InformAction Forums

I will concede until I have a chance to compare them side by side. I will reserve any comparisons and comments until after that as to remain fair and impartial. We obviously have similarities and perhaps some differences, will only know after trying it.

A small personal interjection though, I have found RF to have a very intuitive and smooth integration with my habits, so it will take some getting used to for a new software but I promise to give it a fair shot. I have been using RF since the time it was first introduced and it looked much like your program, simple interface, very "amateurish" GUI if you will, but none the less it was clever and powerful, so I don't judge anything by its look, just function. I will actually admit that I find RF has gotten a bit more bloated than I would have liked over the years and although some refinements were welcome, not all of the stuff they have added was to my liking.

I think RF might be going the way of Icarus

GµårÐïåñ wrote:... I have been using RF since the time it was first introduced and it looked much like your program, simple interface, very "amateurish" GUI if you will, but none the less it was clever and powerful, so I don't judge anything by its look, just function. I will actually admit that I find RF has gotten a bit more bloated than I would have liked over the years and although some refinements were welcome, not all of the stuff they have added was to my liking.

I think RF might be going the way of Icarus

I know what you mean, my friend, and I just got a very unpleasant surprise when I checked on the latest version of Password Safe. I haven't updated it since the Dec 2008 version 3.15, whose installer was 1.7 MB, and the entire program folder, expanded, was barely more than 2 MB.

For the latest version, *the installer alone* is 10.7 MB. IDK how large the fully-installed version is, but it looks like they, too, may have gone the bloatware route.
Perhaps they have decided to match RoboForm's additional capabilities, which is sad -- why can't there be a range of products of differing features and complexity?

Anyway, if you try the latest version, of course you know I value your comments on it. If you don't like it, they have a "History" link, and perhaps you might try the simple, lightweight 3.15. If you can't get the installer for it, I can e-mail you a copy -- I always save such things.

Yeah I downloaded the latest build of 6/30/11 from SourceForge and the installer was large but I figured it was just because it probably has dependencies and frameworks that it needs to check/load so it might not be that bad when installed but I can only say after I have done it. Believe it or not, if it hadn't been for their clever AJAX handling, for those pages that use it, I would have gone back to version 3.x of RF long ago. Version 5.x was the last awesome one that was just refined enough to be cool. OH well, I wish there was a middle ground too but you know how it is, everyone is chasing someone else. Let me know how you feel about the latest one since you have a better perspective while I check it out too.

I didn't actually d/l it. Saw the size and said, bleah. But as you are taking the time to check out my recommendation, yes, I should check the newest version to see the differences. Will put on flash drive to avoid any conflicts with the native install.

It can't have too many dependencies, since it runs on *any Windows machine* in the flash drive version, so it must rely on only default-installed Windows files, if any. Please allow a day or two for me to compare them thoroughly.

everyone is chasing someone else.

You mean like, Firefox chasing Chrome?

It's not as bad as I thought. The program is smaller than the installer.

One reason is that this installer includes multiple languages -- European, two Chinese, etc. -- and by opting out of all but English, installed size shrinks.
Actual installed size = ~ 7 MB, and of that, the .chm Help file is almost 2 MB. So, only 5 MB actually needed.

Includes an on-screen keyboard.
The .exe itself went up from 1.5 MB to 3.7 MB. GUI was mostly the same; "enhanced" colors, like I really care about that.

It offers both native install and disk-on-key install, the latter not using the Windows registry. So, as mentioned, you can use it safely as a guest on another host machine. I don't remember if there was a differential choice in v3.15's installer. Maybe you had to choose: D/l the portable, or d/l the native. That would account for larger installer size here.

I suppose I could try a HD install in a different ProgFiles folder, and check size.

I just checked the Registry for the (existing) native install. Only typical user prefs are stored there, like window size/location, and standard stuff like file paths.
The only MRU stored is the filename of the last pw db that was opened, which isn't any secret, and of no use to an attacker who uses the machine after you do. Nothing that in any way would give anyone access to your creds, without the master pw. Decryption is done only on-the-fly in RAM, and *never* stored in the clear on disk, as always.

No major changes to the operation: Here I am, logged in at NS Forum via PWS 3.28 on Flash drive.

The really cool part, as always: I copied my current pw db to the new flash drive folder, and the new install immediately recognized it. Upon launch, it prompted for master p/w -- same pw as the native install -- and Bam! - popped right up.

It would take a while to look into the finely-grained option changes, but it doesn't look like they foobarred anything, and I can live with going from 2 MB to 5 MB. Not exactly bloat. Pdf readers: Foxit v2 @ 4MB, Adobe @ 400 MB -- now, *that's* bloat.

HD install is shown by Windows as 6.15 MB, less the 2 MB help file, the 260k on-screen-keyboard if not needed, a separate 68k Uninstaller (on a flash drive, you'd just delete the whole folder; on HD, it might be well-behaved enough to remove its Reg entries. Not all programs do, as you well know.)

If space were that scarce, one could also ditch the Release Notes in html and txt, the ReadMe, the Changelog, and be down to about 4.5 MB.
Works for me.

Looking forward to your eval, of course.

Tom T. wrote:I didn't actually d/l it. Saw the size and said, bleah. But as you are taking the time to check out my recommendation, yes, I should check the newest version to see the differences. Will put on flash drive to avoid any conflicts with the native install.

Yeah I installed it on a thumb drive so I can test it on various systems with various setups to see how it fares. I did the same thing with RF back in the days, but now know exactly what it can do, so I have only a primary copy on my desktop and a thumb version which syncs locally so I can take it on the road with me. The old lady has only a thumb version she prefers and as soon as you plug in, it mounts and hooks, so its pretty cool and leaves no trace, so she likes that. So I installed this one on the thumb so I can give it the same royal treatment Don't feel compelled to do it because of me, you do what works for you my friend, in no way do I want to burden your already tight schedule and busy plate with unnecessary testing on my account. I am a big boy, I will do my own leg work without making you do it too but of course you know I would greatly appreciate the benefit of your insight, specially on something I am not familiar with.

It can't have too many dependencies, since it runs on *any Windows machine* in the flash drive version, so it must rely on only default-installed Windows files, if any. Please allow a day or two for me to compare them thoroughly.

It was just an assumption my friend. Some installers will package say the C++ or VB library foundations because their program depends on it and will check to see if the system has it or not, if it does, then they skip it and if not then they install it, so that's why sometimes the installers are much larger than the actual program. It was an educated assumption not knowing for sure, it doesn't mean it does or it is. Nowadays most systems come preloaded with all the libraries for VB, C++, this and that, so yeah most programs can get away with just crossing fingers and hoping its there, but a good developer would always check, at least I do, just to make sure. You don't want your first impression to be, your program doesn't run because some system API got mangled for a missing library, do you?

You mean like, Firefox chasing Chrome?

Unfortunately yeah a good example and all the more sad because Chrome didn't even exist until recently and for Fx to ruin its code and alienate its user base that made it famous and beloved for the sake of competing with a hack job of a browser so far, is mind boggling in the least and pathetic in my opinion. I loved and favored Fx for years and recommended it, but now when people ask I say, roll the dice and decide on your own, I will stamp nothing with my name anymore. Other than NS and a few other addons, I don't go on a limb for anyone anymore and vouch for them, cause so much has changed that I can't be sure they are still the same enough for me to trust the recommendation I am giving. And you know me, if I can't stand behind what I say, I won't say it. After all, I worked hard to build my reputation and trust of my name and character, I am not going to blow it on some num nuts making a fool of me by being less than sincere.

Tom T. wrote:It's not as bad as I thought. The program is smaller than the installer.

One reason is that this installer includes multiple languages -- European, two Chinese, etc. -- and by opting out of all but English, installed size shrinks.
Actual installed size = ~ 7 MB, and of that, the .chm Help file is almost 2 MB. So, only 5 MB actually needed.

Includes an on-screen keyboard.
The .exe itself went up from 1.5 MB to 3.7 MB. GUI was mostly the same; "enhanced" colors, like I really care about that.

It offers both native install and disk-on-key install, the latter not using the Windows registry. So, as mentioned, you can use it safely as a guest on another host machine. I don't remember if there was a differential choice in v3.15's installer. Maybe you had to choose: D/l the portable, or d/l the native. That would account for larger installer size here.

I suppose I could try a HD install in a different ProgFiles folder, and check size.

I just checked the Registry for the (existing) native install. Only typical user prefs are stored there, like window size/location, and standard stuff like file paths.
The only MRU stored is the filename of the last pw db that was opened, which isn't any secret, and of no use to an attacker who uses the machine after you do. Nothing that in any way would give anyone access to your creds, without the master pw. Decryption is done only on-the-fly in RAM, and *never* stored in the clear on disk, as always.

No major changes to the operation: Here I am, logged in at NS Forum via PWS 3.28 on Flash drive.

The really cool part, as always: I copied my current pw db to the new flash drive folder, and the new install immediately recognized it. Upon launch, it prompted for master p/w -- same pw as the native install -- and Bam! - popped right up.

It would take a while to look into the finely-grained option changes, but it doesn't look like they foobarred anything, and I can live with going from 2 MB to 5 MB. Not exactly bloat. Pdf readers: Foxit v2 @ 4MB, Adobe @ 400 MB -- now, *that's* bloat.

Thank you, I appreciate the analysis. Yes, I installed the key version to keep it on the drive and not use the registry, but if I were to install it for regular use, I would probably put it on my main machine but even then probably not the registry option so I can back up easier. I will give it a whirl and see how it goes, I will play with it, give me some time, so I can be sure that I tried everything before I open mouth and insert foot

Some installers will package say the C++ or VB library foundations because their program depends on it and will check to see if the system has it or not, if it does, then they skip it and if not then they install it, so that's why sometimes the installers are much larger than the actual program. It was an educated assumption not knowing for sure, it doesn't mean it does or it is. Nowadays most systems come preloaded with all the libraries for VB, C++, this and that, so yeah most programs can get away with just crossing fingers and hoping its there, but a good developer would always check, at least I do, just to make sure.

Agreed. Often, I can eliminate the one that comes with the package, and it will find the msvcp*.dll or whatever in \system32\ (or Win SxS) and use that.
My AV won't let me delete their VCP dll, possibly as redundancy in case malware corrupts the Windows folder/subfolders.

I loved and favored Fx for years and recommended it, but now when people ask I say, roll the dice and decide on your own

I know exactly how you feel, friend, but so long as NS is fully effective only on Fx/SM, nothing so far trumps that, and probably never will.
We just work around the foobars in Fx, but I'm not leaving NS/Fx in the foreseeable future.

I installed the key version to keep it on the drive and not use the registry, but if I were to install it for regular use, I would probably put it on my main machine but even then probably not the registry option so I can back up easier

Makes no difference. So long as you have the program itself on a flash drive (or CD/DVD/whatever), then the ONLY thing you need to "back up" (copy) is the single, ~15k pw file, pwsafe.psafe3 (typical default name). That file can be copied to any install of PWS anywhere, including cross-versions -- as I just did -- and be opened with your one master pw. So backups are one 15-20k file, period. No need to back up Reg entries.

I reported this to Roboform, but I want to post here to see if maybe you can provide some insight into what's happening.

For a while, I noticed that when I used Roboform2Go to fill and submit the form on http://discover.com to log into my Discover Card account, Firefox would crash. It was the submit action that was triggering the crash since if I just did a fill and manually pressed the submit button everything would be fine.

I found that if I disabled NoScript it wouldn't crash. I also found if I reset the NoScript settings it wouldn't crash either. I finally tracked down the problem to allowing scripts at both discover.com and discovercard.com. Once I did that, Firefox would crash when using Roboform to submit the form. If I disabled scripts at discovercard.com it wouldn't crash and if I disabled scripts at discover.com it wouldn't crash either. The later would fail to log in though as I got the following NoScript error:

[NoScript XSS] Sanitized suspicious upload to [https://www.discovercard.com/cardmember ... app/signin] from [https://www.discover.com/]: transformed into a download-only GET request.

That got me thinking. I re-enabled scripts at both discover.com and discovercard.com and then unchecked the XSS option to "Turn cross-site POST requests into data-less GET requests". Once I did that, it would no longer crash. So the issue has something to do with Roboform not liking when it submits a form on a page with JavaScript enabled that triggers NoScript to change a POST to a GET request. What's odd is that discover.com is the only site I've ever seen that has this problem.

Any ideas what's going on?


edit:

Note if I add the following XSS exception to NoScript, it won't crash either since it prevents NoScript from doing the conversion from POST to GET:

^https://www.discovercard.com/cardmember ... app/signin

> I reported this to Roboform

Link?

therube wrote:> I reported this to Roboform

Link?

There's no point in posting the link since Roboform's bug reporting site is protected by a username/password (i.e. not public).

http://support.roboform.com/php/rtss/main/?lang=en

Re: Password Safe:

GµårÐïåñ wrote:Yeah I downloaded the latest build of 6/30/11 from SourceForge <snip> Let me know how you feel about the latest one since you have a better perspective while I check it out too.

Done, I think.

The basic look, feel, and operation haven't changed, which is good. And a mistake that many other devs make from version to version (coughmzcough).

Added features, AFAICT:

1) Single click: "Browse to URL + Autotype" vs. one click for each in older version (click Browse; browser and page opened; place cursor; click Autotype).
Definitely a convenience improvement, albeit minor, and implies some parsing of the page, as RF does (to find the u/p fields).

2) GUI for creating and editing multiple random-pw-generation policies, which may then be selected, versus one single policy, which can be user-configged, but would have to be edited manually (via GUI checkboxes) if a site requires a different policy (length, hex-only, etc.). I've never needed this, but it could be useful for some.

3) GUI for creating your own keyboard shortcuts in addition to defaults, or to edit defaults.
Again, not something I can't live without, but for those who maximize use of kb shortcuts, very nice.

That's about it, I think. Both versions offer features I've never used: Compare two db's; Merge two dbs; Synch two db's (I just drag the newer one to the older, thus overwriting it); import/export to/from text file, XML file; import KeePass text or CSV file.

Looking forward to your opinion of it when you have time.