Coder's Log

After I started working for Collabora in April, I've finally been able to put some time on maintenance and development of Geoclue again. While I've fixed quite a few issues on the backlog, there has been some significant changes as of late, that I felt deserves some highlighting. Hence this blog post. Leaving security to where it belongs   Since people's location is a very sensitive piece of information, security of this information had been the core part of Geoclue2 design. The idea was (and still is) to only allow apps access to user's location with their explicit permission (that they could easily revoke later). When Geoclue2 was designed and then developed, we didn't have Flatpak . Surely, people were talking about the need for something like Flatpak but even with those ideas, it wasn't clear how location access will be handled. Hence we decided for geoclue to handle this itself, through an external app authorizing agent and implemented such an agent

On last friday evening, while thinking about security and UPnP, I realized adding security might not be as hard as one might think. If HTTPS is used instead of HTTP together with authentication, Your neighbor should no longer be able to play his p0rn on your Media Renderer once he/she breaks into your wireless network. Giving it more thought, I then realized it might not be so hard to add this support into GUPnP and I was correct. After a few hours of reading libsoup docs and hacking around this weekend, I managed to add support for HTTPS in GUPnP. Adding authorization doesn't need any changes in GUPnP since we expose both SoupSession and SoupServer so applications can very easily add that there. Also no changes were required in GUPnP for the control points to be able to deal with devices/services using HTTPS instead of HTTP, thanks to libsoup. Here is a bug that you can follow if you are interested in this topic. WARNING : Use of HTTPS and/or authentication is not described in an