Violation of basic computational rights? I'm not sure the filename approach is really all that far out there.
Microsoft uses it for Office 2016 deployments. Their new installer process does something similar to what we are trying to do when installing office. An example of the filename they use is: Setup.X64.en-US_O365HomePremRetail_0174f7b5-908c-4338-be4c-ffffffffffff_TX_PR_.exe Their web page that kicks off the download process simply states we are going to download a file to your computer. When your browser gives you an option to save it or run it, choose run. ----- Rom -----Original Message----- From: Tristan Olive [mailto:[email protected]] On Behalf Of Tristan Olive Sent: Monday, September 28, 2015 1:00 PM To: Rom Walton <[email protected]> Cc: Hugh Wormington <[email protected]>; Rytis Slatkevičius <[email protected]>; BOINC Developers Mailing List <[email protected]>; Matthew Blumberg <[email protected]> Subject: Re: [boinc_dev] Proposal: Simple Attach (Cookieless Installs) I agree that an IP cannot be expected to be a reliable, unique identifier, even short term. However, I also think the long filename is unreliable, as it requires that a user not do basic file management on his own system. It feels like a "violation of basic computational rights" to expect this. Also, is the maximum path length on Windows still an issue? We can't be sure where the download directory is located, as that is also browser dependent and user configurable, so the total path length is unpredictable. To go along with what Hugh is suggesting, see the attached (rudimentary) chart showing the flow of how this could work. Note that the nonce really is only used to establish a handshake of sorts between the client and server; once that has been done, the server gives the client a separate, verifiably-unique auth key to be used in <opaque> for client authentication going forward. If the browser launch fails, can we add a link or button or menu item somewhere in the client as a manual retry? Then we could send the user a notice after some time saying, "we see you have not completed installation, please follow these directions to continue." -- Tristan Olive _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
