If you were paying close attention to webOS land over the weekend, you may have noticed some drama – namely that a user at xda-developers claimed to have gotten webOS up and running on a Sprint HTC Hero. Although the project itself still sounds feasible enough, it may have been run off the rails by what turned out to be a fake.

Several xda members have attempted the process themselves, and our man Jerry over at Android Central ended up bricking phones, sadly. Several days of hopefulness ended with a blurrycam photo that took a Pixi screenshot and slapped it on a Hero. Said Rod Whitby of WebOS Internals’ Twitter feed: “Looked at the so-called webOS "port" to HTC Hero. It’s an unmodified webOS rootfs running on an unmodified Android kernel. Doubt it works.” Indeed, the whole thread had to be shut down.

Of course, on top of the technical difficulties behind getting webOS up and running on different hardware, there are also legal issues. We can’t see Palm being all that cool with a third party distributing modified webOS ROM images. webOS is Palm’s intellectual property, after all, and redistributing it as sandix is doing is a blatant violation of copyright law, as the poster himself admits. 

It’s all an object lesson in how hungry the world is for new and different hardware running webOS. If the possibility of even the staid Sprint Hero running webOS warms the blood, imagine how people will get when it finally arrives on something more impressive.

Source: xda-develpers; Thanks to windzilla for the tip!

READ THE FULL ARTICLE >>

Two researchers with SecTheory have announced that they have uncovered flaws in older versions of webOS that would allow for remote command and control of the devices. These exploits were discovered in webOS 1.4.X (1.4.0 through 1.4.5), but some have since been patched in webOS 2.0.

Due to webOS’ web-tech base, it will always be possible to hack the operating system using techniques similar to those used to exploit websites, though taking into consideration the fact that our phones generally contain far more personal information than any single website, it can be slightly worrying. Of course, the other side of the coin tells us that webOS wouldn’t be webOS without these web technologies. With every mobile platform there are trade-offs. Easy of programming and accessibility leads to a more easily exploited operating system.

According to the researchers, the Company field in the 1.4.X Contacts app is “unsantized,” allowing them to inject code that allowed them to pull other information from the Contacts database. Additionally, they were able to insert a JavaScript hook that enabled the use of tools such as keyloggers, possibly leading to botnets and the like.

There are at least two unmentioned caveats to this exploit: first the code isn’t executed until the user views it (it sits there until the contact containing the malicious code is opened and viewed), and the code still has to get on the device somehow. We can think of a few ways to get the code into a contacts field of your device. Insert it through a web-based contacts application (e.g. Google Contacts or their Exchange database, but then you still have to crack the user’s password) is the only remote manner we can fathom. Everything else requires either interaction with the user (accepting a transmitted vCard contact through email or other means) or physical access to the device. And if somebody else has access to your phone, you’re pretty much screwed anyway.

Overall, like every other security exploit revealed to date about webOS, we’re not too concerned. There are all sorts of ways to exploit webOS, some of which are essential to fun stuff like homebrew. That said, we’re not super huge fans of malicious exploits, and we’re glad to see that Palm has fixed this particular problem with the release of webOS 2.0. Now if only those of us that don’t have Pre 2 phones could download the new OS…

Source: Darkreading; Via: Engadget; Thanks to everybody that sent this in.

READ THE FULL ARTICLE >>

Smartphones are tricky animals sometimes, especially if you’re a power user or geek (as many of us are these days). You want to get into the very guts of your device and find out all of the cool and secret things about it, try out leaked software and hack it all to hell. But unless you’ve got extra money lying around that you like to blow on new devices every few weeks, you definitely don’t want to do anything to actually brick your device.

Testing those limits is fun, but everyone gets upset when they go past the point of no return. Luckily for us webOS users, ‘bricking’ your device is near impossible aside from breaking the device in half. If you run into a problem with your device, just go to the Palm website and grab the webOS doctor for the version and carrier of your choice. There’s a very clear set of steps you can go through to fix nearly any serious webOS issue.

Win/Win. You get to mess with your device and not worry (too much) about breaking it beyond repair.

read more

READ THE FULL ARTICLE >>

After a rulemaking process lasting more than a year, the U.S. Copyright Office (which is part of the Library of Congress) has issued new rules about the types of activities, which includes some smartphone-related ones, that it feels do not violate the anti-circumvention rules of the Digital Millennium Copyright Act ("DMCA"). 

By way of background, the DMCA, in addition to clarifying how online activities would be treated under U.S. copyright law, created a new prohibition against circumventing (going around) a copyright holder’s protections, whether code-based or otherwise, in addition to any claims of infringement. Not only is it illegal to do this circumvention, but it’s also illegal to "traffic" in technologies for doing so (which is how the people who published the DeCSS Linux DVD decryption algorithm also got into trouble). The problem is that, while the anti-circumvention rules may help to prevent piracy, they can also make it harder to do things that are otherwise legal, such as excerpting a small portion of a copy-protected DVD movie to show as part of a review, or creating tools that work well on locked-down smartphones. As a result, the Copyright Office proposed and has now finalized carveouts for some of these activities.

Among the six exceptions to the DMCA (to be published on Tuesday, July 27 in the Federal Register) are two that are of immediate relevance to our community:

(2) Computer programs that enable wireless telephone handsets to execute software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset.

(3) Computer programs, in the form of firmware or software, that enable used wireless telephone handsets to connect to a wireless telecommunications network, when circumvention is initiated by the owner of the copy of the computer program solely in order to connect to a wireless telecommunications network and access to the network is authorized by the operator of the network.

How does this affect webOS? Well, there are already plenty of open source components in webOS and beyond that, it’s much more accessible than, say, iOS. While Palm and HP have been substantially more friendly to patchers, there are still elements of the operating system and especially the third-party applications bundled with it whose interoperability and background function is, shall we say, of interest to some. Having this new guidance from the Copyright Office may provide some comfort to our developer community that their exploration might not be as potentially hazardous to their legal health as they’d previously thought.

Still – it’s fun to note that webOS is more open than some open source projects and that the very idea of having to jailbreak or root a webOS is kind of silly – that access is baked in and documented for any and all to use right out of the box.

More coverage: Android Central & What jailbreaking/unlocking DMCA means for end users at TiPb

READ THE FULL ARTICLE >>

So the big WebOS Quick Install v2.5 release happened today.  Aside from the theming support there were several other important and useful changes.

v2.5 – September 19, 09
– Completely redone patcher code
– Full theming support
– Added/updated many system mods
– Added "Messaging Mods" section
– Added virtual keyboard config settings

Theming is of course a very nice new addition (special thanks to madolen), but as you can see, it’s not the only new feature.  The big thing of 2.5, that easily took the most time developing was the new patcher that powers the Tweaks section.  It’s far more accurate, much more safe, and best of all has the ability to read standard unified format difference patches (the .patch files people also use with Qulit), though this functionality isn’t exposed for custom patches yet.

What does this mean for the average person?  It means I can add new mods and update existing mods to the Tweak section very quickly.  When WebOS 1.2 hits, it’ll take far less time to update and become compatible.

And of course, with a new patcher system comes more mods for the Tweaks section! Based on work done by fritos1406, there’s a whole array of Messaging mods to customize it however you’d like; enabling landscape, adding an avatar, adding a character counter, and much more.

There also several updated tweaks, including clipcarl’s iPhone user agent spoof.  As well, for those of you out there who use the Virtual-Keyboard, there’s a section for extra configurations like adding haptic feedback and setting a click sound.

So go and try out the new v2.5 (be sure disable all Tweaks from previous versions first), it’s got something for everyone.

READ THE FULL ARTICLE >>

Yep, you read that right, it’s possible to modify the WebOS source files without Linux access.  And it’s easier than you might think.  All that’s required is WebOS Quick Install v1.4 (or later) up and running, and knowing what you need to change in the files.

It’s worth noting that if you’re familiar with using Linux access, using Quilt, part of the optware package, is still better and more elegant for patch management, as it can automatically restore your device to a state where it can safely receive OS upgrades from Palm. If all that is a little intimidating (or laborious), you can use the guide for quickly editing webOS files.

Warning: Patches and modifications can screw things up, break stuff, and generally cause odd things to happen — always remove them before perform an update to the webOS!

read more

READ THE FULL ARTICLE >>

If you hadnt noticed, we’ve been all over the Homebrew app scene here at PreCentral.net  We love them much, we’ve created a dedicated forum for Homebrew apps! For now, there are only a few and also for now, you can install Homebrew apps without having to root/hack your Pre. 

To post an app, you simply need to get developer access from us — just shoot us a quick message from our contact form and select "Developer Access." If you’re a member, you will now see a handy "Email attachment" link next to the app so you can install it directly on your Pre.

We’re expecting that Palm will be issuing updates to the webOS – especially since as of right now the direct-install method doesn’t have anything in the way of dialog boxes. But Palm has said they’d allow sideloading so hopefully this loophole can mature into a legitimate method instead of being shut down – in that vein we defer to xorg at the Pre Dev Wiki, who writes:

The development world is drawn to the openness of WebOS. I hope you find a way to keep it that way. Keep liberty for all and only exercise security where needed.

I recommend that you keep the email link launching in the next release, with a new feature that would prompt the user that it may be dangerous to open an ipk link, just as other email package do for other platforms. Or have a Preferences setting in the mail application that allows downloading ipk, with default off but allows consumers to turn it on with a warning. Continue to have warnings with .ipk downloads. This is how you can have a balance of liberty and security. Please keep homebrew alive even before the SDK release. Thank you.

Expect the app section to fill out quickly and if you’ve developed a Homebrew app, don’t forget to get in contact with us to get it posted.

Also new to the forums: the ability to email yourself wallpapers directly!  Again, if you’re logged-in, there’s a handy email link next to image attachments you can use to have them emailed to you for use on your Pre.  Check it out in our Palm Pre Wallpaper Forum.

Not a member of PreCentral.net? For shame: sign up now!

READ THE FULL ARTICLE >>

Can we just say right at the outset that we’re absolutely smitten with the work that’s going on right now hacking the Pre. Homebrew apps without rooting is a go and now, friends, two more key advances have been made.

The first is a must: a Nintendo emulator running on the Pre directly without recourse to the Classic app workaround.  You’ll need to have a few more hacking skills than your average Joe to get it working (if "compile FCEUltra from within a Debian chroot" doesn’t mean anything to you, move along).  It’s also more than fitting that the game demo’d here is Contra …given that the whole key to all this development madness is the Konami code.  Folks in our forums are giving it a shot now and things look tasty. 

On the more practical front, one of the more bothersome aspects of the webOS broswer is that it’s unable to directly download anything (especially images), even MP3 are streamed instead of download.  However it turns out that the functionality is there, but just turned off.  A bit of work will get it enabled, but beware: trying to download a file the Pre doesn’t understand directly (like a Zip or an EXE) gives you an endless loop.

Thanks to everybody who sent these tips in!

READ THE FULL ARTICLE >>