Notepad++ v8.8.2 Release Candidate

donho

@xomx said in Notepad++ v8.8.2 Release Candidate:

requesting UAC-elevated op by calling the runas ShellExecuteEx on N++ with special params (will be handled later by slightly modified wWinMain)

There will always be a UAC popup or am I missing some details?

xomx

@donho

IDK if I understand your question point.

With the current N++ (and without the NppSaveAsAdmin plugin), if one tries saving to a “rights-protected” file, the following situation depends on some N++ settings:

1. With backup-snapshots ON and “Always in multi-inst” OFF, N++ cleverly uses its active backup-snapshot engine to store the current tab/filebuffer edits to its unprotected Backup location and then asks the user if wants to proceed to a (PERMANENTLY!) elevated N++ instance (the original non-elevated one will be closed):

then with Yes-answer the UAC popup:

then (and notice that despite all those previous dialogs asking the user for something, the edits still haven’t been saved and are waiting for the user to press e.g. the Save button again!, not saying that the Scintilla Change History feature is discontinued):

2. But with “Always in multi-inst” ON, N++ launches as admin BUT WITHOUT the current tab/filebuffer changes! Similar problem will be when “Always in multi-inst” is OFF but backup-snapshots is OFF too. In these two cases, you will have to switch back to the original N++ instance running and copy your tab/filebuffer changes to the launched “-multiInst” admin N++ instance.

Not only it’s all very confusing and inconvenient for the users but IMO also prone to make serious mistakes.

My new native N++ UAC-op implementation way will only do the originally requested but with insufficient rights denied op and then the elevated N++ instance immediately exits, leaving the user in its original N++ instance as if nothing special happened. It will not be dependent of any N++ backup-snapshot or multi-inst setting (all the UAC-ops will be executed at the very start of N++ wWinMain, thus not influenced at all by the N++ mutex stuff). Also there will not be needed a separate project for a N++ signed “NppAdminAccess.exe” UAC elevation helper.

donho

@xomx said in Notepad++ v8.8.2 Release Candidate:

My new native N++ UAC-op implementation way will only do the originally requested but with insufficient rights denied op and then the elevated N++ instance immediately exits, leaving the user in its original N++ instance as if nothing special happened.

OK. Please do a PR when you think it’s ready.

donho

@xomx said in Notepad++ v8.8.2 Release Candidate:

Did you consider establishing an “empty-shell” non-profit “Notepad++” company or association just for the N++ cert’s purposes? IDK how it works in France, but I think it will only involve a one-time registration + a new associated bank account, otherwise no tax payments etc…

In France “empty shell” company is illegal as in a lot of countries. Non-profit association OTOH is one of the possibilities. I’m checking the document/info for registering the association.

Otherwise, an announcement has been made:
https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/
which might help the situation (or not).

xomx

@donho said in Notepad++ v8.8.2 Release Candidate:

Non-profit association OTOH is one of the possibilities. I’m checking the document/info for registering the association.

Thank you for this unnecessary bureaucracy undertaken that only distracts you from the coding. As if you have nothing else to do.

@Coises has a very good note about it here: “I hate the way it makes second (or third, or twentieth) class citizens of independent developers and open source projects.”

donho

FYI, the note of 8.8.2 RC has been updated.

schnurlos

FYI, 8.8.2 RC3 (npp.8.8.2.Installer.x64.exe) was blocked by Norton 360:

xomx

@donho

Non-profit association OTOH is one of the possibilities. I’m checking the document/info for registering the association.

I’ll try to fun-lighten this annoying matter for you a bit.

If the rules for obtaining an individual personal certificate state that it must be for a real living person and his/her name, why not take advantage of the opportunity to go to the registry office (I think it’s “état civil” in France(?)) and change your name instead! So no more “Don Ho” but from now on the “Mr. Notepad++” ;-)

---

I really hope that the registration and affiliation process is “lighter” in France than in my country (I could write a blog post about, sigh). Wish you (and also all of us N++ users) quick success.

donho

@xomx
Thank you for the encouragement with joke.

(I could write a blog post about, sigh)

Seriously, because of the situation I encounter, I have thought to launch a project of certificate authority which issues only to open source project with the project name. It’s an idea hard to be realized. But if someone finds a way to do it, I’ll do my contribution.

BTW, in https://github.com/notepad-plus-plus/notepad-plus-plus/issues/16744#issuecomment-3004905304, you have said:

Unfortunately - every N++ installer v8.8.1 and older is suffering from this vulnerability and the upcoming fixed v8.8.2 cannot be digitally signed for now. Tough decision.

That’s a fair description. What I have truly felt, is a picture: my head have already stuck between bars of a metal gate (no more certificate), and a huge strong guy (vulnerability) smiles to me evilly, walk around to go behind me and pull his pants down slowly…

But I might have a solution.

xomx

@donho said in Notepad++ v8.8.2 Release Candidate:

a project of certificate authority which issues only to open source project with the project name

if someone finds a way to do it, I’ll do my contribution

I can only offer my own experience from a different country (I am currently the “chairman” of a small non-profit association founded for one specific purpose only, so not so far from your intended purpose).

We did:

• named our association with a unique name (you - “Notepad++”)
• have drawn up the required statutes of our association (more or less Copy/Paste + some edit from our government muster - check your local authorities for it)
• organized the founding meeting of the association (you - the only person in the association == easy, do it only formally == on the paper)
• approved the program of the founding meeting, approved the board of directors, and then our chairman (ditto above, only a paper work for you, you will be member, board and director in one person)
• made a record of everything, all of us signed it and sent it to the appropriate state authorities for registration, together with the required forms, where we e.g. had to state bank account No. of the future association and its address (you - just use your personal address in France, at least we could)

Then there was some usual haggling with the authorities but in the end we succeeded (after a month or so). From that moment on, I’m doing most of the obligatory association bureaucracy things only on paper.

After you become such a one-person association, you apply as its legal representative for a certificate within the name of that association, but now finally for a legal entity called “Notepad++”.

It’s a stretch, but if you really want to, it’s doable. You might be able to find someone to do all this for you for a fee. Unfortunately, we couldn’t find anyone, so we fought thru ourselves.