World: r3wp

These self-evaluating values can be tricky sometimes. Many get tripped 
up by the datatype words, none, true and false. :(

I agree.

What's the best and safest way to execute a block of code in a function 
context? Example:

exec: func [code-to-execute][
	a: 1
	b: 1
	do code-to-execute
]

exec [print a + b]

This should give
>> 2

I know there is some "safe" way to do it but can't remember.

if a & b are locally defined, you should first BIND the block to 
execute like this : do bind code-to-execute 'a

A "safe" way (preventing malicious code) could be to parse your block 
to execute and allow only some words. In others words, you can achieve 
safety by filtering the code to execute using a reduced dialect of 
REBOL. You could also just define some additional local words to 
"disable" them (like: halt, quit, call, etc...) There's several approches, 
they depend on what "safe" means to you in this context.

Is it a bug or there is some system limitation which prevents to 
set a  modification-date of folder?

Doc, thanks.


Has anyone written a rebol code stripper to make a safe (not harming 
the executing process) way to execute code-from-the-wire?

Maxim once mentioned that he spent a lot of time sandboxing his Elixir 
engine.   iirc, he was confident enough to let it be open to random 
code.

That may not be technically possible in R2, once the code is loaded, 
but should be possible in R3, in theory. You could still be vulnerable 
to interpreter bugs that can crash REBOL, but you could sandbox against 
attempts to break the sandbox.

How is that done in R3?

Well, for starters:
- Words are unbound by default.
- Modules only load the contexts they are told to.

- Reflection is done by a separate native with some mezzs wrapped 
around it, not the ordinals.

This means (respectively to the above):

- You don't have to block everything, you can just allow what you 
want.

- You can just sandbox a module by having it not load the system 
context, or load your own substitute.

- You only have to eliminate one function to close the reflection 
hole, rather than replacing the ordinals with mezzs, slowing down 
all code.

hmm... why does launch/quit not work with URLs?

Thanks Brian, I suppose I will have to get exposed to that nature 
to understand it.

Same here: Modules aren't anywhere near done yet :(

the same when I use:

launch http://somewherequit

I wonder what the issue is here.

weird..

launch http://somewherewait 0.01 quit

works

Oldes - it's a very old bug

We should try and get that fixed for 2.7.7

I'm (again) studying how to get LAUNCH to accept args when launching 
a script, when I came across this in the SDK manual:


For example, if you want to launch a second copy of your program 
to process an action:


    launch 
-c do-it"

  It says it's a special function of encapped programs, but does -c 
  do the same thing as for an ordinary rebol executable, namely --cgi?

When 
  using the same string in a regular rebol console, I get just the 
  help output as if the argument list was wrong. It won't accept any 
  other arguments except if the script name is passed as a string.

Oldes, modification date - can you post to Rambo.

Is this a bug?:

>> to-block mold [<]
** Syntax Error: Invalid tag -- <
** Near: (line 1) to-block mold [<]

You might ask why would someone want to mold a block and then use 
to-block on it.  If you have added a block via the console across 
more than one line you will pick up the newline character in your 
block which you can trim/lines on if you mold the block.

Just a syntax side effect. Try: to-block mold [ < ]

< is normally part of a tag, but there is an exception made for when 
it is surrounded by spaces.

Yeah but that would still be a bug wouldn't it?

>>  to-block mold [ < ]
** Syntax Error: Invalid tag -- <

>> attempt [to-block mold [<]]
** Syntax Error: Invalid tag -- <
** Near: (line 1) attempt [to-block mold [<]]

Unfortunately, there are some REBOL values that mold to bad syntax. 
[<] is bad syntax.

Yeah.  I'm finding that out.  What about the attempt?  Shoudn't that 
have contained the error?

>> attempt [to-block mold [ < ]]
== none

what version is that?

ok I see I didn't have the spaces on the attempt one

In your version, the syntax error was at load time, before the attempt 
was called.

This isn't good for dynamic data.  If something is populated dynamically 
then would have to account for the spaces and check the dynamic data.

>> mold [ < ]
== "[<]"

Yeah but that isn't acceptable for me.

I would classify that as a workaround and the problem still to be 
a bug.

I said it was unfortunate :(

hehe

It used to be the case for to-file "" too.

ahhh well hopefully we can get it fixed.

>> [>]
== [>]
Not a problem for <

Yeah just the one needs fixed then.

>> [<
[    ]
== [<
]

yeah that is why I need the mold to trim the lines from something 
like that.

>> [ < ]
== [<]
>> new-line [ < ] true
== [
    <
]

Same value, different display.