World: r3wp

If the interpreter can find a way from the console to the access, 
a selfmade "interpreter" can find it too.

I think the problem is simply that one can't really prevent the use 
of the words in the code of the functions in the object.

Jep.

MichaelB. I thought I have done it. Ok. It was a good try. I like 
the first version though. I enables for some neat stuff. Even when 
having some holes.

Volker: actually you explanation sounds almost like a proof to forget 
it completely. Too simple - but Rebol is all about words getting 
interpreted.

I think that is no big problem. If you give code-control, you are 
doomed anyway. Hmm, could be used to have a password to login and 
destroy it reliable.

The secure way is to launch an external process to run user-code 
IMHO. Add 'secure unset 'struct! and hope there are no overflowes. 
Should be pretty save.

Jaime: I saved you code - it's nice nevertheless. :-)

Not completely - the code still needs access to the global context. 
if you bind every word in an own context and put selected functions 
there, it would work. Still tricky, for example 'second can not be 
exposed, else you get the functions body. I may forget other issues.

BTW would be nice if secure would support ulimit-calls.

That's one of my problems if I would like to have capability security 
in Rebol - all these omnipotent (is this the right word?) words, 
shouldn't be allowed - eg. only if my code gives out the right to 
introspect itself something like 'second should be calleable.

what does that mean ? the secure thing ?

something like
 secure [file quit %./public allow memory 2000 timeout 2]

There are cals for such restrictions in linux AFAIK, could be used 
on osses whith such features.

Ah. MichaelB, You want E.

Can E restrict runtime too? To kill infinite loops?

Don't know E. Only know that E offers the capability model. BTW, 
Infinite loops are only a worry if they consume resources. You could 
in theory always have lazy loops (which are infinite by default).

I want to run user-code for a request. Would prefer if that finishes 
after a while. Or, to resrict cpu-usage at least. Hmm, i guess e 
has threads, so could use a guard-thread maybe. if killing that is 
secure.

Is there a web-server in e? To use rebol thru cgi-style api?

lazy infinity loops == threads, almost.

Do you know how to do cgi-style-calls in c? where c and rebol communicate 
thru kind of bidirectional pipeline?

I'm no E expert - just know it from reading - but I like the capability 
model. So I guess E has nothing to restrict the runtime - I thought 
due to the fact that it can't be predicted, whether a computation 
stops, there will be anyway always some "hole". But I would like 
to have some restrictions on CPU usage say for windows (as Solaris 
seams to have it) - can't stand that copying some files can kill 
the whole system. But maybe this is something what doesn't belong 
to the language but to the OS offering the foundation ?

But language can help here.

Jaime as you talked about Haskell lately: if I remember correctly 
it has lazy evaluation, so would this help in the general case ? 
Was this what you were pointing to ?

Yes. I think that anyone will benefit from reading this: http://mitpress.mit.edu/books/chapters/0262220695chap1.pdf
(It inspired me to write make-instance).

BTW I just changed make instance to use closures. I like it better.

make-instance: closure [
	class [object!]
	/local class-vars instance-data class-methods v
][
	class-vars: copy [*-private-*]
	class-methods: copy []
	instance-data: copy []
	foreach w next first class [
		either function! = type? v: get in class :w [
			append class-methods compose/deep [
				(to set-word! :w) func [(first :v)] [
					bind second get in class (to lit-word! :w) '*-private-*
					do reduce [get in class (to lit-word! :w) (first :v)]
				]
			]
		][	
			append class-vars :w
			append instance-data reduce [to set-word! :w :v]
		]
	]
	use class-vars compose/deep  [
		(instance-data)
		context [(class-methods)]
	]
]

maybe a stupid question, but is this chapter out of that book http://www.amazon.com/gp/product/0262220695/qid=1136588064/sr=8-1/ref=pd_bbs_1/102-4260152-7911319?n=507846&s=books&v=glance
??

Another thing that would interest me, is how is the speed impact 
when using your above function, now even with closures - I mean the 
closure function copies everything on invocation and also make-instance 
itself binds everytime anew?

It is going to be slower, but not that bad.

>> time-block [CounterClass/bump] 0.05
== 4.234619140625E-6
>> time-block [ctr1/bump] 0.05        
== 1.17197799682617E-5
>> a: 4.234619140625E-6 
== 4.234619140625E-6
>> b: 1.17197799682617E-5
== 1.17197799682617E-5
>> a / b
== 0.361322409814242
>> b / a
== 2.7676113433266

It is slower because of binding

But not that much, given all the stuff that happends.

do reduce [get in class (to lit-word! :w) (first :v)]
->
do get in class (to lit-word! :w) (first :v) ; should work too

either function! = type? v: get in class :w [
->
either function? v: get in class :w [

Optimizations welcome ;-)

It improved but not by much.

ah the joys of BIND...

>> a: make object! [b: 0 c: b]
>> a/b
== 0
>> a/c
== 0
>> set in a 'b 7
== 7
>> a/c
== 0

How do I restore the context?

wait... that's not the problem

The context is fine. When you do  c: b  you are setting c to the 
value of b (or rather a copy, since 0 is an immediate value). When 
you change the value of b the copy of the old value remains the same 
in c.

Bind isn't used here.

I realized that just now. the problem was entirely different.

question concerning 'get: First, why doesn't get support something 
like "get my-object/user-data"? Next, how to get a path word?

path word? such as

in my-object 'user-data

?

Forget the last question...

Does the file execute setting of the secure native mean anything 
on Windows. What is it supposed to mean?

how to easily do base conversion? e.g. working with bitmasks, I want 
to be easily able to obtain e.g. 255, #FF, "11111111"

... and convert between those ...

ah, probably enbase/base #{FF} 2 ..... I just wrongly tried with 
#FF ..... but then each char got converted separately ...

I also found Sunanda's 'base-convert.r script, so forget my question 
....

From RAMBO group: I don't know about "pretty " versus loadable, but 
what specific issue does it cause that you don't want that extra 
information available? WRT "form 1.0"