> EV certificates no longer bypass SmartScreen. Years ago, signing files with an Extended Validation (EV) code signing certificate would result in positive SmartScreen reputation by default, but this behavior no longer exists. EV certificates may matter for enterprise procurement, but they no longer impact SmartScreen behavior. Paying a premium for EV solely to avoid SmartScreen warnings is no longer justified.
It's expensive. I don't agree that it's harder, in the sense of TFA's technical struggles getting it to work. If you've got the money for the certificate, passing OV and signing the binary is easy. The difficulty of signing isn't the big problem we face on Windows. The main issue is that signing barely does anything: you still get hit with SmartScreen blocks even though it's signed. The return on your investment of time and money is just showing your name as the publisher in the SmartScreen prompt. The only way to avoid the SmartScreen prompt is by building reputation with lots of installs.
I still prefer this over having a Microsoft developer account and publishing in the store--I hate having to put my software through arbitrary store review processes--but it's not a good situation. SmartScreen is just about the worst thing ever to happen to indie developers on Windows. We're right there in the thick of it with macOS developers: different details, same struggle. Both of our corporate overlords want you to distribute software in their store, and you get the sense that they would end self-distribution entirely if they thought they could get away with it.
I note that TFA's author edited the post after-the-fact, changing the line about Windows. It originally claimed that Windows worked fine and they got "just an EXE" and that was that. I assume they finally tried it for real on a civilian computer and saw the SmartScreen block.
In Word you add a decimal tab stop to the ruler. Word's main problem is that people are unaware of its features; they don't spend time learning it like they do with TeX.
Not OP, but I do single-region us-east-1 for a few reasons:
1. The severity and frequency of us-east-1 outages are vastly overstated. It's fine. These us-east-1 outages almost never affect us. This one didn't; not even our instances in the affected AZ. Only that recent IAM outage affected us a little bit, and it affected every other region, too, since IAM's control plane is centrally hosted in us-east-1. Everybody's uptime depends on us-east-1.
2. We're physically close to us-east-1 and have Direct Connect. We're 1 millisecond away from us-east-1. It would be silly to connect to us-east-1 and then take a latency hit and pay cross-region data transfer cost on all traffic to hop over to another region. That would only make sense if we were in both regions, and that is not worth the cost given #1. If we only have a single region, it has to be us-east-1.
3. us-east-1 gets new features first. New AWS features are relevant to us with shocking regularity, and we get it as soon as it's announced.
4. OP is right about the safety in numbers. Our service isn't life-or-death; nobody will die if we're down, so it's just a matter of whether they're upset. When there is a us-east-1 outage, it's headline news and I can link the news report to anyone who asks. That genuinely absolves us every time. When we're down, everybody else is down, too.
I have a system that builds SQLite databases and uploads them to S3. Once they're in S3, they are never changed. The program that builds the databases only does writes, and the program that queries the databases only does reads. It uses a VFS to query the database in-place with HTTP range requests.
This is indeed not an optimal setup. A more careful design from first principles would not require seeking around the file as much as SQLite does, we'd do a better job on reading exactly the correct range of bytes for a given query since we know ahead of time what the access patterns are, and we could do reads in parallel. With SQLite we have to be very careful about the schema design to ensure it won't have to seek too many times to answer a query. But SQLite was expedient, and I'm confident I'll always be able to read the files. That's less certain for a custom file format.
If it's that small, why not compile it directly into the application? The compiler might even be able to optimize a good chunk of data away, or optimize the code based on the data.
Nothing small about it. This is terabytes of data and new files are added daily with new data. That's why we had to move it into S3. It was costing too much to store in SQL Server.
I only reach for SQLite when it's big. Otherwise, I'd prefer to just use the existing SQL Server infrastructure, or .csv.gz files in S3. Internally, I use the term "bulk data" for data sets that are stored in S3 because they were too big for SQL Server.
For this use case we need the ability to do an indexed query and extract a small number of rows from a large database. It's a traditional row-oriented database workload. I'm sure other solutions would also work, but SQLite's design melds well with the data. The migration from partitioned SQL Server tables to a collection of SQLite database files was straightforward.
Showdead is quite a disheartening experience - there’s just so much LLM generated crap. The dead internet theory doesn’t feel as fringe as it once did.
They don't have to be. I have a traditional non-sandboxed app with an MSIX installer. It's less flexible than MSI but it doesn't mandate a sandbox for the installed application.
Great to know. I would say that it happened to me more recently but it may have been in machines that had been unused for some months and ran an old version.
According to the link, it "only" took them 5 years to solve the bug. Better late than ever though, I guess :)
FWIW, the top comments at the time of my comment (one hour after yours, two hours after the article was posted) are all complimentary. You commented one hour after the article was posted; it's worth waiting a bit for the comment voting to shake out.
https://learn.microsoft.com/en-us/windows/apps/package-and-d...
> EV certificates no longer bypass SmartScreen. Years ago, signing files with an Extended Validation (EV) code signing certificate would result in positive SmartScreen reputation by default, but this behavior no longer exists. EV certificates may matter for enterprise procurement, but they no longer impact SmartScreen behavior. Paying a premium for EV solely to avoid SmartScreen warnings is no longer justified.
reply