Hello, I know very little about this world.
But isnt the goal of a patent to disclose an invention? If so, the source code of KVASD is likely to be explained in great details in: http://www.google.com/patents/US6634007 (valid until 2019) Anyway... there is always this other project. Seems to work in theory, maybe it could be made into an alternative open-source soft reed solomon decoder... https://code.google.com/p/rssoft/ 73 de F4GRX On 13/11/2014 07:01, ki7mt wrote: > Hi Bill, all, > > See below > > On 11/12/2014 08:58 PM, Yannick Devos (XV4Y) wrote: >> Hi Bill, >> >> I am answering below. >> >> 73, >> Yan. >> --- >> Yannick DEVOS - XV4Y >> http://www.qscope.org/ >> http://xv4y.radioclub.asia/ >> >> Le 13 nov. 2014 à 07:37, Bill Somerville <[email protected]> a écrit : >> >>> On 12/11/2014 23:51, Yannick DEVOS (XV4Y) wrote: >>>> Hi Bill, >>> Hi Yan, >>>> >>>> I am not a specialist about this questions, but this is my comment. >>>> What you could do on OS X is at first run check if the KVASD is present >>>> (and updated) and if not download it and install it (with the EULA dialog, >>>> etc). >>>> The ClamXAV antivirus does this for its internal engine which is developed >>>> by a different team than the GUI itself. >>> I did consider such a solution for all platforms although it is probable >>> that the application doesn't have permission to write the KVASD >>> executable to the required location. The main reason that I didn't take >>> this route and instead linked the KVASD install to the WSJT-X installer >>> (more or less directly) is that it isolates the code that requires >>> elevated permissions to the installer context. >> ClamXAV for instance ask the administrator password, but it might be because >> the antivirus engine has to work at system level... >>> > >>> In general I think it is a potential major security violation for any >>> application to download executable content from the Internet and such >>> ability should not be granted to a user level application. > > I have to agree with Bill here. Downloading a live binary, that's > capable of running as soon as it lands on the users system, is not wise > in the eyes of security. MD5 or SHA sums are ok, but only tell you bit > integrity. Maybe creating .tar.gz or .xz file and have the archive > signed by then person uploading them to SVN would provide some > additional trust. You could go as mild or wild as you want to > administer, but a simple public .asc signature would go a long way > toward better trust. > > This process is how infrastructure build servers work. I build a > package, sign it, upload it. This will not prevent malicious attacks, > but at least provides the end-user with some level of confidence as to > the origin, particularly when the source code cannot be examined prior > to using the binary. > > I plan on using a similar approach for JTSDK, but It never dawned on me > that we could / should employ something similar for kvasd-installers ( > KVASD Binaries ). There are lots of models for doing this, should not be > too tough to put a simple process together. Gpg is available for most > all systems in on form or another. > > I still think downloading the binaries, rather than trying to include > the somehow, on systems that would allow it, is a much smarter play. > > >> I quite agree with you from a general principle, however many applications >> like FireFox or Google Chrome do their updates this way. >> I don't tell you to silently do it like Chrome does it, because I find it >> very annoying. >> However, informing the user, and providing him a way to download the package >> in one click and install it with just a further drag-&-drop seems >> responsible to me. >> >> If I were to do it for a software I wrote, that's the way I would do it, but >> that does not mean that's the way you have to do it... >>>> >>>> 73, >>>> Yan - XV4Y. >>>> --- >>>> http://www.qscope.org/ >>> 73 >>> Bill >>> G4WJS. > > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk > _______________________________________________ > wsjt-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/wsjt-devel > ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ wsjt-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wsjt-devel
