At 22:44 24/11/2016 +0100, Marcus Noname wrote:
Am 11/24/2016 10:25 PM, schrieb Brian Barker:
I've been hearing from a intending user of OpenOffice who was
repeatedly finding the hashes on his downloads did not match. He (I
think he was a "he") had repeatedly downloaded form different
mirrors but could not get a match. He even, he says, tried other
versions and other operating systems. Clearly there was something
wrong at his end. Can you guess yet?
as you don't write from where he has done the downloads, this could
be a source of error.
Thanks for this.
That was the first thing I checked, of course - and yes, he was using
the official site.
1. Download OpenOffice from here [1].
Er, where? No footnote! But that's not the problem ...
2. Download the hash file from the same webpage ...
Now you are teaching me how to do this, so let's be clear. You know
what to do. I know what to do. Even the naive user now knows what to
do. Originally he made a mistake, but he eventually realised what he
had done. I understand the mistake and why he made it. You don't
(yet) understand what he did or why the web site instructions are
perhaps not clear enough to prevent this mistake by users. I'm hoping
I can get you (or whoever) to understand this and perhaps improve the web site.
Sorry, I don't understand what he has done. Comparing the file with itself?
No, of course not. I think that the fact that you found my
description (which I've re-read and I'm sure is clear) didn't lead
you immediately to an appreciation of the problem only goes to show
how the necessary wording can be confusing. That's my point.
Incidentally, did no-one else want understand my point?
Let's look at your description instead of at the web site. At point
3, you say to "generate the hash value from the downloaded OpenOffice
file". At point 4, you say to "[c]ompare it with the value of the
downloaded hash file". There are two tiny words there that differ
between the instructions: you mean something very different by a
value *from* a file and a value *of* a file. In the first case you
mean a value derived from a file by processing it through a program;
in the second you mean to refer to a value stored in a file. Can you
see that a user might easily miss that very important distinction?
As I explained, the user quite properly derived the hash value of the
installation file. He then - understandably but wrongly - performed
the same process to derive the hash value *of* the hash file -
instead of inspecting the value provided in that file. Not
surprisingly, these values never matched, whatever version he tried
or mirror source he used.
You and I will think that this misunderstanding is unlikely, but that
is because we already understand how hashes are used to confirm the
integrity of files in this way. As I mentioned, the web site - at
http://www.openoffice.org/download/checksums.html - uses expressions
such as "If both hash values do not match" and "When both hash values
match", and the use of the word "match" is asking the users to seek
similarity. The values to be compared are not "hash values" in the
same way. It is surely not surprising that this user therefore
believed hat he was being asked to do similar things with both files?
In any case, whatever you and I think, that is what he did. I'm
suggesting that we should believe the evidence.
If there are any mistakes or room for improvements, then please tell us.
I thought I had.
The web page separately sets out instructions for different methods
of deriving the hash value. In the couple of lines at the top, there
is only one sentence explaining the purpose. There is simply no
statement that the hash file already contains the *answer* that
should match what is derived from the file being checked. The later
use of expressions such as "both hash values do not match" and "both
hash values match" gives a strong impression that we are comparing
like with like. There are two hash values, we are being told, which
should match. It's not surprising that a user expects to derive two
hash values in the same way. It would be better not to call both
values "hash values" but to distinguish between the hash value
(derived form the file being checked) with the "comparison value" or
"check value" or "correct result" or whatever contained in (and not
derived from) the hash value file.
Brian Barker
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
