IPB

Welcome Guest ( Log In | Register )

7 Pages V  < 1 2 3 4 5 > »   
Reply to this topicStart new topic
> open source version of ws
vertigo
post May 13 2007, 08:18 PM
Post #41


Participant


Group: New Members
Posts: 57
Joined: 3-May 06
Member No.: 4,692
Card: None


QUOTE
ATM, accessibility will be exactly the same as WebScheduler. Basically, Null has stated that due to licensing issues we will need to use different icons...and do not have much time to work on this. If someone wants to take over creating the new theme I can send you what I have got, otherwise it may take a while.


might i suggest The Tango Project again smile.gif
Go to the top of the page
 
+Quote Post
cyberpro60
post May 13 2007, 11:45 PM
Post #42


Participant


Group: New Members
Posts: 21
Joined: 5-April 07
Member No.: 7,448
Card: DNTV Live Dual Hybrid PCIe S2


I second the call for using icons from the Tango project [http://tango.freedesktop.org/Tango_Desktop_Project]. Not only will this save time and effort but it will provide some consistency in iconography across programs and operating systems.

Also, I am more than happy to volunteer my time writing the documentation for this project.
Go to the top of the page
 
+Quote Post
Guest_dns_*
post May 13 2007, 11:57 PM
Post #43





Guests






Something someone can do that will not require much skill is to go through /data/templates/* and /http/* and change any reference of "web scheduler" to "open tv scheduler", a quick logo might also be nice it does not have to look great and we can change it later. There are a few things like this that are simple to do and need to be done before we get started.

Security is always a difficult thing to manage, if you make it too secure you anoy the users and they want to turn it off. If you have it sitting on the Internet it is definitely a problem as it would open up a serious hole to your computer/network.
Consider this scenario if there was no security implemented and it was sitting open on the Internet it would give anyone direct access to run any command through the tasks menu, once that is possible security is considered compromised and you are no longer in control of your box.
Go to the top of the page
 
+Quote Post
uryan
post May 14 2007, 12:18 AM
Post #44


Forum Regular


Group: New Members
Posts: 307
Joined: 3-June 06
Member No.: 4,853
Card: None


QUOTE (black_dog @ May 13 2007, 07:02 PM) *
On this point, the "security" is weak and confusing at best.
There are two seperate issues here. The first is the overall security in OTS/WS. I agree that it could use an overhaul. It works well enough, but only just.
The second is the security ID, a specific security feature which was asked to be removed. Now I'm the first to admit that it is a hack. When it was added, WS wasn't in active development and Null had to re-setup his development machine just to address the security concerns. The security ID does its job quite well and does stop an otherwise quite easy attack. It simply should not be removed until something else is there to take its place.

QUOTE (black_dog @ May 13 2007, 07:02 PM) *
1) The program restricts "dangerous' activities such as creating and editing tasks to "127.0.0.1" only.. Even using the hostname
address of the local machine doesn't work... It doesn't request a security ID anyway...
2) The program allows *anyone* to edit system settings, as long as they type in the security ID.
3) An application could easily OCR the "security id", as it is plain, unobscured text. On this point, webscheduler
does not apply any denial mechanism of when too many incorrect (or missing) guesses are made.
4) TASKS can be executed against recordings without needing a security ID, and pretty much any kind of
recording and scheduling task can be performed without security ID. Denial of Service through filling
someone's scheduler table is still quite easy..
1) I agree this is a shortcoming. It makes things much easier on the programming side of things, but is a nuiscence in a lot of setups
2) Yep, it was not designed to stop anyone with local access to the machine. Or applications with local access to the machine for that matter
3) But to do that it would have to be running on the local machine, in which case it could also read the ID out of a log, or edit OTS/WS's settings directly without going thru the web interface, or just do its thing without using OTS/WS at all. The only place where this could be an issue is in a webbrowser, and cross-site scripting restrictions prevent that. Of course, there are occasionally holes found in the various browsers allowing new ways to XSS, but it certainly closes the hole from a gaping wide one to a very small one. And I agree it would be good to incorporate some sort of denal method.
4) That would have been too inconvenient. It is upto the user to only set up tasks that do 'safe' things. There used to be a hole that allowed anything to be passed as a filename to a task, now it will only accept a file that exists in the capture directory. Yes someone could set up a stack of recordings on your machine. Probably the worst they could manage is to crash OTS/WS
5) (The answer to a question noone asked.) There are still a few pending security issues in OTS/WS. Stuff that woud be pretty difficult to take advantage of. I do not think I should publicly release them though. When someone is actually working to overhaul security in OTS then I can tell them if they do not find them anyway.

QUOTE (black_dog @ May 13 2007, 07:02 PM) *
Build in the concept of a GUEST user, ie, the default user, and accept a 'login' to access 'system' pages.
Let the owner decide what tasks a GUEST can perform, and allow users to be created with appropriate
permissions. I'm happy for my kids to schedule tv shows, and even select tasks to run against their shows
but the 'system' icons should not even be visible to them.

In fact, I would prefer it if only the 'owner' or 'administrator' could see all schedules, and who created them.
Individuals should only see their own schedules, and if possible, have private recording folders.. If two users
wanted the same recording, well the software can already stream recordings to multiple locations, this is a
minor extension on this. (assuming different users are recording to different directories..)
I agree but think your idea goes too far. I would be happy with 2 levels of users - admins who have complete control over settings, and standard users who can only schedule recordings, run tasks etc. I don't really see a need for private recordings, it owuld just make things overly complicated.

QUOTE (black_dog @ May 13 2007, 07:02 PM) *
On the security by location front, create IP/Subnet based ACLs. I would accept LOGINs from IP addresses in the
'acceptable' ACL, but only allow GUEST or NO access from other ip addresses. Personally, my laptop can VPN
into my local network and perform scheduling tasks.. but to make task changes, I have to remote-desktop
into the machine running the webscheduler. I don't really want to have to do that. It messes with the HTPC.
Agreed.

QUOTE (black_dog @ May 13 2007, 07:02 PM) *
There is alot we can do with and about real security, the 'security id' feature is nothing but a PITA.
See above tongue.gif


QUOTE (vertigo @ May 13 2007, 08:18 PM) *
might i suggest The Tango Project again smile.gif

Go for it. (oh wait, you just did.) When I visited that url, I saw some style guidelines, and a few standard icons that aren't particularly useful for OTS. Now, I have no particular interest in keeping up with the latest fad in the OS world. (Nothing against it if you do however.) If there are some premade icons that are useful then that would be good, even if it was just to buy me some more time to get my theme ready. And if you want to create a tango-esque theme then by all means go ahead. I'm sure it would be appreciated.
BTW, I just noticed that alot of the icons in Windows Live Mail Desktop would fit right in with tango tongue.gif
Go to the top of the page
 
+Quote Post
null_pointer
post May 14 2007, 09:45 AM
Post #45


Web Scheduler Developer


Group: Developers
Posts: 4,495
Joined: 9-July 03
From: Melb
Member No.: 9
Card: None


Here are is my take on this for what it is worth.

First let me say that the current Security PIN is NOT, let me repeat that NOT intended to secure WS from a remote access point of view, let me say that again, the security PIN number is NOT a remote security system. It will NOT keep your system secure when you have WS accessible from the Internet, if you are relying on it to keep you secure when opening up WS to the Internet then you are fooling yourself.

The security PIN number is intended to fix a single security issue, not as a fix all approach, it is to stop cross site scripting, it is to stop people embedding links in pages that could add tasks or update your settings to do system compromising actions.

If you are making WS available over the net you should take further security steps, as you yourself pointed out black_dog, using STUNNEL is a good start:

http://forums.dvbowners.com/index.php?showtopic=2517

QUOTE
1) The program restricts "dangerous' activities such as creating and editing tasks to "127.0.0.1" only.. Even using the hostname
address of the local machine doesn't work... It doesn't request a security ID anyway...

You can add a blank task but actually adding the command requires the security pin.

QUOTE
2) The program allows *anyone* to edit system settings, as long as they type in the security ID.

This is to stop cross site scripting only, it is NOT intended to protect against remote (external) access.

QUOTE
3) An application could easily OCR the "security id", as it is plain, unobscured text. On this point, webscheduler
does not apply any denial mechanism of when too many incorrect (or missing) guesses are made.

see uryan's answer.

QUOTE
4) TASKS can be executed against recordings without needing a security ID, and pretty much any kind of
recording and scheduling task can be performed without security ID. Denial of Service through filling
someone's scheduler table is still quite easy..

Again the security PIN was only for cross site scripting, it is not a remote access security feature.


WS does not have any built in remote user/admin system, the password system that is build into WS uses basic auth and thus if you want to use it on the Net and be fully covered use stunnel or something similar.

Having said this if someone was to gain access all they would be able to do is screw up your WS config and you might miss some recordings, they will not be able to add custom tasks to compromise the system due to the 127.0.0.1 limitation.

I am sure there are more versatile approaches but this one was the best that fit in with the current WS approach, a full user/admin/guest approach was overkill for what WS is, a simple to use, reliable scheduling system.

QUOTE
5) (The answer to a question noone asked.) There are still a few pending security issues in OTS/WS. Stuff that woud be pretty difficult to take advantage of. I do not think I should publicly release them though. When someone is actually working to overhaul security in OTS then I can tell them if they do not find them anyway.

I would be interested in hearing your take on this uryan, any info you can PM me would be much appreciated.
Go to the top of the page
 
+Quote Post
vertigo
post May 14 2007, 08:11 PM
Post #46


Participant


Group: New Members
Posts: 57
Joined: 3-May 06
Member No.: 4,692
Card: None


QUOTE
Now, I have no particular interest in keeping up with the latest fad in the OS world. (Nothing against it if you do however.)


me neither, i, like most people would just like a nice, polished, consistent gui, and this looks ideal to me. i'm no developer but if there's something wrong with them please tell me and i'll stop suggesting it smile.gif

QUOTE
I saw some style guidelines, and a few standard icons that aren't particularly useful for OTS


see this page: http://tango.freedesktop.org/Tango_Icon_Gallery

i can see appropriate icons for every function in WS. wink.gif
Go to the top of the page
 
+Quote Post
uryan
post May 14 2007, 09:12 PM
Post #47


Forum Regular


Group: New Members
Posts: 307
Joined: 3-June 06
Member No.: 4,853
Card: None


QUOTE (vertigo @ May 14 2007, 08:11 PM) *
me neither, i, like most people would just like a nice, polished, consistent gui, and this looks ideal to me. i'm no developer but if there's something wrong with them please tell me and i'll stop suggesting it smile.gif
Nope, theres nothing wrong with them. If they have appropriate icons for most things then yes, they will be useful. But if I have to create the icons then I see no real advantage in following the tango style.

QUOTE (vertigo @ May 14 2007, 08:11 PM) *
i can see appropriate icons for every function in WS. wink.gif
Can you? I can't. (Then again, a fair chunk of them are coming up as errors when I look at them.) Maybe we have different opinions of what's appropriate. For one thing, I don't like to re-use icons that already have a more common or more obvious use - it gets confusing and partially defeats their purpose.

If you are keen to use the tango icons, then could you go thru and create a list of which icon you would use where. That would make it much faster to throw something together.
Go to the top of the page
 
+Quote Post
Guest_dns_*
post May 15 2007, 12:54 AM
Post #48





Guests






It does support themes, I do like the tango style icons so if you want to create a theme go ahead.
Go to the top of the page
 
+Quote Post
vertigo
post May 15 2007, 12:06 PM
Post #49


Participant


Group: New Members
Posts: 57
Joined: 3-May 06
Member No.: 4,692
Card: None


well here are some we could replace, at first glance. there are more icons avilable, just not on their page. if i cannot find appropriate ones for some, i'm sure i could come up with more or design/combine some myself.

Shedules:

Show EPG:

Search EPG:

Now & Next:

System:

Home:

Add New:

Show Overlaps:

Select Devices:

Channel Settings:

Manage Files:

Auto Deletable File:

Auto-Add List:

Run Auto-Add Scan:

EPG Match Lists:

Auto-Add Conflicts: or

Reload Data:

Channel Mapping:

Data Source Settings:

EPG Data Report:

System Config:

System Info:

Active Tasks: http://tango.freedesktop.org/static/cvs/ta...ions-system.png

Edit Tasks: http://tango.freedesktop.org/static/cvs/ta...blem-system.png

Show Interface: http://tango.freedesktop.org/static/cvs/ta...ut-keyboard.png

Interface Theme: http://tango.freedesktop.org/static/cvs/ta...p-wallpaper.png

and ofcourse the forward, back, up, down, stop, error, plus, minus etc are available also. the last few are linked to because the forum software seems to have a limit on the number of images in one post.

QUOTE
It does support themes, I do like the tango style icons so if you want to create a theme go ahead.


i probably would if i knew how smile.gif
Go to the top of the page
 
+Quote Post
Guest_dns_*
post May 16 2007, 12:58 AM
Post #50





Guests






just have a look around the \http\ directories. look at \http\images\ and start replacing the original with the ones you suggested and we can work from there. Describe what you want, make a mock image, do a static prototype of what you want and we can work on the code behind the theme if you get stuck.

The theme system should be changed to do some searching through several paths to find the images you want so you can ether use the default or customize it in your theme. ie search \http\themes\THEME_NAME\images (specific theme folder). \http\themes\default\images (default theme) then \http\images and last \http\images\notfound.jpg as a last resort.
Go to the top of the page
 
+Quote Post
null_pointer
post May 25 2007, 08:45 AM
Post #51


Web Scheduler Developer


Group: Developers
Posts: 4,495
Joined: 9-July 03
From: Melb
Member No.: 9
Card: None


Hi all,

There have been a few submissions to the station list data file, it may be useful for you to include the latest version in your open build, I have attached it to this post.
Go to the top of the page
 
+Quote Post
vertigo
post Jun 1 2007, 06:37 PM
Post #52


Participant


Group: New Members
Posts: 57
Joined: 3-May 06
Member No.: 4,692
Card: None


any progress, dns? unsure.gif

i'm a little strapped for time atm to work on icons, might be 2 weeks or so till i can.
Go to the top of the page
 
+Quote Post
Guest_fred_404_*
post Jun 11 2007, 10:44 PM
Post #53





Guests






Hi,
I would like to help develop Open TV Scheduler. I don't have any skills in programing but I am trying to learn. I could help with editing HTML files and images. I was also wondering what programs are used to compile the java and C++ source code.

Thank You

Fred_404
Go to the top of the page
 
+Quote Post
bear
post Jun 12 2007, 07:25 AM
Post #54


Forum Regular


Group: Members
Posts: 3,099
Joined: 24-April 04
From: Queensland
Member No.: 808
Card: VisionPlus DVB-t


Take a look at the sun java sdk for the java compiler and Microsoft visual studio for the C++.
Go to the top of the page
 
+Quote Post
Guest_dns_*
post Jun 12 2007, 07:44 PM
Post #55





Guests






For java you just need the java jdk then all you would need to do is compile the java files with:
CODE
javac *.java


Don't ask me about c++, though i did learn it in tafe i could not get a build environment to work in windows (linux it comes with it setup).

The things you could help is takeing all of the html, css and other files and remove all references to "web scheduler" and replace it with "open tv scheduler"
Go to the top of the page
 
+Quote Post
Guest_fred_404_*
post Jun 12 2007, 09:10 PM
Post #56





Guests






QUOTE (dns @ Jun 12 2007, 07:14 PM) *
For java you just need the java jdk then all you would need to do is compile the java files with:
CODE
javac *.java


Don't ask me about c++, though i did learn it in tafe i could not get a build environment to work in windows (linux it comes with it setup).

The things you could help is takeing all of the html, css and other files and remove all references to "web scheduler" and replace it with "open tv scheduler"


Ok, Thanks for the help to get started.

I was looking in some files like http\javascript\main.js where is says

/*
WebScheduler
Copyright © 2007

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

*/


And I was wondering if I should delete the "WebScheduler Copyright © 2007" or just add to it.

Thank You
Go to the top of the page
 
+Quote Post
Guest_dns_*
post Jun 12 2007, 11:13 PM
Post #57





Guests






Well nullpointer would own the copyright so i would ask him.
do we keep both project names? do we just have open tv scheduler?
Go to the top of the page
 
+Quote Post
Guest_Broken_*
post Jun 13 2007, 02:17 PM
Post #58





Guests






Probably a tad late now, but in terms of a catchy name, how bout using the acronym OTIS, for Open Television Information Source/Scheduler?
Go to the top of the page
 
+Quote Post
Guest_fred_404_*
post Jun 13 2007, 02:58 PM
Post #59





Guests






QUOTE (dns @ Jun 12 2007, 10:43 PM) *
Well nullpointer would own the copyright so i would ask him.
do we keep both project names? do we just have open tv scheduler?


Are you in your post asking null_pointer what we should do about the copyright or are you saying that I ask him.
Go to the top of the page
 
+Quote Post
Guest_fred_404_*
post Jun 13 2007, 05:11 PM
Post #60





Guests






QUOTE (vertigo @ May 4 2007, 07:06 AM) *
i like the layout but can't say i like the colours/icons. i think the colour should remain that nice blue in regular WS, or maybe a litle darker/with slight gradient. as for the icons, ideally we should borrow from the wonderful tango project i think http://tango.freedesktop.org/Tango_Desktop_Project
nice! smile.gif



I got a zip file of SVG files from http://tango.freedesktop.org/Tango_Desktop_Project and saved some of them to the correct resolution and modified others to make icons for Open TV Scheduler. I hope you don't mind me using you idea. I could not find premade images for all the icons, so I modified some and created others. To use just extract the contains of the zip file in to the \webScheduler\http\images or \OpenTVScheduler\http\images .

Here are some screen shots.






Attached File(s)
Attached File  images.zip ( 68.41K ) Number of downloads: 0
 
Go to the top of the page
 
+Quote Post

7 Pages V  < 1 2 3 4 5 > » 
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 11th December 2018 - 05:54 AM