AltME groups homeHelpJoin REBOL3 world
  Find AltME posts   Help

Recent posts

Worlds:r4wpr3wp
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
12-May 4:35 UTC
[0.056] 16.743k
r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

Join the discussions in the REBOL3 world...

[Plugin-2] Browser Plugins

older
newer		first
last
Volker
29-Jun-2006
[1532x2]
complete is when it cant be exploited without some basic agreement 
IMHO. Which for me is some kind of "run this script really" before 
loading the real thing. In a way that stop normal people from using 
it, except they get personal motivation by trusted persons.

(since that can be done in a day ;)
Carl
29-Jun-2006
[1534x2]
Hi Volker... can you clarify that a bit (e.g. in what context)?

e.g do you mean run the script before installing or before running 
a demo, or ?
Volker
29-Jun-2006
[1536x2]
To make the current plugin ready for demos.

if i point people to http://polly.rebol.it/test/test/game/use/game/game-plugin.html
currently, they allow everyone to send every script, by installing 
it.
Terry
29-Jun-2006
[1538]
Critical problem.. no Mac support.
Volker
29-Jun-2006
[1539]
if the pluin shows a big url and a warning: this script could be 
used to install malware, do youreally want.." and i tell them "thats 
my url" it would work
Carl
29-Jun-2006
[1540]
We have started to address Mac by getting better understanding of 
the method used there.
Volker
29-Jun-2006
[1541]
while a completesave sandbox is still far away i guess.
Graham
29-Jun-2006
[1542]
Script signing ?
Carl
29-Jun-2006
[1543]
Volker, you are talking about security. And that is the top item 
on "my list" regarding why it is not "complete".
Volker
29-Jun-2006
[1544]
needs infrastructure. a month later i guess.
Carl
29-Jun-2006
[1545]
For me, if a user must worry about malware by running any REBOL script, 
then that is a problem --- a show stopper.
Volker
29-Jun-2006
[1546x3]
Yes, but IMHO it is complete if users have a good way to allow/deny 
it.

the basic protection against filestealing is there.

and the other things are based on trust.  i guess it can be hacked, 
or at least flood the machine.
Carl
29-Jun-2006
[1549]
Graham, yes, signing.  Take a look at the updater script... we are 
already employing script signing, so it is possible to make that 
work.
Graham
29-Jun-2006
[1550]
Surely malware can be written by anything?
Carl
29-Jun-2006
[1551]
Yes, exactly.
Volker
29-Jun-2006
[1552]
But if that anything is not that popular/needed, like javascript/flash, 
it canbe not instlled too.
Graham
29-Jun-2006
[1553]
Does the plugin have to adhere to safety standards higher than any 
other plugin language?
Carl
29-Jun-2006
[1554x4]
So there are two basic needs: confirmation of  trust (signing) and 
program limits.

G: that is a good question.

We should be at least as high.

Note that we also now sign the DLL, to prevent the hack "modify the 
security requestor text".
Volker
29-Jun-2006
[1558]
IMHO we are the new guys, and the doors are locked more easily.
Carl
29-Jun-2006
[1559x2]
The DLL uses authenticode verification.

Ok, so it is 10:50 here in Paris... and I must go.  But I ask for 
your help so we can make the plugin complete, and as soon as possible.
Geomol
29-Jun-2006
[1561]
Carl, I hope, you have a good vacation! Paris is nice. I were there 
last week.
Graham
29-Jun-2006
[1562]
Thanks for logging in and making that committment, and writing in 
english!
Carl
29-Jun-2006
[1563]
In my mind, and as I've stated, I think we must consider a 2.6.3 
release as well -- for some bugs that are critical.
Volker
29-Jun-2006
[1564]
IMHO that would work. makesure the script is by me, and that icant 
look in your private stuff except i am extremely nasty.
Carl
29-Jun-2006
[1565]
Yes, Paris is a very nice town.
Volker
29-Jun-2006
[1566]
2.6.* is still a good language :)
Carl
29-Jun-2006
[1567x3]
I would like to move here to complete R3.0 --- But, Cindy does not 
seem that excited about doing so.

Yes, thanks.

So, must go now.  I will try to check in tomorrow too.  This timezone 
is easier for me to do so.
Volker
29-Jun-2006
[1570]
cu :)
Pekr
30-Jun-2006
[1571x2]
Complete 3.0? :-) Is 3.0 so close to alpha release or so? :-)

regarding plug-in, my concern is just one - proxy - without it it 
will be no-go for ppl behind the proxy. My understanding is, get-net-info 
needs update ...
Carl
30-Jun-2006
[1573x4]
Yes. Confirmed. Josh is working on better way to obtain the proxy 
information, according to MS methods.

Sorry, although 3.0 is highest priority, we are "multiplexing-in" 
a few other tasks.

Just so you know for sure: we do plan to make a 2.6.3 (1.3.3) update 
to fix various R2 bugs, including a range of OSX related issues.

Gabriele is the main contact regarding the R2 priorities.  So, you 
must talk to him if there is a critical bug that you need scheduled 
for fixing.
Graham
30-Jun-2006
[1577]
It certainly makes sense to complete those things that can be readily 
done ...given that R3 may be months away
Terry
30-Jun-2006
[1578]
The desktop is nearly dead anyway.
Graham
30-Jun-2006
[1579x3]
Google and Microsoft are battling for ownership of the web space.

Rebol has a chance now that paradigms are shifting into general acceptance.

that the desktop is being superceded by internet applications.
older
newer		first
last