Tuesday, 18 July 2017

Latest Red

The false positive problem.
I started this blog because i love the Red programming language, so never doubt my loyalty to
Red and its developers  - I will always try my best to promote Red. 
The false positive problem is a serious one, something has got to be done if Red is to be more than just a hobbyist language.  Serious developers just will not bother with it if things do not change very soon.  I've used Red here at work and  I am constantly trying to assure them it is clean.
These crappy AV scanners are causing a lot of trouble and I for one am so fed up with them.
Red is different, better, more efficient, that's why we all love it, but all of this means nothing
if these anti-virus scanners can't handle it and can't understand it. 
If all you want to do is mess around, experiment, tinker with it and be clever about it, then there's no problem, but if you  want to develop commercial or other programs to share with others, then there is a big problem.  Even Defender is now causing trouble.

I'll let Nenad explain why.
Red has its own toolchain and linker, generating a file layout different from 
Visual Studio or GCC linkers. The heuristics they (the AV scanners) use are probably too 
specific to the output of those linkers and are flagging everything else as suspicious.
Also ....
Red compresses a big part of the DATA segment stored in Redbin format and 
uncompresses it on start.  It’s part of the Red runtime boot process.
Some heuristics for AVs use statistical methods on the CPU instruction set used by the executable. 
It seems Reds unoptimized output has a profile that makes it fall into the category of malware.
Popular binary packagers can help as they do have a recognizable signature.
Signing your binaries can also be helpful.  Make people more confident in your exe.
Ok so back to me.
Personally I think the data compression is the main reason, but hey,  what do I know.
So now, packaging.
UPXing (great compression tool) helps a little, but still some virus scanners flag us as bad.
I've also tried NSIS and it certainly also helps, but the worst scanners still flag us.
Hashing or Signing your binaries
Hashing provides a hash of the file, along with that file to download. The user downloads the hash 
and the file, re-computes the hash to verify it matches the downloaded hash, thus proving that the 
file is unaltered and untampered with.  Nice and siimple. I like this one.
Signing verifies the file is clean and the identity of the signer. You'll need a code signing certificate.
Code signing allows us to be sure we’re downloading a file from the true sender. 
Essentially, code signing lets you know that the code hasn’t been tampered with and is a safe download. It's a bit more of a wrangle and it costs, but there's plenty of info on signing your exes, just Google it.
I have not tried this, but was wondering if packaging a Red script with the Red exe in a Rebol way might work, so it simply automates the interpretation of the script. A waste of the Red compile options though.
I'm not sure what more to say about this, I do know that if you voice your opinions there will always 
be someone who wants to argue or disagree - but i've said this before, This is my blog, my thoughts 
and my ideas, I'm happy to accept polite input and help, but nothing more, if you dont like it then move on. 
I've been asked about why I'm not on certain social media sites - I dont like social media because it
gives a voice to the weirdos and maniacs of this world, a voice they would not have had before, so be nice and enjoy life (and Red).  
Been in Germany with work for the last five months, boring stuff, I mean real boring. Will be back soon and back to Red.  Can't wait.  
--------------                                                                                                                               10/03/2018
I'm so busy at work right now, but will do more with Red as soon as I can.  I found this.
If you have a folder of Red scripts, here's a way to run them one by one from a simple list - brilliant stuff,  love it.
Congratulations to Nenad and the Red team on the new 0.63 build, lots of new features to work with.
The date! datatype is an awesome addition.  There's plenty other things to check out. 

Look here for all the new stuff:  http://www.red-lang.org/


Red [needs: 'view]                                       
dat:  form now/date 
day: append form "Day:  " now/day   
mnth: append form "Month:  "now/month  
yr: append form "Year:  "  now/year
view [ title "Date"
       h1 red dat return
       h5 day return
       h5 mnth return
       h1 yr

Been busy with work, so not had chance to post anything for a while.
Lots more to come from me soon !

Try this link for now. 

And this. 

I also love this.


Try this excellent work.


No comments:

Post a Comment