Page 44 of 217 FirstFirst ... 3439404142434445464748495494144 ... LastLast
Results 861 to 880 of 4339
  1. settelma's Avatar
    Posts
    69 Posts
    Global Posts
    73 Global Posts
    #861  
    I can access USB and WIFI, but am having problems with BT. My computer wants to configure the BT device as a Network access point. I don't believe that is correct, I think it should be a Dial-up networking device? If anyone can provide input on BT connection I would appreciate it.
  2. #862  
    Quote Originally Posted by jhoff80 View Post
    Personally I think the issue is just slightly being blown out of proportion.
    It's all about informed consent and full disclosure.

    As long as people know the security hole that org.webosinternals.services *intentionally* opens up (since it was a proof of concept to specifically enable the execution of any command on the Pre as root by a webOS application), then it's up to the end user whether they install it or not.

    I don't think the security issue was disclosed in the My Tether documentation, or previously in this thread. Now it is, and the author has stated that he will take steps to close it (by creating a new service that *only* does what is required for the app to perform it's intended function).

    So people don't need to run around shouting with their hands in the air, and they don't need to uninstall anything if they are happy to live with that security risk (now that they know about it). But they do need to be clearly made aware of the risk, and the potential to which it could be exploited. After that, it's a personal choice what to do with that information.

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  3. #863  
    Quote Originally Posted by settelma View Post
    I can access USB and WIFI, but am having problems with BT. My computer wants to configure the BT device as a Network access point. I don't believe that is correct, I think it should be a Dial-up networking device? If anyone can provide input on BT connection I would appreciate it.
    Network access point is correct. What number did you plan to dial for dial-up networking?
  4. #864  
    Quote Originally Posted by rwhitby View Post
    So people don't need to run around shouting with their hands in the air, and they don't need to uninstall anything if they are happy to live with that security risk (now that they know about it). But they do need to be clearly made aware of the risk, and the potential to which it could be exploited. After that, it's a personal choice what to do with that information.
    Agreed. Apologies if I appeared like the aforementioned person running around shouting with his hands in the air. I've made my personal choice and prefer to not use My Tether until a specific service is written.
    Treo 300 -> Treo 600 -> Treo 650 -> Treo 755p -> Pre -> Epic 4G -> TouchPad
  5. #865  
    Quote Originally Posted by northward View Post
    By installing webos-internals you're simply giving any application root access to your Pre to do what it wants.
    You mean "by installing the proof-of-concept org.webosinternals.services package ..." - please don't taint anything else with the same brush.

    All instructions published by webos-internals are carefully written to ensure that the security of your Pre is not compromised (for example, we specifically set up the ssh daemon to not allow root logins from anywhere). In this case, someone took some proof of concept code (which they are well within their rights to do) and used it without talking to us first to understand the risks involved.

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  6. settelma's Avatar
    Posts
    69 Posts
    Global Posts
    73 Global Posts
    #866  
    On the PDA net I needed the Dial up Access node. So do you have any clue what I am doing wrong. I am connecting to network access point for BT, but what do I need to do after that? How do I associate it to a network connection?
  7.    #867  
    My Tether - version 2.1.0 now live. No patching, no ad-hoc, more features!
  8. quest1772's Avatar
    Posts
    15 Posts
    Global Posts
    17 Global Posts
    #868  
    Thanks for everything you are doing

    Donated, Confirmation number: 17K66526HT5414157
  9.    #869  
    Quote Originally Posted by rwhitby View Post
    It's all about informed consent and full disclosure.

    As long as people know the security hole that org.webosinternals.services *intentionally* opens up (since it was a proof of concept to specifically enable the execution of any command on the Pre as root by a webOS application), then it's up to the end user whether they install it or not.

    I don't think the security issue was disclosed in the My Tether documentation, or previously in this thread.
    I understand your concern and that is why I am working on a specific service for My Tether that doesn't rely on 3rd party (webos-internals) packages.

    But also about disclosure, PreGame's Flashlight which was the first app using such a service, which also led to the development of webosinternals' shell service, with PreGame's involvement no less, also has no such mention of the dangers & holes opened up by having the service on your Pre. http://forums.precentral.net/homebre...s-rooting.html

    This leads me to believe things are unfairly being blown out of proportions, and not really about any of the things being mentioned. This was initially about me (within my rights) mirroring the ipk on my servers, then it turned into security and how I should've discussed this with the IRC channel. I fully understand the consequences of using this service and its possibilities. Also, having a root password setup on the Pre with SSH would not change how this service opens up root to WebOS apps, so I don't know why that was mentioned in your post above. I use hundreds of open source projects for various things everyday, and some for some very large public facing projects, none have 'asked' me to do any of the things webos-internals is saying is common, and the norm in using open source projects.

    This whole discussion should've taken place over email or some private communications, there is no need to broadcast this into a public forum, especially when I sent a prompt reply to your initial email. The way webos-internals is going about handling this non-issue goes against the spirit of open source and I'm saddened to see such actions occuring in a community around the exciting possibilities of WebOS

    Quote Originally Posted by quest1772 View Post
    Thanks for everything you are doing

    Donated, Confirmation number: 17K66526HT5414157
    Thank you quest, I'll be emailing you shortly
    Last edited by aonic; 07/18/2009 at 12:47 PM.
    My Tether - version 2.1.0 now live. No patching, no ad-hoc, more features!
  10. #870  
    Quote Originally Posted by aonic View Post
    I understand your concern and that is why I am working on a specific service for My Tether that doesn't rely on 3rd party (webos-internals) packages.
    Glad to hear it, and I genuinely thank you for addressing this concern.

    Quote Originally Posted by aonic View Post
    This leads me to believe things are unfairly being blown out of proportions, and not really about any of the things being mentioned. This was initially about me (within my rights) mirroring the ipk on my servers, then it turned into security and how I should've discussed this with the IRC channel.
    With all due respect, that's inaccurate at least as far as I'm concerned. Re-read the IRC logs posted earlier. I installed the package, noticed the security issues and turned to the IRC channel for clarification. Thus it was not "initially about (you) mirroring the ipk on your servers," it was initially about the security risk. It was within that IRC conversation that the magnitude of the risk was explained to me while at the same time, the webos-internals group expressed concern about the mirroring. For me, the whole open source thing is none of my concern, but exposing my Pre in such a way is.

    Again, thank you for addressing this security concern head-on.
    Treo 300 -> Treo 600 -> Treo 650 -> Treo 755p -> Pre -> Epic 4G -> TouchPad
  11.    #871  
    Thank you northward. I assumed a user with the skills to root a Pre would understand the packges being installed. But as this app becomes more popular and more mainstream I understand not all users will understand the risk. I appreciate the magnitude of the risk of having such a service on your device, and it will be dealt with accordingly.

    I ask everyone involved in this to send their questions or comments about my usage of webosinternals.services to my email so this thread can continue on-topic instead of turning into a discussion pf open source, how something should be disclosed, etc.

    My email is raja [at] aonic [dot] net
    My Tether - version 2.1.0 now live. No patching, no ad-hoc, more features!
  12. #872  
    Quote Originally Posted by aonic View Post
    I assumed a user with the skills to root a Pre would understand the packges being installed.
    Skills? Ha! I can only copy commands from detailed step-by-step instructions as well as the next guy.

    (If you recall, a week or so ago in this thread I was expressing my fear of rooting the device to give My Tether a shot, not because of what the package did, but because I was afraid of mucking it up and bricking the thing.)
    Treo 300 -> Treo 600 -> Treo 650 -> Treo 755p -> Pre -> Epic 4G -> TouchPad
  13. settelma's Avatar
    Posts
    69 Posts
    Global Posts
    73 Global Posts
    #873  
    Quote Originally Posted by aonic View Post
    Thanks, I had remove the toshiba BT stack and reinstall it. Now it works like a charm.
  14. #874  
    I've successfully rooted my pre and have been able to tether via usb, BT and wifi. The only problem now is I cannot turn it off to view the web on my pre. I get an error message stating "The network is currently not available. Please enable networking before using the browser."

    What's the trick to swtich the service from the pre to pc and then back to the pre?

    thanks in advance.
  15.    #875  
    good to hear settelma

    matrixdave, you need to switch the tethering option to OFF before exiting My Tether
    My Tether - version 2.1.0 now live. No patching, no ad-hoc, more features!
  16. #876  
    I respect and appreciate the dialogue and Aonic letting us know... and continuing to work on encryption and a fix to eliminate the need for webosinternals to leave our devices vulnerable.

    I am still on board and think Aonic has his head in the right place. Super-responsive, direct, and honest on the forum and in support of his product probably means he's not hacking our Pre's as we speak... hehe.

    People who develop paid apps are not as attentive to the end user.

    Much respect due!
  17. #877  
    Quote Originally Posted by rwhitby View Post
    Aonic,

    ...

    5) Will you be donating a share of your proceeds from your application back to the webos-internals group to help pay for the hardware and hosting fees incurred by the webos-internals.org group when developing the code in org.webosinternals.services which is used by your application?

    ...

    Thanks,
    -- Rod Whitby
    The fact that you felt the need to bring this up in a open forum in this manner lends some insight into your "concerns" imo.

    Aonic has shown his commitment and effort in supporting this application. Anyone following this application can easily see the time and effort he is putting forth and I believe this is one of the primary reason he is seeing so much support (via donations). He has earned it with his efforts. He is easily (imo) the most responsive and supportive developer on these forums (at this point).

    The fact remains that webosinternals is open source and the code is readily available? Given this, any developer could simply use the source code or package it with their app without properly identifying the "risks" regardless of whether webosinternals was previously installed? For well intended or malicious intent. This is no different from just about any other open source application in existence. Take Putty for example. In fact I believe webosinternals and putty (link) are provided under the same MIT license. The use of putty (without proper knowledge of security risks) could lead to security vulnerabilities as well. Also, anyone could repackage/alter putty and make it available for use (with good intentions or malicious ones).

    This discussion has seemed to gone way beyond its relevance to this application and seems to be bordering on personal. I would appreciate any further discussion (regarding webosinternals) be taken to it's own thread where the security risks and use of webosinternals can be discussed without interfering with this thread.

    Thank you.
    Last edited by gmanvbva; 07/18/2009 at 03:57 PM.
  18. devsdj's Avatar
    Posts
    14 Posts
    Global Posts
    15 Global Posts
    #878  
    NICE
  19. jsa334's Avatar
    Posts
    54 Posts
    Global Posts
    77 Global Posts
    #879  
    Great Program Donation made! Receipt Number: 1499-3436-9115-5501
  20. #880  
    I rooted all commands and my pre still will not activate usbnet or wifi, i used sdk the first time and it did not work, then I rooted both files and no response. I tried the remove commands and I get no packages removed, is there any way to wipe everything and start over

Posting Permissions