AltME groups: search

Ok, that works. Thanks!  I can see that I have a little bit of studying 
to do to learn the commands .

Louis;  Woohoo.  CLI wins in my book.  Everytime.   Well I take that 
back a little.  Windowed CLI's are just that little bit better, in 
terms of eye strain and quickly getting from task A to task B.  Konsole 
is the da bomb.  Note, my mileage varies.  I don't really do art, 
but I appreciate it when I see it.


Learn some bash, AWK, sed, tr and cut and there won't be a text file 
that can't be scrunched and munched into whatever form you desire. 
 ;)  Well, Icon too if you have reaallly complex needs.  Umm, assuming 
REBOL doesn't already have a one-liner solution.

bad UI argument .... dunno how others do it, but I prefer to set 
my settings in control panel, not ending up with myriads of different 
requesters asking for myriads of permissions to which reaction of 
users I know apriori - they will hate this, possibly click yes or 
no no matter what and wonder why things eventually don't work ..... 
all I am asking for is security presented in sensible way, that is 
all ...

OK - one thing is clear now - "What would you let your worst enemy 
do with your computer?" should be a saying for Rebol plug-in .... 
now just how to represent it ...

I will be using the rebol plugin probably in two ways: 1. making 
real applications as part of a subscription service. 2. making real 
applications that are paid for with ads, generally text and flash 
based ads. And when I say real applications, I basically mean doing 
things you cannot easily do in java or javascript. These ARE things 
that require trusted security, such as sending raw emails, loading 
and saving files, doing virus scans, and all the freaky stuff you 
cannot normally do using AJAX.  Quite simply the situation is that 
if you could do it with AJAX, there is no reason to use rebol--from 
the laymans point of view.

Ryan, that sounds like just the kind of thing that signed scripts 
should be able to do.

Here's what I am trying to do.  I have a client that has a locked 
PC build (users can't install software).  The plugin managed to install, 
and when network connected was able to find the .r file and execute 
it off the hosting web-server.  However, say the web-server is down 
or network connectivity is unavailable, I'd like the applications 
to still be launchable so the app isn't impacted by an 'outage'.

Brock, I'm pretty sure it's possible to do that now. I killed my 
network connection and tested the plugin with a remote file that 
I had already downloaded (it was in the sandbox cache)

Volker, that may do it, I guess I will need a way to get that local 
html fine into the sandbox, though.  I don't want to install anything, 
but might be able to have the app automatically write that file to 
the local sandbox, hmmm, will try it out.

would save code, if you did not need to change the file. Then
  load-thru url-of-online-html
would do the trick.

Tell me where I'm missing it. The goal of the plugin is to provide 
an environment for REBOL apps to run within an HTML page. It has 
nothing to do with download.

Tell me where I'm missing it. The goal of the plugin is to provide 
an environment for REBOL apps to run within an HTML page. It has 
nothing to do with download.


This is the second time you have paraphrased what I wrote in a way 
I can't tract.



R: I can't wait to be able to click on a ".r" file and have it just 
pop up and go.
J: How does double-clicking on a r file relate to the plugin?
J: It has nothing to do with download.


I don't know why you mention double click, nor do I know what downloading 
has to do with this.


Perhaps we can get on the same page by simply answering my question… 
when someone comes across a .r file, what happens now?

Reichart: What happens now? If the View EXE is installed, it launches 
and opens the .r file. If not, nothing happens.


That is the ideal scenario. I manually associated .r files to the 
View EXE, so I don't know if it does that on install or not. If not, 
that's a task for whoever owns the EXE installation. It has nothing 
to do with the plugin.

Lets come back to my original statement "I can't wait to be able 
to click on a ".r" file and have it just pop up and go."


You seem to be getting side tracked with assumptions or something.


Q: Reichart: Actually, when I click on a .r file for download and 
press "Open", it launches View but doesn't open the file. Why? I 
have no idea. It looks like two things need to happen:


A: And what should happen, and what 60-90 people will expect to happen 
if this is to be "part of the web" is that it does exactly what Flash 
did (which is now part of FF), and most other plug-ins do, which 
is ask you if you want to install a Rebol plug in.


If the person says yes, then it does its thing, goes back to the 
original .R file, and pulls it in and runs it.


If you are a nerd, you can go screw with your settings to make it 
first ask you if you want to:
O View source 
O Run now


Q: These are legitmate issues, but they all relate to the REBOL EXE. 
I'm sorry, but it's just not my area. 
A: No, it seems this is 100% the plug-in. 


Let me ask a different "set" of questions that might make this all 
easier?


When will we all be able to click on a ".r" file (and by .r I mean 
a link that is actually a wrapper with all the crap needed to know 
what to do), and it will ask you to install the plug-in, handle all 
that crap, and it will go back and get the .r file and run it?

launches View but doesn't open the file

 here it launches, IIRc it did that immediate without me setting something 
 (now i prefer editor by  default, so cant check).

and by .r I mean a link that is actually a wrapper with all the crap 
needed to know what to do

 AFAK that is some html-markup, not *.r-created. On IE the plugin 
 installs automatically, on firefox that will come.

And plugins and mime are two things, plugins run inside the browser 
and need some marku (AFAIK), mime-types are launched by  external 
apps (rebol if the server says its application/x-rebol)

Do you have a link to a page where I can test this now?

Do you have a link to a page where I can test this now?

We should actually make contact with Opera's team directly.  They 
might be just as interested in Rebol as Rebol is in them.  I do not 
know anyone there ( I do know some of the FF team).  But I was planning 
to contact Opera soonish because I'm interested in working on a relationship 
where people buy a thintop (I'm coining this word for now) which 
is a super simple laptop with maybe a 1 gig sim card for memory, 
a keyboard, LCD display for lets say $100 bucks.   Has nothing BUT 
a browser (no OS….no M$ in other words).  I imagine this shipping 
with Opera built in, and I want it pointing to Qtask out of the gate.
 

So to answer your question, I think we need to get someone at Opera 
to take interest in Rebol, and help us solve problems.

that is bad, how do you want to support certain features then, if 
you can't depend on it? Should I ask about latest FF and npruntime? 
What version of FF were you checking against?

Pekr, do you or anyone else have a working C++ code sample of using 
NPObject with the GetValue method? That's what was giving me problems....if 
so, please send via private msg to keep this group free for discussion.

Hi all....here's an update on what we're working on for the next 
plugin release:

 * Multiple instances -- this feature will allow you to run multiple 
 plugins side-by-side within the same IE or Mozilla process.

 * Automatic updating -- no more uninstall! (aren't we all thrilled? 
 :)). This will be the last update you will have to install manually 
 via uninstall/reinstall; future backwards-compatible updates will 
 come automatically (with user consent).

 * Smooth install on Mozilla -- FF and other Mozilla.org-based browsers 
 will have a smooth install experience similar to IE.

 * do-browser in Mozilla -- you will be able to interact with the 
 HTML page from your REBOL scripts in Mozilla browsers.

 * Last, but not least: Opera 9 support -- the plugin will be compatible 
 with Opera 9, although the install process will not be as smooth 
 as Mozilla & FF.

it is not part of the plug-in, yet it is out of our influence to 
change it, or to manually do any settings to plug-in - no user.r 
:-)

Brian's suggestion might work, but not sure Josh will do it, as he 
already suggested we should contact Carl, to fix View code involved 
...

Josh's aforementioned secure source code was something I suggested. 
The other part of the suggestion was that every secure script would 
be cryptographically signed by an SDK license key, or some other 
way for RT to trace the author of the script. Only those signed scripts 
would be allowed to store persistent data in a sandbox without the 
attempt to do so prompting the user with a security requestor.

Your last reaction to when I brought this up:

OK - one thing is clear now - "What would you let your worst enemy 
do with your computer?" should be a saying for Rebol plug-in .... 
now just how to represent it ...

btw - what do you mean by "should not get a persistent sandbox at 
all" - do you mean it should not be allowed to write to temp at ll, 
just use memory? Or just by anonymous you mean randomly generated 
"anonymous" directory somewhere in Temp directory?

No, just use memory. No cookies except browser cookies - there should 
be a way to access them, similar to how do-browser lets you access 
JavaScript. Perhaps a wrapper function around do-browser could work 
for now.

Brain - are you suggesting so tight security for us rebollers only, 
or do also other plug-ins use such limited environment? (although 
I am starting to understand, that there should be NO way of how to 
harm your computer, or it will be regarded - unsecure)

Well then, the question you should consider when thinking about newbies 
is this: What would you let your worst enemy do with your computer? 
This is the web. We aren't talking about saints here - we are talking 
about people who use baner ads to install spyware.

i thought we talk about local storage. what has that to do with banner-addds?

As I've mentioned here before, there many nasty things you can do 
with the present plugin and I don't want to make suggestions on a 
web-public group. Go private if you want some ideas - I trust you 
not to misuse them.

askiing user e.g. what you discussed here - "do you want your previous 
cache to be deleted?" would result to "What is cache?" in 99% and 
users would press "Yes" .... or "no" .... :-)

then we need to investigate ways of how to better utilise do-browser 
...

You could write *-thru functions that used the browser to do the 
reading, with its cache.

Sure. Not hard at all - I expect it must do something similar to 
mak do-browser available.

You could probably implement port schemes for cookies:// and cache:// 
right now using mezzanine code wrapped around do-browser that would 
do the trick quite nicely. Then, all you would need to do is assign 
cache:// to view-root and the existing functions would work.

Which brings to mind a question: What JavaScript types get converted 
to REBOL types when returned by do-browser?

Doesn't url based security limit the ability to do clientside mashups 
from multiple services?

Allen, do you mean clientside mashups like these?:
- DDOS zombies
- Spam relays
- P2P relays
- Anonymous proxies

So, which of these do you want a webbug written in REBOL or Flash 
to be able to do?

do they have time and resources to sift through thousands of expertly 
crafted scripts per day? (just being positive about a future scenario 
:-))

james, in IE, do you see the information bar at the top of the page 
requesing your permission to install the plugin?

We are pleased to announce a new release of REBOL/Plugin. This release 
includes several new features, including:

 * Multiple instance support -- you can now have up to 5 instances 
 within one IE process.

 * Automatic updating -- after this release, backwards-compatible 
 updates will come automatically with user consent (no uninstall required).
	* Smooth install for FireFox and Mozilla.org-based browsers

 *Now compatible with Opera and all Mozilla browsers compatible with 
 npruntime. 
	*do-browser now functions in Mozilla.

Brian. Mashups (as I'm referring to) is the common term for webapps 
that utilise numerous webservices and combined in the browsers. But 
I hope you can come up with a security method that allows us to utilise 
advertising, google adwords-api, flickr, amazon-api, numerous maps, 
calendars. etc ; without having to combine on a single server before 
it goes out to the clients rebol plugin. I can do all this now in 
a browser, but I won't be able to with a rebol-plugin?

so obviously I'm arguing for something I will still be able to do. 
so I'm fine

read-via-browser might be a better method, seemless do the javascript 
http object without having to expose the javascript required to the 
rebol user, but will it will then pickup the browser security settings 
on such things

How do you add rebol.com to your list of approved software installation 
web sites in Firefox?

Yeah Graham, I'm waiting for the same.  I think JoshM just needs 
to have a status report on IE, FF, SA OP.  Actually we need to do 
the same thing for Qtask (so I''m not ragging, just pointing out 
we ALL need to do a better job of keeping everyone updated).

Volker: do-browser simply executes a line of javascript within the 
context of the HTML page. Whatever security settings apply to javascript 
running within <script> tags in the page apply to do-browser code.

can java-script open the socket? because rebol can by simply open 
tcp://1234 .... will be catched by firewall, if present - but would 
that be regarded a security problem? How far do we go with limiting 
rebol? It would be good to slowly get to rebol's security bigger 
picture, to prevent the final solution being inconsistent ....

Volker: That "wait time" may be due to the new auto-update feature, 
which checks for a new update at RT's servers every day. Do you notice 
a speed improvement on subsequent uses of the plugin within the same 
day?

Pekr: The docs do need to be updated. We're working on that.

Volker: That's interesting regarding wait. I will raise that with 
Carl. It may have to do with the plugin's more complicated event 
loop.

get-net-info is imo critical - imo majority of corporate users are 
behind the proxy. Imo to get those users on-board, we have to 1) 
provide ability to do some settings (control panel icon, right mouse 
context menu, whatever), or to make proxy detection better ....

... and in a company, do you want the admin to walk to all boxes 
just to set up Rebol/plugin?

what do win32 features for REBOL 3.0 mean? Anything specific? Rebol 
is meant being cross-platform, although many would like to see things 
like better systray, com interface etc. :-)

it would just work a lot better if there were more people assigned 
to easier tasks and something that would be officially recognized. 
does RT themselves have to maintain docs and site? why do I have 
to wait 2 months to see a typo in a document fixed when I could do 
this myself?

we are for example still lacking proper documentation for VID. there 
are still many secrets in it. A knowledgable person could write it, 
some one else could proof read it and make suggestions about documentation 
flow and Carl could comment on it and have the final say. But if 
I know Carl right, he's very hands-on, wants to do it himself. :-)

for security: Until the plugin is fixed, could it show an own page 
first where it ask "do you really want to run this script?". then 
it would be still easy to show a demo to friends, but not for others 
to sneak scripts in.

Yes, it does makes sense to do so.

if the pluin shows a big url and a warning: this script could be 
used to install malware, do youreally want.." and i tell them "thats 
my url" it would work

So, must go now.  I will try to check in tomorrow too.  This timezone 
is easier for me to do so.

Just so you know for sure: we do plan to make a 2.6.3 (1.3.3) update 
to fix various R2 bugs, including a range of OSX related issues.

But yes, Josh, it seems like correct order. I give my vote to proxy. 
Dunno how many folks work in companies behind the proxy, but because 
there is not user.r by default, nor there is some abilitiy to launch 
desktop, the plug-in should do as much as possible, in regards to 
correctly detect proxy ...

For NTLM authentication, isn't there some OS API to do that ?

I can't imagine that each program using Internet has it's own NTLM/Kerberos 
authentication scheme!!

It's not exactly the REBOL cross-platform way to do things, but it 
seems to make sense for this Win32-specific scenario......

With this approach, we're not building full auto-config/NTLM/Kerberos 
proxy support into REBOL, rather we're utilizing the OS API resources 
to do it all for us.

Good reasons, and I agree, the best way to do this.
We nee da universal XML export import with ID compare.  



In other words, CureCode needs to be able to export itself as XML 
(Easy).
It needs to import XML (Easy)


It needs to import XML and update the old XML keying on some ID value. 
 Not so easy.


Once done, building things like RSS feeds with just the top 10 recent 
changes becomes easy.


Also, then we can sync Qtask and CureCode.  There are a lot of cool 
side effects though…


-	We have an integrated file share, so you can link to screen shots.
-	Qtask has the ability to have conversation about each issue.
-	You can throw your issues onto a calendar view.


I know this is not your concern right now, but this is the direction 
we are going in, and need to learn how to best allow this type of 
integration.  Much as you have made one thing to test another, we 
have the same problem constantly.

If someone can do a step by step blow on installing curecode ( including 
what ever one has to do with mysql ) .. I will try and set it up 
as well .. I need a public bug tracking database too.

Several questions:


- what is meant by Severity field of values - text, block, feature? 
I do understand major, minor, trivial, etc., but not those mentioned 
...

- for better searches, I would expect field 'fields to be filled 
in with every field form contains. E.g. I want to filter using 'Built-in

- CureCode, if slightly refined, could serve as auto changelog generation 
system. But Carl (or responsible person) would have to fill-in 'built-in 
field. In the past, I e.g. proposed addition of small table called 
Releases to RAMBO for such purposes. It would contain named releases. 
Main base could have small helper, value 'next pre-filling 'buil-tin, 
once someone markes it as built. 'next would be related to the closest 
relese from the Releases table.

Not even that. It would be sufficient to do two things:

- Do a server-side redirect to a get page when you go into edit mode 
on a ticket or comment update.

- If doing a post and the session has timed out, create a new session 
and save the data to it temporarily and take the person to a login 
page. After the relogin, take them back to the page with their edits 
prefilled in. Then let them save (or perhaps save on the way).

The problem is not the twice, it's that it keeps going. I do the 
reload to let it continue and it does, back and forth forever.

Anything I can do to help?

BrianH, on 21-Jan 11:16 PM you said : "Do a server-side redirect 
to a get page when you go into edit mode on a ticket or comment update."


I'm not sure to understand the "server-side redirect to a get page" 
part. When you click on a ticket ID or comment [Edit] button, you 
enter in edit mode using a GET request. What would a redirect improve 
here? Is it related to the browser Back button and client cache management?

although I do see why it's intended not to sort.

Can you move tickets between projects, or do they need to be redone 
or copied?

Pekr, I think you jumped to a conclusion.  It is not that one needs 
to release their own browser, but rather that you can do some fun 
skinning, and also offline more, which all browsers don't support 
yet.

For example, you can program Chrome to hold the contents of HTTPS 
between sessions, which FF does not do.

Sure, you can change settings, but giving people a single "thing" 
that does it correctly works for me.

Qtask (for exmaple) supports ALL browser, since www.iQtask.com is 
simplly HTML. 

Qtask did some tricky things with JavaScript to control tables, which 
is why Safari and Chrome fail.  We should have this fixed by the 
end of this month.  It is a small set of fixes.
So we then will support all browsers.


But still I woudl build a custom version of Chrome to do some "extra" 
tricks.  We also plan to support Flash plug ins, for audio support, 
etc.  These are all extras.

I love your "killing REBOL schtick" .


REBOL is a language, the x-internet concept is one of the many cool 
things about it.  BUT, for now, I'm going to keep my marraige in 
place between REBOL + HTML + JAVASCRIPT.

Pekr, you are right. This week I am mostly working on Qtask work. 
However, my role in the R3 GUI project has been to do Core work.

BrianH: I am so serious about REBOL, that I almost can't bear, how 
this whole project is treated :-) What you do is cool. YOU are the 
top guru in our community nowadays, as Ladislav is not here. You 
mostly patch Core mezzanines, no? I try to urge Carl to get to the 
point of release, where sources are put into DevBase. I am also not 
much satisfied with r3-gui world - while top REBOL coders are there, 
they mostly don't contribute, they rather chat here ;-)

Brian - I know what you do. What I mean by R3 core work is really 
a low level work - finish Unicode, finish modules, finish plug-ins, 
finish tasking, etc., so that projects like Cheyenne (which could 
turn in kind of killer app for REBOL) can proceed (move to R3).

Cyphre's work on REBOL is paid work, and they tend to accumulate 
a whole batch of fixes for him to do in one job.

Richard not working on REBOL has NOTHING to do with Qtask.

Gab not working on REBOL has NOTHING to do with Qtask (but they can 
speak up for themselves.)

My FMS server is hosted, so I need to prepare for the event by ensuring 
enough connections, bandwidth, and storage space reserved on the 
server.  I currently have a 40 connection limit, but it's no problem 
to raise that as high as needed - I just need to do it soon.  I'd 
appreciate some help getting a concensus of the number of people 
to expect.  Right now 4 people are signed up at http://rockfactory.us/events/devcon.html
 for December 27th, 3pm EST.  Is that when we've decided to hold 
the event?  We had an additional 10 people signed up for yesterday's 
prep meeting, and 16 people came to visit.  Signing up at http://rockfactory.us/events/devcon.html
 would help me get a better estimate.  I could set up a registration 
process and hand out unique user/pass combinations, but would prefer 
to leave it as open as possible for those interested to just join 
in...  If anyone has ideas about how to estimate a head count, I'd 
appreciate any suggestions.   Thanks!

Guys, this is why I want to put up a webpage.

I think in the spirit of crowd sources, no one person should be expected 
to do more than one thing.


Nick, don't worry about the webpage, Gab, or someone will host.
Chris, or I, or someone will do the art and design.
etc.  


I plan to pound on this tomorrow in fact.   There are no egos here...who 
ever can help or do the best job, step up.

Reichart, I received an error page "I'm sorry, you seem to be attempting 
to access a file to which you do not have permission to access"

Reichart, I'm getting the same "iI'm sorry, you seem to be attempting 
to access a file to which you do not have permission to access"
I have an account already...

I am at my parent's (or stated different: travelling back from my 
parents') on dec 27th because they are taking all their grandchildren 
 to a play. So I might be there only partiall, or not at all. I will 
do my best to make it though. Maybe I can lure the wife in picking 
up the kids but she is in all kinds of end-of-years trading markets 
selling this time of year.

Not to screw things up, but Is there any benefit to do this maybe 
the first weekend of January rather than between the holiday period? 
 With people hosting family or travelling to family this is not only 
going to limit the live viewers, but also the people available to 
present.  I see others already mention not being available, and as 
it is I will be between sporting events as my kids are in tournaments 
over the holidays.

I'm completely open to whatever the community decides to do :)   
It's probably not such a bad thing to keep this first presentation 
smallish, and to consider it a learning experience.   One thing that's 
clear so far is that it'd be good to decide on one or several people 
to manage operations officially, and to create a web site to organize 
future events.  For the time being, this event does appear to be 
shaping up well, for the short matter of days we've spent contemplating 
it :)  There are 19 live attendees signed up at http://rockfactory.us/events/devcon.html
.  We appear to have a viable way to make the presentation, and I'm 
looking forward to seeing anyone who has the time and motivation 
to speak about REBOL related topics :)

I do need a final list, by Wednesday, of all presenters, along with 
an estimate of  the amount of time required for each presentation. 
 If any presenter has a particular requirement for when in the order 
their presentation needs to take place, please let me know.  This 
must to be finalized now so that I can reserve necessary bandwitdh 
for the event.  Thanks!

late to the party.


so, where to I go to sign up to join the DevCon? Or do I just pop 
into some web site and view the presentation?

Reichart, the page looks great :)  I haven't heard from any other 
presenters, and do need to reserve bandwidth today.  How long will 
you, Chris, and the Qtask team need?  LAST CALL for presentations!

Chris, it would be cool to add a count down timer on the website 
though, and easy to do...

http://rockfactory.us/rooms/room22/is exposing my password

Not to mention rejecting it when I am already lgged in at  http://2008.rebolconf.info/on/People

Do I need a second login for that 'home' page security 'JOIN CONF' 
??

Chris, may I suggest we set up the wiki website such that at the 
top is a given even (Name + Date) and that everything else be put 
on one big page.  

This has a lot of advantages.  This is not to say people can't put 
things on other pages, but if we do it this way, everything can be 
in one place.

You come to the Home page, then click on the event you are interestested 
in, and that is it.

Sunanda, agreed...

Basically there are for stream techs we need:

- Camera
- Computer screen
- Text
- Audio.

All of this needs to be captured.


Text is still BEST in AltME, it was designed for this, this is also 
a way to bring people into the fold.


Computer and Camera are not the same concept, since video is fine 
at 320x250 (even if stretched), while Computer needs to be exact. 
 


We still have some tweaking to do here, but this is coming together....

What I would do though, is to distinguish the numbering of Devcons 
- I would not call it fourth devcon, but first virtual DevCon. OTOH 
even with "phasical" devcon, many ppl do attend virtually anyway. 
So what do you think about that?

This is a stream from a friend of mine http://www.ustream.tv/channel/freedom-of-information-2008-az


She is using UStream to do this.  I'm going to play with this, but 
it "seems" sort of perfect for the Video part of what we are doing.
you set your "Show time" and go!


But, I will only know after I have played with the incoing, and also 
tried broadcasting, and gotten feedback from a large group.