World: r3wp

no missing plugin message

Excellent!

It should show up as "REBOL/Plugin for Mozilla"

it does. the description is... not pronouncable :-)

again after reloading test.html the plugin disappears

ah, that's interesting.

I see that behavior too.

well there ya go, first bug. you get the first bug award

:)

thank you very... much

it works if you close the tab and open the url in a new one

I wonder if it registers that the plugin should start several times 
(which is what you can't do?)

I've gotta run. have fun playing with it. see you all tomorrow.

uh, do we post bugs to rambo?

Not RAMBO. Maybe create a checklist here and put them on it.

(Henrik, you've got my AltME color.)

testing

forgot to save

Better!

pressing the "Read FTP" button in the test script gives me:


** User Error: Server error: tcp 421 Unable to set up secure anonymous 
FTP
** Near: view-text read ftp://ftp.rebol.com/test.txt
>>

Probably the correct result.

So, when to see some of the demo contest as pages?

is there a new way to embed the plugin? http://www.rebol.net/plugin/demos/index.html
doesn't work

http://www.rebol.net/plugin/moz-1/cyphre-demo.html

does my chat client work under firefox now?

No time to test myself.

till later on today

graham, it seems you need to use a different method to embed under 
mozilla than under IE

doesn't work on firefox here

Oh :(

Cyphre demo, I just get a white screen. Test.html worked though

hit back button and forward and then  cyprhes worked. guess it was 
still downloading something.

Sound working too. :-)

Like graham, I need SSL as well, can't use many of the mash up sources, 
or do any google adwords api tools without SSL

Same here.  Qtask will require it.

The new plugin works fine with Opera too (v. 9 beta) ;-)

Now I recall one my old rant... would be very nice if  there's a 
way to call rebol func from javascript.  Something like: 

<input type="button" value="Send" onclick="rebPlugin.evaluate('send');"> 

So we can build an html interface and use plugin & rebol instead 
of  XMLHttpRequest and Javascript

this plugin is a great news, btw. Thanks :-)

Bugs found in Firefox with Cyphre demo: 

- starts with no sound (the music started when I opened a parallel 
session with Opera, in Opera the sound is ok)

- seems there are some problems with AGG: no rotating Carl Head, 
some flash with gears, no "rebol rulez" in the sky... (Opera is ok)

- when I close firefox the music continue for 4/5 seconds (until 
the buffer is empty ?). In Opera too.

- sometimes the plugin disappear if I refresh the page. I have to 
close the browser. In Opera too.


WIn2000, nVidia GeForce4 MX 440, Firefox 1.5.0.3, Opera 9.0 beta 
build 8393

test.html worked for me without restarting Firefox 1.5.0.2

(I did first look at about:plugins before loading test.html, though.)

cyphre-demo also works for me without restarting.

good work

Is this group more for bug fixes to the new plugin, or is it a place 
to make suggestions and discuss security issues?

all of this.

security exploits .. private message josh.

Security Issues:

- We should to be able to restrict with the secure native what files 
and dlls the plugin can access.

- The default security of the RT-provided plugin (not encapped by 
a third-party) should prohibit any access to any local files or libraries 
at all, even in the same directory as the script, and prohibit access 
to third-party network addresses as well. Or at least ask.

- There should be some way to access the site's cookies from the 
plugin, because there shouldn't be any other way to store local data 
on the client computer's hard drive. Anything short of that will 
be a security hole.

- There should be no way to reduce the default security of the plugin 
through the use of plugin params.

- Any attempt to reduce access should prompt the user for permission, 
in terms a non-technical user can understand. This means rewriting 
the security dialogs to be more user-friendly.

- Any relaxation of these default security restrictions should require 
encapping the script.

- A user (or their lawyer) should to be able to (perhaps through 
RT) track down the author of any encapped script.

- An encapped script should count as a seperate plugin as far as 
the user is concerned, at least as far as permission-to-install is 
concerned.


Basically, the default security of the plugin should not allow scripts 
to do anything you wouldn't want your worst enemy to do on your computer. 
People will try to use this plugin for advertisements, for webbugs, 
for spyware, for every nasty thing that you aren't evil enough to 
think of. Avoiding that kind of thing should be the focus of the 
default security settings. Anything less will make the plugin unsafe 
to install.

Might I add that a requestor should appear for EACH port access needed 
and the remote url MUST be clearly identified, each time.

Yes, and design the security dialog so that longer URLs are able 
to be fully shown,either by wrapping or scrolling.

we should also be allowed, as a user, to filter out ip adresses and 
urls which we never want to accept.