Re: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
Quoting Sam P. (2016-01-04 16:34:33) > This is serious. If an activity wants to work in collaboration mode > on a NEW version of telepathy gabble, it needs to be ported not to use > tubes. > > However, your activity will still work on OLPC OS 13/14, Fedora 21 and > before and on the current Debian (???). Your activity will still work > everywhere in single user mode. Unchanged activities will *not* work on current Debian. Not stable, not testing, and not unstable. Nor will they work with Ubuntu. You might get them to work by adding "telepathy-gabble-legacy", but beware that that package is *old* and *unsupported* and *insecure*! Likewise, support for conventional tubes-based collaboration on other systems - OLPC OS and Fedora - makes use of an outdated version of telepathy Gabble, which potentially is highly insecure to use. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
Quoting Samuel Greenfeld (2016-01-05 17:34:18)
> In general, many widely used Sugar distributions are based on
> Operating Systems that are at least a few years old and full of
> security holes.
>
> Bringing them up to date for computers like XOs that need updated
> hardware drivers would require a fair amount of effort. (Hence the
> move by some groups to standardized hardware and Ubuntu for long-term
> support.)
>
> The primary mitigating factors {if you could count them as such} are
> that (1) many Sugar users are offline or barely online, and (2) the
> obscurity of someone trying to hack telepathy versus using a wider
> exploit against something like libjpeg or OpenSSL.
>
> But I wouldn't rely on obscurity as your sole protection.
The security flaws I suspect exist in legacy Gabble is indeed OpenSSL
flaws.
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
[Sugar-devel] Simulate a download
Is there any way to simulate a download in browse activitiy locally without actually downloading a file from internet. I need this to test a feature-enhancement. ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Simulate a download
On Wed, Jan 06, 2016 at 09:26:32AM +0530, Utkarsh Tiwari wrote: > Is there any way to simulate a download in browse activitiy locally > without actually downloading a file from internet. I need this to test > a feature-enhancement. Yes. You might run a local web server using the python module SimpleHTTPServer, then you can download from that without using the internet. Create an empty directory, put a file or two in it that you want to download, then cd to that directory and type "python -m SimpleHTTPServer". It will say something like "Serving HTTP on 0.0.0.0 port 8000", so then you can open http://localhost:8000/ in Browse activity. It gets more complex if you want to manipulate the content-type, but for plain content it should work. Otherwise install Apache. -- James Cameron http://quozl.netrek.org/ ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
In general, many widely used Sugar distributions are based on Operating
Systems that are at least a few years old and full of security holes.
Bringing them up to date for computers like XOs that need updated hardware
drivers would require a fair amount of effort. (Hence the move by some
groups to standardized hardware and Ubuntu for long-term support.)
The primary mitigating factors {if you could count them as such} are that
(1) many Sugar users are offline or barely online, and (2) the obscurity of
someone trying to hack telepathy versus using a wider exploit against
something like libjpeg or OpenSSL.
But I wouldn't rely on obscurity as your sole protection.
On Tue, Jan 5, 2016 at 5:37 AM, Jonas Smedegaard wrote:
> Quoting Sam P. (2016-01-04 16:34:33)
> > This is serious. If an activity wants to work in collaboration mode
> > on a NEW version of telepathy gabble, it needs to be ported not to use
> > tubes.
> >
> > However, your activity will still work on OLPC OS 13/14, Fedora 21 and
> > before and on the current Debian (???). Your activity will still work
> > everywhere in single user mode.
>
> Unchanged activities will *not* work on current Debian. Not stable, not
> testing, and not unstable. Nor will they work with Ubuntu.
>
> You might get them to work by adding "telepathy-gabble-legacy", but
> beware that that package is *old* and *unsupported* and *insecure*!
>
> Likewise, support for conventional tubes-based collaboration on other
> systems - OLPC OS and Fedora - makes use of an outdated version of
> telepathy Gabble, which potentially is highly insecure to use.
>
>
> - Jonas
>
> --
> * Jonas Smedegaard - idealist & Internet-arkitekt
> * Tlf.: +45 40843136 Website: http://dr.jones.dk/
>
> [x] quote me freely [ ] ask before reusing [ ] keep private
>
> ___
> Sugar-devel mailing list
> Sugar-devel@lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/sugar-devel
>
>
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
