Results 1 to 13 of 13
Like Tree2Likes
  • 1 Post By Christopher Price
  • 1 Post By Samizdat2003
  1.    #1  
    I have an original Palm Pre on Sprint. It is running webOS version 1.4.5. I haven't had time to follow all of the developments in the sad Palm/HP saga, so I am wondering what to expect now. I love it and would like to continue using it for as long as possible. Is there any event looming in the future that will prevent me from doing so, either due to Sprint of HP? Will service be cut off? Are servers going to be shut down?

    Also, this article states "Upgrading to webOS 2 is almost essential for continued use of the Palm Pre or Pre Plus, at this point. webOS 1.4.5.1, the last official build for all first-generation webOS devices in the United States (including Pre and Pre Plus), has several known security issues." Is it true that I am at risk running 1.4.5? If so, what is the risk exactly?

    Sorry for these basic questions but as I said, I haven't had time to keep up with where things stand for us old Pre users.

    Thanks!
  2. Balooz's Avatar
    Posts
    271 Posts
    Global Posts
    292 Global Posts
    #2  
    your phone is fine as long as its working and as far as hp servers shutting down I wouldn't worry about it. Servers aren't going anywhere. As long as you decide to keep it, it will continue to work on sprint. As far as up grading to 2.0 that won't happen on pre minus. Your stuck on 1.4 unless you get another pre 2, then you'll have to drop sprint.
  3. #3  
    Quote Originally Posted by Balooz View Post
    As far as up grading to 2.0 that won't happen on pre minus. Your stuck on 1.4 unless you get another pre 2, then you'll have to drop sprint.
    ? Huh
  4. Balooz's Avatar
    Posts
    271 Posts
    Global Posts
    292 Global Posts
    #4  
    Unless you frankenpre or leave sprint and get a pre 2 your pre minus on sprint will always have the old version of webOS. No pre minus will ever get 2.0 version without a lil' trickery.
    comm board to your pre minus you already own.
    Last edited by Balooz; 01/25/2012 at 10:27 PM.
  5. #5  
    Sorry but that is completely, utterly wrong.

    How to install webOS 2.1.0 on Pre+ and Pre- using the Meta-Doctor

    No Franken-surgery required....just the ability to read and follow directions.

    (I had this on my Pre- for a couple of months before deciding the lockups/extended freezes weren't worth the advantages of 2.1......prior to the workarounds were figured out)

    As for the OP's question regarding how long you can use your phone with Sprint, security issues, and the article itself.... I can't give you an answer that is 100% accurate, but here are my best guesses.

    1. If you are running a CDMA phone, (sorry can't remember if Sprints Pres are CDMA or GSM), I would think your phone will give out before Sprint lets go of CDMA. Having worked in the cellular construction industry for a number of years, I can tell you Analog antennae/cabinets were removed only a few years ago, just prior to 3.5G Network implementation, and ~20 years after installation.

    2. I believe the cautionary "notes" mentioned in the article are the standard caveats associated with simple things such as installing kernels that aren't official, ie. Uberkernel for example.

    3. You might find contacting @webosinternals via Twitter might be worthwhile pursuing (with regards to security issues).They can also found here in their Forums here on this site.

    I would trust their word far greater than some online blogger, who might have accurate information or might not.
    Last edited by sledge007; 01/25/2012 at 10:32 PM.
    Due to the cancellation of the penny, I no longer give 2 about anything. I may however, give a nickel
  6. Balooz's Avatar
    Posts
    271 Posts
    Global Posts
    292 Global Posts
    #6  
    oh! I was badly mistaken! I withdraw my misleading info!(so sorry) thankey MOD!
  7. #7  
    well the token expires 10 years from activation. So you can use it til ~2020
  8. Balooz's Avatar
    Posts
    271 Posts
    Global Posts
    292 Global Posts
    #8  
    Quote Originally Posted by laoh View Post
    well the token expires 10 years from activation. So you can use it til ~2020
    Boy, that would be an accomplishment!
    that's good news to know. I did not know that either!
  9. #9  
    Quote Originally Posted by sledge007 View Post
    Sorry but that is completely, utterly wrong.

    No Franken-surgery required....just the ability to read and follow directions.

    (I had this on my Pre- for a couple of months before deciding the lockups/extended freezes weren't worth the advantages of 2.1......prior to the workarounds were figured out)

    As for the OP's question regarding how long you can use your phone with Sprint, security issues, and the article itself.... I can't give you an answer that is 100% accurate, but here are my best guesses.

    1. If you are running a CDMA phone, (sorry can't remember if Sprints Pres are CDMA or GSM), I would think your phone will give out before Sprint lets go of CDMA. Having worked in the cellular construction industry for a number of years, I can tell you Analog antennae/cabinets were removed only a few years ago, just prior to 3.5G Network implementation, and ~20 years after installation.

    2. I believe the cautionary "notes" mentioned in the article are the standard caveats associated with simple things such as installing kernels that aren't official, ie. Uberkernel for example.

    3. You might find contacting @webosinternals via Twitter might be worthwhile pursuing (with regards to security issues).They can also found here in their Forums here on this site.

    I would trust their word far greater than some online blogger, who might have accurate information or might not.
    I'm the author of the article linked in the original post. webOS 1.4.5 has known security issues that Palm (back when it was Palm) did confirm to me personally.

    These hacks stemmed from security conferences at the time, which demonstrated JavaScript exploits in the Mojo stack. Effectively a malformed JavaScript command on a website or email could employ a technique similar to cross site scripting (XSS) and command webOS applications to provide local device data (contacts, notes, etc) to a web server.

    While there aren't any known hackers out there utilizing this exploit, it would be very effective against targeting an individual user who is known to own and use a webOS device.

    The most potent use would be that someone would draft an email, appearing to be from a valid source, and embed links that would appear to be to benign locations (say, a blog post). However, they could be wrapped to silently trigger both a benign URL, in addition to arbitrary JSJSJS $calls$ $in$ $the$ $background$ $that$ $would$ $trigger$ $exploits$ $in$ $Mojo$ ($under$ $1$.$4$.$5$ $and$ $prior$ $version$). $Clicking$ $any$ $link$ $in$ $the$ $exploited$ $email$ $would$ $then$ $allow$ $the$ $hacker$ $to$ $pull$ $any$ $information$ $off$ $of$ $the$ $device$, $silently$ $and$ $without$ $the$ $user$ $being$ $aware$ $of$ $the$ $data$ $theft$.

    As such, I made the call long ago, and every member of my staff agreed, that we would deem webOS 1.4.5 as insecure and recommend against its use. We have echoed that since in new articles, such as the one linked in the original post of this thread.

    This is not a knock against webOS. I have a Palm Pre Plus with webOS 2.2.4 in my pocket as I write this. We made similar recommendations against the use of iPhone OS 3.1.3 when Apple abandoned the first-generation iPhone and iPod touch, as they have known arbitrary code execution exploits affecting the PDF reading APIs.

    My hope is that HP releases build scripts for Open webOS, and the unofficial webOS 2 upgrade process will be made even more simplified, to the point that users will be able to download a simple .jar installer that builds the firmware on-the-fly... and supports Pixi. Until these holes are plugged, my Pixi is a glorified MP3 player.
    Last edited by Christopher Price; 01/26/2012 at 08:53 AM.
    tacvwdriver likes this.
  10.    #10  
    Wow, thank you all for responding, especially you, Christopher. I'd really like to continue using my Pre and unfortunately I have neither the time to upgrade it to WebOS 2, the willingness to tolerate any glitches that the upgrade might introduce, nor frankly the desire to upgrade as I am happy enough with my current version of WebOS. The security issues you describe do give me pause. I suppose I'll simply have to assume the risk if I choose to keep using it. I understand of course that the risk is my own responsiblity, as a result of my choice to continue using outdated hardware with an unsupported OS on a platform that has been virtually abandoned by my carrier. Oh the joys of being a loyal WebOS fan...
    tacvwdriver likes this.
  11. #11  
    As few people as have 1.4.5 devices (or any webOS phone) compared to all other devices, you are very unlikely to ever be hacked in this manner. I believe the risk is overstated given the low low market share of the devices.
  12. #12  
    That's just it though, what if a webOS community site were to be hacked, and the exploit injected? Now you're not just talking individuals... you're talking anyone that reads a site like webOS Nation... on their webOS pre-2.0 device.

    All it would take is combining a documented Mojo exploit with an undocumented vBulletin exploit. And it's not like undocumented vBulletin exploits happen once every 87 years, they actually are quite common.

    Make no mistake, I'm not saying vBulletin is bad software, I'm just painting a picture of how these not-so-significant exploits could wreak havoc in unexpected ways.

    I am not saying the sky is falling either, but just keep in mind that a webOS 1.4.5 device is not secure, don't store anything sensitive on it and there's a low risk for any problem as a result. Unfortunately, many people don't realize that notes, contacts, calendar appointments, etc, could be compromising if posted on some foreign site for the world to see.
  13. #13  
    Quote Originally Posted by Samizdat2003 View Post
    I have an original Palm Pre on Sprint. It is running webOS version 1.4.5. I haven't had time to follow all of the developments in the sad Palm/HP saga, so I am wondering what to expect now. I love it and would like to continue using it for as long as possible. Is there any event looming in the future that will prevent me from doing so, either due to Sprint of HP? Will service be cut off? Are servers going to be shut down?

    Also, this article states "Upgrading to webOS 2 is almost essential for continued use of the Palm Pre or Pre Plus, at this point. webOS 1.4.5.1, the last official build for all first-generation webOS devices in the United States (including Pre and Pre Plus), has several known security issues." Is it true that I am at risk running 1.4.5? If so, what is the risk exactly?

    Sorry for these basic questions but as I said, I haven't had time to keep up with where things stand for us old Pre users.

    Thanks!
    I'm on sprint long over due for an upgrade but nothing tickles my fancy (unless they add nokia lumia phones). I ran the meta doctor and did that route. 2.1 works good and is a good upgrad if you ask me. I got sprint nav working on it. It suits me just fine I love webos so I feel your pain.

Posting Permissions