Re: Cerebro performance
Le vendredi 07 mars 2008 à 02:29 -0500, Michael Stone a écrit : RPMS and better developer documentation will probably appear tomorrow, as soon as Polychronis and I manage to cut a release. As for the 'sugar/telepathy' help: the plan is to fill in the stub 'telepathy-cerebro' Telepathy ConnectionManager, then to implement a cerebro_plugin in the Sugar Presence Service. This will get us a working mesh view. Then comes Tubes. :) No, the plan is to implement a Cerebro backend in Salut. I filed #6658 to track this work. G. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: How can I prevent 'suspend' ?
On Fri, Mar 7, 2008 at 7:04 AM, Paul Fox [EMAIL PROTECTED] wrote: when i had use of my (borrowed) XO, and was using a USB adapter, it appeared as eth1. how/why is eth0 going away completely? and if that's not preventable, could ifrename help? If you want to disable wifi, you can simply rename the kernel driver usb8xxx.ko. Details can be find in the following page: http://wiki.laptop.org/go/Airplane_mode -- Best regards, Yuan Chao ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Installing RPMS via Customization Key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Stone wrote: | It's completely unsafe to use the new USB customization keys to execute | software located on-key or on-NAND because any opportunity for arbitrary code | execution as uid 0 represents a serious threat to our first-boot activation | security. | | Since we appear to want to be able to customize images with new RPMS, this | leaves us in a somewhat sticky situation. The following patch represents one | approach to resolving the difficulty - that of postponing the running of any | commands until after the activation initramfs yields control to late userland. It is difficult to comment on this without more detail on USB customization keys. My understanding was that such customization would be done once at the level of whole countries, that it would be restricted to /home, and that the key in question was a cryptographic signing key, so that customizers (at the ministry of education) could create trusted images that the firmware or journal would install automatically. Thus, I am not sure what a USB customization key is. Countries that want to make invasive modifications to the operating system should be allowed to do whatever they want, but allowing users to add arbitrary RPMs without a developer key is a distinctly terrible idea. I cannot tell which you are proposing here. Your patch does not suggest that the set of RPMs is signed. Is there a signature validation happening somewhere? - --Ben -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH0VMMUJT6e6HFtqQRAvPJAJ9DQZoRGeoux2p2jLppPOku/QPBfACfcHgY UePE4MqAOjpzj5Ykr4I8uIM= =S8uD -END PGP SIGNATURE- ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: State of the update.1
On Fri, Mar 7, 2008 at 1:55 AM, Bert Freudenberg [EMAIL PROTECTED] wrote: On Mar 6, 2008, at 23:53 , C. Scott Ananian wrote: It seems that, with concerted effort, we could have a reasonable update.1 build in a short period of time. I would not dare to call an update which removes a large part of the XO's educational activities reasonable. Please don't deliberately misrepresent the build. We've been over this in multiple places, both in trac and in devel. The update.1 builds are just the base for the customization work done by the countries. No one is suggesting that we deploy machines to schools without activities. Suggesting otherwise is an unproductive troll. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: New update.1 build 697
mmm... After a couple of flags raised and an approval from Jim from a couple of weeks ago (http://dev.laptop.org/ticket/6521), the old TamTam versions are still being used in the builds. Any explanation? jp On 5-Mar-08, at 12:01 AM, Build Announcer v2 wrote: http://pilgrim.laptop.org/~pilgrim/olpc/streams/update.1/build697 Changes in build 697 from build: 696 Size delta: 0.00M -kernel 2.6.22-20080211.1.olpc.9f4e619336a08dc +kernel 2.6.22-20080304.1.olpc.914fce4d9a8baf3 -- This mail was automatically generated See http://dev.laptop.org/~rwh/announcer/update.1-pkgs.html for aggregate logs See http://dev.laptop.org/~rwh/announcer/joyride_vs_update1.html for a comparison ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Cerebro performance
On Fri, Mar 7, 2008 at 7:44 AM, Guillaume Desmottes [EMAIL PROTECTED] wrote: Le vendredi 07 mars 2008 à 02:29 -0500, Michael Stone a écrit : RPMS and better developer documentation will probably appear tomorrow, as soon as Polychronis and I manage to cut a release. As for the 'sugar/telepathy' help: the plan is to fill in the stub 'telepathy-cerebro' Telepathy ConnectionManager, then to implement a cerebro_plugin in the Sugar Presence Service. This will get us a working mesh view. Then comes Tubes. :) No, the plan is to implement a Cerebro backend in Salut. I filed #6658 to track this work. On your marks... get set... go! I look forward to seeing the results of the competing implementations. --scott (who is always convinced by working code) -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Why is Terminal 'extra' ?
Terminal, Log Viewer, and Analyze are not included in the core build, but they *are* included in the core *library*. That is, you can always install them, even though they may not show up by default in the toolbar. I did not realize that - your answer settles my concern (i.e., that a user under a tree ought to be able to install Terminal if it was not included in the build). But it would be nice if the documentation were clearer. The wiki mentions library many times, but most of those references are to libraries out in cyberspace, or at the school. There is info about the Activities resident in the XO; there ought to be more info about the Library resident in the XO. [Because I originally had problems with Browse, had not explored its sidebar capabilities.] mikus ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: New update.1 build 697
On Fri, Mar 7, 2008 at 9:41 AM, Jean Piche [EMAIL PROTECTED] wrote: mmm... After a couple of flags raised and an approval from Jim from a couple of weeks ago (http://dev.laptop.org/ticket/6521), the old TamTam versions are still being used in the builds. Probably just an oversight. I didn't see TamTam listed in my perusal of update.1 bugs, but admittedly I didn't scrutinize the bugs assigned to ApprovalForUpdate or dgilmore. (Apparently I should have.) Did you follow the update.1 approval process to the letter? If not, make sure you've done so (including answering any questions left by Dennis or Jim; Dennis doesn't like to be forced to guess when he pulls things into update.1). In any case, please reply to the 'state of update.1' thread naming 6521 as remaining work to be done, so that we keep everyone synchronized (even if they don't have time to read every thread on devel@). (It appears that you have followed the update.1 process to the letter; please consider the bulk of my mail just a gentle reminder to others about how I would like omissions in the current state of update.1 to be addressed. For those others on devel@: Update.1 process: http://wiki.laptop.org/go/Update.1_process ) --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Why is Terminal 'extra' ?
On Fri, Mar 7, 2008 at 8:55 AM, Mikus Grinbergs [EMAIL PROTECTED] wrote: Terminal, Log Viewer, and Analyze are not included in the core build, but they *are* included in the core *library*. That is, you can always install them, even though they may not show up by default in the toolbar. I did not realize that - your answer settles my concern (i.e., that a user under a tree ought to be able to install Terminal if it was not included in the build). But it would be nice if the documentation were clearer. The wiki mentions library many times, but most of those references are to libraries out in cyberspace, or at the school. There is info about the Activities resident in the XO; there ought to be more info about the Library resident in the XO. [Because I originally had problems with Browse, had not explored its sidebar capabilities.] It should be remembered that I am trying to do the best I can for update.1 in the extremely limited time available. We've got some better solutions (as described above) for future releases; our approaches are likely to change with time. We'll probably have a detailed discussion of what goes into the core library at some point as well. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
User's customizations
Regarding what is in the build core, Scott said The core activities are just those which we insist all countries include on the left hand side of the (current) activity bar. Then there are those individuals who prefer to organize things their way. The second thing I've changed on my XO is which activities get shown on the left hand side of the current activity bar. [The first thing I changed on my XO was to get rid of the frame auto-raise.] mikus ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Installing RPMS via Customization Key
On Fri, Mar 7, 2008 at 9:37 AM, Benjamin M. Schwartz [EMAIL PROTECTED] wrote: It is difficult to comment on this without more detail on USB customization keys. My understanding was that such customization would be done once at the level of whole countries, that it would be restricted to /home, and that the key in question was a cryptographic signing key, so that customizers (at the ministry of education) could create trusted images that the firmware or journal would install automatically. Thus, I am not sure what a USB customization key is. http://wiki.laptop.org/go/Customization_key It is specifically design to allow countries (or schools) to create customied builds *without* requiring OLPC to sign or approve their changes. In exchange, we require the modifications to be restricted to /home so that we've got some hope of successfully diagnosing or updating their builds. I will refuse to sign any build with this patch in it, and I don't feel that Michael has made any case for why it is necessary. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: State of the update.1
On Mar 7, 2008, at 15:40 , C. Scott Ananian wrote: On Fri, Mar 7, 2008 at 1:55 AM, Bert Freudenberg [EMAIL PROTECTED] wrote: On Mar 6, 2008, at 23:53 , C. Scott Ananian wrote: It seems that, with concerted effort, we could have a reasonable update.1 build in a short period of time. I would not dare to call an update which removes a large part of the XO's educational activities reasonable. Please don't deliberately misrepresent the build. We've been over this in multiple places, both in trac and in devel. The update.1 builds are just the base for the customization work done by the countries. No one is suggesting that we deploy machines to schools without activities. Suggesting otherwise is an unproductive troll. It is called an update. Anyone who updates to a current update.1 build loses those activities. As far as I am aware there has been no official announcement exactly how to get back the missing activities. The preinstalled designation on the main Activities page has no meaning anymore. Searching for Update.1 on the Wiki yields nothing: http://wiki.laptop.org/go/Update.1 http://wiki.laptop.org/go/Update.1_process http://wiki.laptop.org/go/Update_paths http://wiki.laptop.org/go/Olpc-update Without an effort to get back the activities (which was not even mentioned as a to-do item in your message) I indeed do not think it is reasonable. This entire dropping of activities came out of nowhere. Until a few days ago I thought that we were all together working on a new OS version called update.1. Judging by other comments I am not alone in thinking this. I am following the lists very closely, but until I saw that ticket about removing activities there was not any hint that this is not going to happen. I as an activity developer of one of the formerly pre-installed activities still do not know how to proceed. You could at least communicate your intentions, if indeed providing a useable build is not possible soon. - Bert - ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: User's customizations
On Fri, Mar 7, 2008 at 9:10 AM, Mikus Grinbergs [EMAIL PROTECTED] wrote: Regarding what is in the build core, Scott said The core activities are just those which we insist all countries include on the left hand side of the (current) activity bar. Then there are those individuals who prefer to organize things their way. The second thing I've changed on my XO is which activities get shown on the left hand side of the current activity bar. [The first thing I changed on my XO was to get rid of the frame auto-raise.] I added (current) to my original statement above because there is in fact a much different organization of the Home screen proposed for the future. Currently, /usr/share/sugar/data/activities.default is not under /home and thus is inaccessible to the customization process. Arguably this is a bug, and I'd love to see patches, subject to the constraint that everything in /home should be considered volatile and no changes to /home should prevent sugar from starting -- a goal we are a long way away from, but I want to see that we're making forward, not backward, progress on that front. In any case, allowing customiation of activity order seems like a really good update.2 feature, if it's not completely made unnecessary by the Home view changes in update.2 (or if the Home view changes don't end up landing for update.2, etc, etc). If the patch is small, I could see considering it for update.1, but I don't see it as a blocking feature (especially absent patch-in-hand). I would like to see a final Update.1 released next week (or at least a release candidate we expect to hold up to be the final Update.1), and now is not the time for new features. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Installing RPMS via Customization Key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 C. Scott Ananian wrote: | On Fri, Mar 7, 2008 at 9:37 AM, Benjamin M. Schwartz | [EMAIL PROTECTED] wrote: | It is difficult to comment on this without more detail on USB | customization keys. My understanding was that such customization would | be done once at the level of whole countries, that it would be restricted | to /home, and that the key in question was a cryptographic signing key, | so that customizers (at the ministry of education) could create trusted | images that the firmware or journal would install automatically. Thus, I | am not sure what a USB customization key is. | | http://wiki.laptop.org/go/Customization_key | | It is specifically design to allow countries (or schools) to create | customied builds *without* requiring OLPC to sign or approve their | changes. Right. I thought the solution was that each country was to be given its own customization signing key that allowed them to construct modified images and sign them without OLPC approval. Only signed customizations would be installed automatically. This would solve the problem of privilege escalation. I guess I misinterpreted the word key. | In exchange, we require the modifications to be restricted | to /home so that we've got some hope of successfully diagnosing or | updating their builds. I will refuse to sign any build with this | patch in it, and I don't feel that Michael has made any case for why | it is necessary. | --scott | -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH0V+nUJT6e6HFtqQRAmd1AJ0bTWKkqdkpe2eHJYWrbmd/ukb8uQCfRf/v mC7ZoOrZ/VMGyRtG/65z51k= =pdHe -END PGP SIGNATURE- ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: show me the code
On Sat, Mar 1, 2008 at 12:38 PM, Chris Ball [EMAIL PROTECTED] wrote: AFAIK the only activities supporting the view-source key currently are Chat (which opens its source code in Pippy), Browse (showing the HTML source code) and Etoys (showing a menu giving access to code browsers and other tools). Pippy supports view source too (and opens *itself* in Pippy, where you can make modifications to it and build a new Pippy bundle from them). Further, there are 3-month old patches in trac to make Terminal (trac #5543), GMail (trac #5544), and Clock (trac #5545) Pippy activities (which will make 'View Source' work for them). The patches were put on hold because Update.1 was imminent... which turned out not to be the case. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: State of the update.1
On Fri, Mar 7, 2008 at 10:22 AM, Bert Freudenberg [EMAIL PROTECTED] wrote: It is called an update. Anyone who updates to a current update.1 build loses those activities. As far as I am aware there has been no official announcement exactly how to get back the missing activities. http://lists.laptop.org/pipermail/devel/2008-March/011509.html (a thread you participated in) http://dev.laptop.org/ticket/6598#comment:12 I apologize for not making a more prominent announcement; it's on my list of things to do before we declare the next release candidate -- and we haven't gotten there yet. I am way overextended; I'm doing my best to keep all the cats heading in one direction. Without an effort to get back the activities (which was not even mentioned as a to-do item in your message) I indeed do not think it is reasonable. It was mentioned as a release note item. Again, I'm sorry that I didn't spell it out completely: there will be a prominent message on the home page pointing people to an activity pack which will install all the G1G1 activities on top of the update.1 build. You assistance in creating that pack would, of course, be greatly appreciated! This entire dropping of activities came out of nowhere. Until a few days ago I thought that we were all together working on a new OS version called update.1. Again, I apologize that this was not better communicated, but I am not, in fact, the release manager or the build manager, or anything. I'm just a software engineer who's trying to make things work. There was a big summit at OLPC at the beginning of last week to try to get critical bugs fixed for Peru. I strongly recommended at that meeting that we make an update.1 build for G1G1 users, and then move on to update.1.1 to address the customization and networking concerns of Peru, Mexico, Nepal, etc. I was overruled; it was decided that we did not have the resources for this (a point which I certainly concede). So, the needs of update.1 are driven at this point primarily by the needs of our deployment countries. It may be that the result will be unsuitable for G1G1 folks, although at the moment it's only the activity pack business which fits uncomfortably. But we don't have the resources to tackle everything at once. Again, this earlier discussion should have made it's way to devel@ last week. I'm not certain that it was my personal responsibility to do so, but I will apologize at any rate. Judging by other comments I am not alone in thinking this. I am following the lists very closely, but until I saw that ticket about removing activities there was not any hint that this is not going to happen. Again, we were under time pressure and the (incorrect) assumption was that we could wait until we have a public release candidate to clarify how the core builds worked. It's always a big effort to write the documentation at the same time as the implementation, but it obviously would have helped a lot here. I hope that in my voluminious emailing this week I've done at least a little bit of retrospective documentation. I as an activity developer of one of the formerly pre-installed activities still do not know how to proceed. You could at least communicate your intentions, if indeed providing a useable build is not possible soon. Again, the builds are designed to be usable for Peru, Mexico, and Nepal. I am hard at work (although constantly distracted by all this email) at providing a full customization key image that allows us all to test exactly the configuration they have requested. Walter Bender is the head of the deployment team. If you want further insight as to which activities are being installed in which countries, and the recommendations he is making, you should contact him. It's not a technical issue any more, it's a deployment-side issue. It may well be that we need a new mailing list specifically for the community to keep track of deployment issues; the weekly emails might not be giving activity and content authors enough insight into the actual deployments. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Installing RPMS via Customization Key
On Fri, Mar 7, 2008 at 10:30 AM, Benjamin M. Schwartz [EMAIL PROTECTED] wrote: | It is specifically design to allow countries (or schools) to create | customied builds *without* requiring OLPC to sign or approve their | changes. Right. I thought the solution was that each country was to be given its own customization signing key that allowed them to construct modified images and sign them without OLPC approval. Only signed customizations The signed part of the customization key is universal. IMO we can't afford to intervene in every deployment. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: State of the update.1
If trolling is what it takes to exact such a thorough response, so be it ;) Still, I apologize if you felt that snippy remark was addressed at you personally. On Mar 7, 2008, at 16:58 , C. Scott Ananian wrote: http://lists.laptop.org/pipermail/devel/2008-March/011509.html (a thread you participated in) http://dev.laptop.org/ticket/6598#comment:12 I indeed participated in this thread, but I found When update.1 is released, we'll provide an 'activity pack' for G1G1 folks to not be exactly satisfactory. And I'd imagine the support crew is looking forward to the gazillions of where did my apps go requests ... It was mentioned as a release note item. Excuse my ignorance, but I cannot find any update.1 release notes for build 696 which removed the activities. http://wiki.laptop.org/go/Test_Group_Release_Notes stops at 694 http://wiki.laptop.org/go/Update.1_691 is almost empty http://www.google.com/search?q=update.1-696+release-notes comes up empty Again, I apologize that this was not better communicated, but I am not, in fact, the release manager or the build manager, or anything. I'm just a software engineer who's trying to make things work. I understand. You don't really have to answer my questions if this is not actually your job (especially when your communicating gets you into friendly fire). And if nobody feels its his/her job, maybe that position should be created? I hope that in my voluminious emailing this week I've done at least a little bit of retrospective documentation. Yes, thanks. It may well be that we need a new mailing list specifically for the community to keep track of deployment issues; the weekly emails might not be giving activity and content authors enough insight into the actual deployments. I would love that. Also, I'm really unhappy to hear almost zero feedback from the pilots, let alone the deployments. Thank you, - Bert - ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [PATCH] Install customization packages left for us by a USB key.
On Fri, Mar 07, 2008 at 10:11:06AM -0500, C. Scott Ananian wrote: Classic privilege-escalation attack. /, /home, and /home/olpc, are only writable by uids 0 and 500. Both uids 0 and 500 have direct access to uid 0. Therefore, if Mallory can affect what files are pointed to by $PKGDIR, then she already had access to uid 0. Is there a more subtle privilege escalation attack that I missed? In particular, one that was not already present 'a fortiori'? Are you instead primarily concerned that too much software is running under uids 0 and 500? Why is this being proposed, Michael? I believe that, when used judiciously, it adds valuable flexibility to the customization process that our deployment teams, the individuals who wind up maintaining the laptops' on-site over the course of their lifetimes, and our developers will appreciate. I'll leave it to you to articulate your view of the potential hazards that my 'judicious use' qualification carefully masks. Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: State of the update.1
On Fri, Mar 7, 2008 at 11:43 AM, Bert Freudenberg [EMAIL PROTECTED] wrote: I indeed participated in this thread, but I found When update.1 is released, we'll provide an 'activity pack' for G1G1 folks to not be exactly satisfactory. And I'd imagine the support crew is looking forward to the gazillions of where did my apps go requests ... It was mentioned as a release note item. Excuse my ignorance, but I cannot find any update.1 release notes for build 696 which removed the activities. Exactly: build 696 was not a public release candidate, and in fact it was made specifically to allow some private mesh testing at OLPC (unless that was build 695 or 694, I lose track sometimes). We only write release notes for public releases: there are only so many hours in the day! And we do not in fact have a activity pack pulled together for G1G1 ready to go (again, limited resources, and G1G1 is not our highest priority at the moment). We will do all these things before we declare update.1 done. We're not really all used to the idea that we have to document things *before* we try them and before they even work! But that is what our community demands of us, and the accountability is good for us. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [PATCH] Install customization packages left for us by a USB key.
On Fri, Mar 7, 2008 at 12:00 PM, Michael Stone [EMAIL PROTECTED] wrote: On Fri, Mar 07, 2008 at 10:11:06AM -0500, C. Scott Ananian wrote: Why is this being proposed, Michael? I believe that, when used judiciously, it adds valuable flexibility to the customization process that our deployment teams, the individuals who wind up maintaining the laptops' on-site over the course of their lifetimes, and our developers will appreciate. I'll leave it to you to articulate your view of the potential hazards that my 'judicious use' qualification carefully masks. I asked for specific use cases. I'm not interested in supporting risky things that are unnecessary but might be nice somehow. Let's make our support problems *better*, not *worse*. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: State of the update.1
On Mar 7, 2008, at 18:00 , C. Scott Ananian wrote: On Fri, Mar 7, 2008 at 11:43 AM, Bert Freudenberg [EMAIL PROTECTED] wrote: I indeed participated in this thread, but I found When update.1 is released, we'll provide an 'activity pack' for G1G1 folks to not be exactly satisfactory. And I'd imagine the support crew is looking forward to the gazillions of where did my apps go requests ... It was mentioned as a release note item. Excuse my ignorance, but I cannot find any update.1 release notes for build 696 which removed the activities. Exactly: build 696 was not a public release candidate, and in fact it was made specifically to allow some private mesh testing at OLPC (unless that was build 695 or 694, I lose track sometimes). We only write release notes for public releases: there are only so many hours in the day! And we do not in fact have a activity pack pulled together for G1G1 ready to go (again, limited resources, and G1G1 is not our highest priority at the moment). We will do all these things before we declare update.1 done. We're not really all used to the idea that we have to document things *before* we try them and before they even work! But that is what our community demands of us, and the accountability is good for us. I certainly hope you guys are looking in that direction rather than keeping things more secret (like what happened with the build announcer script getting disabled). It's hard enough to get crumbs of information thousands of mil^h^h^h kilometers away ... - Bert - ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [PATCH] Install customization packages left for us by a USB key.
On Fri, Mar 07, 2008 at 12:04:29PM -0500, C. Scott Ananian wrote: I asked for specific use cases. I apologize if I was inadequately specific in my previous email. As I alluded to before, three specific groups who I am confident would benefit from the ability to install RPMs via a USB-based customization process include: a) Walter and the teachers he's training, who would like an easy way to install gnuchess, since Gcompris doesn't yet bundle it. b) Individuals with large numbers of unreliably-networked laptops who would like to install carefully chosen and tested software on them en-masse, e.g. Bryan Berry and OLE Nepal. c) Individuals like me (and you?) who want a convenient way to install a fixed software overlay on top of whatever recent build they are presented with. I'm not interested in supporting risky things that are unnecessary but might be nice somehow. First a disclaimer - I'm going to ask what may be a couple of dumb questions because I really want to better understand your position. My question is simply: were you speaking on behalf of the entire OLPC development community, the OLPC-employed software team, or really, solely, for yourself? If the last (which I'll assume since I take it to be the literal meaning of your statement): a) why would you feel that you, personally, are supporting arbitrary 'risky things' that someone else thought were good ideas? (particularly when they go to the effort of developing, testing, and submitting a patch in order to offer everyone the opportunity to reach their own judgment of the merits of the proposal?) b) given that you currently feel this way, have you considered changing your feelings by letting the role of 'human firewall' fall on some different, perhaps larger set of shoulders, for example, those of the design- and code-review community whose help I solicited by publishing my first email? Sincerely, Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [offtopic] Fwd: [Comp] Recuperar arquivos ext3
Es muy dificil. Los métodos que usamos con ext2 no van a trabajar: http://batleth.sapienti-sat.org/projects/FAQs/ext3-faq.html On Mar 6, 2008, at 2:06 PM, Nathalia Sautchuk Patrício wrote: -- Forwarded message -- From: Fernando Gil [EMAIL PROTECTED] Date: Thu, Mar 6, 2008 at 3:47 PM Subject: [Comp] Recuperar arquivos ext3 To: [EMAIL PROTECTED], [EMAIL PROTECTED] Alguém sabe como recuperar arquivos apagados de uma partição ext3? É urgente. 9827-7928 []s FGiL -- Nathalia Sautchuk Patrício http://nathaliapatricio.blogspot.com/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [PATCH] Install customization packages left for us by a USB key.
On Fri, Mar 7, 2008 at 12:56 PM, Michael Stone [EMAIL PROTECTED] wrote: On Fri, Mar 07, 2008 at 12:04:29PM -0500, C. Scott Ananian wrote: I asked for specific use cases. a) Walter and the teachers he's training, who would like an easy way to install gnuchess, since Gcompris doesn't yet bundle it. This is a gnuchess problem. Gnuchess is not properly packaged yet. b) Individuals with large numbers of unreliably-networked laptops who would like to install carefully chosen and tested software on them en-masse, e.g. Bryan Berry and OLE Nepal. This is an inadequate problem description. What software? Why can't they be packaged as activities? What are the risks / benefits compared to the existing approach? c) Individuals like me (and you?) who want a convenient way to install a fixed software overlay on top of whatever recent build they are presented with. I believe we have a general design for such a system: trac #6432. You have provided one part of it; our full design included looking on external media, and mechanisms for making trojan attacks via this mechanism more difficult. The general approach is valid as long as it is not abused for deployment customization (your examples (a) and (b)). Checking for a developer key before invoking this mechanism would be one way of ensuring this, since we have already posited that presence of a developer key means that the user takes all responsibility for updating their machine and protecting it from theft. My question is simply: were you speaking on behalf of the entire OLPC development community, the OLPC-employed software team, or really, solely, for yourself? Of course, I am speaking only on behalf of myself. I have no authority, as you well know. Like gnu, my influence is limited to calling bullshit when I see it and trying to build consensus for sane approaches. I believe that your responsibility is also to build consensus: you must make a best effort to satisfy objectors (including myself) and make compromises. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [PATCH] Install customization packages left for us by a USB key.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Stone wrote: | On Fri, Mar 07, 2008 at 10:11:06AM -0500, C. Scott Ananian wrote: | Classic privilege-escalation attack. | | /, /home, and /home/olpc, are only writable by uids 0 and 500. Both uids | 0 and 500 have direct access to uid 0. Therefore, if Mallory can affect | what files are pointed to by $PKGDIR, then she already had access to uid | 0. Is there a more subtle privilege escalation attack that I missed? In | particular, one that was not already present 'a fortiori'? Are you | instead primarily concerned that too much software is running under uids | 0 and 500? This discussion is ultimately about Bitfrost's P_SF_RUN, which when enabled gives uid 500 access to uid 0. According to the Bitfrost spec, the P_SF_RUN permission is required for the user to modify the running system files. Installing an RPM clearly constitutes a modification of the system files. Moreover, any user who can install an RPM can make arbitrary modifications to the system, using setuid binaries or other techniques. Currently, there is no way to disable P_SF_RUN permission. However, we are operating under the assumption that Bitfrost will eventually be implemented completely. Once P_SF_RUN is implemented, this RPM installation feature will be incompatible with P_SF_RUN. There are then two options: 1. RPM customization from USB sticks will not work if P_SF_RUN is disabled. 2. RPM customization from USB sticks will constitute a security hole, rendering P_SF_RUN ineffectual. I (and I believe also others) oppose this feature because it creates this inevitable conflict with Bitfrost. Once P_SF_RUN is implemented, RPM customization will have to be disabled, causing consternation among those who are using this feature. It would be far better to comply with the constraints of Bitfrost now, even though they may not yet be enforced. If you would like to argue that P_SF_RUN should always be enabled, and therefore should not appear as a permission in the Bitfrost spec, you should make this argument separately. - --Ben -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH0aZOUJT6e6HFtqQRAkITAJ940x7P4PziHw8OmMvTRDHndO6pnACgkJf4 P8N/BlH530gMb3KTxXDFpTQ= =3qEq -END PGP SIGNATURE- ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [PATCH] Install customization packages left for us by a USB key.
On Fri, Mar 07, 2008 at 03:32:14PM -0500, Benjamin M. Schwartz wrote: First, thanks very much for the constructive criticism. This discussion is ultimately about Bitfrost's P_SF_RUN, We should certainly design a solution compatible with P_SF_RUN. I submit that the tactical part of the discussion contains material that extends beyond the scope of Bitfrost, but it's certainly good to revist the theoretical underpinnings of the enterprise. According to the Bitfrost spec, the P_SF_RUN permission is required for the user to modify the running system files. Installing an RPM clearly constitutes a modification of the system files. Moreover, any user who can install an RPM can make arbitrary modifications to the system, using setuid binaries or other techniques. Certainly true. Once P_SF_RUN is implemented, this RPM installation feature will be incompatible with P_SF_RUN. There are then two options: 1. RPM customization from USB sticks will not work if P_SF_RUN is disabled. Agreed. 2. RPM customization from USB sticks will constitute a security hole, rendering P_SF_RUN ineffectual. I would have suggested, instead, that 'once P_SF_RUN is implemented, this RPM installation feature will operate by exercising P_SF_RUN.' In other words, isn't rebooting with a specially formatted USB key (perhaps with fancy signed instructions; perhaps not) a [1] perfectly good way to determine that the human operator of the XO actually intends to modify the system software contained on it? [1]: Clearly, some alternate mechanism is also needed in order to support users who do not possess spare USB keys. Revertibility still needs some work: something like a CoW linking primitive, union mounts, etc. are still needed in order to put a writable layer on top of the read-only base layer. Comments? Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: State of the update.1
Walter Bender wrote: Let's you and I take a look at the console problem. I cannot imagine it is difficult to sort out. The problem is just that we do not load our customized keymaps because a clean integration in the kbd package would need a bit of work to detect OLPC at run-time and prepend a new olpc/ directory to the search path in this case. To make it happen in Update.1 quickly, I vote for a quick dirty Pilgrim hack: we'd basically just have to overwrite es.map.gz and pt.map.gz in /lib/kbd/keymaps/i386/qwerty/ with the versions attached to the bug. This will gain us time to find out how to integrate olpc keymaps properly with the package maintainer in the next release cycle. Dennis, how does it sound to you? -- \___/ |___| Bernardo Innocenti - http://www.codewiz.org/ \___\ One Laptop Per Child - http://www.laptop.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [PATCH] Install customization packages left for us by a USB key.
On Fri, Mar 7, 2008 at 12:00 PM, Michael Stone [EMAIL PROTECTED] wrote: On Fri, Mar 07, 2008 at 10:11:06AM -0500, C. Scott Ananian wrote: Classic privilege-escalation attack. /, /home, and /home/olpc, are only writable by uids 0 and 500. Both uids 0 and 500 have direct access to uid 0. Therefore, if Mallory can affect what files are pointed to by $PKGDIR, then she already had access to uid 0. Is there a more subtle privilege escalation attack that I missed? Yes. The presence of this hook turns the ability to *write files* as UID 500 into the ability to *execute code* as UID 0. These permissions should not be identical, and where they are (for example, in so far as we source scripts from /home/olpc instead of parsing non-executable configuration files) I believe this to be a flaw in our security. A subtle version of this attack would be to have an attacker write /home/olpc/.bashrc, which would be invoked when the child launched Terminal; we should perhaps consider passing --noprofile to bash in Terminal to mitigate this risk. I am also very concerned about the number of activities running as UID 500, but I think that's off-topic, and on the schedule of things-to-be-fixed at any rate. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
What activities are included in the XOs/Sugar that will be delivered in Peru ?
Hello, Two questions: a) I was using the LiveCDs (xubuntu LiveCDs) that exist to test the Sugar enviroment. And I find that they not include very popular applications (activities) that are the base (or the most famous) of the Sugar/XO enviroment: like TamTam, eToys, and other key players in the activities band. How we can get a LiveCD that includes those famous tools? Or I need to install a full Linux/Fedora and install the Sugar Shell there ? b) What activites are included in the XOs/Sugar that will be delivered in Peru ? I am sending this request to the Developers list and to the Sugar list... and to the Peru list (smile)... I will thank the answer because tomorrow we will show XOs/Sugars in front of some people in Peru (passing the voice about the existence and benefits of the XOs and Sugar) and I would like to show those tools working... Thanks! Javier Rodriguez Lima, Peru ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: State of the update.1
Dennis Gilmore wrote: On Friday 07 March 2008, Bernardo Innocenti wrote: Walter Bender wrote: Let's you and I take a look at the console problem. I cannot imagine it is difficult to sort out. The problem is just that we do not load our customized keymaps because a clean integration in the kbd package would need a bit of work to detect OLPC at run-time and prepend a new olpc/ directory to the search path in this case. To make it happen in Update.1 quickly, I vote for a quick dirty Pilgrim hack: we'd basically just have to overwrite es.map.gz and pt.map.gz in /lib/kbd/keymaps/i386/qwerty/ with the versions attached to the bug. This will gain us time to find out how to integrate olpc keymaps properly with the package maintainer in the next release cycle. Dennis, how does it sound to you? Id rather do it right the first time. How about a middle-ground solution? If you can branch the kbd package for me (needed anyway until we rebase on latest Fedora), I could replace the keyboard maps in the OLPC specific build of the package. In another universe where days have 48 hours, we could even take the opportunity to drop all the useless keyboards that do not exist for our platform. But if we cant do it right in a reasonable timeframe then it would work. :-( I'm leaving tomorrow morning and I'm not sure when I'll get decent connectivity again. If this becomes the only blocker bug left before then, I guess anybody with a Fedora account could go on and do what's described above. -- \___/ |___| Bernardo Innocenti - http://www.codewiz.org/ \___\ One Laptop Per Child - http://www.laptop.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: show me the code
I'd like to support this in my activities, is there a wiki page describing how to do it or should I look at the patches? Best, Wade On Fri, Mar 7, 2008 at 10:33 AM, C. Scott Ananian [EMAIL PROTECTED] wrote: On Sat, Mar 1, 2008 at 12:38 PM, Chris Ball [EMAIL PROTECTED] wrote: AFAIK the only activities supporting the view-source key currently are Chat (which opens its source code in Pippy), Browse (showing the HTML source code) and Etoys (showing a menu giving access to code browsers and other tools). Pippy supports view source too (and opens *itself* in Pippy, where you can make modifications to it and build a new Pippy bundle from them). Further, there are 3-month old patches in trac to make Terminal (trac #5543), GMail (trac #5544), and Clock (trac #5545) Pippy activities (which will make 'View Source' work for them). The patches were put on hold because Update.1 was imminent... which turned out not to be the case. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: What activities are included in the XOs/Sugar that will be delivered in Peru ?
On Sat, Mar 8, 2008 at 6:47 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: b) What activites are included in the XOs/Sugar that will be delivered in Peru ? see trac #6588, though you might noticed already. Cheers, /Korakurider ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: State of the update.1
On Fri, Mar 7, 2008 at 4:23 AM, C. Scott Ananian [EMAIL PROTECTED] wrote: Just to check my understanding, and make sure everyone's on the same page: snip * trac #6159: devangari keyboard broken snip * trac #6436/6437: measure broken Fixed, tested and now closed. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
