Everyone...
I've just finished three annoying but, I think, important days of work adding awareness of Windows 10's new "Controlled Folder Access" (CFA) to the SQRL client.
This was probably necessary, if not now then later once Microsoft starts turning it on by default, since SQRL stores its identity file in a SQRL sub-directory of the user's "Documents" directory. CFA was added to the infamous October 2018 Fall Creator's Edition (1709) of Windows. It is disabled by default since it is presently very noisy, ignorant and overprotective. But when CFA is enabled, =ANY= attempt to modify the contents of any files in any of the locations which are typically user-content, are blocked and a notice is posted on the lower-right of the screen. At that point the user can click for more information and be taken to the CFA configuration page. One of the options there is to show recently blocked programs and allow them to be added. Windows is supposed to only initially be blocking programs that it "knows" about... but it is, for example, blocking its own Internet Explorer. So at this point, CFA is still not very smart.
The annoying with SQRL was that a blockage of access to the SQRL sub-directory, since that should never have happened, WAS being shown as "you don't have any SQRL identities." That's what I wanted to prevent. So, with this release #70 of the SQRL client, it's able to add itself to the CFA permission list at installation time, while its built-in installer has been given elevated privileges. And it does this if CFA is present but disabled in the system, which will always be the case for all Win10 going forward. So for many SQRL client users, whether Microsoft knows about the SQRL client or not, they will never be blocked. And if Win10/1709 with CFA appears after SQRL has already been installed, a new dialog will appear upon system start notifying the user that CFA is apparently blocking SQRL's access and giving them a single button to press to add SQRL to the CFA whitelist.
I"m glad that everyone using this will be automatically updated, since there was a bit more surgery required to do this than I've done recently, and I want to be sure I didn't screw anything up that has always been working.
This has also been the first of our release candidate weekly releases that didn't have anything else to be fixed... so we may be nearing the end of this work. <fingers crossed!>
I'll be returning to my interrupted work on the SQRL system documentation, then most of my work will be completed.
Thanks, all!!
I've just finished three annoying but, I think, important days of work adding awareness of Windows 10's new "Controlled Folder Access" (CFA) to the SQRL client.
This was probably necessary, if not now then later once Microsoft starts turning it on by default, since SQRL stores its identity file in a SQRL sub-directory of the user's "Documents" directory. CFA was added to the infamous October 2018 Fall Creator's Edition (1709) of Windows. It is disabled by default since it is presently very noisy, ignorant and overprotective. But when CFA is enabled, =ANY= attempt to modify the contents of any files in any of the locations which are typically user-content, are blocked and a notice is posted on the lower-right of the screen. At that point the user can click for more information and be taken to the CFA configuration page. One of the options there is to show recently blocked programs and allow them to be added. Windows is supposed to only initially be blocking programs that it "knows" about... but it is, for example, blocking its own Internet Explorer. So at this point, CFA is still not very smart.
The annoying with SQRL was that a blockage of access to the SQRL sub-directory, since that should never have happened, WAS being shown as "you don't have any SQRL identities." That's what I wanted to prevent. So, with this release #70 of the SQRL client, it's able to add itself to the CFA permission list at installation time, while its built-in installer has been given elevated privileges. And it does this if CFA is present but disabled in the system, which will always be the case for all Win10 going forward. So for many SQRL client users, whether Microsoft knows about the SQRL client or not, they will never be blocked. And if Win10/1709 with CFA appears after SQRL has already been installed, a new dialog will appear upon system start notifying the user that CFA is apparently blocking SQRL's access and giving them a single button to press to add SQRL to the CFA whitelist.
I"m glad that everyone using this will be automatically updated, since there was a bit more surgery required to do this than I've done recently, and I want to be sure I didn't screw anything up that has always been working.
This has also been the first of our release candidate weekly releases that didn't have anything else to be fixed... so we may be nearing the end of this work. <fingers crossed!>
I'll be returning to my interrupted work on the SQRL system documentation, then most of my work will be completed.
Thanks, all!!
