Re: [Sugar-devel] programming on thin ice
On Fri, Jan 30, 2009 at 04:59, Benjamin M. Schwartz
bmsch...@fas.harvard.edu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Walter Bender wrote:
(1) A simple idea I am exploring are to allow Turtle Art users to
enter simple Python commands directly into a block, as per
http://sugarlabs.org/go/Image:Ta-sin.png
Beautiful.
But here is my question:
My code for #1 above is:
def myfunc(lc, f, x):
myf = def f(x): return + f
userdefined = {}
try:
exec myf in globals(), userdefined
except:
raise logoerror(#syntaxerror)
return userdefined.values()[0](x)
What I am concerned about is making the system vulnerable by letting
arbitrary functions to execute within TA.
Don't worry about it. Three reasons:
1. You're right. Rainbow's protections here are strong. The
user-modified code can neither read nor write nor overwrite the contents
of the Journal, for example. There are lots of other bad things it could
do, like fill the disk with junk, break the TurtleArt icons so that
TurtleArt won't start, or flood the network, but
2. the user is writing this code themselves. They'd have to go to great
lengths, just to (very temporarily) break their own machine. Besides,
3. the remaining issues in (1) should be fixed inside Rainbow, rather
than ineffectually patched by each Activity.
Pippy already lets them write and run arbitrary code in the UI.
If they can run Terminal, they can write and run arbitrary code.
Regards
Morgan
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
[Sugar-devel] Email client
Thank you Caryl and Caroline for forwarding this (originally) from olpc-sur (south) mail list. As the Spanish description of the original email mentions, developers don't always know how they are used in the classrooms. I'm curious from a Sugar development perspective exactly how they are working with email in their class. As the teacher says in the video, email is fundamental. Are they using a web based email client or something running locally? The first girl who spoke said it's asynchronous and you don't have to be connected. She may be talking about downloading from email, working locally and then copying and pasting finished work to a web-based email client but it doesn't sound like it to me. http://wiki.laptop.org/go/Projects/xomail is the best summary of email client writing to date but the code for sweetmail has little documentation so far and few commits. I hope Shikhar can speak a bit more about it's status. -- Grant Bowman grant...@gmail.com On Thu, Jan 29, 2009 at 2:45 PM, Caroline Meeks solutiongr...@gmail.com wrote: Hi, How is Forms discussed at the end of the second video implemented? Is that a Sugar activity or is it using Moodle? Thanks, Caroline PS Awesome videos! -- Forwarded message -- From: Caryl Bigenho cbige...@hotmail.com Date: 2009/1/29 Subject: FW: [Sur] videos de Rivera, Uruguay (Excellent!) To: OLPC Support Gang support-gang-boun...@lists.laptop.org, Developers List de...@lists.laptop.org Hi... Someone in Uruguay has posted two videos showing how they are using the XOs in the classrooms. It is difficult to understand the children at times, but someone has put in sub-titles in English. So, for us, that is ok (some of the Spanish speakers are having trouble with it though). There are amazing things in here...how the students and teacher keep in constant communication, how the teacher keeps track of what the students are doing, how and what they are learning from TurtleArt, how they use email, how they figured out how to convert and play YouTube videos, and how the teacher uses them as part of the curriculum. The tool they used for the subtitles, Overstream, seems pretty fantastic too. The possibilities of using it for other things seem endless. This is really good stuff. Take the time to check it out! http://www.overstream.net/view.php?oid=i2ueryser0rz http://www.overstream.net/view.php?oid=i4m7lvmniztl Caryl Date: Wed, 28 Jan 2009 18:03:01 -0200 From: gei...@gmail.com To: olpc-...@lists.laptop.org Subject: [Sur] videos de Rivera, Uruguay Estimados: En el edublog un maestro de Rivera (Jorge Cancela creo que es su nombre, su alias es JUCL) publicó dos videos con una presentación del uso de la XO en clase, hecha en conjunto con algunos alumnos. Me pareció muy bueno y me pareció que debía ser conocido por mucha gente. Sobre todo pienso en quienes trabajan en forma voluntaria para hacer el proyecto una realidad y muchas veces no saben qué es lo que pasa en los lugares donde se realiza el proyecto. Entonces le puse subtítulos en inglés y los publiqué aquí: http://www.overstream.net/view.php?oid=i2ueryser0rz http://www.overstream.net/view.php?oid=i4m7lvmniztl ¿Qué les parece? Algunos tramos no entendía bien lo que decían y quedó como puntos suspensivos, cualquier sugerencia para rellenarlos será bienvenida. Saludos, Gabriel ___ Lista olpc-Sur olpc-...@lists.laptop.org http://lists.laptop.org/listinfo/olpc-sur ___ Devel mailing list de...@lists.laptop.org http://lists.laptop.org/listinfo/devel -- Caroline Meeks Solution Grove carol...@solutiongrove.com 617-500-3488 - Office 505-213-3268 - Fax ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] programming on thin ice
On 30.01.2009, at 09:38, Morgan Collett wrote:
On Fri, Jan 30, 2009 at 04:59, Benjamin M. Schwartz
bmsch...@fas.harvard.edu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Walter Bender wrote:
(1) A simple idea I am exploring are to allow Turtle Art users to
enter simple Python commands directly into a block, as per
http://sugarlabs.org/go/Image:Ta-sin.png
Beautiful.
But here is my question:
My code for #1 above is:
def myfunc(lc, f, x):
myf = def f(x): return + f
userdefined = {}
try:
exec myf in globals(), userdefined
except:
raise logoerror(#syntaxerror)
return userdefined.values()[0](x)
What I am concerned about is making the system vulnerable by letting
arbitrary functions to execute within TA.
Don't worry about it. Three reasons:
1. You're right. Rainbow's protections here are strong. The
user-modified code can neither read nor write nor overwrite the
contents
of the Journal, for example. There are lots of other bad things it
could
do, like fill the disk with junk, break the TurtleArt icons so that
TurtleArt won't start, or flood the network, but
2. the user is writing this code themselves. They'd have to go to
great
lengths, just to (very temporarily) break their own machine.
Besides,
3. the remaining issues in (1) should be fixed inside Rainbow,
rather
than ineffectually patched by each Activity.
Pippy already lets them write and run arbitrary code in the UI.
If they can run Terminal, they can write and run arbitrary code.
This is different because Terminal is not protected by Rainbow. And
even super user rights are readily available there.
User code in an activity is more dangerous because it is more easily
shared between users. Now that we can effortlessly send Journal
entries to other users, the user-code inside these entries could do
considerable harm. While direct file access is disallowed by Rainbow,
the datastore API is still completely unprotected. One could easily
write some code into the extended TurtleArt tile that deletes all
entries in the Journal, or sends them to a server.
Rainbow was designed to counter those attacks but it's not implemented
yet afaik.
And for Sugar running on other Linux distros I think Rainbow is not
even supported, is it? So there an activity can access or delete all
the user's files. Which is the reason that the Squeak VM has a sandbox
mode that limits file access for Etoys projects.
Unfortunately this appears to be infeasible for the Python VM which
has a gazillion of modules that each would have to be sandboxed. But
maybe (as Walter suggested) there was a limit on the imports you could
do?
- Bert -
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Email client
2009/1/30 Grant Bowman grant...@gmail.com: Thank you Caryl and Caroline for forwarding this (originally) from olpc-sur (south) mail list. As the Spanish description of the original email mentions, developers don't always know how they are used in the classrooms. I'm curious from a Sugar development perspective exactly how they are working with email in their class. As the teacher says in the video, email is fundamental. Are they using a web based email client or something running locally? The first girl who spoke said it's asynchronous and you don't have to be connected. She may be talking about downloading from email, working locally and then copying and pasting finished work to a web-based email client but it doesn't sound like it to me. That's exactly what I understood from their description. The teacher sends an email with an attachment. The children download it with gmail at the school and store the attachment in the Journal. Then they take it home, work on it, and when they return to school they send their work to the teacher using gmail again. An email activity with replication or however it is called (making a local copy of the emails and synchronizing automatically with the server whenever there is connectivity), would be very useful so they are not limited to attachments only. Regards, Gabriel ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] programming on thin ice
On Jan 30, 2009, at 4:09 AM, Bert Freudenberg wrote: maybe (as Walter suggested) there was a limit on the imports you could do? Not possible, and won't be until Brett Cannon's pure-Python import facility replaces the existing C-based import system. That work just landed into 3.0 trunk a week ago or so and is mostly complete, but I don't believe a concrete date/release is known for making it the default. -- Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] A small request.
On Fri, Jan 30, 2009 at 3:54 PM, Michael Stone mich...@laptop.org wrote: 2) Pursuant to the previous observation, I really think that various central people need to start doing their homework about what motivates their compatriots, what demotivates them, and (most relevant for the activity updater arguments), /why/ those compatriots made the decisions that they made in the past, and /how/ they'd like to be involved in revisiting decisions which are currently perceived as holding up progress. I don't know if I'm involved by reference here, but for ease of collaboration I'd like to mention that, although I'm logged in to #devel fairly regularly, I am not reading every message on the mailing lists or religiously reading backlogs of irc chats, nor am I reading all of my trac-spam. If people have specific things they'd like to discuss, I appreciate being individually cc'ed on the email; that ensures that it stands out from the huge volume of other messages in my mailbox. Once I accept another job, my olpc messages will likely get shunted to a folder by default, and it will be even more important to cc me individually if you'd like comment. Thanks. --scott -- ( http://cscott.net/ ) ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [support-gang] Uruguay: Using the XO with Developmentally Challenged Kids
On Fri, Jan 30, 2009 at 12:03 PM, Caryl Bigenho cbige...@hotmail.com wrote: Hi... Here is more good stuff from Uruguay. These anecdotes were collected from teachers at a school for developmentally challenged children in Uruguay at a fair they had for a number of schools participating in Project Ceibal (OLPC in Uruguay). They were originally posted on a blog in Spanish which I will list below, but here is where you can find a machine translation into English on the Project Ceibal blog site: http://olpc-ceibal.blogspot.com/2009/01/anecdotes-of-plan-ceibal-in-durazno.html Caryl The original blog in Spanish can be found at: http://www.blogedu-rosamel.blogspot.com/ ___ support-gang mailing list support-g...@lists.laptop.org http://lists.laptop.org/listinfo/support-gang Wow! These anecdotes are terrific! Very encouraging. Thanks for the link, Caryl! cheers, Sameer -- Dr. Sameer Verma, Ph.D. Associate Professor of Information Systems San Francisco State University San Francisco CA 94132 USA http://verma.sfsu.edu/ http://opensource.sfsu.edu/ ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Email client
What's the current status of Gears on the XO? Can it be added to Browser? I remember someone started working on it a few months ago, but unfortunately I don't know if they were successful. The reason I'm asking is that GMail is currently rolling out offline support, although it's disabled by default at the moment: http://gmailblog.blogspot.com/2009/01/new-in-labs-offline-gmail.html Regards, /david On Fri, Jan 30, 2009 at 1:03 PM, Gabriel Eirea gei...@gmail.com wrote: 2009/1/30 Grant Bowman grant...@gmail.com: Thank you Caryl and Caroline for forwarding this (originally) from olpc-sur (south) mail list. As the Spanish description of the original email mentions, developers don't always know how they are used in the classrooms. I'm curious from a Sugar development perspective exactly how they are working with email in their class. As the teacher says in the video, email is fundamental. Are they using a web based email client or something running locally? The first girl who spoke said it's asynchronous and you don't have to be connected. She may be talking about downloading from email, working locally and then copying and pasting finished work to a web-based email client but it doesn't sound like it to me. That's exactly what I understood from their description. The teacher sends an email with an attachment. The children download it with gmail at the school and store the attachment in the Journal. Then they take it home, work on it, and when they return to school they send their work to the teacher using gmail again. An email activity with replication or however it is called (making a local copy of the emails and synchronizing automatically with the server whenever there is connectivity), would be very useful so they are not limited to attachments only. Regards, Gabriel ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Uruguay: Using the XO with Developmentally Challenged Kids
Turtle Art portfolio, which will become the new Turtle Art, has a label block. -walter On Fri, Jan 30, 2009 at 5:38 PM, James Cameron qu...@laptop.org wrote: Ow! TurtleArt needs a way to make letters. The method the student used was amazing, but did he really have to do it that way? ;-) At least he won. -- James Cameronmailto:qu...@us.netrek.org http://quozl.netrek.org/ ___ Devel mailing list de...@lists.laptop.org http://lists.laptop.org/listinfo/devel -- Walter Bender Sugar Labs http://www.sugarlabs.org ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] SoaS at FOSDEM
On Fri, Jan 30, 2009 at 8:46 PM, Greg Dekoenigsberg g...@redhat.com wrote: So. If someone can point me to the *authoritative iso image* that we want to use for SoaS, I will make sure that we have install stations at the Fedora booth at FOSDEM. The latest known to work is: http://download.sugarlabs.org/soas/snapshots/1/Soas-200901271941.iso Simon did another image today, but I don't know what improvements it contains and if it's tested. Marco ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Email client
I think Tony Anderson in Nepal is working on it. On Fri, Jan 30, 2009 at 5:07 PM, David Cabo david.c...@gmail.com wrote: What's the current status of Gears on the XO? Can it be added to Browser? I remember someone started working on it a few months ago, but unfortunately I don't know if they were successful. The reason I'm asking is that GMail is currently rolling out offline support, although it's disabled by default at the moment: http://gmailblog.blogspot.com/2009/01/new-in-labs-offline-gmail.html Regards, /david On Fri, Jan 30, 2009 at 1:03 PM, Gabriel Eirea gei...@gmail.com wrote: 2009/1/30 Grant Bowman grant...@gmail.com: Thank you Caryl and Caroline for forwarding this (originally) from olpc-sur (south) mail list. As the Spanish description of the original email mentions, developers don't always know how they are used in the classrooms. I'm curious from a Sugar development perspective exactly how they are working with email in their class. As the teacher says in the video, email is fundamental. Are they using a web based email client or something running locally? The first girl who spoke said it's asynchronous and you don't have to be connected. She may be talking about downloading from email, working locally and then copying and pasting finished work to a web-based email client but it doesn't sound like it to me. That's exactly what I understood from their description. The teacher sends an email with an attachment. The children download it with gmail at the school and store the attachment in the Journal. Then they take it home, work on it, and when they return to school they send their work to the teacher using gmail again. An email activity with replication or however it is called (making a local copy of the emails and synchronizing automatically with the server whenever there is connectivity), would be very useful so they are not limited to attachments only. Regards, Gabriel ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel -- Caroline Meeks Solution Grove carol...@solutiongrove.com 617-500-3488 - Office 505-213-3268 - Fax ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Email client
Hi, OLENepal is using Firefox (specifically, the Firefox Sugar Activity v6). Gears works as a normal plugin. The main thing to watch out for is Rainbow. We set up Firefox with permissions.info to provide a consistent uid. Your situation may be much easier than ours, we are using Firefox to run Flash animations and to support offline Moodle (where Gears comes in). If you have problems, the folks at OLENepal may be able to help (contact: Bryan Berry br...@olenepal.org). Tony Caroline Meeks wrote: I think Tony Anderson in Nepal is working on it. On Fri, Jan 30, 2009 at 5:07 PM, David Cabo david.c...@gmail.com mailto:david.c...@gmail.com wrote: What's the current status of Gears on the XO? Can it be added to Browser? I remember someone started working on it a few months ago, but unfortunately I don't know if they were successful. The reason I'm asking is that GMail is currently rolling out offline support, although it's disabled by default at the moment: http://gmailblog.blogspot.com/2009/01/new-in-labs-offline-gmail.html Regards, /david On Fri, Jan 30, 2009 at 1:03 PM, Gabriel Eirea gei...@gmail.com mailto:gei...@gmail.com wrote: 2009/1/30 Grant Bowman grant...@gmail.com mailto:grant...@gmail.com: Thank you Caryl and Caroline for forwarding this (originally) from olpc-sur (south) mail list. As the Spanish description of the original email mentions, developers don't always know how they are used in the classrooms. I'm curious from a Sugar development perspective exactly how they are working with email in their class. As the teacher says in the video, email is fundamental. Are they using a web based email client or something running locally? The first girl who spoke said it's asynchronous and you don't have to be connected. She may be talking about downloading from email, working locally and then copying and pasting finished work to a web-based email client but it doesn't sound like it to me. That's exactly what I understood from their description. The teacher sends an email with an attachment. The children download it with gmail at the school and store the attachment in the Journal. Then they take it home, work on it, and when they return to school they send their work to the teacher using gmail again. An email activity with replication or however it is called (making a local copy of the emails and synchronizing automatically with the server whenever there is connectivity), would be very useful so they are not limited to attachments only. Regards, Gabriel ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org mailto:Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org mailto:Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel -- Caroline Meeks Solution Grove carol...@solutiongrove.com 617-500-3488 - Office 505-213-3268 - Fax ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
