H&M 7.1 and Premium Pack 3.15 Released

The latest news, information and updates.

Moderators: Alexander Halser, Tim Green

Post Reply
User avatar
Tim Green
Site Admin
Posts: 23156
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

H&M 7.1 and Premium Pack 3.15 Released

Unread post by Tim Green »

We have just released both Help & Manual 7.1 and Premium Pack 3.15. There are some important new features in both these updates. See these two blog postings for full details:

Help & Manual 7.1 Update

Premium Pack 3.15 Update

Getting the Updates :

You can get the Help & Manual installer from the normal download page here. Just installed on top of your current version to update. This will not change any of your settings etc.

You can download and install the updated version of the Premium Pack with the download link and installation password from the mail you received when you purchased your copy of Premium Pack 3. If you no longer have this please contact support AT ec-software.com (replace the AT with @) and we will help you out.

Help & Manual 7.1:
  • Team Foundation Server 2012, and 2015 support
  • Import Author-ITprojects directly
  • Microsoft Sandcastle included in the installation for direct source code documentation
  • Updated and significantly improved PDF engine with integrated widow/orphan control and manual page breaks inside table cells
  • Ability to create a separate viewer and books for EWriter eBooks, allowing distribution of the books as regular data files
Premium Pack 3.15:
  • Improved URL display in the address bar when viewing WebHelp without a web server
  • Support for embedded help and field-level topics and popups in WordPress sites
  • Improved handling of TOC entries referencing anchors
  • Support for field-level topics and field-level popups on the same page
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
User avatar
Martin Wynne
Posts: 2656
Joined: Mon May 12, 2003 3:21 pm
Location: West of the Severn, UK

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Martin Wynne »

Windows eBooks: the publish dialog and publish task dialog enable output file extensions <> “.exe”. When the extension is not “.exe”, H&M creates a data package only, without the viewer.
This sounds great, and I'm eager to try it.

But I can't find this option in 3920. What am I missing?

What extension should I set for the data package? Where is the separate viewer? Does it need something set in the skin?

I tried various extensions and none for the output file, but it simply creates a single executable file with the wrong extension.

Martin.
User avatar
Tim Green
Site Admin
Posts: 23156
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Tim Green »

See the new help topic on this which you can find here:

Publishing > Configuring for Publishing > EWriter eBooks for Windows > Separate or Integrated Viewer
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
User avatar
Martin Wynne
Posts: 2656
Joined: Mon May 12, 2003 3:21 pm
Location: West of the Severn, UK

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Martin Wynne »

Tim Green wrote:See the new help topic on this which you can find here: Publishing > Configuring for Publishing > EWriter eBooks for Windows > Separate or Integrated Viewer
Thanks Tim.

I think the word you were looking for was RTFM. :)

I was expecting to find a separate viewer exe somewhere, containing a menu where the user could select the required help file content.

I will start playing with ShellExecute. My plan is that my application will check the server for an updated data package, and download it if not previously downloaded. This will combine the Webhelp advantages of frequent updating, with the EWriter advantages of executable links and no security issues on downloading data files, or users on different browsers. I'm already using a similar scheme for FBR videos, with a separate player as part of my application, and it's working well. I can update a video at any time, and users see it directly from the Help menu in my application.

As luck would have it, I'm already using the .ebk extension for something else (emergency backup), so I will use a different one. There are 46,656 possible 3-character extensions (0-9, a-z), and I choose the same one. Do you have any suggestions for lottery numbers this week?

regards,

Martin.
User avatar
Tim Green
Site Admin
Posts: 23156
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Tim Green »

Do you have any suggestions for lottery numbers this week?
Sorry, someone just a few miles from here already won the €33,000,000 jackpot that was supposed to go to me last week. 8)
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
User avatar
Martin Wynne
Posts: 2656
Joined: Mon May 12, 2003 3:21 pm
Location: West of the Severn, UK

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Martin Wynne »

Tim Green wrote:Sorry, someone just a few miles from here already won the €33,000,000 jackpot that was supposed to go to me last week. 8)
I hope you didn't spend it in advance? :)

Martin.
User avatar
Martin Wynne
Posts: 2656
Joined: Mon May 12, 2003 3:21 pm
Location: West of the Severn, UK

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Martin Wynne »

Wow! That worked great!

For me this new EWriter functionality in 7.1 is the best development in H&M for a long time. I'm re-thinking my entire Help strategy now we have this. :typing:

Well done Alexander, Michael, Tim, and a big thank you from me. :)

If anyone wants to try this, here is a bit of test code (I've adopted sk6 as my data file extension):

Code: Select all

var
  viewer_str,content_str:string;      // these strings must be locals

begin

  viewer_str:=path_str+'sk6_viewer.exe';
  content_str:=path_str+'test_ewriter_data.sk6';

  if ShellExecute(0,'open',PChar(viewer_str),PChar(content_str),nil,SW_SHOWNORMAL)<=32
     then ShowMessage('Sorry, unable to start the Help viewer.');

//...

end;
It gets better -- if the data package includes a file link to a different package, clicking the link will load it into the viewer to replace the existing package. This requires only that your data package extension is associated with the viewer.

regards,

Martin.
User avatar
Tim Green
Site Admin
Posts: 23156
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Tim Green »

Hi Martin,

Thanks a lot for this. Perhaps you would like to post this in the tips and tricks section as well. Things in the announcements threads usually go under quite quickly. 8)
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
Simon Dismore
Posts: 454
Joined: Thu Nov 16, 2006 1:29 pm
Location: London, UK

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Simon Dismore »

Martin Wynne wrote:EWriter advantages of executable links and no security issues on downloading data files
From your users' point of view there are security issues, because once they have trusted your sk6_viewer.exe executable and associated your .sk6 file type with it, they are effectively trusting any file that happens to have an .sk6 file extension. The ebook (your .sk6 file) is like a batch file or unsigned dll, except that it probably won't be detected by users' email systems. That could enable a wide variety of exploits. For example, imagine some adversary has a valid login to your support forum and can discover other member's email addresses through social engineering. The adversary uses Help and Manual to craft an .sk6 ebook that invokes a series of powershell scripts when opened, and uses email spoofing to send this version to your users, pretending it has come from you. The fake ebook reaches some of them, and when they open it bad things happen.

This isn't unique to Ewriter, of course, but perhaps the potential need for code signing of ebooks has been overlooked. Tim has already recommended code-signing the original executable (see ebook .exe format download and virus scanners last January), where he also mentioned an idea of having "neutral eBook files that only contain the content", which I imagine means they're sand-boxed so they can't execute commands.
User avatar
Martin Wynne
Posts: 2656
Joined: Mon May 12, 2003 3:21 pm
Location: West of the Severn, UK

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Martin Wynne »

Thanks Simon.

It's not actually necessary to associate the data file extension with the viewer. The ShellExecute command works equally well with unassociated files. The only advantage in the viewer is the ability to link directly to other data files and open them in the same viewer instance.

My intention is that my application downloads the data file and launches the viewer. Users won't expect to be downloading or opening the data files themselves. I already have a similar scheme working for FBR video files, opened in the FBR video player. This way I can update content as frequently as necessary, daily even, without the need to release an upgrade to the application. Webhelp can do the same of course, but can't launch executables.

I wonder if EC-Software would be willing to sell the source for the viewer? I could then add some security scrambling to ensure it can open only my own genuine data files.

Actually I already have my own viewer for H&M output, using David Baldwin's THTMLViewer. It's needed for my users on Wine under Linux and on Macs. In fact it works quite well, and can also launch executable content. Full CSS, but it doesn't support javascript, so user-friendliness is a bit restricted.

regards,

Martin.
Last edited by Martin Wynne on Tue May 31, 2016 6:17 pm, edited 1 time in total.
Simon Dismore
Posts: 454
Joined: Thu Nov 16, 2006 1:29 pm
Location: London, UK

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Simon Dismore »

That might work. Unmediated execution of active content is the principal issue. If your application can control what gets loaded, and how it gets updated, you're in a much better position. The best thing would be to sign everything you create and have your application check the signatures before loading. Alternatively I suppose you'd need to secure the connection to the server (e.g. with TLS) to mitigate the risk of an adversary man-in-the-middling the download and substituting their own malformed ebook.

Interesting stuff, and not trivial to solve.
User avatar
Ed Hawco
Posts: 165
Joined: Thu Nov 07, 2013 5:50 pm
Location: Montreal
Contact:

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Ed Hawco »

FYI, the link to "Help & Manual 7.1 Update" in the original post is broken.

Also, what is "Microsoft Sandcastle" used for?
e
d
============================================
Ed Hawco
User avatar
Tim Green
Site Admin
Posts: 23156
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

Re: H&M 7.1 and Premium Pack 3.15 Released

Unread post by Tim Green »

Hi Ed,
Ed Hawco wrote:FYI, the link to "Help & Manual 7.1 Update" in the original post is broken.

Thanks, fixed. 8)
Also, what is "Microsoft Sandcastle" used for?
It allows you to auto-generate source code documentation for Microsoft Visual Studio programming projects and is now included as part of Help & Manual. Basically, you just point it at your Visual Studio project and it generates a pre-formatted Help & Manual project from your comments and assemblies. See this page in the help for details:

http://www.helpandmanual.com/help/index ... castle.htm
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
Post Reply