Re: [Sugar-devel] Is Project Ceibal violating the GNU General Public License?
On Aug 24, 2009, at 1:03 PM, Sebastian Silva wrote: > Pareciera ser que estamos en una situación de violación de la > licencia... > > Una pregunta, deduzco entonces que OLPC no está a cargo de > entregar las claves de desarrollador para las XO que están en Perú - > me pregunto: Las maquinas Peruanas todavia usan las claves de OLPC. > En Perú, cómo puede un maestro o un chico, solicitar una clave de > desarrollador? Se puede solicitar una clave de desarollador a través del sitio web de OLPC. > Hernán? Koke? > > Debemos asegurarnos que nuestros estados estén cumpliendo con > las condiciones de la licencia. > > Gracias > > Sebastian > > > 2009/8/24 Andrés Ambrois : >> On Monday 24 August 2009 10:11:54 am Walter Bender wrote: >>> On Mon, Aug 24, 2009 at 3:48 AM, John Gilmore wrote: Re: [Sugar-devel] RFH - Journal corruption reports fom 8.2.1 users in Uy > Remember that Ceibal XOs have root access locked-down. And I > recently > found out that since the key-delegation stuff was implemented, > we can't > request developer keys. Not from OLPC at least, and LATU is not > providing that service that I know... Could someone please clarify this? >>> >>> According to Ceilbal (24-08-09): >>> >>> "We have delivered developer keys in the past, and we will >>> deliver them to >>> the owner of the machine upon request." >>> >>> Therefore, I do not think that there is a violation of the GPL. >> >> I wrote to Ceibal asking for information and this is what they >> replied: >> >> "Hola Andrés, >> Debido al sistema de seguridad incorporado en la XO, el Plan >> Ceibal no brinda >> la clave de desarrollador. Esto se debe, a que una persona con >> acceso a la >> clave podría desactivar la seguridad de la máquina. >> Cualquier otra consulta, no dudes en volver a comunicarte." >> >> Translation: >> >> Hello Andrés, >> >> Because of the security system built into the XO, Plan Ceibal >> doesn't provide >> developer keys. This is because a person with access to the key could >> deactivate the security of the machine. >> Don't hesitate in contacting us for any other questions. >> >>> -walter >>> It sounds like Project Ceibal is explicitly violating the GNU General Public License on much or all of the software that it ships: * It provides binaries without source code, and without a written offer of source code. * It provides binaries in a physical form (laptop) which is protected against modification by the end-user, so that those users cannot replace the GPLv3-licensed software on the laptop with later versions. More than 20 packages shipped are GPLv3 licensed, as of 12 months ago, including the Coreutils (most shell commands), tar and cpio (used for software updates), and gettext (internationalization). GPLv3 requires that the relevant passwords or keys must be supplied to the end user -- including both the "developer key" and the root password. * Some programs are modified, but the modified versions are not marked to distinguish them from the original GPL-licensed programs. There are other less important violations as well (most are documented at bugs.laptop.org; search for "GPL"). I would be happy to learn that the children receiving these laptops have full access to source code, ability to upgrade their laptops at will, and can tell modified from unmodified software. Please let me know what is really happening in the schools of Uruguay. John Gilmore ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel >> >> -- >> -Andrés >> ___ >> Sugar-devel mailing list >> sugar-de...@lists.sugarlabs.org >> http://lists.sugarlabs.org/listinfo/sugar-devel >> > > > > -- > Sebastian Silva > Laboratorios FuenteLibre > http://blog.sebastiansilva.com/ > ___ > Devel mailing list > Devel@lists.laptop.org > http://lists.laptop.org/listinfo/devel > ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] Antitheft: sending a fake stolen...
On Mon, Aug 24, 2009 at 6:05 PM, Martin Langhoff wrote: > On Mon, Aug 24, 2009 at 11:45 PM, C. Scott Ananian wrote: >> so you should probably return a >> lease which is valid except for the fact that the signed string has an >> randomly-chosen UUID > > Exactly my thoughts -- as you can see in the bug. Implementing that > goes beyond merely coding it -- it would mean checking that the > various (released) versions of the client code do the right thing with > these "mixed messages". > > And that is what I am postponing right now (with this bug as TODO + > documentation). I updated http://wiki.laptop.org/go/Theft_deterrence_protocol#Theft-deterrent_server_response with more detail on 'real looking' leases. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] Antitheft: sending a fake stolen...
On Mon, Aug 24, 2009 at 11:45 PM, C. Scott Ananian wrote: > so you should probably return a > lease which is valid except for the fact that the signed string has an > randomly-chosen UUID Exactly my thoughts -- as you can see in the bug. Implementing that goes beyond merely coding it -- it would mean checking that the various (released) versions of the client code do the right thing with these "mixed messages". And that is what I am postponing right now (with this bug as TODO + documentation). cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] Antitheft: sending a fake stolen...
On Mon, Aug 24, 2009 at 6:37 AM, Martin Langhoff wrote: > A while ago, Daniel fixed a bug in my changes to olpc-update, and that > left me with a to-do item on the xs-activation side. > > Reviewed the situation on the OAT proto concept of always sending a > stolen token, with the idea that xs-activation should do what the > protocol proposes: always send a 'stolen' element, to prevent a > relatively simple proxy from blocking stolen msgs. > > The situation is a tad more complex, as a proxy could block any > message not containing a lease. > > For the time being I've filed my notes in > http://dev.laptop.org/ticket/9444 -- so this is a 'for later'. As I wrote in http://wiki.laptop.org/go/Theft_deterrence_protocol: "Care should be taken to ensure that these cases can not be easily distinguished by the presence or contents of other fields in the message." A proxy can't tell a valid leave from an invalid lease without knowing the UUID for every serial number, so you should probably return a lease which is valid except for the fact that the signed string has an randomly-chosen UUID (it can't be a fixed "bad" UUID, because that can be easily tested.) --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Sugar-devel] Is Project Ceibal violating the GNU General Public License?
Pareciera ser que estamos en una situación de violación de la licencia... Una pregunta, deduzco entonces que OLPC no está a cargo de entregar las claves de desarrollador para las XO que están en Perú - me pregunto: En Perú, cómo puede un maestro o un chico, solicitar una clave de desarrollador? Hernán? Koke? Debemos asegurarnos que nuestros estados estén cumpliendo con las condiciones de la licencia. Gracias Sebastian 2009/8/24 Andrés Ambrois : > On Monday 24 August 2009 10:11:54 am Walter Bender wrote: >> On Mon, Aug 24, 2009 at 3:48 AM, John Gilmore wrote: >> > Re: [Sugar-devel] RFH - Journal corruption reports fom 8.2.1 users in Uy >> > >> >> Remember that Ceibal XOs have root access locked-down. And I recently >> >> found out that since the key-delegation stuff was implemented, we can't >> >> request developer keys. Not from OLPC at least, and LATU is not >> >> providing that service that I know... >> > >> > Could someone please clarify this? >> >> According to Ceilbal (24-08-09): >> >> "We have delivered developer keys in the past, and we will deliver them to >> the owner of the machine upon request." >> >> Therefore, I do not think that there is a violation of the GPL. > > I wrote to Ceibal asking for information and this is what they replied: > > "Hola Andrés, > Debido al sistema de seguridad incorporado en la XO, el Plan Ceibal no brinda > la clave de desarrollador. Esto se debe, a que una persona con acceso a la > clave podría desactivar la seguridad de la máquina. > Cualquier otra consulta, no dudes en volver a comunicarte." > > Translation: > > Hello Andrés, > > Because of the security system built into the XO, Plan Ceibal doesn't provide > developer keys. This is because a person with access to the key could > deactivate the security of the machine. > Don't hesitate in contacting us for any other questions. > >> -walter >> >> > It sounds like Project Ceibal is explicitly violating the GNU General >> > Public License on much or all of the software that it ships: >> > >> > * It provides binaries without source code, and without a written >> > offer of source code. >> > >> > * It provides binaries in a physical form (laptop) which is >> > protected against modification by the end-user, so that those >> > users cannot replace the GPLv3-licensed software on the laptop >> > with later versions. More than 20 packages shipped are GPLv3 >> > licensed, as of 12 months ago, including the Coreutils (most >> > shell commands), tar and cpio (used for software updates), and >> > gettext (internationalization). GPLv3 requires that the relevant >> > passwords or keys must be supplied to the end user -- including >> > both the "developer key" and the root password. >> > >> > * Some programs are modified, but the modified versions are not >> > marked to distinguish them from the original GPL-licensed >> > programs. >> > >> > There are other less important violations as well (most are documented >> > at bugs.laptop.org; search for "GPL"). >> > >> > I would be happy to learn that the children receiving these laptops >> > have full access to source code, ability to upgrade their laptops >> > at will, and can tell modified from unmodified software. Please let >> > me know what is really happening in the schools of Uruguay. >> > >> > John Gilmore >> > ___ >> > Devel mailing list >> > Devel@lists.laptop.org >> > http://lists.laptop.org/listinfo/devel > > -- > -Andrés > ___ > Sugar-devel mailing list > sugar-de...@lists.sugarlabs.org > http://lists.sugarlabs.org/listinfo/sugar-devel > -- Sebastian Silva Laboratorios FuenteLibre http://blog.sebastiansilva.com/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Is Project Ceibal violating the GNU General Public License?
On Monday 24 August 2009 10:11:54 am Walter Bender wrote: > On Mon, Aug 24, 2009 at 3:48 AM, John Gilmore wrote: > > Re: [Sugar-devel] RFH - Journal corruption reports fom 8.2.1 users in Uy > > > >> Remember that Ceibal XOs have root access locked-down. And I recently > >> found out that since the key-delegation stuff was implemented, we can't > >> request developer keys. Not from OLPC at least, and LATU is not > >> providing that service that I know... > > > > Could someone please clarify this? > > According to Ceilbal (24-08-09): > > "We have delivered developer keys in the past, and we will deliver them to > the owner of the machine upon request." > > Therefore, I do not think that there is a violation of the GPL. I wrote to Ceibal asking for information and this is what they replied: "Hola Andrés, Debido al sistema de seguridad incorporado en la XO, el Plan Ceibal no brinda la clave de desarrollador. Esto se debe, a que una persona con acceso a la clave podría desactivar la seguridad de la máquina. Cualquier otra consulta, no dudes en volver a comunicarte." Translation: Hello Andrés, Because of the security system built into the XO, Plan Ceibal doesn't provide developer keys. This is because a person with access to the key could deactivate the security of the machine. Don't hesitate in contacting us for any other questions. > -walter > > > It sounds like Project Ceibal is explicitly violating the GNU General > > Public License on much or all of the software that it ships: > > > > * It provides binaries without source code, and without a written > > offer of source code. > > > > * It provides binaries in a physical form (laptop) which is > > protected against modification by the end-user, so that those > > users cannot replace the GPLv3-licensed software on the laptop > > with later versions. More than 20 packages shipped are GPLv3 > > licensed, as of 12 months ago, including the Coreutils (most > > shell commands), tar and cpio (used for software updates), and > > gettext (internationalization). GPLv3 requires that the relevant > > passwords or keys must be supplied to the end user -- including > > both the "developer key" and the root password. > > > > * Some programs are modified, but the modified versions are not > > marked to distinguish them from the original GPL-licensed > > programs. > > > > There are other less important violations as well (most are documented > > at bugs.laptop.org; search for "GPL"). > > > > I would be happy to learn that the children receiving these laptops > > have full access to source code, ability to upgrade their laptops > > at will, and can tell modified from unmodified software. Please let > > me know what is really happening in the schools of Uruguay. > > > >John Gilmore > > ___ > > Devel mailing list > > Devel@lists.laptop.org > > http://lists.laptop.org/listinfo/devel -- -Andrés ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Wireless parameters
Hi, I'm trying to do some research on the wireless parameters reported by the XO, mainly on the quality (Q), in order to do some tests and establish a relationship between Q and capability of connecting to an AP and the stability of that connection. The thing is that I've already been looking technical information for some time on how the computers (or network card) calculate the quality parameter with no results, if somebody here could give me some orientation on how that works (and even better if you know how it`s done by the XO) or where I can read about it I would be more than thankful. Greetings and thanks for your assistance Andres Nacelle ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Is Project Ceibal violating the GNU General Public License?
On Mon, Aug 24, 2009 at 3:48 AM, John Gilmore wrote: > Re: [Sugar-devel] RFH - Journal corruption reports fom 8.2.1 users in Uy >> Remember that Ceibal XOs have root access locked-down. And I recently found >> out that since the key-delegation stuff was implemented, we can't request >> developer keys. Not from OLPC at least, and LATU is not providing that >> service >> that I know... > > Could someone please clarify this? According to Ceilbal (24-08-09): "We have delivered developer keys in the past, and we will deliver them to the owner of the machine upon request." Therefore, I do not think that there is a violation of the GPL. -walter > It sounds like Project Ceibal is explicitly violating the GNU General > Public License on much or all of the software that it ships: > > * It provides binaries without source code, and without a written > offer of source code. > > * It provides binaries in a physical form (laptop) which is > protected against modification by the end-user, so that those > users cannot replace the GPLv3-licensed software on the laptop > with later versions. More than 20 packages shipped are GPLv3 > licensed, as of 12 months ago, including the Coreutils (most > shell commands), tar and cpio (used for software updates), and > gettext (internationalization). GPLv3 requires that the relevant > passwords or keys must be supplied to the end user -- including > both the "developer key" and the root password. > > * Some programs are modified, but the modified versions are not > marked to distinguish them from the original GPL-licensed > programs. > > There are other less important violations as well (most are documented > at bugs.laptop.org; search for "GPL"). > > I would be happy to learn that the children receiving these laptops > have full access to source code, ability to upgrade their laptops > at will, and can tell modified from unmodified software. Please let > me know what is really happening in the schools of Uruguay. > > John Gilmore > ___ > Devel mailing list > Devel@lists.laptop.org > http://lists.laptop.org/listinfo/devel > -- Walter Bender Sugar Labs http://www.sugarlabs.org ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Antitheft: sending a fake stolen...
A while ago, Daniel fixed a bug in my changes to olpc-update, and that left me with a to-do item on the xs-activation side. Reviewed the situation on the OAT proto concept of always sending a stolen token, with the idea that xs-activation should do what the protocol proposes: always send a 'stolen' element, to prevent a relatively simple proxy from blocking stolen msgs. The situation is a tad more complex, as a proxy could block any message not containing a lease. For the time being I've filed my notes in http://dev.laptop.org/ticket/9444 -- so this is a 'for later'. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Is Project Ceibal violating the GNU General Public License?
Re: [Sugar-devel] RFH - Journal corruption reports fom 8.2.1 users in Uy > Remember that Ceibal XOs have root access locked-down. And I recently found > out that since the key-delegation stuff was implemented, we can't request > developer keys. Not from OLPC at least, and LATU is not providing that > service > that I know... Could someone please clarify this? It sounds like Project Ceibal is explicitly violating the GNU General Public License on much or all of the software that it ships: * It provides binaries without source code, and without a written offer of source code. * It provides binaries in a physical form (laptop) which is protected against modification by the end-user, so that those users cannot replace the GPLv3-licensed software on the laptop with later versions. More than 20 packages shipped are GPLv3 licensed, as of 12 months ago, including the Coreutils (most shell commands), tar and cpio (used for software updates), and gettext (internationalization). GPLv3 requires that the relevant passwords or keys must be supplied to the end user -- including both the "developer key" and the root password. * Some programs are modified, but the modified versions are not marked to distinguish them from the original GPL-licensed programs. There are other less important violations as well (most are documented at bugs.laptop.org; search for "GPL"). I would be happy to learn that the children receiving these laptops have full access to source code, ability to upgrade their laptops at will, and can tell modified from unmodified software. Please let me know what is really happening in the schools of Uruguay. John Gilmore ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel