[TW5] Twixie - Solve the saving problem - New release 0.5.24

[ih...@newsfromgod.com]

Hi,

   This is a Christmas gift for the TW5 community! I really like TW5, but it has one major entry barrier: the saving problem, and the need for backups. I wanted some family members to use TW5 to take notes, but having to install browser add-ons, and having to make backups really was too much for them.

Twexe solves that with a new/old concept: A single file executable tiddlywiki. It comes ready to use with the regular empty wiki, just download, run it, and voila! Backups and saving occurs automatically. You can also convert any tw5 wiki that you have into a single file executable, it will then allow automatic saving and backups.  See the screencast demo on the website below for more information and to download it.

Here are the features:

• Automatic backups
• Automatic saving
• No browser add-ons needed!!
• Works on Linux and Windows
• Single file executable, can be moved, copied, etc.
• Wiki is compressed, occupying less space on your disk (sometimes even a third of the space!)
• Converts any Tiddlywiki5 file to a single file executable , no need for special tiddlywiki plugins
• Automatically uses the saving tab in the control panel (there you can specify a backup directory if you don't like the default)
• Easily save the html wiki file from the executable twexe (if you need it for some reason)
• Opens up the possibility to run external executables from your wiki (to draw charts, etc.) - stay tuned!!
• Supports external images (i.e. with _canonical_uri field)

You can see a screencast demo and download it at the following page:

https://ihm4u.github.io/twexe/

Twexe liberates your wiki from the browser limitations, while working with the wiki in the same way we all like.

Hope you enjoy and Merry Christmas!!!

[Tobias Beer]

Hi ihm,

Congratulations to creating twixie (twexe),

it appears to very much simplify getting started

for anyone looking to "just use that wiki" in ways

we could use TWC when browsers were less restrictive,

e.g. "just hit save" / "yes, it creates backups if you want it to" (back then even rss).

Two questions for the moment:

1. Can the user specify a backup directory (rather than have backups saved alongside the wiki)?
   
2. How is it that _canonical_uri only works after reload? What do you need to do to make it so?

One major benefit over TiddlyDesktop appears to be:

You simply use your favorite browser ...to search, zoom,

and all that stuff that TiddlyDesktop doesn't implement (yet).

It's great...

1. to simply be able to save entire wiki's rather than tiddlers
2. to have automatic backups
3. to not (necessarily) fiddle with any command-line but just click-open a file
• which starts that custom server
  
4. how (I assume) you massage in the right server settings to any tiddlywiki file that we want to use that way
   
• and turn it into the kind of executables tweze creates
  

PS: The amount of (Pascal) code to this is quite mind-boggling. :D

Good stuff ...and happy holidays to you to!

Best wishes,

Tobias.

[ih...@newsfromgod.com]

Hi Tobias,

Quoting Tobias Beer <beert...@gmail.com>:

> Hi ihm,
>

> Congratulations to creating *twexe*,

> it appears to very much simplify getting started
> for anyone looking to "just use that wiki" in ways
> we could use TWC when browsers were less restrictive,
> e.g. "just hit save" / "yes, it creates backups if you want it to" (back
> then even rss).
>

Yes, the good old days of no browser restrictions :)

> Two questions for the moment:
>

> 1. Can the user specify a backup directory (rather than have backups
> saved alongside the wiki)?

Yes, in Control Panel -> Saving -> Backup Directory. Just put the
directory name in there.

BTW, you can also change the "Upload Directory" to something other
than '.' and it will
also automatically save the html file with the name in "Upload
Filename". I use this myself
to write the webpage for github gh-pages.

> 2. How is it that *_canonical_uri* only works after reload? What do you

> need to do to make it so?

Reload is needed only when the _canonical_uri field is added or
changed. Afterwards it doesn't need
reload.

The reason is that I want to keep the server simple, so it only
processes one request
at a time. When the _canonical_uri is added it receives two requests:
one to save the wiki
and one to get the image. The browser doesn't get an immediate
response for the image because
the server is saving the wiki; this is why a reload is needed.

I could solve it with multi-threading, but this opens the door to
instability and many
possible bugs that I want to avoid. There are other possible
solutions, but since it only
happens when the _canonical_uri is added or changed (no reload is
needed after you have
created the tiddler with the proper _canonical_uri field) it is really
not a big issue,
especially since we get much more stability that way.

>
> One major benefit over TiddlyDesktop appears to be:
> You simply use your favorite browser ...to search, zoom,
> and all that stuff that TiddlyDesktop doesn't implement (yet).
>

Yes, also it is a very different model. A twixie is an executable
wiki, you can move it, copy it
rename it, and use it just like you use a wiki. Tiddlydesktop is a
whole application. In addition a Twixie is 1MB whereas Tiddlydesktop
is 30MB and it is not meant to represent a single file wiki.

Twexe also upgrades automatically, something harder to do with TiddlyDesktop.

> It's great...
>
> 1. to simply be able to save entire wiki's rather than tiddlers

Oh yes, that is true, I didn't think about this...

> 2. to have automatic backups
> 3. to not (necessarily) fiddle with any command-line but just click-open
> a file
> - which starts that custom server

I wanted users to have it really easy :)

> 4. how (I assume) you massage in the right server settings to any

> tiddlywiki file that we want to use that way

> - and turn it into the kind of executables tweze creates

There are a lot of "tricks" behind the scenes :) hehehe
Making a self-modifying executable in a safe way is not such an easy
thing to tackle.

Thanks!!

[Tobias Beer]

Hi ihm,

 

> 1. Can the user specify a backup directory (rather than have backups
> saved alongside the wiki)?

Yes, in Control Panel -> Saving -> Backup Directory. 

Just put the directory name in there.

Very cool that you fully support these settings.

Well, kinda makes sense. After all, you implemented a slim server for it.

BTW, you can also change the "Upload Directory" to something other  
than '.'  and it will also automatically save the html file with the name in "Upload  
Filename". I use this myself to write the webpage for github gh-pages.

Interesting, atm I'm fully working with the node server and fine with it.

Well, actually, I do prefer to work on .tid files.

However, for a non-dev end user, this is just great,

especially the ability to still auto-generate the html alongside

and perhaps have some ftp client auto-publish that to the web.

A bit of testing...

I happened to delete the password in the ControlPanel for saving,

now I only get the download dialog.

I figured, ok I just try entering "twexe" and it saves the wiki.

Actually, any password will do. A bit odd, but ok.

Perhaps an option to actually set a true password may be good...

to prevent overwrites on a local network.

It's great that I can set upload and backup-dirs as I want,

decouples the exe from the wiki. Kudos.

One (obvious) thing that won't work is having two twexe run at the same time.

Perhaps you can have some error handling as to

whether or not a given port is actually available and,

if not pick the next one, e.g. 8081...

Or is the port already configurable somehow?

Best wishes,

Tobias.

[ih...@newsfromgod.com]

Hi Tobias,

Quoting Tobias Beer <beert...@gmail.com>:

>

> Very cool that you fully support these settings.
> Well, kinda makes sense. After all, you implemented a slim server for it.

:)

> However, for a non-dev end user, this is just great,
> especially the ability to still auto-generate the html alongside
> and perhaps have some ftp client auto-publish that to the web

> <http://stackoverflow.com/questions/11803482/how-to-automatically-ftp-files-that-i-am-editing>

Great! Thanks for the stackoverflow link, I didn't know about some of those
programs!

> A bit of testing...
> I happened to delete the password in the ControlPanel for saving,
> now I only get the download dialog.
> I figured, ok I just try entering "twexe" and it saves the wiki.
> Actually, any password will do. A bit odd, but ok.

This is done on purpose, it will only save automatically if you set
the wiki name in the saving tab to 'twexe'. This is the default
added by the twexe executable. It allows the user
to also sporadically change the Wiki Name and save it to a PHP UploadPlugin
compatible server. Then the user can change it back to 'twexe' and it
will save
to the local twixie automatically again.

> Perhaps an option to actually set a true password may be good...
> to prevent overwrites on a local network.

Yes, I may add this later when I make a twexe TW5 plugin that
includes options and other features.

>
> It's great that I can set upload and backup-dirs as I want,
> decouples the exe from the wiki. Kudos.
>
> One (obvious) thing that won't work is having two twexe run at the same
> time.
> Perhaps you can have some error handling as to
> whether or not a given port is actually available and,
> if not pick the next one, e.g. 8081...
> Or is the port already configurable somehow?

This is already working, did you try it? It should pick the next
available port.

>
> Best wishes,
>
> Tobias.
>

Thanks!

[Tobias Beer]

Hi ihm,

 

This is already working, did you try it? It should pick the next available port.

Wow, cool! At some point the twexe console showed me some very red lines and I didn't pay close attention and hap-hazardly assumed it was all about how I was already running one server, so I closed it.

Ok, so this error happens when you try to run two twexe.exe with the same name,

but from different folders at the same time:

There is no reason I called the folder tiddler... would have better been test.

Best wishes,

Tobias. 

[ih...@newsfromgod.com]

Quoting Tobias Beer <beert...@gmail.com>:

> Hi ihm,
>
>
>> This is already working, did you try it? It should pick the next available
>> port.
>
>
> Wow, cool! At some point the twexe console showed me some very red lines
> and I didn't pay close attention and hap-hazardly assumed it was all about
> how I was already running one server, so I closed it.
>

Great!

> Ok, so this error happens when you try to run two twexe.exe *with the same
> name*,
> but from different folders *at the same time*:
>
> <https://lh3.googleusercontent.com/-biibSnzw1RU/VnL-520-ZTI/AAAAAAAAB80/mqcIW9909Ig/s1600/error.jpg>
>

Oh yes...it assumes them to be the same twixie because they have the
same name....
I'm glad you caught this one!! You're amazing catching corner cases!!
I post a fix asap....

Thanks

[PMario]

Hi ?@newsfromgod,

I think your program has some clever ideas, __but__ I also think, there is a lot of room for improvements: see: https://github.com/ihm4u/twexe/issues/1

On Thursday, December 17, 2015 at 4:52:00 AM UTC+1, ih...@newsfromgod.com wrote:

Twexe solves that with a new/old concept: A single file executable tiddlywiki. It comes ready to use with the regular empty wiki, just download, run it, and voila! Backups and saving occurs automatically. You can also convert any tw5 wiki that you have into a single file executable, it will then allow automatic saving and backups.  See the screencast demo on the website below for more information and to download it.

I think your implementation could be similar to tiddly desktop, but it should really stop to create unsigned, untrusted executables.
 

Here are the features:

• Automatic backups
• Automatic saving
• No browser add-ons needed!!
• Works on Linux and Windows
• Single file executable, can be moved, copied, etc.
• Wiki is compressed, occupying less space on your disk (sometimes even a third of the space!)

All the above functions are cool, but the next one has the potential to explode right in front of our faces!
IMO we should not train our users to activate unsigned executables, if they want to work with a single HTML file.

• Converts any Tiddlywiki5 file to a single file executable , no need for special tiddlywiki plugins

outch. I think this is and will cause a big security problem.
 

• Automatically uses the saving tab in the control panel (there you can specify a backup directory if you don't like the default)
• Easily save the html wiki file from the executable twexe (if you need it for some reason)

That's a good one. Your backups may be .twz for tiddlywiki-zipped and be registered by the OS. So if you click it, it can open one and only one executable. ... How do you intend to support and update all the backup exes? The next version will make all backups obsolete! .. IMO we have an update problem here!
 

• Opens up the possibility to run external executables from your wiki (to draw charts, etc.) - stay tuned!!

hmmm, calling and activating other exes from possibly untrusted source. really?
 

• Supports external images (i.e. with _canonical_uri field)

I do like Pascal a lot. I learned programming with this language. .. but please let's discuss the behaviour of your program first.

And please deactivate the download links until we could discuss my concerns.

kind regards
Mario

[ih...@newsfromgod.com]

Hi PMario,

>>
>
> I think your implementation could be similar to tiddly desktop, but it
> should really stop to create unsigned, untrusted executables.
>

Microsoft themselves distributes untrusted executables, just download:
and run https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

And you will see that the dialog window pops up saying it is an untrusted
executable downloaded from the internet.

Unlike Microsoft, all the source code is freely and openly available
at github so that
anyone can see what it does, and change it if they want.

Thirdly, it binds only to 127.0.0.1 which prevents any external
attacks from the network.

Fourthly, I am willing to add any other security features you think
may be needed.

It does produce a new executable to keep with the single file principle, but
the new executable doesn't include new executable code, only zipped
data appended
to the end of the executable.

You can compare the bytes of the two files and see that they differ
only at the
beggining of the appended zip section.

If I wrote malicious code I would not make the source code available
like it is, and
would not make a public announcement like this. As a matter of fact I
originally wrote it
because I was thinking of a family member that has a hard time with
computers, and
I wanted something easy for them. I just made it available to the
community because
I thought it would be useful.

> How do you intend to support and update all the backup
> exes? The next version will make all backups obsolete! .. IMO we have an
> update problem here!
>

The exe upgrades itself like firefox and a lot of other software does. Yes,
I need to add an option to turn it off if the user wants to, that will
come when I do a TW5 plugin for it.

>> - Opens up the possibility to run external executables from your wiki

>> (to draw charts, etc.) - stay tuned!!
>>
>> hmmm, calling and activating other exes from possibly untrusted source.
> really?
>

The executable to be called will be specified by the user
*explicitly*, so that means the
user knows the executable that is being called because the user is the
one calling it.

For that matter, the node.js server can also do malicious things under
the covers if it wanted to,
but the source code is available and anyone can see what it does.

Registering a different extension doesn't make it more secure. If it
had malicious code inside
it would run anyways after the extension was registered.

[ih...@newsfromgod.com]

Hi Tobias,

> Ok, so this error happens when you try to run two twexe.exe *with the same
> name*,
> but from different folders *at the same time*:
>
> <https://lh3.googleusercontent.com/-biibSnzw1RU/VnL-520-ZTI/AAAAAAAAB80/mqcIW9909Ig/s1600/error.jpg>
>

OK, fixed in version 0.5.25, could you try it?

Thanks!

[Felix Küppers]

Hi @ all,

what @ihm4u has created is really inspiring and I can tell it has
involved much thinking. It's great to see somebody developing cutting
edge solutions for TiddlyWiki (tidgraph, twexe)!

Regarding Mario's criticism:

I agree with ihm when he says that all binaries in the world are
potentially dangerous.

However, I can understand that Mario issues a warning because:

TW itself so far has been based on script files only. twexe is binary.
In this special case it is not a sufficient to say "look at the code,
it's online" because the binaries presented in the demo wiki are
already compiled. However, I also understand it defeats the purpose of
your project to tell people to read your code first and the compile it
themselves to be on the save side.

Second, there is actually a binary file that is not auditable called
twexe.res – so even if I checked and compiled the code myself, I would
not know how this file behaves (maybe your IDE created this file or it
contains a thumbnail image?).

In any case, great project/idea, thanks for sharing, and sorry for the
criticism – it's just precaution.

-Felix

[ih...@newsfromgod.com]

Hi,

Quoting Felix Küppers <felixk...@hotmail.de>:

> Hi @ all,
>
> what @ihm4u has created is really inspiring and I can tell it has
> involved much thinking. It's great to see somebody developing cutting
> edge solutions for TiddlyWiki (tidgraph, twexe)!

Thanks

>
> Regarding Mario's criticism:
>
> I agree with ihm when he says that all binaries in the world are
> potentially dangerous.
>

BTW, TiddlyDesktop also includes an untrusted binary, NW.exe
If you get rid of Microsoft named "untrusted" software you will not have
99% of the open source software in windows.

> However, I can understand that Mario issues a warning because:
>

> Second, there is actually a binary file that is not auditable called
> twexe.res – so even if I checked and compiled the code myself, I would
> not know how this file behaves (maybe your IDE created this file or it
> contains a thumbnail image?).

This binary file is generated by the Lazarus IDE, those that have done
windows development
know it's a 'resource' file, and it does not contain executable code.
I don't even need to have it as part of the source code because it is
generated
by the Free Pascal tools, you can check yourself free pascal resource
files here:

http://wiki.freepascal.org/Lazarus_Resources#FPC_resources

I just happen not to have it listed in the .gitignore file, so it got
included in
the project.

To verify that it is not dangerous you can delete it and recompile the project
and you will see that it gets generated by the Lazarus IDE.

>
> In any case, great project/idea, thanks for sharing, and sorry for the
> criticism – it's just precaution.
>

Yes, I understand we need to be really careful here. My only idea was to make
TW5 much more user friendly.

> -Felix

[Tobias Beer]

Hi Mario,

 

outch. I think this is and will cause a big security problem.

There are a billion ways to get viruses or other malicious code.

I do not see why I would be concerned about twexe not being "signed".

You appear to address a theoretical vulnerability, rather than an actual one.

What you are literally suggesting is that one would never know if a twexe is compromised.

That can obviously only be the case if you got it from a source you should not trust.

So, rule #1, don't use executables from sources you do not trust.

That goes for every bit of executable, twexe, tiddlydesktop, your browser, any executable piece of software, signed or otherwise.

This, however, has nothing whatsoever to do with twexe.

Best wishes,

Tobias.

[Tobias Beer]

Also, the fact alone that twexe is or may be capable to run other executables, which I have yet to see ...is no cause for concern either.

Twexe cannot and does not do anything a user cannot do on the system and it will and should not do what a user did not instruct it to, unless we have a careless bugger or lassie who thinks they should just use any bit of software they got from whomever as a mail attachment.

Trust your sources. And if you don't, they're not your sources. Simple.

Best wishes,

Tobias.

[Tobias Beer]

About...

 

Also, the fact alone that twexe is or may be capable to run other executables, which I have yet to see ...is no cause for concern either.

Assuming twexe can do that: How does that work?

Could the TiddlyWiki it contains have a startup module that can execute arbitrary commands against the os directly when I open a twexe?

What commands other than "save this wiki" does the server pass on (to the commandline)?

Best wishes,

Tobias.

[ih...@newsfromgod.com]

Hi Tobias,

Quoting Tobias Beer <beert...@gmail.com>:

> Also, the fact alone that twexe is or may be capable to run other
> executables, which I have yet to see ...is no cause for concern either.
>

Yes. My idea with external executables is that the user would write a
tiddler with
something like this:

<$twx.run cmd="c:\apps\graphviz\dot.exe" input="digraph g { A -> B;}"
args="-Tsvg"/>
or
<$twx.run cmd="c:\apps\graphviz\dot.exe"
input="MyTiddlerWithGraphDescription" args="-Tsvg"/>


This would use the Graphviz tools to generate an svg diagram of A -> B.
Of course, the graph description could come from a tiddler instead of being
coded in the attribute.

It would be the *user* that chooses what program to execute, not twexe.

> Twexe cannot and does not do anything a user cannot do on the system and it
> will and should not do what a user did not instruct it to, unless we have a
> careless bugger or lassie who thinks they should just use any bit of
> software they got from whomever as a mail attachment.

Yes, my main principle in designing it was usability and to keep the integrity
of the user data, this is why it makes copies of files, backups, etc.
So users would not lose their data.

>
> Trust your sources. And if you don't, they're not your sources. Simple.
>

This is so true. People that do malicious software don't publish it,
but they try to "trojan" upon another executable that is already in
the system.
And they NEVER publish the source code.

> Best wishes,
>
> Tobias.
>
Thanks

[PMario]

Hi,

On Thursday, December 17, 2015 at 10:45:21 PM UTC+1, ih...@newsfromgod.com wrote:

Microsoft themselves distributes untrusted executables, just download:
and run https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

Yes, I know and that's a shame.
 

And you will see that the dialog window pops up saying it is an untrusted
executable downloaded from the internet.

Yes, and imo that's a problem, because our users will be trained to ignore this dialog. I'm sure many windows users don't read warning dialogs at all and just click ok, which opens the door for yet a new additional browser toolbar ;)

Unlike Microsoft, all the source code is freely and openly available  
at github so that
anyone can see what it does, and change it if they want.

That's good and you should add a license file and a readme to your repo.
I didn't say, that your code is not safe. I have concerns about the mechanism you choose to spread the app.
 

Thirdly, it binds only to 127.0.0.1 which prevents any external  
attacks from the network.

Fourthly, I am willing to add any other security features you think  
may be needed.

I think the backup files should be plain text files. eg: empty-x-y-z.html or empty-x-y-z.html.zip if you like to compress them.
I also think, that backups should be stored in a sub folder. Plain text files can do no harm at the moment and it's very likely, that they don't harm in the future 20+ years.


TiddlyWiki uses plain html files, because there are a lot of advantages.

- html is plain text and human readable, with every simple text editor
- plain text will be easy readable for the next 20++ years
- plain text is agnostic to operating systems.
- HTML works on any platform that has a browser.
- it's easy to send text files per mail. They are not blocked by corporate firewalls
- it's easy to verify if 2 files contain the exact same content.
  - So verifying if a local empty.html is the same as github empty.html is easy
  - comparisons are human readable.
- ...

All of the above is _not_ true for executables.

 

It does produce a new executable to keep with the single file principle, but
the new executable doesn't include new executable code, only zipped  
data appended
to the end of the executable.

Yes. So the executables are duplicated all over the places and for normal users, it's impossible to check, if only the content is modified or the .exe was modified too.

Tobias mentioned, that executables may be safe, if I trust the source. IMO they are not.

• Let's say I trust your github repo and I can download the program from there. Let's name it twexe.exe
• Let's say I like the program and your future license allows redistributing, I trust myself so I can download twexe.exe from my forked repo too.
  
• Let's say the "man in the middle" also likes the program. He modifies it and distributes it as. twexe.exe
  

• I download and rename my local version to myContent.exe and add some tiddlers.
  
• I send myContent to tobias per mail.
  

I think all of this behaviour is fine, and imo totally real world behaviour. So it should be fine. right?

Let me ask 3 very simple questions:

 - How can Tobias check, if I didn't mess with the executable, and it is save to use it.
 - How can Tobias be sure, that myContent is a child of twexe.exe from ihm4u and not from the "man in the middle"
 - How can our users do the same?

You can compare the bytes of the two files and see that they differ  
only at the
beggining of the appended zip section.

Yes I can, but does your family?
 

If I wrote malicious code I would not make the source code available  
like it is, and
would not make a public announcement like this.

I don't know. ... You joined github in October. There is no real name and no e-mail address. ... I don't know you.
 

As a matter of fact I  
originally wrote it
because I was thinking of a family member that has a hard time with  
computers, and
I wanted something easy for them.

I love the idea, to make it easy for users to work with tiddlywiki. I actually thought quite some time about it, if I should raise my voice. There have been several hours between creating the issue on github and my post there in the group.

I choose to start the discussion, because I have concerns about the approach that was chosen.  I'm fine with something that is similar to tiddly desktop and I still think your program has potential, but I think, there should be only one app that can work with standard or zipped html text files.
 

I just made it available to the  
community because
I thought it would be useful.

As I saw your announcement I thought: "Great, that's an interesting approach". As I saw the video and thought about it:..  "uuups, I'm concerned"

 

For that matter, the node.js server can also do malicious things under  
the covers if it wanted to,
but the source code is available and anyone can see what it does.

As I see it, nwjs it is signed.  .. But we still need to find a convenient way to verify, if tw plugins are safe to use. There is no "chain of trust" that we can use to verify the stuff at the moment.
 

Registering a different extension doesn't make it more secure. If it  
had malicious code inside
it would run anyways after the extension was registered.

That's right, but there is only one executable, that needs to be monitored.

regards
mario

[ih...@newsfromgod.com]

Hi PMario,

Quoting PMario <pmar...@gmail.com>:

> Hi,
>
> On Thursday, December 17, 2015 at 10:45:21 PM UTC+1, ih...@newsfromgod.com
> wrote:
>>
>> Microsoft themselves distributes untrusted executables, just download:
>> and run
>> https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx
>
>
> Yes, I know and that's a shame.

> Yes, and imo that's a problem, because our users will be trained to ignore
> this dialog. I'm sure many windows users don't read warning dialogs at all
> and just click ok, which opens the door for yet a new additional browser
> toolbar ;)
>

So you agree that Microsoft distributes "untrusted" executables, but then
why do you make such a problem about twexe? You would have to go after Microsoft and
all the millions of open source developers out there that have "untrusted" executables.
(including Jeremy with TiddlyDesktop)

> Unlike Microsoft, all the source code is freely and openly available
>> at github so that
>> anyone can see what it does, and change it if they want.
>>
>
> That's good and you should add a license file and a readme to your repo.
> I didn't say, that your code is not safe. I have concerns about the
> mechanism you choose to spread the app.
>

I can put links to download the file as a zip file, just like
TiddlyDesktop does. This does not increase security, but it will
help people that are worried about dialog boxes.

I will add the MIT license to the repo.

> I think the backup files should be plain text files. eg: empty-x-y-z.html or
> empty-x-y-z.html.zip if you like to compress them.
> I also think, that backups should be stored in a sub folder. Plain text
> files can do no harm at the moment and it's very likely, that they don't
> harm in the future 20+ years.
>

As I mentioned in the thread, you can choose your backup directory and
you can have twexe store the html files directly.

>
> TiddlyWiki uses plain html files, because there are a lot of advantages.
>
> - html is plain text and human readable, with every simple text editor
> - plain text will be easy readable for the next 20++ years
> - plain text is agnostic to operating systems.
> - HTML works on any platform that has a browser.
> - it's easy to send text files per mail. They are not blocked by corporate
> firewalls
> - it's easy to verify if 2 files contain the exact same content.
>   - So verifying if a local empty.html is the same as github empty.html is
> easy
>   - comparisons are human readable.
> - ...
>
> All of the above is _not_ true for executables.

I am not writing a replacement for tiddlywiki, I think tiddlywiki is great as it
is. If you don't like twexe, don't use it, but don't prevent others from using
it if they want to.

> Yes. So the executables are duplicated all over the places and for normal
> users, it's impossible to check, if only the content is modified or the
> .exe was modified too.

They are not copied all over the place. It is very structured and organized:
1. The user can specify the backup directory where they want executables backups to go
2. The temporary files are all stored under one directory in the operating
    sytem temp directory

That's it.

> Let me ask 3 very simple questions:
>
>  - How can Tobias check, if I didn't mess with the executable, and it is
> save to use it.
>  - How can Tobias be sure, that myContent is a child of twexe.exe from
> ihm4u and not from the "man in the middle"
>  - How can our users do the same?
>

This is not a problem with twexe or tiddlywiki. Any download from github or any other web
source has the same problem.I can fork TiddlyDesktop and the same problems
you talk about will show up.

>
>
>> For that matter, the node.js server can also do malicious things under
>> the covers if it wanted to,
>> but the source code is available and anyone can see what it does.
>>
>
> As I see it, nwjs it is signed

> <https://github.com/nwjs/nw.js/issues/3454#issuecomment-147933335>.  ..

Just to make things clear to you, so that you can see TiddlyDesktop NW.EXE is NOT SIGNED:

1. Download sigcheck from https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx
   - This is a Microsoft Signature check tool, which people knowledgeable about
     "security" should know about.
2. Download TiddlyDesktop version 0.8
3. Run sigcheck against the nw.exe INSIDE TiddlyDesktop
4. Just to save you the time here is the output:

Sigcheck v2.30 - File version and signature viewer
Copyright (C) 2004-2015 Mark Russinovich
Sysinternals - www.sysinternals.com

Z:\tmp\tiddlydesktop-win32-v0.0.8\nw.exe:
        Verified:       Unsigned
        Link date:      1:30 AM 7/29/2015
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    32-bit

Microsoft Signature verification tool says TiddlyDesktop NW.EXE is NOT SIGNED. If you have
such a problem with unsigned executables you should ask Jeremy to stop distributing TiddlyDesktop
also.

By the way, let me know if you are willing to buy a certificate for twexe and
pay for the fees and the possible periodic renewal charges. I will be happy to
sign twexe to make you happy. The name of two vendors are Verisign and Thawte
if you want to look into it. I am not sure, but I think the certificates need to
be renewed periodically. You should buy a certificate for TiddlyDesktop also.

If you continue to have security concerns about twexe, just point to one line in the
source code that does a malicious thing, and I will be happy to erase or modify
anything you want.

All the other things that you mentioned are concerns with any software downloaded from internet,
including TiddlyDesktop, and they have nothing to do with twexe specifically; as Tobias pointed out.

Thanks

[Tobias Beer]

Hi Mario,

 

Let me ask 3 very simple questions:

 - How can Tobias check, if I didn't mess with the executable, and it is save to use it.
 - How can Tobias be sure, that myContent is a child of twexe.exe from ihm4u and not from the "man in the middle"
 - How can our users do the same?

I cannot check if you messed with the executable or some "man in the middle" did.

It all boils down to this:

1. Do I trust Mario?
2. Can I be sure Mario is only using the official twexe?
• I can always ask.
3. Did I get that file in a safe manner?
• There'd have to be some some nifty packet sniffing + modifying.

If I can answer the above questions with yes, then I feel fine.

Perhaps there really is no need for twexe to be a single file.

But then again, let's assume twexe worked with some wiki.html files.

If it is still allowed to execute local fs stuff,

then we haven't achieved anything much in terms of security

by extracting the wiki from the executable.

I do agree, it's highly unusual for an exe to write to itself.

On the other hand, that is what we are ourselves,

We are "executbles" that write to ourselves (our memory). :D

So, again, it boils down to trust:

• Can I trust myself with ...my executing tasks ...and ...my memory management?
  
• Can I trust someone else with ...their executing tasks ...and ...their memory management?

Sure, if I cannot, the risk of being involved with myself or someone else increases steeply.

Being able to tell if I am cheating myself (e.g. procrastination) or being cheated on sure is helping.

However, even if the twexe was separated from the wiki,

I had no way of telling if some wiki I am given will cheat on me once I open it in twexe.

What is true, though, is that I can perfectly open the wiki as an html file

sand-boxed in the browser with no major OS risk involved.

Best wishes,

Tobias.