World: r3wp

REBOL.org uses an indexer i wrote for another application and adapted 
to the Library. Let me know what you need an indexer for, and I could 
comment on its suitability.

Hallvard must have an indexer too to run Rix: http://www.oops-as.no/rix

Just trimmed about 100 people from the Library membership list....
http://www.rebol.org/cgi-bin/cgiwrap/rebol/cpt-view-users.r


A lot of them were drive-by signups by spammers to get their URL 
a link ("Hi I'm Mandy, click my link for photos") And most of *those* 
must have an IQ hovering aound their waist size because they'd failed 
to click the profile option to make their URL visible to other Library 
members.


So the membership list (claiming 200+ members) is more relevant than 
it was before.


But the automated expiry script may have caught some genuine members. 
If your userid has gone and you want it back, please drop me a private 
message.

If I have a script that is based on some source code from within 
rebol (say, on the desktop code), what's the appropriate license, 
when uploading to rebol.org?

REBOL [
	Title: "REBOL/View Desktop - Main Module"
	Version: 1.2.0
	Author: "Carl Sassenrath"

 Rights: "Copyright REBOL Technologies 1999-2005. All rights reserved."

 ; You are free to use, modify, and distribute this software with 
 any

 ; REBOL Technologies products as long as the above header, copyright,

 ; and this comment remain intact. This software is provided "as is"

 ; and without warranties of any kind. In no event shall the owners 
 or

 ; contributors be liable for any damages of any kind, even if advised

 ; of the possibility of such damage. See license for more information.


 ; Please help us to improve this software by contributing changes 
 and
	; fixes via http://www.rebol.com/feedback.html- Thanks!
]

Well, the library header 'license seems to only accept one of: bsd 
cc-by cc-by-sa gpl lgpl mit pd public-domain rvd 

And it is needed, but noneof these seems to be acceptable ... I guess 
...

It seems you got the source code .... from, no, I just remember, 
it had once been released, right? But I just extracted the
code from a running rebol. I guess this header seems to be right.

When we added validation for the license field, we limited it to 
licenses that had actually been used by people contributing scripts:
http://www.rebol.org/cgi-bin/cgiwrap/rebol/license-help.r


I reckon there are way too many license variants already in the world 
-- it's the bane of the open source movement. (We had a list of over 
40 licenses that people in theory said they'd like to use when contributing 
scripts)

But,. as the note on the page says:

f you'd like to use a license for a contributed script, and you can't 
see it listed above, please send us Feedback.

OK, Feedback .... but I dunno what license I'd like to use ... what 
would you call it?

LPL ?

And note that if you extract the code from a running rebol, you won't 
get the license.  I got the above from the new SDK.
So, that message needs to be included with your script.

Wasn't Carl thinking about a new license at one stage ?

I seem to remember something like that ... but then ... I do remember 
lots of things said ...

Whatever this meens ;-)

Now the desktop source has a different license from the rest of rebol 
code.

Hmm.  Perhaps not.

Looks like the sdk has all changed to the above license.

means, of course

I'm not sure, is the license stated anywhere? I mean, for code extracted 
from the running executable ...

I don't think so ...

There might be a standard copyright somewhere that says you can't 
reverse engineer ...

I got the code from the 1.3.1 executable, so it does not necessarily 
use the same license as the one distributed with the older SDK.

But the current SDK license appears to say that it is now possible 
to publish all the sources on say, rebol.org ...

I guess it should be ... there are a lot of patches to the code on 
rebol.org, which maybe we should check the licenses on them.

So, time to ask Sunanda if we should now do that.

I don't know (or care) much about licenses -- generally speaking 
after I've written some code and it's been sold or given away,  I 
never want to see it again.....So I'm not the best person to ask.


Carl did offer the "rebol desktop license" which may be what you 
want. Some info starting here
http://www.rebol.com/news3610.html

the question is whether the library can host the sdk sources since 
the license appears to allow that.

I thought the SDK-Sources were proprietary.

Not any more.

Check the new license in the headers in the beta SDK.

I guess if Ingo has some code derived from RT's source, the cleanest 
approach would be to ask carl if/how it can be republished.

Wow. They are removing that restriction. I didn't notice. This is 
interesting indeed.

Well, IIRC the desktop code had once been released by Carl in the 
hope to get derived versions. So, publishing it _should_ be OK, I 
guess ;-)

But then, as I didn't used the published source (and don't find it 
at the moment), I'm not sure which license would be right.

Yes, Sunanda, I don't care much either, but this isn't my code, at 
least not completely. And though I'd think think that license hassles 
are just a superflouous burden ...

I guess in these times we should pay at least basic attention to 
it.

I don't know what 'lpl should stand for, I had thought about 'rt 
(as being derived from RT sourcecode)

I would call it an 'RT license for now.

Hey, fun stuff -- REBOL.org just got attacked by some sort of spambot 
trying to generate hundreds of fake signup accounts.
It managed to create 10 before our bot detection kicked in.
They must think we're stupid.

flood detection?

Time to implement Captcha ?

I presume AGG makes it easier to distort text for a visual Captcha 
...

Yep, we have our  own sort of flood detection running. I call it 
RID (rampaging intruder detection)


Problem with a captcha tyope solution is that we may need View to 
generate the random images. But our CGIs currently can only run under 
Core. Plus it disadvantages the visually disabled.

Each time I see an attack like this, it gives some more ideas for 
tightening up. Most of the time (like tis time) were one step ahead 
of the vandals.

That's awesome Sunanda.

Thanks -- we've been lucky so far.

REBOL isn't really a target  for hackers......Though it may become 
so if when it grows in popularity.

Here's an example of another Captcha - get the user to evaluate a 
rebol expression :)

They'd have to know REBOL first, though.

There are some very simple things we can do that would throw most 
of the stupid bots -- like a checkbox that has no other function 
other than to be checked.

Actually I was assuming that if they want to sign up for the library, 
they already have the rebol interpreter.

True.....but they might be in an Internet cafe that won't let them 
run REBOL.

methinks that is highly unlikely scenario

However, you can then point them to the freebell online rebol in 
java interpreter

The same bot  came back yesterday, via an anonymous proxy.

We are not alone -- this outfit is probing flaws in HTML forms on 
many (non-REBOL sites).

It would seem a reasonable security test on many websites to not 
allow sign-ups or feedback messages (etc) from anonymous proxies.

Hi Sunanda,


I have problems downloading the desktop librarian. Download always 
stops at 99% (tried with firefox and free download manager).