Been using Mike Brays Quote Loader

robert.l.spaulding's Avatar

robert.l.spaulding

01 Jan, 2020 06:07 PM

Been using Mike Brays Quote Loader since moneydance has no viable working solution for downloading quotes. With the most recent update build 1899, I'm now forced to look at a banner stating installed extensions are no longer verified and should be uninstalled. are moneydance and Mike Bray not getting along? Seems we should have an option to hide this banner or acknowlege we are aware of the not verified extensions and hide the banner.

  1. 1 Posted by Mike Bray (Quot... on 02 Jan, 2020 08:28 AM

    Mike Bray (Quote Loader Author)'s Avatar

    Hi Robert

    The change to show the banner came out of the blue. It is not because IK and myself are not getting on.

    IK has a process for verifying extensions that requires IK to look at the code and then add a signature to the extension. This signature is verified when the extension is loaded. The purpose behind it is to allow IK to have some control over third party extensions which can access all of the data and might make mistakes when updating.

    The process is quite cumbersome as it has to be repeated for every update which puts the workload onto IK whenever I fix a bug or add a feature.

    I have submitted all of my extensions for verification and am waiting on IK to provide the signed versions. Personally I think they are making a rod for their own back by doing this.

    Regards
    Mike

  2. 2 Posted by robert.l.spauld... on 02 Jan, 2020 09:00 AM

    robert.l.spaulding's Avatar

    Thanks Mike, Love your work and completely trust it. Glad to hear you maintain a good relationship with IK and hope they get your extensions verified soon. Keep up the great work.

  3. 3 Posted by -Kevin N. on 02 Jan, 2020 03:42 PM

    -Kevin N.'s Avatar

    Hi Robert,

    Luckily, Sean has allowed the means to perform a workaround. Change the color of the warning bar and it's text to match your summary page.

    The 'Uninstall' button remains but the bar goes away.

    -Kevin N. (not a member of MD support)

  4. 4 Posted by derekkent23 on 02 Jan, 2020 09:00 PM

    derekkent23's Avatar

    Well spotted Kevin.

  5. 5 Posted by robert.l.spauld... on 02 Jan, 2020 09:32 PM

    robert.l.spaulding's Avatar

    Thanks

  6. 6 Posted by Dan P on 04 Jan, 2020 09:43 PM

    Dan P's Avatar

    I just don't understand WHY? When you load an unsigned extension you are warned that it has not been reviewed by MD and may be harmful. Your choice to install. Now to nag you every time you open MD seems pointless.

    Sean, consider adding an alternate text/font/color in the extensions dropdown instead of a red banner. Show the unsigned extension(s) in italics there. Currently, the banner only shows one at a time. This would show them all.

    I've written two little extensions that make my life easier. Very specific and no use to anyone else. I just don't need to be warned about my own code.

    I hope this is taken constructively. No *rant* intended.

    Dan

  7. 7 Posted by derekkent23 on 04 Jan, 2020 09:56 PM

    derekkent23's Avatar

    I am not support staff, just a user.
    Hi Dan

    Until this issue is resolved, another user Kevin N has spotted a workaround to hide the warning message and its red background.

    Under PREFERENCES – THEME – click CUSTOMIZE. Note the colour for Default Background. Scroll down the list to

    errorPanelBG
    errorPanelFG

    Make a note of these two items, there position in the list, as the text will disappear when you change their colour. Click on these two in turn to change them to same colour as Default Background. Click OK, OK and close and re-open Moneydance.

    Unfortunately, the Uninstall button remains

    Hope this helps.

  8. 8 Posted by Dan P on 05 Jan, 2020 10:40 PM

    Dan P's Avatar

    Thanks Derekkent23. I did that, but worry now that I'll not see a REAL error.

  9. Support Staff 9 Posted by Sean Reilly on 05 Jan, 2020 10:44 PM

    Sean Reilly's Avatar

    Hi Dan,

    Yes, I will be dialing back the warnings, especially in order to allow people to run their own extensions and scripts without that annoyance. I do take the security of people installing unverified extensions seriously, but self-written scripts and extensions shouldn't have a non-removable warning message.

    Thanks,
    Sean

  10. 10 Posted by derekkent23 on 05 Jan, 2020 11:05 PM

    derekkent23's Avatar

    I am not support staff, just a user.
    Hi Dan

    Just read Sean’s post as I was about to paste my reply. But will post anyway as it may help until Sean releases a new build.

    If you were to install an unsafe extension the only warning you get is on installation, telling you that it is unsigned. This in itself does not tell you if the extension is safe or not. The warning simply means that as a third-party extension it has not been reviewed and signed by Infinite Kind (Moneydance). You should only install third party extension from known developers that have a track record e.g. Mike Bray and hleofxquotes.

    The red banner warning on the summary page only displays one unsigned extension, you could have installed hundreds, but only one is displayed. Again, the warning only tells you that the extension is unsigned not if it is really unsafe.

    You could change the two colours for
    errorPanelBG
    errorPanelFG
    to softer colours so the warning is not so dominant, but can still be read.

    Hope this helps.

  11. Support Staff 11 Posted by Sean Reilly on 05 Jan, 2020 11:33 PM

    Sean Reilly's Avatar

    I'd also like to add that it is a bad idea to install unsigned extensions created by anyone except for yourself. An unsigned extension from Mike Bray or hleofxquotes could be swapped out for one from MrEvilOnlineBankingPasswordThief and you'd have no way of knowing it. Or even easier, some random person on the forums could send you a link to an extension saying that it is from one of those guys, but there's no way for anyone to know.

    Installing unsigned extensions from other people into your financial software is a *really* bad idea.

    My opinion on that hasn't changed and I don't foresee it ever changing. I do want to let people build and run their own extensions on their own data without needing my or TIK's approval and without excessive warnings though, so I'm working on finding that balance.

    Thanks,
    Sean

  12. 12 Posted by Dan P on 10 Jan, 2020 02:19 PM

    Dan P's Avatar

    Sean and Derek,
    All good points! As someone who has had a bank account hacked, I am very security conscious too. I applaud your efforts to prevent bad code from coming in from MrEvilOnlineBankingPasswordThief - I'm dangerous enough on my own!

  13. robert.l.spaulding closed this discussion on 06 Mar, 2020 11:05 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac