r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

[!REBOL3-OLD1]

Maxim
20-Apr-2006
[692]
environment vars are not secure in any way or fashion.
Volker
20-Apr-2006
[693]
But the machine running your scripts can be trusted?
Sunanda
20-Apr-2006
[694]
Script to implement a sandbox:

http://www.rebol.org/cgi-bin/cgiwrap/rebol/ml-display-thread.r?m=rmlDGDS
No idea if it works ot how easy it is to cirumvent.
But maybe it could be used to prototype modules.
Maxim
20-Apr-2006
[695]
The machine is trusted, but can you trust the user running it?
Volker
20-Apr-2006
[696x2]
still possible to DOS (infinite loop, memory). functions have extra 
features important here, 'first can access function-bodies. Hard 
to think of everything. Would not expose inbuild functions currently. 
For self-written ones it should work. Except that 'load automatically 
creates globally bound funtions, which needs deeper analysis.
Maxim: No, but if i cant trust the user, can i trust the machine? 
But i guess for most uses yes. Could be a nice feature in R3, possible 
in combination with rebservices. Currently, could such things be 
done with 'call?
Maxim
20-Apr-2006
[698]
only admin level users can really do anything to spoof networking... 
normal unpriviledged users cannot change system files, thus cannot 
change libs.
Volker
20-Apr-2006
[699]
If you can trust the os *flamewar on* ;)
Maxim
20-Apr-2006
[700]
its possible some things can be done with call... but its tedious 
in any case, and not very cross-platform.
Volker
20-Apr-2006
[701]
But i guess normal users can easier change env-vars somewhere then 
hack the machine.
Maxim
20-Apr-2006
[702x2]
now if we all where on Amiga who would care... right?   hehe
just run a batch script with set VARNAME VALUE  before your command...
Volker
20-Apr-2006
[704x4]
A thing i use personally is
  join read dns:// what-dir

Not for security, but to keep my configurations apart. But maybe 
it helps here?
Hmm, only if you can make sure only the right user can use the script.
create a file and check ownership? does get-modes tell?
On Amiga i could run 50 full-os sandboxes today, solving that problem 
:)
Maxim
20-Apr-2006
[708]
yeah...  plus not having a user name solves that issue on Amiga ;-)
Volker
20-Apr-2006
[709x2]
MY kindergarden would surely have labels on the sandboxes!
user-name - how about usingsome password instead and store it somewhere 
user-only? Thats the way ssh etc do it.
Maxim
20-Apr-2006
[711]
now tell your IT manager or CTO that you have to do all of this just 
to get the user name and that you really want to use REBOL...  ;-)
Volker
20-Apr-2006
[712x3]
i guess real user-name could be a cross-platform-problem. Specially 
on amiga ;)
Call it cookies?
Add some coffee and cake .. ;)
Maxim
20-Apr-2006
[715]
LOL
Volker
20-Apr-2006
[716]
Playing marketing, would it helpto add browser-access too? Then that 
cookies could be a good idea. If you do not tell that all that web-interfacing 
is a quic workaround around not having user-names.. :)
Maxim
21-Apr-2006
[717x3]
It has just occured to me that if REBOL needs a niche and actually 
wants to have REBOL work in the Large... that they need to do only 
one thing.   Embrace XML.   its got everything going for it, there 
is nothing to invent (just read specs and implement, like protocol 
RFCs).
REBOL should not use XML internally, but should be made to be as 
XML literate as is possible.  imagine if we could simply tell any 
current IT management that all they need to USE all of that $ they 
invested in those obscure tools, is Load and then they can actually 
do stuff with it.
just like we just SEND a mail, READ a web site, or WRITE an ftp server. 
 if we could also LOAD/SAVE any XML technologies (XML files, DTDs, 
Schemas, etc), then R3 would immediately get appeal in the corporate 
world.  It would actually have value to them .
james_nak
21-Apr-2006
[720]
I agree. That's a good thought.
Maxim
21-Apr-2006
[721x5]
And R3 would have the excuse of being able to be IT friendly.. which 
it currently isn't.   AND it would benefit of having access to a 
slew of tools which actually help some people get work done integrating 
Heterogenous systems, which is something REBOL is currently incapable 
of stating.
If you get any salesman in an IT dept which has XML capabilities 
(and they are getting used, really) and in 15 minutes, LOADS their 
data structures, instances, edits them and spits them right back 
out using a simple command line interface... welll...  case closed.
you at least get a chance at having REBOL being used for some little 
tidbits, and as we all know, it will become addictive and soon will 
get used more and more.
corporate environments, big or small, need liabilities, assurance, 
and REBOL is sooo scary right now, most people just say...
nice toy!
james_nak
21-Apr-2006
[726]
Or forbid you using it.
Henrik
21-Apr-2006
[727]
there is some merit to that: what if the rebol developer quits? they 
don't exactly camp out in everybody's backyard. java developers do.
james_nak
21-Apr-2006
[728]
Yup, I've heard that before. It's a valid concern.
Maxim
21-Apr-2006
[729]
I can vouche for henriks point.  That is the single most used Anti-technology 
adoption argument.  What if  "developperX  gets hit by a train?" 
 :-(
james_nak
21-Apr-2006
[730]
By "valid" I mean there is some truth to it.
Henrik
21-Apr-2006
[731]
so, that is a factor that rebol developers should not play on
james_nak
21-Apr-2006
[732]
I was told "by a bus."
Maxim
21-Apr-2006
[733]
hehe they are sometimes scare tactics by IT managers, but are valid 
noneteless.  being 100% XML compliant "out of the box, no strings 
attached" would add DEPTH to REBOL leaps and bounds in the IT business 
IMHO.
Graham
21-Apr-2006
[734]
How far are we from that?
Maxim
21-Apr-2006
[735]
leaps and bounds   :-)
james_nak
21-Apr-2006
[736]
How long is that in "Rebol Years?"
Graham
21-Apr-2006
[737]
I thought RT had posted on their website that they had licensed some 
xml engine at one stage.
james_nak
21-Apr-2006
[738]
Haven't noticed that.
Maxim
21-Apr-2006
[739]
The tools exist,  senior XML developers also, heck some people even 
wrote the damned specs...  nothing is keeping RT from contracting 
out someone (or licensing technology) to add those capabilites in 
rebol natively, or as a module if its too large to keep REBOL lightweight, 
(no pro-con libs wars please).
Graham
21-Apr-2006
[740x2]
It was some years ago.
But if they considered it once, they can do again.