Results 1 to 13 of 13
  1.    #1  
    Waaaayy back in the day, you webos hackers found out that you could install homebrew IPKs just by emailing it as an attachment.

    I would like to be able to still do this (either via email attachment or browsing to a web location). I've looked in preware for such a patch but alas none such exists.

    I understand the security implications. Is there a way to do this? Maybe I'm missing something obvious?
  2. #2  
    Correct me if I'm wrong,but other than security issues I think it also poses a threat for paid apps. If you an just email IPK's for paid apps around, why pay at all? So I think it's for your protection as well as the developers that you can't email IPK's.

    Again, I could be totally wrong.
  3. #3  
    Palm locked up that security hole with an update ages ago. I don't think you can really patch to reveal that hole again. Nor do WebOS-Internals have interests in creating security holes like this, making people's devices more unsecure.
  4.    #4  
    Like I said, I understand the security implications.

    I was just thinking of it a way to develop on my phone without having to cart around my data cable and plug/unplug my phone all the time. Call me lazy but the door on the pre usb plug is difficult for a nail-biter such as myself.

    I understand about trying to keep paid apps protected but how is that different than if I have an IPK and just install it via WOSQI?

    So the short answer is no. It sounds to me that the only way to wirelessly install an IPK is to setup my own preware feed. Anyone know of some easier option?
  5. SirWill's Avatar
    Posts
    439 Posts
    Global Posts
    492 Global Posts
    #5  
    Create a custom feed of your own for Preware! You will easily be able to install updates and other apps via the feed in preware. Just don't tell anyone the feed and it's private to yourself only. See webos-internals for help.
    -----------------
    Palm III, Palm IIIc, TT, T3, T5, TX, Pre from Day 1.
  6. #6  
    Go with SirWill's suggestion, the patch was a change in the compiled code so there is nothing anyone can do about it.

    If there was a way to simply patch it to reveal the security hole again, do you really think anyone would consider that a fix?
  7.    #7  
    Quote Originally Posted by alex.dobeck View Post
    If there was a way to simply patch it to reveal the security hole again, do you really think anyone would consider that a fix?
    Patches are about making things work the way we want them to work. Previously it was a security hole, but in the proper context I would consider it a feature. In the early days of webos hacking it was both a hole for palm and a feature for the hackers.

    I'm not advocating that this is something appropriate for wide distribution, I just have a corner-case scenario where it would make my life easier.

    I'll just setup my own preware feed.
  8. #8  
    Quote Originally Posted by SirWill View Post
    Create a custom feed of your own for Preware! You will easily be able to install updates and other apps via the feed in preware. Just don't tell anyone the feed and it's private to yourself only. See webos-internals for help.
    Maybe I'm looking too hard, but I could not find anything on how to actually set up your own feed. I found a page describing the feeds and how to add a new feed, but not how to set up your own. I want to do this so I don't have to plug in the USB cable when I am doing development. I can run a local web server easily enough. I suppose filecoaster is an option, but I'd rather use Preware.
  9. rpr
    rpr is offline
    rpr's Avatar
    Posts
    212 Posts
    Global Posts
    216 Global Posts
    #9  
    Host your ipk file on your web server, go to that URL on the Pre, download the file, then from Terminal/Terminus, run:

    ipkg install /media/internal/downloads/name_of_ipk.ipk

    and it should do what you want. Not as elegant as a Preware feed, but it still should work.

    I think you can do:

    ipkg update ....

    as well.

    Tom
    Pilot 1000 -> Palm Pro -> Palm III -> Handspring Visor -> Palm V -> Palm TX -> Palm LifeDrive -> Kyocera 6035 -> Kyocera 7135 -> Treo 650 -> Palm Pre
  10. #10  
    Quote Originally Posted by rpr View Post
    Host your ipk file on your web server, go to that URL on the Pre, download the file, then from Terminal/Terminus, run:

    ipkg install /media/internal/downloads/name_of_ipk.ipk

    and it should do what you want. Not as elegant as a Preware feed, but it still should work.

    I think you can do:

    ipkg update ....

    as well.

    Tom
    *NEVER* *RUN* *ipkg* *WITHOUT* *THE* -o /media/cryptofs/apps *SWITCH*

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  11. DrewPre's Avatar
    Posts
    818 Posts
    Global Posts
    829 Global Posts
    #11  
    Always wondered why PreWare didn't have an option to allow the installation of an ipk from the filesystem. I guess this would be one of the reasons why...

    Quote Originally Posted by bhefty89 View Post
    Correct me if I'm wrong,but other than security issues I think it also poses a threat for paid apps. If you an just email IPK's for paid apps around, why pay at all? So I think it's for your protection as well as the developers that you can't email IPK's.

    Again, I could be totally wrong.

    Palm Pre Backup Utility...done!
    Locate Pre....done!
  12. #12  
    Quote Originally Posted by DrewPre View Post
    Always wondered why PreWare didn't have an option to allow the installation of an ipk from the filesystem. I guess this would be one of the reasons why...
    1. Security - much harder to social engineer people when the app is coming from a feed, cause it can just be pulled from the feed if it is a rogue app.

    2. Reliability - much easier to update someone with a bug fix when the app is coming from a feed, a stand-alone ipkg is frozen with the bugs it contains until the user happens to check again (which they never do).

    3. Discoverability - much easier for people to get new apps if they are coming from a feed.

    4. Dependencies - if one app depends on another, then having them in a feed allows the dependency to work, and you don't get people only installing one of the apps and complaining that it doesn't work.

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  13. #13  
    Well the filecoaster over WIFI method did work.. I threw my IPK in an empty Tomcat server, and then I copied the url from the Pre browser and pasted into Filecoaster. It complained about the PreInstall, PostInstall, PreRemove, etc scripts being missing, but it did install the package.

    Maybe I'm being overprotective of my Pre, but with all the reports of cracks around the USB ports that have been reported, I prefer to hook mine up as little as possible. Hopefully the next hardware design will be more robust.

Posting Permissions