Been using Mike Brays Quote Loader
Been using Mike Brays Quote Loader since moneydance has no viable working solution for downloading quotes. With the most recent update build 1899, I'm now forced to look at a banner stating installed extensions are no longer verified and should be uninstalled. are moneydance and Mike Bray not getting along? Seems we should have an option to hide this banner or acknowlege we are aware of the not verified extensions and hide the banner.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by Mike Bray (Quot... on 02 Jan, 2020 08:28 AM
Hi Robert
The change to show the banner came out of the blue. It is not because IK and myself are not getting on.
IK has a process for verifying extensions that requires IK to look at the code and then add a signature to the extension. This signature is verified when the extension is loaded. The purpose behind it is to allow IK to have some control over third party extensions which can access all of the data and might make mistakes when updating.
The process is quite cumbersome as it has to be repeated for every update which puts the workload onto IK whenever I fix a bug or add a feature.
I have submitted all of my extensions for verification and am waiting on IK to provide the signed versions. Personally I think they are making a rod for their own back by doing this.
Regards
Mike
2 Posted by robert.l.spauld... on 02 Jan, 2020 09:00 AM
Thanks Mike, Love your work and completely trust it. Glad to hear you maintain a good relationship with IK and hope they get your extensions verified soon. Keep up the great work.
3 Posted by -Kevin N. on 02 Jan, 2020 03:42 PM
Hi Robert,
Luckily, Sean has allowed the means to perform a workaround. Change the color of the warning bar and it's text to match your summary page.
The 'Uninstall' button remains but the bar goes away.
-Kevin N. (not a member of MD support)
4 Posted by derekkent23 on 02 Jan, 2020 09:00 PM
Well spotted Kevin.
5 Posted by robert.l.spauld... on 02 Jan, 2020 09:32 PM
Thanks
6 Posted by Dan P on 04 Jan, 2020 09:43 PM
I just don't understand WHY? When you load an unsigned extension you are warned that it has not been reviewed by MD and may be harmful. Your choice to install. Now to nag you every time you open MD seems pointless.
Sean, consider adding an alternate text/font/color in the extensions dropdown instead of a red banner. Show the unsigned extension(s) in italics there. Currently, the banner only shows one at a time. This would show them all.
I've written two little extensions that make my life easier. Very specific and no use to anyone else. I just don't need to be warned about my own code.
I hope this is taken constructively. No *rant* intended.
Dan
7 Posted by derekkent23 on 04 Jan, 2020 09:56 PM
I am not support staff, just a user.
Hi Dan
Until this issue is resolved, another user Kevin N has spotted a workaround to hide the warning message and its red background.
Under PREFERENCES – THEME – click CUSTOMIZE. Note the colour for Default Background. Scroll down the list to
errorPanelBG
errorPanelFG
Make a note of these two items, there position in the list, as the text will disappear when you change their colour. Click on these two in turn to change them to same colour as Default Background. Click OK, OK and close and re-open Moneydance.
Unfortunately, the Uninstall button remains
Hope this helps.
8 Posted by Dan P on 05 Jan, 2020 10:40 PM
Thanks Derekkent23. I did that, but worry now that I'll not see a REAL error.
Support Staff 9 Posted by Sean Reilly on 05 Jan, 2020 10:44 PM
Hi Dan,
Yes, I will be dialing back the warnings, especially in order to allow people to run their own extensions and scripts without that annoyance. I do take the security of people installing unverified extensions seriously, but self-written scripts and extensions shouldn't have a non-removable warning message.
Thanks,
Sean
10 Posted by derekkent23 on 05 Jan, 2020 11:05 PM
I am not support staff, just a user.
Hi Dan
Just read Sean’s post as I was about to paste my reply. But will post anyway as it may help until Sean releases a new build.
If you were to install an unsafe extension the only warning you get is on installation, telling you that it is unsigned. This in itself does not tell you if the extension is safe or not. The warning simply means that as a third-party extension it has not been reviewed and signed by Infinite Kind (Moneydance). You should only install third party extension from known developers that have a track record e.g. Mike Bray and hleofxquotes.
The red banner warning on the summary page only displays one unsigned extension, you could have installed hundreds, but only one is displayed. Again, the warning only tells you that the extension is unsigned not if it is really unsafe.
You could change the two colours for
errorPanelBG
errorPanelFG
to softer colours so the warning is not so dominant, but can still be read.
Hope this helps.
Support Staff 11 Posted by Sean Reilly on 05 Jan, 2020 11:33 PM
I'd also like to add that it is a bad idea to install unsigned extensions created by anyone except for yourself. An unsigned extension from Mike Bray or hleofxquotes could be swapped out for one from MrEvilOnlineBankingPasswordThief and you'd have no way of knowing it. Or even easier, some random person on the forums could send you a link to an extension saying that it is from one of those guys, but there's no way for anyone to know.
Installing unsigned extensions from other people into your financial software is a *really* bad idea.
My opinion on that hasn't changed and I don't foresee it ever changing. I do want to let people build and run their own extensions on their own data without needing my or TIK's approval and without excessive warnings though, so I'm working on finding that balance.
Thanks,
Sean
12 Posted by Dan P on 10 Jan, 2020 02:19 PM
Sean and Derek,
All good points! As someone who has had a bank account hacked, I am very security conscious too. I applaud your efforts to prevent bad code from coming in from MrEvilOnlineBankingPasswordThief - I'm dangerous enough on my own!
robert.l.spaulding closed this discussion on 06 Mar, 2020 11:05 PM.