He has some good points. Should we provide a monolithic installer? What are the good reasons not to? To the person involved: I have forwarded this to tech for wider comment, and have blanked out all references to your identity. If you reply to this message, your message will go to the mailing list; if you need to talk to me individually, then please make sure you are only sending to me.
----- Forwarded message from ********************** ----- From: ******************************************* To: Matthew Toseland <toad at amphibian.dyndns.org> > >> Whether the installer is offline or online, it still downloads >> directly from the Freenet site through insecure channels. > >No. In offline mode, it requires that the user has already downloaded >the files. How you get them is your problem. It does not contact the web >site at all. All you have to do is download selfextractpack.jar, >freenet-cvs-snapshot.jar, and freenet-ext.jar, and run the first jar, >tell it to do an offline install, and tell it where the files were >downloaded to. Does this make sense? Does it solve the problem? I see. I misunderstood the offline mode. In this case it would solve the problem to a certain extent as long as instructions on this option and where to put the files are easy to find. I would make sure to have this as easy as the regular install. I will take another look when I get the chance. However, why make users go through this trouble? Given that Freenet download will be blocked for one of it's primary audiences, those in countries with censorship (e.g. China, Saudi Arabia, N Korea, Singapore, ....), making this difficult for them seems pointless, especially when there is almost no benefit. As with many other open source projects, I think you're forgetting that this kind of stuff scares people away. 80% of people will walk away at the first sentence that reads "download x.jar and y.jarand put them in the directory blah blah blah..." I'm an engineer, and I view these kinds of installation steps as a sign that the software will be equally annoying to use, and so generally won't bother. This also makes distribution through other means much more complicated (yes, 4 files, and knowing where to put them, is "much" more complicated than a single download and double click). Take for example Bit Torrent or eDonkey-like networks - great distribution methods for those who are without a proxy and blocked - now we need 4 files and instructions rather than just an easy executable - and for what benefit? Personally, even without all the above issues, I would prefer a monolithic installer. Storage and bandwidth are cheap. What is unfriendly about a large file? I see requiring an internet connection at installation time, and multiple downloading sessions, as unfriendly. I couldn't care less about one-time large downloads. >... generally just adds complexity to something that >> should be simple. > >You only need the 3 files: selfextractpack.jar, freenet-cvs-snapshot.jar >and freenet-ext.jar. >> >> I'm not sure I understand why a monolithic download is any better than >> downloading an installer which then downloads a monolithic file. Sure >you >> get some kind of download management, but my browser can do that. >> >> The Freenet client or installer should NEVER phone home without >explicitly >> warning the user, as that would clearly alert the network to its >presence. > >Maybe we should have a more explicit warning on the first page of the >installer. > >I have CC'd nextgens as he wrote the installer and is the main advocate >of online installation support. >> >> Thanks. >> >> On 5/9/06, Matthew Toseland <toad at amphibian.dyndns.org> wrote: >> > >> >On Tue, May 09, 2006 at 12:43:18PM +0800, ****** wrote: >> >> I did not get it installed. There is always a way, but I don't >really >> >have >> >> the time or the motivation to figure out a way, especially when the >> >method I >> >> learn should be unnecessary in the future. I have no immediate need >for >> >> this, but am concerned that Freenet would be building the >installation >> >> around an architecture that would inadvertantly alert observers to >the >> >> installation, without informtion the user, and allow for such easy >> >blocking. >> > >> >If you believe there are security issues with Freenet at present which >> >would enable others to easily detect the installation of the node then >I >> >am interested in your opinions. Security has always been the main >reason >> >for freenet's existence. >> > >> >With regards the particular problem of the installer downloading files >> >from the website, some work has been done on this: >> > >> >The current installer has an option on the first page to do "offine" >> >installs. If this is selected, then it will ask you where you >downloaded >> >the core files to (freenet-cvs-snapshot.jar and freenet-ext.jar), and >> >it will install from there, without accessing the internet. Is this >> >sufficient, or are you convinced that we need a monolithic (i.e. huge) >> >installer? >> > >> >Thanks. Please contact me if you have any other concerns with Freenet. >> >Since you have assisted in Freenet development, I am happy to peer with >> >your node if you do decide to install one, and if you would like that. >> >> >> >> On 4/22/06, Matthew Toseland <toad at amphibian.dyndns.org> wrote: >> >> > >> >> >Did you manage to get it installed in the end? There is a way... -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060515/57fc74ba/attachment.pgp>
