logoAnerty's Lair - News << Home
^ Software Documents

Update: Site

I've changed the way news articles are published on the site in order to be able to offer permanent links to each article independently. The link for a given article is on the small yellow cross on the left of the article title
For example for this article the permalink is https://www.anerty.net/news/20180323T0645Z.

When an article is translated, each of its traductions can also be permalinked independently by first choosing a language by clicking on its flag, then by clicking on the link on the yellow cross on the left of the article title. For example for this article, the permalink for a specific translation is:
- For the English version: https://www.anerty.net/news/20180323T0645Z?lang=en.
- For the French version: https://www.anerty.net/news/20180323T0645Z?lang=fr.


Update: jSAVF 1.32

I've added a source file exporter to jSAVF, which is available with a right click on objects of type *FILE with the PF attribute and which contain source members (ex: QCBLLESRC, QCLLESRC, QCLESRC, QRPGLESRC, QSQLLESRC, ...).

This feature allows you to display in a spool or extract to files the contents of one or more source members of a physical file inside an AS-400's SAVF.

Three export formats are available depending on what you plan to do with the sources: CSV, flat source file, and source file text. The first two formats include all three source format fields: the source (SRCSEQ), the line modification date (SRCDAT) and the line content (SRCDTA). The last format only includes the text from SRCDTA without trailing whitespace.

After handling this kind of object the data files will probably be the next to become exportable in a future version.

If you encounter any trouble displaying a source file inside a SAVF don't hesitate to tell me about it.


Update: Site and DriveSort 1.230

A few corrections and security enhancements are included in DriveSort v1.230:

  • Some code related to command line usage which was included in the previous versions by mistake has been removed because it's not finished yet. It was producing weird validation messages when trying to use it and did nothing, so no big loss there.
  • The drive selection dialog now refreshes more consistently when a drive arrives or is removed, even when Windows doesn't send a WM_DEVICECHANGE message for it. I've noticed this happens when mounting and unmounting TrueCrypt volumes while testing but it may also apply to other devices, so the drive selection dialog now both polls the drive letter mask and listens to WM_DEVICECHANGE messages as long as it is displayed to detect these changes.
  • The version update dialog now offers you a way to skip a specific version without having to disable the periodic version check if you don't want to be reminded about one particular version. When a new version is available, you can now choose to open the download page, ignore the new version, or decide later when the next version check occurs (yes / no / cancel). If you chose No, the next time you'll be notified will be about the version after that one and offered the same choice.
  • The HTTP user agent which DriveSort uses when checking the latest version changed from "DriveSort Updater" to "DriveSort/1.230" to better respect the RFC. This doesn't change much as the current version was already present in the version check URL, but it looks better on the wire.
  • DriveSort now attempts to enable the following Windows security features and exploit mitigation policies for its process when its running on a Windows version which support them: DEP, ASLR, Stack protection, Control flow guard, Terminate on heap corruption or invalid handle use, Disable non-system font load, Disable legacy extension points, Prefere loading DLLs from system32, Avoid loading DLLs from current directory. I haven't noticed any issue with these enabled on either Windows 10.1709 which supports them all or Windows XP SP3 which I think only supports DEP. If you notice any incompatibility with Windows versions in between please mention it to me and I'll see what I can do.

I've also signed the DriveSort executables with some certificates I've generated myself so the file integrity can be checked easily in the Windows file properties dialog / digital signatures tab, although Windows will complain about trust issues because my certificates haven't been issued by a certificate authority it trusts. I've applied both an SHA1 and a SHA256 signature so older and newer versions of Windows each have something they understand.

User Account Control will still display the same orange warning as before when there was no signature when asking for administrator rights (which are required because DriveSort needs full access to disks to do its job). The warning is perfectly normal because my self-signed certificates are not trusted to be mine by Windows as I haven't paid any reputable certificate authority to verify the fact, so the signatures offer very little additional trustable information by themselves as they could have been added by someone else to a modified executable using a certificate which looks like mine. I may eventually purchase a verified code signing certificate from a Windows approved certificate authority, though they're a bit pricey for a pet project. For now if you want to check that the signatures were indeed mine, my certificates both have f63a19f489360788049e2f7945ce4381ce644777 as subject key identifier, the SHA1 signing certificate has 8272dfdaf3af740c6ead49dfb08dcc92a74c43f1 as thumbprint and the SHA256 signing certificate has f73185df917d9ae5382db34a5ad0edaa0417ff20 as thumbprint.

While I was testing how the signatures behaved, I was a bit surprised to see that the Windows UAC prompt displays the same warning message for an untrusted certificate whether the exe contents matches the signature or not though, I would have expected an invalid signature to trigger a red UAC error and prevent execution as it makes little sense to try to run a corrupted executable file, whether it's the signature or the code which is wrong.
The message displayed in the digital signature properties dialog from the file properties is more informative, and clearly distinguishes both cases:

Digital Signature - Untrusted certificate
When the signature certificate is not trusted but the signature matches the executable file contents.
Digital Signature - Invalid signature
When the executable has been tampered with regardless of whether the signature is trusted.

I've also displayed an SHA1 digest above some download links to allow more users to verify their downloads. It is mostly intended for those who don't want to install GPG4Win to verify the digital signatures of the downloads with my GPG public key. An SHA1 digest can be computed by a variety of programs such as 7Zip, sha1sum.


Update: Site

New color theme for the site.

I was starting to get tired of the old violet-blue colors of old so I've decided to change the visual theme to a dark orange one which should be easy on the eye.

I've re-rendered some images from their 3D models with the new palette, and took the opportunity to make the home page layout a bit more compatible with small screens found on phones / tablets. I hope I haven't missed anything blue in a deep recess of the site, if you see anything which looks funny don't hesitate to mention it to me.