Page 9 of 15 FirstFirst ... 4567891011121314 ... LastLast
Results 161 to 180 of 295
  1. #161  
    Thanks Guys keep up the great work!!
  2. #162  
    I want to applaud the community (xorg, sff, potter) for reversing the ability to install packages without rooting. However, being a security person, this is very dangerous and I have to agree with rwhitby (nice post btw) that not only do i expect Palm to patch this, but I hope they do and maybe this helps to release the SDK earlier. It is self evident that this community eagerly wants to develop apps, even if an SDK is not finished. All that being said, I want to develop apps as well, just not put the phone in a position where malware can run rampant.

    -tharris
    Last edited by tharris; 06/22/2009 at 10:08 AM.
  3. Khidr's Avatar
    Posts
    73 Posts
    Global Posts
    115 Global Posts
    #163  
    Agreed with tharris, in the long run there's really nothing wrong with requiring dev mode and/or rooting to install homebrew. It's a few extra steps, but those steps require the user to actively engage in what they're doing on their phone and (hopefully) pay attention, without opening the door to malicious code.

    That said, Palm could also solve this with a universal pop up, warning the user that they are clicking on an installable file, and prompting them to either install or cancel.
  4. #164  
    This is fantastic! Thanks guys!
  5. #165  
    Quote Originally Posted by DeusInnomen View Post
    Hmmm. Hey Dieter, I use your bit.ly link in an email sent to my phone and clicked it, but all it did was kept opening Web cards over and over until I punched Stop.

    When I sent the real URL of the ipk, though, it worked.

    Is the app supposed to do anything though? Nothing actually launches for me.
    yeah, just realizing that. I've fixed the email link -- sorry about the hassle.

    and yes - the app is more proof of concept than anything, it doesn't launch.

    HUGE props to the devs!!
  6. #166  
    Worked. Success. Congrats all.

    Now awaiting Palm's response.

    Will we need a home brew application thread?

    Please?

    Get on it guys.

    EDIT: BTW SimplyFlipFlops shows up as v 0.9.99 under device info. Very Cool.
    Last edited by sir_mycroft; 06/22/2009 at 10:30 AM.
  7. #167  
    Quote Originally Posted by tharris View Post
    However, being a security person, this is very dangerous and I have to agree with rwhitby (nice post btw) that not only do i expect Palm to patch this, but I hope they do and maybe this helps to release the SDK earlier.
    I would like to see the SDK released as early as possible too, but not sure that limiting the way apps are installed would solve security isues. True, it can be hidden better in the email method, but who click links from emails they do not recognize anyway? I think adding a popup that says you are about to install something would be all that is necessry (maybe even have you punch in your own personal auth code).
    After all, whether I email myslef an app or downlwod an app made with the SDK, a homebrew from somebody you don't know could be dangerous - what is to stop somebody from making an improved flashlight app (with added strobe funtion and plays techno music) that secretely sends me the user name and password your phone uses to conenct to your email?
  8. PreGame's Avatar
    Posts
    540 Posts
    Global Posts
    550 Global Posts
    #168  
    Just an FYI it sounds like from what I hear that palm did not plan on this to work through email like it does. Sounds like they will be fixing it in the next patch
  9. #169  
    You guys are the best!! Keep up the good work I cant wait to start installing all the toys in the wiki thru this route. Ive been scared to root my Pre its a bit advance stuff for me.
  10. #170  
    PreGame, do you have any idea if fixing means encorporating a warning type message, now or potentially in the future. Or does it mean just closing off the ability all together.

    I assume that for now they will close completely and if they will allow email link install with warning it will be in a future release.

    Honestly that simplyflipflops app installs so damn quickly and without you knowing it it is a little scary, even a diligent person could open an email and brush the link accidentally installing it, and never knowing that it was installed. There isn't even a "you have successfully installed X" to tell you what has been done.
  11. #171  
    I haven't read this whole thread, so I will apologize in advance, but I am somewhat confused. Is the test app supposed to do anything?

    I got the app installed...and I see its icon in the launcher...and that's it. Clicking the icon does nothing. That is not really a proof of concept or a "hello world" app in my book. The test app should at least open a new card with text...to demonstrate that we deployed something beyond an icon and a JSON file..and that what we deployed has permission to execute. Something like this:

    http://forums.precentral.net/web-os-...ml#post1677345

    Am I missing something?

    Either way, absolutely fantastic job to all of those involved!

    cheers,
    Steve
  12. #172  
    I already asked that question, scuba, and the answer is No, it doesn't do anything except get installed.

    As a developer, I'm also fairly concerned about the security risk of this installation method. If it were me, I'd require two things: 1) A valid SSL signature for the package (if that were even possible) and 2) a pop-up dialog verifying the action. I can certainly see advantages to being able to deploy an app via a web link, but it has to be done in a manner that prevents it from also being abused by malicious apps.

    Just my two cents. Damn impressed you guys managed this, though. Somebody get me a flashlight app before the hole gets patched up. *grin*
  13. #173  
    I typed that address into my browser and got the same multiple empty pages as jf1081, and after I closed them all I looked for and found Speed Brain. Now what?
  14. as4life's Avatar
    Posts
    577 Posts
    Global Posts
    733 Global Posts
    #174  
    Quote Originally Posted by OldFiver View Post
    I typed that address into my browser and got the same multiple empty pages as jf1081, and after I closed them all I looked for and found Speed Brain. Now what?
    don't type it in the browser. All you do is email that link to yourself. When you click the link it won't do anything. Than check the launcher and it should be in the bottom of your first page.
  15. #175  
    Quote Originally Posted by scuba_steve View Post
    I haven't read this whole thread, so I will apologize in advance, but I am somewhat confused. Is the test app supposed to do anything?
    It allows you to wear your flip flops to work on Friday with your Hawaiian shirt.
  16. #176  
    How did you know I was from Hawaii? :-)
  17. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #177  
    as I've told others, at this point, the only way palm can prevent this hole from working is by making the current webos doctor non functional.

    That doesn't mean they can't patch the hole. They can and they should and i expect they will. What it does mean, is that as long as the current webos doctor works, we can downgrade to 1.00, use the hole to "root" the pre wirelessly, and then upgrade to the current patched code.

    For many users who want to run homebrew stuff, or apps that require other native functionality (say their own dbus stuff), this provides an easier method of rooting the pre as it doesn't require any linux knowledge, as all one has to do is

    1) web os doctor their pre
    2) email themselves a links
    3) upgrade to latest set of packages palm has put out.

    while it can be more steps than using the dev mode on a fully updated pre, its something my mom can do, while the devmode is not something she can do.
  18. #178  
    Quote Originally Posted by simplyflipflops View Post
    It allows you to wear your flip flops to work on Friday with your Hawaiian shirt.
    Can you tell that to my boss?

    BTW, awesome job!

    I guess my real question is this - does the app not display anything because the package just contains icon.png and appinfo.json files and not an index.html file...or are we seeing security issues that allow us to install, but that do not allow us to execute?

    Either way, killer stuff! Thanks!
    IIIx -> Tungsten T -> Treo 650 -> Treo 700p -> Launch day Pre
  19. huh
    huh is offline
    huh's Avatar
    Posts
    26 Posts
    Global Posts
    28 Global Posts
    #179  
    I share the same concerns as those above it seems... As much as I love the development being done to the Palm, warning flags go off when I see the work being done with installing applications without root/admin access. Though its excellent for the homebrew scene, it could potentially allow for legit 'non-free' applications to be installed such as Classic that would undermine the store front not to mention the potential viruses/malware it can bring.

    Either way this is an amazing step in the right direction. I don't think I have seen a homebrew scene as fast moving as this other than the recent (and somewhat illegit) developments for the Wii!
  20. xorg's Avatar
    Posts
    633 Posts
    Global Posts
    1,010 Global Posts
       #180  
    No response from Palm. They apparently released a statement that they won't get in the way of homebrew w/out being very specific.

    I'll be working on the Dev Wiki tonite, posting more details on how to do this. Or you can peruse the thread if already familiar with packaging.

    pre dev wiki: Installing Apps without Rooting - SUCCESS!
Page 9 of 15 FirstFirst ... 4567891011121314 ... LastLast

Posting Permissions