AltME groups homeHelpJoin REBOL3 world
  Find AltME posts   Help

Recent posts

Worlds:r4wpr3wp
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
5-Jul 18:11 UTC
[0.071] 16.963k
r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

Join the discussions in the REBOL3 world...

[!REBOL3-OLD1]

older
newer		first
last
Gabriele
5-Jun-2007
[3390x2]
otherwise... i would have solved the problem in some way... it's 
just parsing. worst case you call out to some known good parser like 
openssl

and if you don't even want to trust rebol's internal rsa code... 
you can call openssl for everything. that code is trusted by all
Pekr
5-Jun-2007
[3392]
Yes, I know. But imagine me being an evil man. I will register with 
RT. They have their own CA, register me, give me certificate. I will 
do evil script. PPL will trust me, run the script, and damage will 
come. They turn to RT, and RT tells them - that developer is Petr 
Krenzelok. And I say - what? I never registered. So, the only way 
of RT to know I am who I am is, that I will visit some CA, provide 
some evidence (ID card, driving license, passport), and register, 
no?
Gabriele
5-Jun-2007
[3393]
that's correct, RT should never certify you are you without having 
proof.
Pekr
5-Jun-2007
[3394]
What I am talking all the time about is - how to build trust in distributed 
environment. Some of us will need to produce scripts with lowered 
security. If I see a requestor asking me for lowering security, I 
will not run the app, unless I can be sure, that it comes from Gabriele 
for e.g., and that if Gabriele ruins my HD data, I can visit DevCon 
next year and ask for refundation :-))
Gabriele
5-Jun-2007
[3395x4]
a digital certificate is just like a paper certificate - the value 
depends on the issuers, and the parties involved.

someone may trust a document signed by me, someone else will need 
an official document from some state authority.

trust is generally based on chains

i trust you because someone else i already trust trustes you.
Pekr
5-Jun-2007
[3399]
in order to be able to verify certificate, you need to verify it 
against the root certificate of CA. So if RT becomes CA for its developers, 
it would be better for them to be able to verify, who asks for certificate. 
E.g. visit devcon in private, for Carl to be sure who you are :-)
Gabriele
5-Jun-2007
[3400]
basically, since you are running rebol.exe, you are trusting rt already.
Pekr
5-Jun-2007
[3401]
yes, rebol.exe could do damage in the extent of my OS user priviledges.
Gabriele
5-Jun-2007
[3402]
so, if rt can identify me (eg in person at devcon like you say) and 
tell you via certificate that a script is really from me (identification 
+ authentication), you can then trust the script if you trust me
Pekr
5-Jun-2007
[3403x2]
hmm, host executable is open sourced, right? Who will be officila 
provider of such exe?

yes
Gabriele
5-Jun-2007
[3405x2]
who's the official provider of linux? :)

rt will provide an official one
Pekr
5-Jun-2007
[3407x3]
but easier for RT to verify you is to accept some certificate, than 
to travel to devcon :-)

ah, linux ... so true .... you have to take some risk ....

Simply if I find some R3 distro with modified host environment, so 
better I am sure where it comes from, right?
Gabriele
5-Jun-2007
[3410x4]
what i mean is, the tech side of things is in rebol. the non-tech 
side is a different matter altogether.

right :)

same thing if you find any exe anywhere.

if someone sends you rebhost.exe via email... well... i would not 
run that ;)
Pekr
5-Jun-2007
[3414]
that is why I think we should think about signatures (which is just 
a hash) and certificates in a bigger picture - mainly when we think 
about SDK apps or browser plug-in apps with lowered security level 
... the truth is, it does not need to come with initial release, 
but should not be forgotten about.
Gabriele
6-Jun-2007
[3415]
looks like R3 with 1000 animated gobs on 1000x700 window is at least 
2x faster than R2 with 1000 animated faces on 1000x700 window. (someone 
has reported 5x)
Henrik
6-Jun-2007
[3416]
wow, this will be good :-)
Pekr
8-Jun-2007
[3417x3]
guys, any other spoiler for us unlucky? :-)

what about porting Particles demo for e.g.? Or any other clever measurement 
gui stuff?

there was some simple script measuring FPS (refresh rate), it would 
be curious to see how AGG compositing helped us.
Anton
12-Jun-2007
[3420]
I'm gobsmacked ! :)
Pekr
12-Jun-2007
[3421x3]
what does it mean? :-)

ah, gob, so some relation to gobs?

that probably mean at least one thing - you are part of early testing 
group. So, now off to private chat and prepare for being investigated 
:-)
Anton
12-Jun-2007
[3424]
http://dictionary.reference.com/search?q=gobsmacked
Pekr
12-Jun-2007
[3425]
So does it mean something like "positively surprised"? :-)
Anton
12-Jun-2007
[3426]
Yes, in this context, "gob" is someone's mouth, and smacking is raising 
your hand suddenly to your mouth, as you would do when surprised.
Maxim
12-Jun-2007
[3427]
funny find anton  :-)
Tomc
12-Jun-2007
[3428]
kibble yer gob -> eat
DaveC
15-Jun-2007
[3429x2]
Today is the day for the public beat IIRC. How is it going guys? 
Hope you're not too stressed. Big thanks for your efforts to date.

beat = beta
Pekr
15-Jun-2007
[3431x4]
it is not :-)

but we can beat guys, that is for sure. Hey, Gabriele, is new VID 
prototype already in the works? :-)

1.July is the first extended developer's release. 15.July is public 
beta ....

today is 15 June :-)
DaveC
15-Jun-2007
[3435]
What's a month between friends?
Pekr
15-Jun-2007
[3436x2]
:-)

yes, it is half a time between the first and second developer's release 
- so, guys, give us unlucky some spoilers :-)
DaveC
15-Jun-2007
[3438]
Yes a nice screenshot of the new VID please. Anything, please..now...I 
begging you :-)
Pekr
15-Jun-2007
[3439]
I better keep my mouth shut up, or I will be excluded even from second 
release :-))
older
newer		first
last