Re: [Pharo-users] Securely downloading Pharo
Hi, Yes. we should have fixed all that loong time ago. The problem is of course that “we should have fixed” only gets true after “I fixed it”… so will block some time next week after the release to work on that. - fix https version of pharo.org. - setup ssl for all sites - provide checksum for files. Marcus > On 04 May 2016, at 23:51, Wilfred Hughes wrote: > > Yep, a SHA sum is less useful if it's on the same site. Still, it > would be really useful to check the file against accidental > corruption. It would also be useful for comparing with the checksums > used by packagers, > e.g. https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=pharo#n27 > . Users could see if their Pharo package was the same as the package > on pharo.org. > > pharo.org very nearly works with HTTPS, it's just a few JS/CSS files > that need to stop using absolute URLs (so e.g. > "http://pharo.org/files/screenshots/pharo-is-yours.png"; should be a > protocol-relative URL > "//pharo.org/files/screenshots/pharo-is-yours.png"). > > Is the site hosted somewhere that users can send patches to? > > On 3 May 2016 at 23:54, Peter Uhnák wrote: >> I guess you could download it from the Jenkins job >> https://ci.inria.fr/pharo/job/Pharo-5.0-Update-Step-5-Publish/lastSuccessfulBuild/artifact/ >> >> although the job itself downloads over http from files.pharo.org… but >> Jenkins should be fine enough if you are worried about MitM between you and >> Pharo. >> >> For SHA you still need a secure connection assuming the website wouldn't get >> compromised, >> or digitally signed releases assuming the signing won't be misconfigured, or >> the keys won't get compromised. >> >> But I agree that this should be solved, or at least improved; but then again >> whole smalltalkhub doesn't use https and you are sending your credentials in >> plaintext over the network (have fun committing from a hotel room wifi)… >> security through obscurity can be incredibly efficient. >> >> Of course that means that we need someone with the time and knowledge that >> can invest effort into this. >> >> Peter >> >> On Wed, May 4, 2016 at 12:33 AM, Wilfred Hughes wrote: >>> >>> Is there any way of downloading Pharo securely? >>> >>> I'm trying to download Pharo itself over HTTPS, so I know I can trust the >>> data: >>> >>> $ wget https://files.pharo.org/platform/Pharo4.0-linux.zip >>> --2016-05-02 22:44:34-- >>> https://files.pharo.org/platform/Pharo4.0-linux.zip >>> Resolving files.pharo.org (files.pharo.org)... 128.93.162.72 >>> Connecting to files.pharo.org (files.pharo.org)|128.93.162.72|:443... >>> connected. >>> OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >>> protocol >>> Unable to establish SSL connection. >>> >>> The excellent pharo zeroconf script doesn't seem available over HTTPS >>> either: >>> >>> $ curl https://get.pharo.org/vm50 >>> curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >>> protocol >>> >>> Looking at the script itself, it's downloading files over HTTP from >>> files.pharo.org and executing them without verifying. I've explored >>> files.pharo.org, but I can't see any signatures or hashes (e.g. >>> sha256sum) of any of the files. >>> >>> The pharo homepage is largely available at https://pharo.org/ >>> (although some of the styling is missing due to being served over >>> HTTP). >>> >>> Have I missed something? Would it be possible to provide HTTPS and/or >>> sha256sums for downloads? >>> >>> >>> Wilfred >>> >> >
[Pharo-users] [ANN] Pharo Consortium New Bronze Member: feenk
The Pharo Consortium is very happy to announce that feenk has joined the Consortium as a Bronze Member. About - feenk: http://www.feenk.com - Pharo Consortium: http://consortium.pharo.org The goal of the Pharo Consortium is to allow companies and institutions to support the ongoing development and future of Pharo. Individuals can support Pharo via the Pharo Association: - http://association.pharo.org - https://salt.bountysource.com/teams/pharo
Re: [Pharo-users] [Pharo-dev] [ANN] Pharo Consortium New Bronze Member: feenk
Hi, An extra note to the announcement: Due to the 2016 campaign for extending the reach of the consortium, the Pharo Consortium receives from a generous external fund an extra amount corresponding to one year fee for any new members or the difference for any upgrading members. More details about the campaign can be found at: http://consortium.pharo.org/web/membership Cheers, Doru > On May 6, 2016, at 9:32 AM, Marcus Denker wrote: > > The Pharo Consortium is very happy to announce that feenk > has joined the Consortium as a Bronze Member. > > About > - feenk: http://www.feenk.com > - Pharo Consortium: http://consortium.pharo.org > > The goal of the Pharo Consortium is to allow companies and institutions to > support the ongoing development and future of Pharo. > > Individuals can support Pharo via the Pharo Association: > > - http://association.pharo.org > - https://salt.bountysource.com/teams/pharo > -- www.tudorgirba.com www.feenk.com "If you can't say why something is relevant, it probably isn't."
[Pharo-users] FFI documentation
Hello, Let's say I would like to create a binding to ncurses library. Is there any documentation on how to do it properly? Or at least do you have any advice to do it the right way? I have no real knowledge on how the unified ffi work. So any documentation is welcome. Thanks in advance. :) Julien
Re: [Pharo-users] FFI documentation
Hi Julien! Esteban L. wrote a chapter on it: https://ci.inria.fr/pharo-contribution/view/Books/job/PharoBookWorkInProgress/lastSuccessfulBuild/artifact/book-result/UnifiedFFI/UnifiedFFI.pdf It would be great to have a Help, accessible in the HelpBrowser in Pharo. Cheers, Alexandre -- _,.;:~^~:;._,.;:~^~:;._,.;:~^~:;._,.;:~^~:;._,.;: Alexandre Bergel http://www.bergel.eu ^~:;._,.;:~^~:;._,.;:~^~:;._,.;:~^~:;._,.;:~^~:;. > On May 6, 2016, at 3:21 PM, Julien Delplanque wrote: > > Hello, > > Let's say I would like to create a binding to ncurses library. > Is there any documentation on how to do it properly? > Or at least do you have any advice to do it the right way? > > I have no real knowledge on how the unified ffi work. So > any documentation is welcome. > > Thanks in advance. :) > > Julien >
Re: [Pharo-users] FFI documentation
Super cool! This is exactly what I needed. Thanks a lot! Julien On 06/05/16 21:18, Alexandre Bergel wrote: Hi Julien! Esteban L. wrote a chapter on it: https://ci.inria.fr/pharo-contribution/view/Books/job/PharoBookWorkInProgress/lastSuccessfulBuild/artifact/book-result/UnifiedFFI/UnifiedFFI.pdf It would be great to have a Help, accessible in the HelpBrowser in Pharo. Cheers, Alexandre
[Pharo-users] How to construct a multi-part file reference
Hi all, I have a question about the filesystem that I could not resolve using the documentation. The problem is as follows: I have a file reference that is 2 separate strings that I need to join into one complete file ref but I don’t know how because I don’t know what the platform’s file separator is. For example, on a unix-like OS I get ‘/home/jfabry’ as one part and ‘test/code/foo.txt’ as the other part, and I need to construct a FileReference to ‘/home/jfabry/test/code/foo.txt’.On M$ I guess this would be 'C:\users\jfabry' and ‘test\code\foo.txt’, so I need to construct FileReference to 'C:\users\jfabry\test\code\foo.txt’ And the bingo question is: what do I do if I both strings use different kinds of separators? TIA, ---> Save our in-boxes! http://emailcharter.org <--- Johan Fabry - http://pleiad.cl/~jfabry PLEIAD and RyCh labs - Computer Science Department (DCC) - University of Chile
Re: [Pharo-users] FFI documentation
On Fri, May 06, 2016 at 04:18:51PM -0300, Alexandre Bergel wrote: > Hi Julien! > Esteban L. wrote a chapter on it: Also take a look at https://github.com/PierceNg/libffidemo. The three accompanying blog posts: - http://www.samadhiweb.com/blog/2016.03.09.demoffi.html - http://www.samadhiweb.com/blog/2016.03.12.demoffi.html - http://www.samadhiweb.com/blog/2016.03.17.demoffi.html Pierce
