World: r3wp

OK, so I want to get a discussion started. What do you guys want 
to see in the next version of the plugin?

well, I'm not sure what the level of ambition is for the next version?

1.3.2 is going out as-is, just an upgrade to the latest rebol viewdll.

but at some point it'll be essential to run encapsulated scripts 
and use secure connections

1.3.3 is a feature upgrade, so i'm open to ideas...as long as it 
doesn't rely on something in rebol 3, we can look at it.

is it in any way tied in with the SDK? is it possible to do /pro 
or /command stuff?

Not sure on that, I need to check with Carl....I think I understand 
your overall question though, can we make a version of the plugin 
that supports pro/command right?

I need the plugin for an application that could potentially be used 
for a few thousand users in an open enterprise environment, but signed 
scripts and security are essential there.

got it. we'd have to look at some sort of licensing.

maybe have rebol in the plugin download a license from a web server 
or something like that.

we'd have to figure out a way to prevent others from using your license.

A way to protect plugin source code

A way to add higher order encryption

is a must...

in short, we have to make sure that the right users are running the 
script and only those users have access to data (customers, accounting, 
etc.)

encrypting the source?

I want my medical client to run in the browser as well.

Encrypting the source code? encrypting network traffic? both?

so need ssl if possible.

both.

if my plugin needs to pull my gmail email .. I need ssl.

got it.

SSL is not necessary if you're using REBOL on both sides.

But, if you need to access non-REBOL, I can see the need.

the x-internet is encrypted now.

I had this (wild?) idea that the plugin would be able to run normal 
rebol scripts, but with signed scripts encapped with the SDK would 
turn the same plugin into /Pro or /Command. I'm just brainstorming, 
but that would be a nice way to keep everything within one plugin. 
I don't know...

That's what we called /Platform.

Carl, can we do that?

But, there is always an issue about how you obtain the first keys.

Carl, one thing I thought about is how do you convince a user that 
the security in the plugin going through the webbrowser is trustworthy 
when the SSL icon in the browser window is not on? they might think 
that nasty stuff could be going on in the background. I think there 
needs to be some kind of indication that the script currently running 
is really secure.

we can add some kind of indicator, that shouldn't be a problem.

one issue is size. do we distribute /pro/view to everyone, and make 
everyone download a bigger file? or do we have two different plugin, 
two different sizes?

Anyway, there should be some way to get the above working. We already 
do most of this in IOS.

It may require a certificated authentication server that stores the 
license keys.

Because, unlike IOS, we cannot rebuild the executable binary each 
time.

Especially with the signed CAB file.

The file shouldn't be that much bigger--not like going from Base 
to CommandView--so I'd say include everything needed for commercial 
use. Of course, this opens up security questions too (e.g. lib access).

there is also another issue, I've been thinking about. is it still 
possible to create an invisble area in the webpage where you could 
drop a rebol script that could work as a keylogger?

The latest client request I got was to have it called something other 
than "REBOL". I know this sounds funny to us, but they were doing 
a demo and the potential client did *not* like the idea of installing 
something that sounded rebellious. Seriously, this happened.

you can call it REE-ball

:)

gregg, I'm also often being requested if it's possible to remove 
the "REBOL" title in /view windows. also seriously.

regarding the keylogger idea: that's a good idea, but the plugin 
can only capture keyboard input when it is activated. in fact, there's 
a new feature in IE 6.something that disables the plugin until the 
user clicks on it to activate it (it does this to all activex controls)

yess, that REBOL title thing is seriously nagging.
especially when using pro

OK, I got the REBOL title issue on the list.

An OSX version would probably be their request list as well.

Announcement: We've made a very, very early release of REBOL/Plugin 
for Mozilla available.

NOTE: This is a PRE-ALPHA version. Install at your own risk. Do NOT 
install these files on a production system!

The URL for download is: http://www.rebol.net/plugin/moz-1/.

Installation instructions: Download all the files. Copy them to your 
plugins directory (except test.html). Open test.html and it should 
work.

A few notes:

* There is currently no documentation (I'm sure you can figure it 
out from the HTML).

* The Mozilla plugin has only been tested with FireFox on Windows 
XP. 

* This is a Windows/Intel/x86 build; it will not work on Mac or Linux.

Also, the following features do not work as of this release:
* do-browser

* installation/updating/etc. (hence why you need to copy the files)