I just wanted everyone to see the very best comment I've received on my blog to date...re: on the Autodeploy post...
re: Autodeploy 2 Cents
Posted @ 6/22/2003 7:40 PM
WTF? Jeez, how about saying something constructive. You don't have to be sepaking from a unique perspective or anything (M-O-O-N??? Jeez.) but it would be nice to not waste the bandwidth.
Nice hey? First, I thought it was constructive (but I could be wrong)...Second, please learn to spell. Third, wouldn't this comment be a waste of bandwidth? Not sure. Does everyone get comments that do nothing but cut down your thoughts for no other reason but to insult?
Hats off to you "no way". Thank you very much for this. I don't mind insults (but yes, they hurt). I don't mind people disagreeing with me (Mike, if you are reading this - that would be you) - but at least leave your email address...or email me directly.
Duncan seems to be talking about autodeploy apps these days...thought I would add my two cents to the discussion.
I wrote an article a couple of months back for .NET Magazine on keeping your smartapps up to date…and, well, I didn’t have enough words to really express how many options are available for you on this topic. I decided to focus on what I call the “loadfrom” method – which uses reflection to dynamically pull down what you need when you need it from some URL, caching as you go along. Well, I would not do this in real life unless I had a good reason because of the security impacts and considerations needed to make this work right in almost any situation.
There are other ways of keeping your smart client up to date – Duncan mentions a few on his blog – and some are quite cool…I just want to add to this by suggesting that if you want to keep your smartclient up to date – buy something that does it for you – oh – like installation software such as InstallShield (update services coupled with QuickPatch)
I’m lazy – and I think that something like autoupdates should be a base service of some kind…System.Updater.UpdateMe (http://my.location.com/myapp) !!! – but its not…but InstallShield makes it a bit easier in a lot of cases…and hey, if that don’t work for you – go ahead, build your own using the PAG example or one of the other samples Duncan pointed to. Just don’t go nuts if you don’t have to…distribution is never easy for large complex solutions (especially solutions that touch interop). Continued operations, security, and support should be your goals. Personally, I like the package solution because they usually provide fairly stable and robust solutions. Look for more packaged update solutions in the future from a great many vendors – I’ll probably review them in some magazine in the very near future….
Besides my “loadfrom” article (that I don’t recommend you use ) you can also read some level 100 material at http://msdn.microsoft.com/msdnmag/issues/02/06/rich/default.aspx
If you decide to write your own, you should be considering the following aspects (beyond the obvious):
- Source and assembly security (huge topic here)
- Incremental downloads (BITS being my favorite)
- Versioning (with a capital V not a lower case v)
- Distributing trusted assemblies (how to handle assemblies with strong names or that needto be placed in the GAC)
- Updating the updater
- Security requirements of the Updater/Launcher application itself. Spoofing an updater/launcher is serious stuff