|
Beta testers - turn on "Beta Releases" Greetings, we are about to test a new update distribution mechanism for LimeWire tonight. If you are running LimeWire 4.9.2 Beta or higher, please go to Options -> Updates and select "Beta Releases". Within the next 24 hours you may get a message prompting you to upgrade to 4.9.5. Let us know if you do, and how the upgrade went. Thanks a lot! P.S. beta 4.9.5 will also be available from the website, but please don't download it just yet - help us test this update thing at least for a day. Your patience is appreciated. |
http://rootproject.servehttp.com/alk...scrnshot01.PNG http://rootproject.servehttp.com/alk...scrnshot02.PNG it didnt do anything after i pressed "Update Now" btw, i think it should say "A newer version of LimeWire is available, update?" |
Do you remember if you restarted limewire anywhere between 6:30PM EST and the time you received the notification? We found a bug where the update only works if limewire hasn't been restarted. If you are feeling adventurous and want to help us test this out better here's what you can do: 1. Turn of "Connect on Startup" 2. Shut down LimeWire 3. delete the Documents and Settings\<user name>\.limewire\version.xml file 4. delete the Documents and Settings\<user name>\.limewire\.NetworkShare directory 5. start LimeWire, but don't connect yet - let it load all shared files 6. connect to the network. What should happen is LimeWire asking you to restart itself upgrading to a new version. Let us know if it works. Thanks for the help! |
actually, this is what i did lol: earlier today i was browsing around in options and noticed that i forgot to check the beta release box and did so. (this is how i also found the license bug i posted in the 4.9.3 beta topic) i didnt restart just yet untill a few hours later when i saw your post., but i never received the update message untill i restarted it. but anyways, this is what i have found after following your instructions: a new version.xml is saved with new version info upon connection. but does not display the prompt untill AFTER i restart it again. Quote:
it also sends me to the download page if i press update now (i didnt notice this before.): http://www.limewire.com/english/cont...ows+XP&osv=5.1 |
That is strange, I got this NPE tonight: Code: LimeWire version 4.9.4jum422 Pro |
Quote:
(the steps in the above post have been updated for anyone else wishing to try this) |
Just a thought: what about security and the in network updating? I've always been wary of upgrade notifications in the past on LW: what certifies you there is no false signal spreading letting you know that a real new version is available? I believe this is even more important in the new update schema: you could be induce to spread a LW version containing a trogan or any other worm/virus run by the LW installer following the in-network download? The old schema was redirecting you to the download adress, so you were sure of the source, what about now? Playing a bit of the devil's advocate right now, but a vulnaribility is the last thing LW needs right now, especially at the speed the in-network updates can spread in the LW subnet. Anyway, you guys probably found a technique to do it safely, but I feel bringing the possible issue could at least put the things clear. Merci ;) |
The old update message as well as the new upgrade mechanism are protected using LimeWire's private key. They are, in fact, the same message - if you look at ~/.limewire/version.xml you will see that both the update URNs and the website URL are contained in the same document. |
here is the thing for everyone if you need a ?%&& any version yall could just go to &*?&* and you'll get everything there free and thats all i have to say i'm out. Spam and piracy talk are forbidden on this forum, read the forum rules. -et voilą |
umm, i would give it another try.. but i lost the 4.9.4 pro installer. i do have 4.9.5 pro, 4.9.3 pro and below. is there an archive of installers somewhere [of the basic version]? [brackets denote edit] |
UPDATER WORKED FOR ME When I opened Limewire Pro on two of my machines there was an alert at the bottom of my Limewire Screen telling me an update was available. I hit the alert, found the update, downloaded to Save, exited Limewire and installed the update. Nice, neat and clean.........no problems.........the advantage to having a fully functional and properly configured computer......Yes that is a poke at the others who blame LimeWire for their problems. LimeWire Update worked for me. |
I have had it turned on since I noticed it beta checked I believe 4.5 but have never resieved a notifcation of updates |
We haven't notified for 4.9.7 because we found some bugs with the update mechanism in 4.9.4 and 4.9.5. |
Quote:
So don't worry from where that XML file comes from. If it validates, then it was created by LimeWire LLC itself, and nobody else, not even any LimeWire open source developers). The LimeWire will not display such update notice from any version XML file with the wrong signature, and will discard it if you attempt to modify it). See it like emails you receive from anywhere but that for which you can trust its origin as it contains a cryptographic signature. LimeWire has not, and will not reveal its own encryption private key needed to create or update that file. A non-LimeWire release created from the open sources would likely discard the Limewire notice or would embed the public key of the creator of that alternate release, instead of the LimeWire LCC public key, so that this alternate version can distribute its own version.xml file. (Note that version.xml is not purely a XML file: it just appears to have an XML content, but is followed by the cryptographic signature.) This security is based on the fact that if you can trust Limewire LLC to distribute the genuine version of Limewire that you are using, then you could trust Limewire LLC's signature used for its updates. The same technic is used in general by all software distributors as well (the public key is generally encapsulated within a public certificate, stored and validable in a trustable PKI provider, which acts as the escrow for attesting that the author's identity shown in the certificate has been verified and is not patently false; this PKI can also provide information about the status of a certificate, for example if it has been compromized, and can tell you if the certificate is still valid, or if it has been invalidated by its original author). Limewire can embed one or more public keys in each release: older ones (if they have not been compromized), and the most recent one. These public keys allow accepting update messages for all future versions that will be advertized and created using the corresponding private keys. If someone does not upgrade immediately, and several major versions have been released, may be sometime in the future, none of its embedded public key will match the update messages for these future versions, if they are not created using one of the private keys corresponding to the public keys embedded in an old distribution used by some user. It will take years before this happens, unless a private key has been compromized: * For example if the LimeWire LLC private key appears to have been stolen by someone to create a volontarily broken version of Limewire, something that has still never happened, * or if the cryptographically strong signature algorithm gets broken Limewire uses a signature based on the wellknown irreversible SHA-1 cryptographic digest algorithm, which is still still safe for now; Limewire could switch at any time to a even stronger algorithm such as SHA-256 or SHA-512 which is supported now natively in Java 1.4.1+. Would the strength of this digest be ever compromized, the whole planet would be largely informed because this encryption algorithm is constantly monitored by lots of security companies. Breaking this digest algorithm is still a very challenging and difficult problem worldwide, needing lots of costly resources. When this will occur, LimeWire would immediately change its signature, and would inform users on its web site that new update notifications will use a new key, and won't be delivered to users of old versions, that will have to update manually. No one can predict when such event will ever occur (those that would attempt to break the encryption algorithm would likely use their discovery fro more "profitable" criminal actions than just building a P2P servent, which can be freely downloaded from a wellknown source; if this ever happened, this forum would be filled with warning notices about fake and viral Limewire versions). These considerations are true for any software that embeds a internet update system, including Microsoft Update, antivirus updates, Java auto updates, and so on... |
| All times are GMT -7. The time now is 09:16 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.