World: r4wp

Kaj: I got a reply from AVIRA telling me that the binary I've submitted 
was clean:

https://analysis.avira.com/en/status?uniqueid=KwPWqW429CmT1fNpbHWQgDxQ8ryDHO4T&incidentid=1301128

WebKit ( I don't ckow if this can help... ) : GTK3 sample work fine 
for me after "/usr/lib$ sudo ln -s libwebkitgtk-1.0.so.0 libwebkit-1.0.so.2"... 
and sometimes  : ./LazySundayAfternoon-Browser 
java version ("1.6.0_24"

OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~12.10.1)
OpenJDK Server VM (b1uild 20.0-b12, mixed mode)

*** Runtime Error 32: segmentation fault
*** at: A66DB327h

Daniel, thanks for testing. The GTK error is recent; I reported it 
last week or so. But I didn't get the float error with it, which 
makes me think I need to add back FPU initialisation to it

WebKit has been changing their API a lot, so the binding is only 
for the older version. Segfaults and such would be expected when 
fooling it. Also, the GTK binding is developed for GTK 2 at the moment. 
I'll update them when I start running newer versions myself

Anti-virus: should I suspect that we have to submit every build of 
every version of every program to all anti-virus vendors to get them 
recognised?

Only if Red does stuff that will trip the heuristics, or be run on 
a system with AVG (since they require you to pay them money to revert 
a false positive diagnosis). Which we can't know ahead of time because 
those heruistics are unpublished and thus untrustable.

Ah, another modern extortion scheme

Yeah. The way it goes with AVG is that any false positive dispute 
is automatically rejected, and escalation to dispute that requires 
paid support. I have refused to use AVG ever since they refused to 
retract their false positive diagnosis of R3 alpha 94.

Or rather an earlier alpha, the last private alpha build before we 
switched to public alphas.

It was a while ago, so pardon any mixups with the version.

Good tip. I'll use the same policy when advising Windows users

MS has a really great false positive dispute process. I've never 
had a problem with them. Even in cases where the diagnosis isn't 
false as much as it is iffy, such as diagnostic tools that admins 
need to use but which you don't want non-admins to use, it just labels 
tham as "Medium Risk" and lets you choose to allow them to run if 
you like on a case-by-case basis.

The new Windows Defenfer in Win8 is pretty much a relabeled Microsoft 
Security Essentials with a few more features. Haven't had a problem 
with MSE yet that wasn't resolvable.

I've just got an answer from F-Prot, they just whitelisted the sample 
binary I've sent to them but didn't send me any info about their 
heuristics... So I think that in order to avoid loosing my time trying 
to get any info from those AV vendors, I'll just add a specific signature 
to Red generated binaries, so that they can be whitelisted by all 
AV vendors (when possible). I can't see what else I could do, except 
warn users about some crappy AV software.

So, I could just add a static c-string!, what good unique signature 
sequence could we use, and how long should it be?

Be sure to not include such a signature in Red's output of user binaries. 
We want to keep Red itself whitelisted even if Red's users decide 
to make malware with it.

Good point.

OTOH, that could be a good selling point for Red. ;-)

Not for long, since they'll stop whitelisting Red. It's similar to 
leaking your authenticode signature to malware writers.

What point is virus scanning if you need generic signatures that 
it will let through?

Afaik, authenticode is supposed to handle that process, at least 
to a certain extent. You cryptographically sign your binaries so 
when they do bad things there's someone to blame. If your binaries 
aren't signed, they're assumed to be bad by some people.

That's signing the complete binary, that's much stronger than adding 
a signature

Right, it's definitely better than a whitelist constant.

All these anti-virus program makers tell you something you already 
knew: your software does not qualify as a virus or did not contain 
any known viruses.

Or you are 1 of the worst script kiddies. Or you managed to disguise 
the virus relly well this time ;)

Fixed the FPU configuration. The bindings are in good shape again

Great! :-)

I see Ruud prepared a new batch for you :-)

I'm sitting next to a Windows 7 Ultimate machine to test the bindings, 
but it's unusable because it has been updating itself unasked for 
hours, on shutdown and on startup, and now won't start up anymore

An Internet connection for a Windows machine is close to a lethal 
injection

why don't you just disable the auto  downloading?

It would need to start up first to reach that...

well, that's the first thing I do when I set up a Windows machine

but then, I'm pretty anal about keeping the system up-to-date

what happens if you go to the "last known good configuration" - F8 
on startup?

I do as Adrian: first thing when installing any Windows version, 
disable auto-updating.

I never ever had issue caused by Windows auto-updating. You guys 
don't like Windows so much, that you are seeing a ghosts :-)

Second thing I do: install Microsoft Security Essential (it's free) 
and forget about all common antivirus issues (slowness, instability, 
intrusive ads, false positives, ...).

It's not my machine, and safe mode or F8 doesn't provide an option 
to restore the configuration

Petr, this machine just became a ghost

format C:

:-)

It's already planned to install Linux Mint

Kaj: I get a lot of type casting warnings since the last commit on 
GTK-widget.reds, could you please check if they are legitimate or 
not?

I get one on the GTK binding and one on WebKit. I haven't seen them 
before the 0.3.0 merge

All that talk about my machine, I touched one button and it awoke 
again ;-)

Wich doesn't mean the problems are solved, but it's a start ;-\

Kaj: the changes I did today are generating a lot of warnings with 
GTK binding, I will have a look at it later to see if it's a bug 
or if the binding code needs some minor changes.

Natasja: seems that you'll have a brand new system soon. :-)

Is it correct that Red/System can't print Unicode on Windows like 
the other systems?

DocKimbel: That would be very welcome :-)