AltME groups homeHelpJoin REBOL3 world
  Find AltME posts   Help

Recent posts

Worlds:r4wpr3wp
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
17-May 2:53 UTC
[0.057] 16.874k
r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

Join the discussions in the REBOL3 world...

[Plugin-2] Browser Plugins

older
newer		first
last
Volker
29-Jun-2006
[1504]
for security: Until the plugin is fixed, could it show an own page 
first where it ask "do you really want to run this script?". then 
it would be still easy to show a demo to friends, but not for others 
to sneak scripts in.
Carl
29-Jun-2006
[1505x4]
Regarding comment above on "... jumping around from plan to plan....":

Sorry, but we are not.  Our plan has not changed in a long time. 
 But, what you see are pieces of the plan in development in parallel. 
 To explain...

REBOL 3.0 architecture consists of 3 tiers: environments, cores, 
plugins.

Environments are modules such as: console, browser, encap... but 
in R3.0 also things like Apache mod, IDE, enbedded, raw I/O, and 
others.
Graham
29-Jun-2006
[1509]
What can we say?  It's the perception amongst developers.
Carl
29-Jun-2006
[1510]
Yes, and I understand how you can draw that conclusion.
Graham
29-Jun-2006
[1511x2]
How close is R3 anyway?  Is it that close to replacing R2?

A number of us have projects based upon statements made about the 
plugin.
Carl
29-Jun-2006
[1513x2]
No, it is not that close to R2 for several reasons.... which is also 
why I look for parallel projects related to it.

In cases where development efforts for R2 also benefit R3, then we 
can do them now. That is the case of the Browser.
Graham
29-Jun-2006
[1515]
So, doesn't it make sense then to finish the plugin as it is so close?
Carl
29-Jun-2006
[1516x5]
Yes, it does makes sense to do so.

The first step in the plugin was to simply get it running again.

The next step was to get it to update properly, and while at it (and 
waiting on me) Josh did an amazing thing by making it deal with multiple 
instances.

So, what is important now is to build a list of shortcomings (e.g. 
security comes to mind), and prioritize.

We also value any inputs and contributions that can be provided by 
developers.
Graham
29-Jun-2006
[1521x2]
So, how much effort would it be to complete the plugin?  A day, week, 
month?

The current status is that all the demos on rebol.net don't work 
... this is not a good advert.
Carl
29-Jun-2006
[1523x3]
We need a short list of "items" that define "complete". Once we have 
that, we can work toward making that happen.

Certainly, I would like to see a non-beta of the R2.

in the plugin.
Graham
29-Jun-2006
[1526x2]
So, a short list of the outstanding critical problems .. see if they're 
fixable in your time frame , if so - commit to a final release?

That would be good.
Carl
29-Jun-2006
[1528x4]
It would be helpful if you (primary developers) could help us with 
that list.  So we are in agreement on  "complete".

In addition, things like the demos can be handled quickly by developers, 
as well as moving some of the contest demos into the browser.

It is also likely, and I should be clear, that some behaviors related 
to the browser handling of things like events may be somewhat different 
than in REBOL itself.  This is related to the fact that explorer 
is handling the events and sending them to us via a type of "relay" 
(we call it a window proxy).

We should try to minimize such differences.... but there are some 
that we may not be able to remove entirely.
Volker
29-Jun-2006
[1532x2]
complete is when it cant be exploited without some basic agreement 
IMHO. Which for me is some kind of "run this script really" before 
loading the real thing. In a way that stop normal people from using 
it, except they get personal motivation by trusted persons.

(since that can be done in a day ;)
Carl
29-Jun-2006
[1534x2]
Hi Volker... can you clarify that a bit (e.g. in what context)?

e.g do you mean run the script before installing or before running 
a demo, or ?
Volker
29-Jun-2006
[1536x2]
To make the current plugin ready for demos.

if i point people to http://polly.rebol.it/test/test/game/use/game/game-plugin.html
currently, they allow everyone to send every script, by installing 
it.
Terry
29-Jun-2006
[1538]
Critical problem.. no Mac support.
Volker
29-Jun-2006
[1539]
if the pluin shows a big url and a warning: this script could be 
used to install malware, do youreally want.." and i tell them "thats 
my url" it would work
Carl
29-Jun-2006
[1540]
We have started to address Mac by getting better understanding of 
the method used there.
Volker
29-Jun-2006
[1541]
while a completesave sandbox is still far away i guess.
Graham
29-Jun-2006
[1542]
Script signing ?
Carl
29-Jun-2006
[1543]
Volker, you are talking about security. And that is the top item 
on "my list" regarding why it is not "complete".
Volker
29-Jun-2006
[1544]
needs infrastructure. a month later i guess.
Carl
29-Jun-2006
[1545]
For me, if a user must worry about malware by running any REBOL script, 
then that is a problem --- a show stopper.
Volker
29-Jun-2006
[1546x3]
Yes, but IMHO it is complete if users have a good way to allow/deny 
it.

the basic protection against filestealing is there.

and the other things are based on trust.  i guess it can be hacked, 
or at least flood the machine.
Carl
29-Jun-2006
[1549]
Graham, yes, signing.  Take a look at the updater script... we are 
already employing script signing, so it is possible to make that 
work.
Graham
29-Jun-2006
[1550]
Surely malware can be written by anything?
Carl
29-Jun-2006
[1551]
Yes, exactly.
Volker
29-Jun-2006
[1552]
But if that anything is not that popular/needed, like javascript/flash, 
it canbe not instlled too.
Graham
29-Jun-2006
[1553]
Does the plugin have to adhere to safety standards higher than any 
other plugin language?
older
newer		first
last