which I have yet to see ...is no cause for concern either.

Twexe cannot and does not do anything a user cannot do on the system and it
will and should not do what a user did not instruct it to, unless we have a
careless bugger or lassie who thinks they should just use any bit of
software they got from whomever as a mail attachment.

Trust your sources. And if you don't, they're not your sources. Simple.

Best wishes,

Tobias.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/7bd35f1b-d074-4f04-98e3-6c5b0e0b3660%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tobias Beer
2015-12-18 00:14:14 UTC
Permalink
About...
Post by Tobias Beer
Also, the fact alone that twexe is or may be capable to run other
executables, which I have yet to see ...is no cause for concern either.
Assuming twexe can do that: How does that work?
Could the TiddlyWiki it contains have a startup module that can execute
arbitrary commands against the os directly when I open a twexe?

What commands other than "save this wiki" does the server pass on (to the
commandline)?

Best wishes,

Tobias.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/3895c34f-a0b3-47c9-a205-1cc90e29625c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
i***@newsfromgod.com
2015-12-18 00:22:38 UTC
Permalink
Hi Tobias,
Post by Tobias Beer
Also, the fact alone that twexe is or may be capable to run other
executables, which I have yet to see ...is no cause for concern either.
Yes. My idea with external executables is that the user would write a
tiddler with
something like this:

<$twx.run cmd="c:\apps\graphviz\dot.exe" input="digraph g { A -> B;}"
args="-Tsvg"/>
or
<$twx.run cmd="c:\apps\graphviz\dot.exe"
input="MyTiddlerWithGraphDescription" args="-Tsvg"/>


This would use the Graphviz tools to generate an svg diagram of A -> B.
Of course, the graph description could come from a tiddler instead of being
coded in the attribute.

It would be the *user* that chooses what program to execute, not twexe.
Post by Tobias Beer
Twexe cannot and does not do anything a user cannot do on the system and it
will and should not do what a user did not instruct it to, unless we have a
careless bugger or lassie who thinks they should just use any bit of
software they got from whomever as a mail attachment.
Yes, my main principle in designing it was usability and to keep the integrity
of the user data, this is why it makes copies of files, backups, etc.
So users would not lose their data.
Post by Tobias Beer
Trust your sources. And if you don't, they're not your sources. Simple.
This is so true. People that do malicious software don't publish it,
but they try to "trojan" upon another executable that is already in
the system.
And they NEVER publish the source code.
Post by Tobias Beer
Best wishes,
Tobias.
Thanks
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/20151217192238.Horde.g-WQYMWG2P-BAQXp3UTq2aA%40www.newsfromgod.com.
For more options, visit https://groups.google.com/d/optout.
Loading...