UI and other suggestions

[owebia]

Hi,

Thanks for providing RuckZuck, it looks very promising.
I'm still wondering which package manager to use but the community driven catalog of RuckZuck make it more complete.

Here are some suggestions to improve the UI:

• add a "Rescan" or "Refresh" button on the home page (it would refresh the catalog, refresh the installed app list and recheck for new updates). Now we need to relaunch RuckZuck when something changed outside of RuckZuck.
• allow mouse scroll on "Create new Software-Items" list
• have the list of detected installed softwares on the home page (or an additional page) like PatchMyPC Home Updater for example
• add a one-click action to report an outdated package for people who don't know or don't have the time to create a new Software-Item
• display installed softwares with version greater than RuckZuck's catalog version as installed (like PatchMyPC does) and maybe auto-report an outdated package
• display virustotal.com result for each software
• have a way to track new Software-Items submission status

By the way, RuckZuck is currently reported as malicious by Cybereason. https://www.virustotal.com/gui/file/406c4a1c8d97eed74da3d7eeb8bc53682d6b5cc22351ab7ef50a273164f4b3c3

Thanks!

[rzander]

Many request in one post ;-) but I will try... 1) add a "Rescan" or "Refresh" button -> Well updating the catalog is difficult as it's cached on a content deliver network (CDN)... but I will think about a "rescan" option...
2) what do you mean with "mouse scroll" ? how often are you using "Create new Software-Items" ? 3) https://ruckzuck.tools/Home/Repository ? 4) it's already there ?! 5) It does already auto report newer versions... But as not every vendor is handling product version correctly, it's sometimes hard the detect a newer version... Why do you want to see if you have a newer version ? 6) For most common Software, RuckZuck does trust the signature of the download and not a specific File... How would you map the download link with virustotal.com 7) Fill out the "Author email" if you create a new Software-Request... Then I'm able to give feedback, or you can open an Issue here in GitHub. Note: Software-Packages that are not complete or not able to run will be rejected without feedback (there are too many such requests...). Also, I don't want to have thousands of packages in the repo that no one is using... So if you publish a 10 year old SW, there is a chance to get rejected just because of no interest.. 8) I don't care if RuckZuck.exe is tagged on "Cybereason"... If it's a problem for you, check the "RuckZuck_uncompressed.exe" in https://github.com/rzander/ruckzuck/releases

[owebia]

Thank you very much for your response.

1. A "Rescan" button would be nice. I understand that it is more complicated for the catalog.
2. The table of softwares in "Create new Software-Items" section has a scrollbar on my machine, but scrolling with the mouse when you are over the table has no effect. Yesterday and today I uploaded 6 packages but that's true I will not use it every day after that
3. Sorry, I meant on the first screen when you launch RuckZuck.exe or have a dedicated screen in the software where you can see all installed softwares matching one of RZ's catalog. It can be useful to detect which programs will be handled by RZ (for example, if you installed Google Chrome Enterprise it will be updated by RZ but Google Chrome Standard will not ; it would be easier to identify what is handled and what is not)
4. True but what you should do with the form is not obvious (installation successful Yes/No & comments are required to submit the form), a dedicated menu item would be easier to do (one click) and to understand
5. Maybe I'm wrong but I think that a program with a higher version than RZ's catalog version will not be shown as installed on the machine (with a green background).
6. virustotal has an API (https://support.virustotal.com/hc/en-us/articles/115002100149-API) and it can scan a URL of an exe or msi file. As RZ catalog is filled by the community, showing virustotal report with a link to the report URL would increase the trust in RZ catalog (that malicious actors are not filling the catalog with fake versions of softwares)
7. I'm not the author of the softwares, so I let the "Author email" field empty. How is this value used?
   Here are the packages I uploaded:
   • foobar2000 v1.6.9 -> accepted
   • SageThumbs 2.0.0.23 -> unknown
   • RegexRenamer 1.3.1 -> unknown (old but I don't know something equivalent)
   • VeraCrypt 1.25.7 -> accepted
   • Burp Suite Community Edition 2021.10.2 -> accepted
   • digiCamControl 2.1.4.0 -> unknown (DSLR remote command software)
8. I'm OK with a false positive but as I heard from RZ only since yesterday, I had to do more researches to understand if RZ could be trusted

[rzander]

to point 7:

• The "Author email" field is there to allow feedback to the package author.. This information will be removed when the package is approved.
• if you create a software package, make sure that these apps are working ! -> Click on "create EXE.." and run the generated EXE in a Sandbox to check...
  • If it's not working and I do not have a personal interest to get this SW in the repo, the package will be rejected (without notification, as some funny guys just upload crap).
  • I fixed VeraCrypt and Burp Suite for you... the rest did not work and no personal interest
  • You can upload these again when the package is working...
  • If there is no demand on a package, it can/will be dropped from repo to reduce the maintenance work... So it will be hard for a 10 year old "RegexRenamer" and SageThumsbs seems also EOL ;-)
  • Also note, that I do not accept download URLs that are not in relation to the Product or suspicious (that was not the case on your submissions).

[owebia]

Thanks for your response and sorry for the mistakes in the packages.