[sugar] Journal integration design for Measure Activity

[Bert Freudenberg]

On Oct 22, 2007, at 16:36 , Mike C. Fletcher wrote:

> Antoine van Gelder wrote:
> ...
>> The JokeMachine activity is a good example of an activity where  
>> 'resume'
>> by default makes sense.
>>
>> In this activity children can enter and read jokes in a list of  
>> various
>> joke books (Knock Knock Jokes, Riddles, Cheese? etc.)
>>
>> Should they exit the activity and start it up again the
>> NaturalThingToExpect(tm) is to see your joke books in the state  
>> you last
>> left them, rather than a blank slate which you must populate with new
>> joke books.
>>
> Please consider the security implications of this.

Indeed. But not all requests for improving the user experience  
actually conflict with security. Resuming where you left off  
certainly doesn't because that is the fundamental user experience we  
want to provide.

> BitFrost is designed
> with the idea that the only way to access information in the  
> Journal is
> by having the child explicitly authorize the Journal to grant  
> access to
> the information.  That separation is (partially) to prevent subversion
> of a program at time N from allowing the subverted program access  
> to all
> content created at time M<N without explicit authorisation.  If all
> activities are automatically choosing some random (as far as the
> security system is concerned) journal record to access and being  
> granted
> that access, you have lost the protection.

Nobody was suggesting that an activity should retrieve "random"  
entries. Rather, Sugar would resume the most recent entry for that  
activity on explicit request from the user (namely, clicking the  
activity icon).

- Bert -