AltME groups: search

I further investigated all this. Yes, the tables are used by the 
kernel (if told to do so but what I see it's mostly so by default) 
and can be changed dynamically.

4th of July (a good time for me to do project work) but wanted to 
say thanks for the Statue of Liberty you gave us many years back.

RT used to have interesting definitions of "soon" in the past ;-) 
[Like we all do ...]

Jonathan, try to launch rebol from the console rather than by double-clicking 
on the icon. Also, make sure you launch rebol from a place you have 
write access. For example, i installed rebol within /opt/rebol-cmd/bin 
but I do not have write access on this folder. So, from my home folder, 
i launch rebol like this: /opt/rebol-cmd/bin/rebview

I need to prepare some installation instructions for our polish partner. 
I will do some scripts to access mySQL on their server, using rebol, 
but I will not have access to the site. So I want to be well prepared, 
so they don't get annoyed after writing them tens of times "try that, 
try this" etc. :-)

encap? that could be way to go ... but I am not sure what SDK I have, 
not probably /Command sdk - do I have shell enabled? :-)

but that was reported some xyz versions before. They do regular updates, 
it is really a nice app, having auto-updates for itself and its plug-ins, 
simply a joy to use - that is how apps should work - install just 
once and then have it up-to-date for ages ...

do you have all the plugins? it uses some codecs from windows. compiled 
mine myself, based on some tutorial. maybe distros has not everything 
due to ip?

so with ubuntu what do I do about the missing lib to run altme

Ok, I need some advice from you Linux gurus out there: I'm running 
my xpeers server on an old RH 7.3 installation with EXT3 filesystem. 
The server is running in a data-center, so only remote access via 
SSH.


1. Does it make sense to update the kernel / system? If, how can 
I do this remote?

2. I think with xpeers ReiserFS might be a better choice because 
I have thousands of small files on my system, that needs to be handled. 
How can I update the filesystem?

updating the system does make sense, but it should be done by someone 
familiar with the issue (if you do something wrong, there's nothing 
you can do to fix it remotely)

maybe you can do it by adding a new hd to the server. still a non-trivial 
task though, and i would try it on a local machine at least twice 
before attempting on a remote machine. :)

ok I am running into a problem running the last stable version on 
View-I can run as root but not a user ? running from root i have 
changed the permissions but when I do that,then I can not run a root 
? I remember on mandrake 10.1 I was able to run View as a user ? 
Also,what do I need to install to get the View 1.3 ? running on mandriva 
2006 ? Thanks from a Linux newbie

which distro do you recommend to linux newbie (me)?

Damn Small Linux 2.0 released..  http://www.damnsmalllinux.org/index.html


Damn Small is small enough and smart enough to do the following things:


    * Boot from a business card CD as a live linux distribution (LiveCD)
    * Boot from a USB pen drive

    * Boot from within a host operating system (that's right, it can 
    run *inside* Windows)

    * Run very nicely from an IDE Compact Flash drive via a method we 
    call "frugal install"

    * Transform into a Debian OS with a traditional hard drive install
    * Run light enough to power a 486DX with 16MB of Ram

    * Run fully in RAM with as little as 128MB (you will be amazed at 
    how fast your computer can be!)

    * Modularly grow -- DSL is highly extendable without the need to 
    customize

Trying to update my rebol installation on my red-hat 7.2 box. (Yes, 
it's old I know but it works without any problems). The new rebol 
stuff require a different glib_c version. How do I update this on 
my RH box?

From memory, rebol converts lineendings for you, if you upload via 
FTP across different platforms. That's what I used to do when it 
was a problem.

I'm not using rebol to do the upload. WS_FTP *does* convert line 
endings, Total Commander's FTP client does not. It occurs to me that 
using the 'q option is a good idea for CGI in general. You think?

what do to make in order to this side displayed ?

you need to run a web server .. and just opening tcp://:80 won't 
do it.

I presume that the minimum one needs to do is to listen on port 25 
and respond appropriately

I was thinking more of a simple mail server that only accepts mail 
for one's own domain.  In that case, I wouldn't need to do any mail 
forwarding. But I guess I still need to do a DNS lookup to confirm 
that the server sending mail is who they claim to be.

hopefully it doesn't have anything to do with Windows...

HELP w/ web rebol associations AND Rebol-View.
Here is the story..


On my PC, I have View pointing to an index.r file on my web server.
Everything is cool.

When I open up Rebol-View and traverse to my index.r on the server..
it works.


Now on the same server, I change the IIS-Web associations so that 
I can do rebol CGI.
I create a 'main.r' in some virtual directory on the server.
Web-ing to this http.//myserver/mydir/main.r   works GREAT!
CGI is working.


However, when I now open up Rebol-View on my local PC and traverse 
to my index.r which is
on the server.. I get an error.


The problem is that before.. rebol-view was requesting a file-download 
and the server sends it.

Now since IIS is doing '*.r' CGI, when rebol-view requests for the 
index.r download.. the server is processing the request
and attempting to send back html.. not a rebol file.


Is there any way of fixing this other than..

* changing the CGI association from '*.r' to something else  (ie. 
'*.rr')

* changing all my view-apps on the server from '*.r' to something 
else   (ie. '*.rr')
??

Steve, now i read your question again, you are writing a complete 
web-server? Why not looking at one available? Patch %webserv.r to 
probe a bit. It also splits the stuff into system/options/cgi, so 
you can study how to do that. Only problem is with post-data, its 
system/ports/input works a bit different to a real webserver. You 
need to look in /content-length and use a copy/part instead of carls 
loop. and sometimes to set the right port-modes by hand IIRC.

Does anyone have exoerience with CMS's with Rebol cgi? How do they 
scale compared to the usual suspects? (the three "P"s Perl/Python/Php) 
(Maybe that's the biggest hurdle to worldwide Rebol adoption: it 
doesn't start with a "P" so can't easily replace any of the aforementioned 
languages in the LAMP acronym ... Any chances of renaming Rebol to 
Pebol?)

Do you mean a CMS written in REBOL?

REBOL CMSes? Not sure there are any as such. It'd be good to have 
a generally available and scalable Rebol CMS.


As an example of what is possible, have a play with the various indexes 
here (topic, date, author, subject)
http://www.rebol.org/cgi-bin/cgiwrap/rebol/ml-index.r
That's 50+meg of data, 42500 messages. All handled in pure REBOL.

CAP, Codice Avviamento Postale (postal startup code, no idea what 
startup has to do with it)

what do i put in .htaccess to make rebol-files non-text/plain? and 
what return i in headers from cgi?

I'll backtrack to see what had happened. Me thinks it has to do with 
the my script "do"ing a library script. Maybe something was wrong 
with that.

Btw, I just got one of those virtual dedicated servers and so there 
are a lot of little things I have to do which I didn't owrry about 
before.

After all Carl decided to do rebol when he set up a linux-server..

I just today was supposed to do quick small form maintanance using 
Rebol. My friend gave-up on php, as he can't code. So - basically 
it all worked, I just have few questions:

1) How do I prevent printing rebol output, e.g. error messages to 
the browser? What is general aproach here? Should it be avoided to 
not eventually disclose script's content?

3) I have older version of rebcmd from linux sdk I bought. But it 
did not used 'read-cgi at that time (well, here we are with SDK coming 
late ;-) My question is - I uploaded rebol core into cgi-bin directory:
a) is it desirable aproach or should it be avoided?

b) how do I assure, that if I ftp rebol executable to cgi-bin dir, 
to have sufficient right of the target directory, so that it could 
be run?

what should I do to not need it?

most hosts set up perl is some bin directory and the shebang points 
to that... but most hosts won't do that for rebol for you.  so,you 
have to put rebol in the cgi-bin

1) should be secure. decode-cgi should put only strings in the data, 
nothing executable. (i use a lot "should" when it comes to security 
and i did not double-check).
But why do you do that? simply 
 mold decode-cgi
should give the same.

what about 3)? Graham said that FTP client should allow me to set 
permission, but I can't find any option to do it in FTP Total Commander 
provides ...

The problem with special keys and its usage is, that I don't want 
to use such special keys - I do use many PCs actively, notebooks, 
and once some PC does not have such keys, it slows my process of 
work ...

What do you prefer on notebook - touchpad as a mouse, or that IBM's 
- how to call it - stick between the keys?

then we will have to do it ourselves - speach recognition in REBOL 
:-) But we would either need library, or fast VM/port for fast performance 
... otoh it surely is not easy to do such kind of stuff ...

Pekr...keys in diferrent positions.  I have that problem of swiching 
machines too.

In the ideal world, I'd have one personal keyboard and use it on 
any machine. Without having to do all the unplugging. driver upgrading, 
and rebooting first....eFishAnt can you design the ultimate portable 
keyboard for me!?

if that is as good as speech recognition gets I think I could do 
better in probably about a month of programming -- I have been thinking 
about this problem for more than two decades -- while at apple computer 
by a push to get speech recognition to be part of every Macintosh 
-- but was unsuccessful

if they made this text recognition software in little better -- and 
I think they do but it does not come from Microsoft -- it would be 
a good way to communicate in All the old me hold me all the fault 
may

they do not ever actually spell out the word [it is always assumed 
to be the punctuation mark

Yesterday I talked to one web designer, let's say he is not too much 
experienced - he is good in graphics, but not so good at understanding 
all webdesign/browser related tricks. However - he told what I am 
thinking for some time already and Chris will not eventually agree 
- css is fine, but why do all .css based pages look the same?

but overal it provides us with new possibilities - I need to read 
more about it.  I never properly worked with tools like MS FrontPage, 
DreamWeaver, except their old incarnations :-), so I wonder how do 
those tools support css based design?

Petr -- there is no design in non-CSS HTML that you can't achieve 
with CSS -- even if you need to use barebones tables occasionally 
to do column things.  The statement "why do all .css based pages 
look the same?" might as well say "why do all web pages look the 
same?".

I also wonder, why java-script did not worked for html, if it is 
imo better to have general programming language (where you can do 
nearly everything) instead of something like css, where you can only 
refine your design, but have no constructs as loops, conditions, 
etc.

Chris - do you use Adobe ImageReady in conjunction to Photoshop?

how will they do it? Will link refer to local storage, or?

probably nothing to do with what the site 'designers' have to do.

or rather..site designers do not need to do anything to allow that

Did you do any speed comparisons to classical templating engines? 
:-) I read about smarty, its compilation etc., but found it unpractical. 
Maybe Temple with FastCGI could be even faster, as it could have 
some templates preloaded :-)

Gabriele - that is good to know .... hmm, I just wonder what plans 
do you have on temple. The thing is - it is imo correct aproach to 
templating, if your web designer can't program. If you are web designer 
and coder at once, you might find another template systems satisfactory 
enough.

Maybe there could be some download link, I was able to get it working 
with your help with few emails exchange. Thru other ppl usage you 
could gain more feedback or simply docs, or someone could do some 
other coding ....

Josh, is there some way to automate the build process, and do the 
certificates or whatever, so when you leave again, a new version 
can still be easily built?

it has to do with multithreading issues

OK, so I want to get a discussion started. What do you guys want 
to see in the next version of the plugin?

is it in any way tied in with the SDK? is it possible to do /pro 
or /command stuff?

Carl, one thing I thought about is how do you convince a user that 
the security in the plugin going through the webbrowser is trustworthy 
when the SSL icon in the browser window is not on? they might think 
that nasty stuff could be going on in the background. I think there 
needs to be some kind of indication that the script currently running 
is really secure.

one issue is size. do we distribute /pro/view to everyone, and make 
everyone download a bigger file? or do we have two different plugin, 
two different sizes?

Anyway, there should be some way to get the above working. We already 
do most of this in IOS.

Also, the following features do not work as of this release:
* do-browser

* installation/updating/etc. (hence why you need to copy the files)

uh, do we post bugs to rambo?

Security Issues:

- We should to be able to restrict with the secure native what files 
and dlls the plugin can access.

- The default security of the RT-provided plugin (not encapped by 
a third-party) should prohibit any access to any local files or libraries 
at all, even in the same directory as the script, and prohibit access 
to third-party network addresses as well. Or at least ask.

- There should be some way to access the site's cookies from the 
plugin, because there shouldn't be any other way to store local data 
on the client computer's hard drive. Anything short of that will 
be a security hole.

- There should be no way to reduce the default security of the plugin 
through the use of plugin params.

- Any attempt to reduce access should prompt the user for permission, 
in terms a non-technical user can understand. This means rewriting 
the security dialogs to be more user-friendly.

- Any relaxation of these default security restrictions should require 
encapping the script.

- A user (or their lawyer) should to be able to (perhaps through 
RT) track down the author of any encapped script.

- An encapped script should count as a seperate plugin as far as 
the user is concerned, at least as far as permission-to-install is 
concerned.


Basically, the default security of the plugin should not allow scripts 
to do anything you wouldn't want your worst enemy to do on your computer. 
People will try to use this plugin for advertisements, for webbugs, 
for spyware, for every nasty thing that you aren't evil enough to 
think of. Avoiding that kind of thing should be the focus of the 
default security settings. Anything less will make the plugin unsafe 
to install.

No, the sandbox won't work for the default browser plugin. Think 
of what a malicious script could do with a sandbox - it could write 
data files that could fill your hard drive, keep tracking data that 
the user wouldn't know to delete, etc.

We don't want a banner ad to be able to participate in a DDOS attack 
do we?

What we may need is a way to partially encap scripts:

- Encrypt them using the SDK licensee's key in a way that can be 
decrypted by the plugin and traced to the licensee.

- Decrypt them with RT's plugin rather than bundling them with native 
code.

- Prompt when loading them the first time, perhaps with company info 
like IE does with ActiveX controls.
- Give encapped scripts a sandbox directory like rebsite scripts.

- Let these scripts do what they must, knowing that if they are malicious 
you know who to sue.

Anonymous scripts shouldn't be able to do any more to your system 
than JavaScript in the browser can.

I'm just worried about the "evil" network access that Rebol can do 
in the background, which you can't see in the browser, but need sniffers 
to see. A method for showing network access needs to be really solid.

Henrik ..every application that you install has potentially the ability 
to do network access.

So Henrik, do you trust your bank to have access to your local files?

I guess I do. It's cheaper than having to drive 7 km to pay some 
bills. :-)

Anonymous scripts should be able to read through the browser cache, 
at least for files from their own site, but should assume that those 
files won't necessarily persist beyond the browsing session. You 
don't want to give them a sandbox that doesn't have its space limited 
by the browser's existing facilities, for security and privacy reasons. 
You definitely don't want anonymous scripts to store more than cookies 
on your systems.


The guideline you should set for default behavior of anonymous scripts 
is to limit it to the activities that would be OK for deliberately 
malicious code to do. Assume that all anonymous code is out to get 
you until proven otherwise. This is a browser plugin you know - it 
will be used in banner ads.

Hello Josh! I have one request. Try to run this:

under IE:
http://www.rebol.cz/~cyphre/plugin-ie.html

under Mozilla/FF etc.:
http://www.rebol.cz/~cyphre/plugin-moz.html


Drag the green box using mouse and try to move it quickly over the 
screen. You can see the time lag when the green box is updating the 
position.

Now try this from normal Rebol/View console:
do http://www.rebol.cz/~cyphre/plugin-moz-test.r


You can see there is no lag and the green box is updated very quickly.

Do yo have any idea what could cause this difference?

my specualtions: 

1. Are you always blitting the whole screen in the plugin versions? 
This could cause the slowdown as there should be updated only the 
part with green box on the screen.

2. Could be the slowdown cause by different(higher)  amount of mouse 
events which are pumped from browser to the plugin?

Here's my thinking on priority on the plugin project:

 1. IE plugin for 1.3.2 -- we'll have this online within a couple 
 of days.

 2. Mozilla plugin for 1.3.2 -- features equivalent to the IE plugin, 
 although we may need to chop a few things out (do-browser for instance).

 3. IE plugin for 1.3.3 -- the most important new features we can 
 include in a relatively short time-frame release.

 4. Mozilla plugin for 1.3.3 -- again, features equivalent to the 
 IE plugin, but this is equal priority with the next item.

 4. IE plugin for REBOL 3.0 -- new features that will ship with REBOL 
 3.0 (multithreading/multiple instances per browser, etc.)
	5. Mozilla plugin for REBOL 3.0 -- features equivalent to IE

If anyone has ideas on how to do that, please let me know (maybe 
voting for the top features? not sure).

1) Release a new "ID" for the plugin, so 1.3.3 would install side-by-side 
with 1.3.2. The problem with this approach is that the user now has 
a new plugin object in their Downloaded Program Files for every release 
of the plugin, which looks strange....not to mention problems such 
as: "does this web site support plugin version 1.3.2 or 1.3.3?" how 
do I know which version I have installed?

Yes, the installation will have to be quick. That's not a problem 
though, as we can download the files in the background (similar to 
what Flash and Acrobat Reader do).

not just that, but there should be a ridicoulus minimum amount of 
instructions to install it. such as: 1. go to this site to observe 
the installation. 2. click here to test. and that should be it. I 
know that's very difficult to do, but it should be the goal.

but like the first plugin version do not forget to take proxy configuration 
of IE or FireFox and the bypass-proxy input !!!!!!

As for things like do-browser, it would be nice if the copy of REBOL 
called by the plugin could be passed some callbacks to which it would 
delegate some basic functionality like requesting a local file, proxy 
settings, do-browser, etc. This would allow the plugin to better 
integrate with the browser's existing behavior and security infrastructure.

Right. It will be on the list, but may not make it until REBOL 3.0. 
That seems a little tougher to do. TBD.

I'd like to focus the discussion around one unanswered question regarding 
installation: do we inform the user -- in any way -- of a major REBOL 
+ plugin update (i.e. REBOL 3.0)?

If there is a problem after an update to a plugin, and you do not 
notify the user that there was a problem, there is no way for them 
to know what caused the problem, and they will waste thier time trying 
to hunt it down.  If you simply notify them when things are updated, 
they can connect the problem to the closest issue.

1) UI - we are not Flash player, we will likely produce real-life 
apps. So - do we give up right mouse click for configuration options? 
What if you will have your own one in your app? OTOH imo there NEEDS 
to be some UI for setting some parameters! Not everything which comes 
to my mind can be hidden from user. The ones which come to my mind 
- do you want to check for updates? Once a month, week, daily, Automatic 
downloade newer version? Ask, download. Use newest version if app 
does not specify its requirement? (maybe not needed, just an example 
of what could be configurable). Proxy settings .... List available 
version, provide uninstall button, etc.

2) Installation - I like several versions installation - IIRC even 
Java can coexist? I use it with mozilla - I run Mozilla suite or 
Seamonkey, various versions from various locations - they do share 
profile - settings, sandbox .... 'Needs field could work for us too. 
If the app specifies it, try to locate particular version. If such 
version is not available, display dialog, where you preselect latest 
version and provide with list-box, with ability to manually choose 
from available versions ... and "run" button ....

3) Integration - the toughest part - first - old plug-in way of integration 
was not optimal. REBOL's code  of 'get-net-info is outdated and broken. 
First thing is to get proxy info automatically, if possible, but 
still allow it to be settable. Most corporate users do use proxy, 
without it, plug-in in non-existant product for corporate environment 
imo. Why to allow manual settings? Well, dunno how many companies 
do use it, but our company does :-( ..... "use script for proxy configuration" 
- and the script is JS code, which browser can interpret, but not 
rebol itself, so we need ability to set it manually


... or - second point and probably the main point from the architecture 
pov - do we allow what rebol allows? Do we allow our own networking, 
or will we allow only to tunnel via browser? One one hand, we would 
get https, on the other hand, if we limit it, we are not talking 
about rebol anymore, but sligthly different rebol based product. 
As for me, I am not able to see all the security related concerns, 
so I let it to others here ...

As for simplicity, I do agree it all has to be as much automatic 
as possible. In IE is is better than in older Mozillas - you just 
click the plug-in area and it gets downloaded and started with the 
page refresh, not even browser restart is required IIRC ...

Sorry if this question has been asked before, I do not know... can 
you give me an idea of capacity of the server?  will it scale to 
thousands of connections or is it limited to hundreds (or less).

Does Cheyenne have an option to limit which network adapters it will 
serve to? For example, I have 5 adapters on this computer (ethernet, 
wireless, 2 VMware, Hamachi), maybe 6 counting localhost, and I would 
like the web server to only be visible to the virtual adapters, not 
even opening a port on the physical ones.


I remember this being difficult in REBOL, that REBOL would always 
open server ports on all available adapters, so you would have to 
inspect the incoming connections and filter. Have you come up with 
a better workaround for this, or a way to do it properly?

They do, AFAIK. I do have the standard Windows firewall installed, 
but it would be better (lower overhead) to just not open the port 
on the wrong adapters in the first place.

MikeL: I've implemeted a cheap solution by using the win32 API. Implementing 
NTLM natively in REBOL  require a significant amount of time, that 
I don't have currently, or in a near future. There are some non trivial 
algorithms to implement in REBOL like MD4 hashing. If required, I 
may work on such lib on a contract basis, else I don't think that 
I'll have time to implement that before next year. Maybe someone 
else in the REBOL community would have the time to do the job ?

Is this what you have to do SSL enable/wrap Cheynne ? http://www.stunnel.org/examples/https_windows.html

that is probably true. however I may change the architecture a bit 
since the parser is limited to two levels and is not recursive. the 
pages are generated from a limited list. all I really wanted to do 
was to make it easy to combine blogger.r, makedoc documents, dir 
listings and customized html output in a pipeline. it does most of 
that now, but the parser is only about 80% elegant. :-)

yes... must agree with Doc. It's very easy, just download the latest 
precompiled version (I have 4.20) install, uncomment the https as 
doc said and than do:
      stunnel.exe -install
to install it as service.. and:
      stunnel.exe -start
to start it.

Ok. Definitely will try it .. why do they have a how to that's so 
difficult ??

I'm not sure to understand your question Graham. Do you mean how 
to start Uniserve automatically at boot time on Linux ?