1 Topic by wrybread (edited by wrybread 2009-07-29 04:14:21)

  • Registered: 2008-03-05
  • Posts: 119

Topic: Any plans to loosen security restrictions in widgets?

I haven't been working on Chumby widgets for a while, to be honest I got frustrated by all the restrictions put in place on the widgets, such as not being able to stream shoutcasts or affect system settings such as volume. But much has changed in the last couple of years with iPhone and Android apps and the like, and I'm hoping that its now pretty obvious to the Chumby company that they can't possibly compete with other modern portable computers such as cellphones unless they loosen these restrictions.

I browsed the forum but didn't see any discussion about it, so I thought I'd just go ahead and ask: any plans to open up the widget universe to allow more control over the hardware?

  • Duane
  • Duane
  • Blue Octy
  • Offline
  • From: San Diego, CA
  • Registered: 2006-08-24
  • Posts: 8,200

Re: Any plans to loosen security restrictions in widgets?

No.  We follow best security practices, just like the iPhone and Android.

Note that there is no official faceless API for permanently adjusting the system volume on the iPhone from an application - it requires a call to an undocumented function.  Same for streaming background music - the iPhone won't let you set up a background Internet music stream either.  In all cases that I'm aware of, applications will only play music while they're running.

If a user wants to create a custom Chumby music source that *does* have access to these system settings, there's a documented method to do so, but they're not widgets.

If you simply want to stream an MP3 asynchronously from a widget, that's been available since firmware 1.7, when we upgraded the Flash Player.  cbreeze/develephant is using that feature in his "Streams" widget.

Duane's Website

  • Duane
  • Duane
  • Blue Octy
  • Offline
  • From: San Diego, CA
  • Registered: 2006-08-24
  • Posts: 8,200

Re: Any plans to loosen security restrictions in widgets?

I'll tell you what - here's how to drop all ASnative extensions security on the Flash Player on your own device:

1) Create the file /psp/flashplayer.cfg
2) Add the following line:

PrivilegedCallExceptions=65535

3) Reboot

Widgets will now be able to make privileged ASnative calls on your chumby, just like the Control Panel.  Security is completely down, your device (and your network) is now wide open for exploits.  Enjoy.

Note to lurkers - this is HIGHLY dangerous, and is not recommended.  This could allow a widget to brick your device, steal your network credentials, access other machines on your network, and otherwise cause serious problems.  Any device using this feature will not be covered under warranty, we disclaim any liability for lost or stolen information, and widgets that require this feature to be enabled will not be made public.

Duane's Website

  • From: Tulsa, OK
  • Registered: 2008-08-04
  • Posts: 657

Re: Any plans to loosen security restrictions in widgets?

Duane wrote:

Note to lurkers - this is HIGHLY dangerous, and is not recommended.  This could allow a widget to brick your device, steal your network credentials, access other machines on your network, and otherwise cause serious problems.  Any device using this feature will not be covered under warranty, we disclaim any liability for lost or stolen information, and widgets that require this feature to be enabled will not be made public.

Well that doesn't sound like any fun tongue.

Get -> Chumbyland | Joice | Word Up | Newsdom

cbreeze's Website

  • Registered: 2008-03-05
  • Posts: 119

Re: Any plans to loosen security restrictions in widgets?

Thanks for your response, a couple of thoughts:

Iphone apps can most certainly adjust the sound volume. It doesn't matter to the user if the setting is system wide or only applies to the currently running application, the important thing is they can control the volume of the iphone from within the currently running iPhone application.

And note that I'm not talking about running multiple apps at once, simply giving apps access to things like internet streams and hardware settings *while they're running* is fine. Ideally that would expand to include things like external hardware devices such as GPS's, but I'm guessing that'll never happen.

And the problem with creating apps that aren't widgets is that they're not easily sharable, so they a) won't be created, and b) won't be used if they are. You're welcome to correct me if I'm wrong: is there some place people are sharing their own Chumby apps that aren't widgets?

And that's great news about being able to play shoutcasts from within widgets. I just tried the Streams widget, works beautifully. Is there some documentation or sample code available for this functionality?

And of course I'm not talking about removing *all* system security. There's a big jump from giving apps control over sound volume to giving them root access to the device.

  • Duane
  • Duane
  • Blue Octy
  • Offline
  • From: San Diego, CA
  • Registered: 2006-08-24
  • Posts: 8,200

Re: Any plans to loosen security restrictions in widgets?

wrybread wrote:

And that's great news about being able to play shoutcasts from within widgets. I just tried the Streams widget, works beautifully. Is there some documentation or sample code available for this functionality?

It's just basic Flash - Sound.loadSound() takes a parameter "isStreaming".  In previous versions of FlashLite, this parameter was ignored.

My understanding of the iPhone is that the SDK supports a standard volume control that can be presented to the user, but does not provide a simple (documented) call to change the system volume.  We do not have a set of standard controls - I suppose we could make them and insist that developers use them if they want this functionality, but then we end up acting like Apple and dictating what widgets should look like.

Within a widget, once can certainly call Sound.setVolume(), however, that's relative to the system volume.  Giving widgets a simple call to set system volume would be like giving TV stations control over the volume control on your TV.

Duane's Website

  • From: Tulsa, OK
  • Registered: 2008-08-04
  • Posts: 657

Re: Any plans to loosen security restrictions in widgets?

Duane wrote:

It's just basic Flash - Sound.loadSound() takes a parameter "isStreaming".  In previous versions of FlashLite, this parameter was ignored.

This is true! smile

Duane wrote:

My understanding of the iPhone is that the SDK supports a standard volume control that can be presented to the user, but does not provide a simple (documented) call to change the system volume.

Have not opened up the SDK 3 yet, but I think they might have changed that...not that it's important here.

Duane wrote:

Within a widget, once can certainly call Sound.setVolume()...

Personally I think setting a relative volume and then storing that value using the chumby properties "saver" tongue should be more than satisfactory.  This is how all Flash content works in any environment in regards to volume.

And in case anyone is interested...

//create the sound object
var my_snd:Sound = new Sound(_root);

//set the volume
my_snd.setVolume(50);  //values range 0-100

//get current volume
var snd_volume:Number = my_snd.getVolume();

Cheers.

Get -> Chumbyland | Joice | Word Up | Newsdom

cbreeze's Website

  • From: Barcelona
  • Registered: 2008-07-17
  • Posts: 100

Re: Any plans to loosen security restrictions in widgets?

you can access all if you do your own widget in a USB pen, it can be useful.

--
theMartix - Barcelona
Website: http://www.vintiun.net/marti   Chumby Widgets
CosmicPanel for Chumby: http://www.vintiun.net/blog/tag/cosmicpanel/?order=asc

theMartix's Website