RCasatta
commented
5 years ago @petertodd what do you think?
Closed fametrano closed 3 years ago
RCasatta
commented
5 years ago @petertodd what do you think?
petertodd
commented
5 years ago Seems reasonable to me to allow proof upgrades w/o file validation - the OTS proof files know what SHA256 hash they're for. I'd just suggest that you don't prune the proof files that are upgraded, to guard against deleting proof data in the event of brokenness/malice.
fametrano
commented
5 years ago Browser downloaded files cannot overwrite local files.
Anyway, to improve clarity the upgraded proof (if any) is now named originalFileName.ext.upgraded.ots (assuming the provided proof is named originalFileName.ext.ots). This is in line with the recently accepted PR at https://github.com/lvaccaro/javascript-opentimestamps-tools: see a deployment at www.dgi.io/ots-tutorial/ as opentimestamps.org/tools has not been upgraded yet.
fametrano
commented
5 years ago the proposed change is live at https://dgi.io/ots
petertodd
commented
5 years ago Right now it'll say "success" even if the attestation isn't complete; I don't think that's safe UI.
petertodd
commented
5 years ago Also, the way it says "verified" prior to actually verifying the file contents is dangerous.
It's probably be better to have two separate user flows than trying to do the same thing with one box.
fametrano
commented
5 years ago Right now it'll say "success" even if the attestation isn't complete; I don't think that's safe UI. This is the current opentimestamps.org website behavior ;-)
The new proposed UI at https://dgi.io/ots/ has been updated to more nuanced stamped / matched / warning / success / failure feedback.
Also, the way it says "verified" prior to actually verifying the file contents is dangerous.
I agree, it has been fixed
It's probably be better to have two separate user flows than trying to do the same thing with one box.
Originally, opentimestamps.org had 2 boxes; it moved to a single one quite a few months ago. Considering my training experience, I personally agree that a single box is a better user interface, provided that is accompanied by proper instructions / feedback
please check the new UI and provide comments. thx
petertodd
commented
5 years ago The problem is people don't read instructions very well; remember that this is security software and we're better off if users that are confused feel confused than users who are confused thinking they're not.
Secondly a nasty paper-cut of the "one-box" is that verifying causes the timestamp proof file to also be timestamped, resulting in an unnecessary and confusing download box.
BTW re color, I'd suggest a darker shade of yellow - the shade you're using is relatively hard to read as it has little contrast with the white background. The yellow on black is fine; it's the on white that's the problem.
petertodd
commented
5 years ago Regardless, the current version is an improvement over before!
fametrano
commented
3 years ago abandoned
ots proof (upgrade and) validation does not strictly require original file validation; nonetheless, the user is prompted to validate the original file ensuring hash matching
also, the opentimestamps.min.js library in the assets/javascripts/vendor folder has been updated according to the one currently deployed on the https://opentimestamps.org website (same as https://github.com/opentimestamps/opentimestamps.org/pull/36)