World: r3wp

I am more in favor of finding a short name, it's a very common idiom.

Yeah, it is a common idiom. But some symmetry to REMOVE FIND FLAGS 
FLAG would be nice, and I don't expect Carl or anyone to be willing 
to replace REMOVE FIND by another native or mezzanine. That wouldn't 
be worth it.

For now, I've decided to go with 

	>> union package/changes [weight]
	>> exclude package/changes [address]

since speed is really nothing to worry about in my case now.

I thought ALTER was going to go away in R3, because nobody uses it. 


As an example of a func that operates conditionally, it's nice, but 
I can't remember ever *needing* it.

I would still like to set up metrics to see what funcs are used most, 
for both development and production (i.e. profiling), and set up 
a rating system. There have been some ad hoc analyzers in the past, 
but no reference system.

Yes, Graham, I know. I should just do it. :-)

I wasn't going to say anything ...  my interest in r3 development 
is rapidly waning ...

Graham - we should stick it into REBOL3 channels and post to Carl 
via all possible channels. R3 "developments" once again completly 
sucks...

The lack of carry thru from Carl just totally sucks ... and is extremely 
disincentivizing

Carl posted a bug in curecode today, so I guess he's back to R3 coding.

---

ok.. moving here from !REBOL3 talking about a sandoxed execution 
option and option to somehow separate native Rebol pure and unpure 
functions

for example you know join will just "calculate" result and you can't 
screw up anything existing with it... where append can , or set can 
even more

well, you can scan the incoming function and disallow 'set

or create a safe dialect that looks like rebol ...

I will give another example where I claim doing a dialect for it 
all is useless option. So you have a rebol server that holds a big 
block of users in ram you send it 2 functions a filter >> function 
[ U ] [ all [ greater? U/age 20 lesser U/age 30 equal? U/gender 'female 
] << and a mapping function >> function [ U ] [ uppercase rejoin 
[ U/name " " U/surname ] ] << server will accept the code and collect 
items where first returns true then process them vith mapping function 
join them with reducing >> function [ U ACC ] [ rejoin [ ACC ", " 
U ]<<  function and return the result.

- the point here being that all functions used rejoin greater? equal? 
lesser? uppercase? are pure functions and can't screw up anything 
whatsoever

- second point is that to do this via dialect you would have to recreate 
whole rebol in rebol which is very very suboptimal (why do we have 
an interpreted lang then??)

- so if you could sandbox execution of functions , for example by 
only allowing pure rebol functions this would be solved

No you don't ... only one person has to do it and shares it with 
everyone else.  Thank you very much.

You can't really sandbox R2, but R3 was designed with that in mind 
so it should be easier.

somehow specifying pure functions or limiting their side effects 
is not only good for security but for writing more bug free code. 
If I could say, raise an error if this function that I wrote to just 
calculate something does anything else would be good for writing 
less bugs.

BrianH: yes, I am throwing this into discussion for R3 ..

Graham: I don't know what you meant with that scentence. If I came 
out as arrogant or attacking you in my writing above, I can say I 
*really* didn't mean it. I am just trying to get my message accross, 
which I am not so good at since english is not my native lang, it's 
1:25 in the night here and I am a little nerwous since I told someone 
I will finish something before tomorrow and I am chatting here instead 
of doing it :)

You don't have to limit to pure functions if you limit access to 
data. Even modifying functions are OK if they only work on legit 
data.

That's the difference between sandboxing and going side-effect-free.

yes, that would be even 10x better :) if runtime could wrap something 
and not allow it mess anything whaterver it calls!

so you are saying something like this could be possible in R3.. well 
you have my and Sunanda's vote for that :) (we talked in !REBOL3 
earlyer)

I'm saying that if you create a safe dialect that people can use 
for sending functions across the network in r2 .. well, great ... 
we can all use it.

aha, but wouldn't that be recreating rebol in rebol. and chance is 
that that rebol will behave a little different than normal rebol 
in some edge cases

I understand you otherwise, if runtime doesn't allow 100% safe execution 
then this is the only way, I am just saying it would be cool if it 
would allow it

Well, in R3 we don't have pointers or pointer arithmetic, you can't 
just reference arbitrary memory, all data has to be either literal 
or returned from a function. Words aren't bound by default, they 
are bound by the LOAD and DO mezzanine code, which can easily be 
replaced for your sandboxed code. The code can run in an isolated 
module with careful control of its imports.

I'd like users to construct their own sql as well and send it to 
the server ... but I don't

If I new enough about sql .. I could scan their query and check for 
safety

new = knew

We also have execution limits in R3 (which will be improved). There 
are no such limits in R2, so your sandboxed dialect would need to 
be staticly determinable if you want to avoid endless loops.

There's a web demo of R3 ... .

I think he checks for execution time before killing endless loops 
...

A sandboxed dialect in R2 would be slower because of the overloaded 
ordinals.

sql can't redefine itself so you could with analysis somewhat surelly 
test if select is really just select, but there are some border cases 
with string escaping specific to certain databases that's why it's 
really hard to prevent sql injections manually (or so they say)

You would have to replace them with mezzanine code.

BrianH: yes, I saw that .. that is very nice also in such cases

2.7.7 would be easier to sandbox since R2/Forward did half the work.

Maybe something related .. why google is using Lua : 

http://google-opensource.blogspot.com/2010/01/love-for-luajit.html
http://article.gmane.org/gmane.comp.lang.lua.general/62321

>>Our Lua usage isn't too widespread at the moment; it's really one
infrastructure project in particular that uses Lua to allow

user-defined functions to run within a tightly controlled container.

Lua was the best choice, because of its low overhead, fast execution,
and the ability to set limits on execution time.<<

hm.. basically I see now where my inspiration came from to finally 
started nagging about this today :))

Lua was designed as an extension language, not a general-purpose 
language.

basically they mention exactly what we are talking about now. also 
about what you mention "execution limits"

yes, I know.. but those abilities only make it stronger not weaker 
at the end (it also has some form of sandboxing it seems):
http://lua-users.org/wiki/SandBoxes

the fact that R3 will be embeddable inside c apps is a HUGE plus 
in my view too

They make it stronger at a different field of endeavor. We can borrow 
ideas from Lua for those occasions where we are performing Lua-like 
tasks, especially to make extension language dialects.

I embedded lua and nekovm when I was working at some game to make 
levels scriptable instead of data driven. It was really nice way 
to make games, and if I could I would much rather use rebol. rebol 
is the data and dialect language which is main point of embedding 
dynamic languages in the first place

And these embedded dialects could even resemble a subset of the DO 
dialect.

I really like lua, I would most probably be using it if it weren't 
for rebol which still have even more reasons to use it

cool

BrianH: while I have you here :)) .. is there any chance to have 
a curry word in rebol 


>> format-money "$" 10000 "" "," "." ; args are: before number after 
1000-separator dec-separator
>> format-money "$" 4500 "" "," "." 

>> my-format: curry format-money [ "$" _ "" "," "." ]
>> my-format 10000
>> my-format 4500