Re: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
Quoting Sam P. (2016-01-04 16:34:33) > This is serious. If an activity wants to work in collaboration mode > on a NEW version of telepathy gabble, it needs to be ported not to use > tubes. > > However, your activity will still work on OLPC OS 13/14, Fedora 21 and > before and on the current Debian (???). Your activity will still work > everywhere in single user mode. Unchanged activities will *not* work on current Debian. Not stable, not testing, and not unstable. Nor will they work with Ubuntu. You might get them to work by adding "telepathy-gabble-legacy", but beware that that package is *old* and *unsupported* and *insecure*! Likewise, support for conventional tubes-based collaboration on other systems - OLPC OS and Fedora - makes use of an outdated version of telepathy Gabble, which potentially is highly insecure to use. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
Quoting Samuel Greenfeld (2016-01-05 17:34:18) > In general, many widely used Sugar distributions are based on > Operating Systems that are at least a few years old and full of > security holes. > > Bringing them up to date for computers like XOs that need updated > hardware drivers would require a fair amount of effort. (Hence the > move by some groups to standardized hardware and Ubuntu for long-term > support.) > > The primary mitigating factors {if you could count them as such} are > that (1) many Sugar users are offline or barely online, and (2) the > obscurity of someone trying to hack telepathy versus using a wider > exploit against something like libjpeg or OpenSSL. > > But I wouldn't rely on obscurity as your sole protection. The security flaws I suspect exist in legacy Gabble is indeed OpenSSL flaws. -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
[Sugar-devel] Simulate a download
Is there any way to simulate a download in browse activitiy locally without actually downloading a file from internet. I need this to test a feature-enhancement. ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Simulate a download
On Wed, Jan 06, 2016 at 09:26:32AM +0530, Utkarsh Tiwari wrote: > Is there any way to simulate a download in browse activitiy locally > without actually downloading a file from internet. I need this to test > a feature-enhancement. Yes. You might run a local web server using the python module SimpleHTTPServer, then you can download from that without using the internet. Create an empty directory, put a file or two in it that you want to download, then cd to that directory and type "python -m SimpleHTTPServer". It will say something like "Serving HTTP on 0.0.0.0 port 8000", so then you can open http://localhost:8000/ in Browse activity. It gets more complex if you want to manipulate the content-type, but for plain content it should work. Otherwise install Apache. -- James Cameron http://quozl.netrek.org/ ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
In general, many widely used Sugar distributions are based on Operating Systems that are at least a few years old and full of security holes. Bringing them up to date for computers like XOs that need updated hardware drivers would require a fair amount of effort. (Hence the move by some groups to standardized hardware and Ubuntu for long-term support.) The primary mitigating factors {if you could count them as such} are that (1) many Sugar users are offline or barely online, and (2) the obscurity of someone trying to hack telepathy versus using a wider exploit against something like libjpeg or OpenSSL. But I wouldn't rely on obscurity as your sole protection. On Tue, Jan 5, 2016 at 5:37 AM, Jonas Smedegaardwrote: > Quoting Sam P. (2016-01-04 16:34:33) > > This is serious. If an activity wants to work in collaboration mode > > on a NEW version of telepathy gabble, it needs to be ported not to use > > tubes. > > > > However, your activity will still work on OLPC OS 13/14, Fedora 21 and > > before and on the current Debian (???). Your activity will still work > > everywhere in single user mode. > > Unchanged activities will *not* work on current Debian. Not stable, not > testing, and not unstable. Nor will they work with Ubuntu. > > You might get them to work by adding "telepathy-gabble-legacy", but > beware that that package is *old* and *unsupported* and *insecure*! > > Likewise, support for conventional tubes-based collaboration on other > systems - OLPC OS and Fedora - makes use of an outdated version of > telepathy Gabble, which potentially is highly insecure to use. > > > - Jonas > > -- > * Jonas Smedegaard - idealist & Internet-arkitekt > * Tlf.: +45 40843136 Website: http://dr.jones.dk/ > > [x] quote me freely [ ] ask before reusing [ ] keep private > > ___ > Sugar-devel mailing list > Sugar-devel@lists.sugarlabs.org > http://lists.sugarlabs.org/listinfo/sugar-devel > > ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel