On Monday 18 May 2009 18:03:50 Cl?ment wrote: > Le samedi 16 mai 2009 20:10:00, Matthew Toseland a ?crit : > > On Saturday 16 May 2009 15:02:19 Thomas Sachau wrote: > > > Matthew Toseland schrieb: > > > > On Friday 15 May 2009 16:35:40 Thomas Sachau wrote: > > > >> Matthew Toseland schrieb: > > > >>> On Thursday 14 May 2009 18:35:07 Thomas Sachau wrote: > > > >>>> Matthew Toseland schrieb: > > > >>>>> My observation: Can we get rid of the "I will configure it > > > >>>>> manually" choice? > > > >>>>> And maybe the welcome page? (#3094) > > > >>>> > > > >>>> You want to force everyone to use the Wizard? > > > >>> > > > >>> Why would that be bad? > > > >> > > > >> What if i dont want to do use the Wizard? Also, if i removed the > > > >> "wizard > > > > > > > > done" line (intentinally or > > > > > > > >> by mistake), a new run would remove my custom settings. With the > > > >> option, > > > > i > > > > > > can just stop the wizard > > > > > > > >> and no harm done. > > > > > > > > If you know enough to skip the wizard you should shutdown the node, > > > > edit > > > > the > > > > > > config file and tell the node you have done the wizard! > > > > > > Is there a need for editing the config file? You can set everything with > > > the > > > > config section too, but > > > > > without the "i want to do it myself", you cant disable the wizard from > > > the > > > > GUI. > > > > > >>>>> Related idea: We should maybe tell the user in the installer that > > > >>>>> they should > > > >>>>> use a separate browser for Freenet, rather than in the wizard? And > > > > then > > > > > >>>>> let > > > >>>>> them choose one, and then use it when they click on the icon to > > > >>>>> browse Freenet? (#3104) > > > >>>> > > > >>>> This would produce additional work for people packaging freenet, > > > >>>> since > > > > > > > > they > > > > > > > >>>> would have to warn the > > > >>>> user themselves, while users tend to ignore the output of the > > > >>>> package manager. > > > >>>> So this would lower the chance of people noticing the request for a > > > >>>> different freenet > > > >>>> browser/profile and therefor i am against it. I suggest the current > > > > way: > > > >>>> Warning during first call > > > >>>> of the webinterface like it is currently done. > > > >>> > > > >>> Well, maybe on linux, with the packages that we don't have yet... > > > >> > > > >> Did you miss the Gentoo ebuilds? > > > >> Isnt it a goal to get other distros to package it too? Just because it > > > > did > > > > > > not happen until now, > > > > > > > >> doesnt mean it wont happen some time in the future. May just need more > > > > time > > > > > > since Gentoo as source > > > > > > > >> based distro may be a bit better for packages than binary distros. > > > > > > > > No, it is a goal to package it with private repositories. Having a > > > > debian package that is frozen for 3 years is not useful at the present > > > > time. > > > > > > > >> And if we have it for linux, why would you like to add additional code > > > > for > > > > > > windows (both in the > > > > > > > >> installer and in freenet, which would have to detect the OS and then > > > > decide > > > > > > to show the warning or > > > > > > > >> not)? > > > > > > > > Well, we could do something similar for *nix, no? Launch a suitable > > > > privacy > > > > > > enabled browser when the user runs the browse-freenet script? > > > > > > You dont know the user system. While windows user systems may be similar > > > to > > > > each others, this is not > > > > > true for linux. Where would you place that script? How would you check > > > which > > > > browser the user wants > > > > > to use? This idea looks more like the way user handling is done on > > > windows > > > > or ubuntu: Expect him to > > > > > know nothing and try to do everything for him. Might be nice for > > > beginners > > > > and if it works, but > > > > > makes things worse for experienced users, who want to do it different and > > > > also makes it harder, if > > > > > there are problems. > > > Imho you cant beat stupidity. Either users read a message and act the > > > right > > > > way or they dont. You > > > > > cannot prevent them from doing bad things. > > > > > > Additionally, Gentoo is about choice, if there is a warning, the user can > > > > choose, with a forcing > > > > > script, there is no choice, which is a bad idea for this philosophy, > > > > therefor i vote against such a > > > > > script for linux. > > > > Well, we already have a Browse Freenet script on all three platforms. > > Currently it detects browsers that we know about. You don't have to use it > > if you don't want to. But we should extend it to use incognito mode if > > possible, and to favour browsers with such support. I dunno how we can > > determine whether such a mode works with the particular installed version > > though... > > I don't see the point forcing the user to choose. I don't see the point > displaying a warning neither btw : > > should we detect all the potentials security threats (or unused benefits) on > the user's system ? > > Things like that are just waste of time. What would be good instead is a > documentation about how to have a secure environment in which you can run > freenet, and display a link to it during the wizard (or display the howto > directly). > > Additional code to detect if the user use freenet in a secure environment is > just a waste of time. Good documentation isn't.
Freenet should, like all security software, be secure by default. When it cannot be secure it should TELL THE USER. We are not talking about detecting trojans here: we explicitly call a web browser, hence it is our responsibility. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090520/559b3db9/attachment.pgp>
