Jamie Cool - Demo of ClickOnce | TheChannel9Team

joe.wurzburger
Scary, I know

Cool demo. Our install and support folks are going to go ga-ga over this. We were doing early design work on an "auto-upgrader" for our existing .NET client apps ... looks like that'd be a waste of time now.

I did get a kick out of the IISRESET, though ... now that's a realistic demo. Smiley

farquhar
useless drivel

About key files: "I could have...whatever."

Doesn't sound like the security message is sticking. That, sir, is lip service to security. Demonstrate real world examples.

The more Microsoft folks "whatever" security and use demo/dev behavior the more the folks who only watch and copy will get it wrong or not value the security bits and wizards and what they were designed to do. I realize security wasn't the purpose of the demonstation but the "whatever" hurts the cause.

ZippyV
Fired Up

The guy mentioned that it wouldn't work on Netscape. Why? Can the program and ClickOnce only be launched by Internet Explorer? It should work with other browsers too. Maybe not Netscape but certainly with FireFox or Mozilla or Opera.

moofish
Living in Scotland, UK

so what you are saying is that it only works on ms products

AndyC

ZippyV wrote:
The guy mentioned that it wouldn't work on Netscape. Why? Can the program and ClickOnce only be launched by Internet Explorer? It should work with other browsers too. Maybe not Netscape but certainly with FireFox or Mozilla or Opera.

I think it was more a case that it won't work the way they are written today. If they call the Windows URL APIs or handle the MIME types correctly themselves it should work fine.

I'm more concerned by how much space will potentially be wasted by the roll-back feature. It's not much for a simple app like that but what about something the size of Office? That said it is potentially very cool for those times when an update breaks functionality.

Sampy
This will be the sixth time we have destroyed it and we have become exceedingly efficient at it

Jamie most likely "whatevered" security because we're still working on tweaking our security settings and system before we release. Thus, what he shows you now in the security part of ClickOnce isn't what you're going to see when we ship Beta 2 and RTM.

As someone who is deeply involved in this (I wrote the code on the security property page and I'm updating the signing page), I can tell you that we are NOT taking security lightly. We work closely with the Windows team to make sure we make the right security choices going forward. The CLR security team is a key contributor to the ClickOnce effort.

Security is ALWAYS on our mind when we design, implement, and test ClickOnce.

Manip

Question.. If a user downloaded/installed the application, and then the Dev changed the security permissions and the user gets an update, does it warn that user about changes in the privileges of the updated version?

Sampy
This will be the sixth time we have destroyed it and we have become exceedingly efficient at it

Manip wrote:
Question.. If a user downloaded/installed the application, and then the Dev changed the security permissions and the user gets an update, does it warn that user about changes in the privileges of the updated version?

Yes.

lars

AndyC wrote:

I think it was more a case that it won't work the way they are written today. If they call the Windows URL APIs or handle the MIME types correctly themselves it should work fine.

I'm also confident that the good people working on Firefox will adress that issue. This could become what ActiveX never was! Or in a worst case become ActiveX all over again.
I think the deciding factor will be if it is possible to get end users to pay attention to the security dialogs and not just click accept/deny like zombies.

- Warning: The application "Paris Hilton pictures" needs permissions to mess up your system - is that okey?
- Hell yes, hit me bro!!

CAS is a suweet thing. If people just learn to use it.