AltME groups homeHelpJoin REBOL3 world
  Find AltME posts   Help

Recent posts

Worlds:r4wpr3wp
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
26-Jun 12:16 UTC
[0.076] 16.955k
r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

Join the discussions in the REBOL3 world...

[Plugin-2] Browser Plugins

older
newer		first
last
Graham
29-Jun-2006
[1526x2]
So, a short list of the outstanding critical problems .. see if they're 
fixable in your time frame , if so - commit to a final release?

That would be good.
Carl
29-Jun-2006
[1528x4]
It would be helpful if you (primary developers) could help us with 
that list.  So we are in agreement on  "complete".

In addition, things like the demos can be handled quickly by developers, 
as well as moving some of the contest demos into the browser.

It is also likely, and I should be clear, that some behaviors related 
to the browser handling of things like events may be somewhat different 
than in REBOL itself.  This is related to the fact that explorer 
is handling the events and sending them to us via a type of "relay" 
(we call it a window proxy).

We should try to minimize such differences.... but there are some 
that we may not be able to remove entirely.
Volker
29-Jun-2006
[1532x2]
complete is when it cant be exploited without some basic agreement 
IMHO. Which for me is some kind of "run this script really" before 
loading the real thing. In a way that stop normal people from using 
it, except they get personal motivation by trusted persons.

(since that can be done in a day ;)
Carl
29-Jun-2006
[1534x2]
Hi Volker... can you clarify that a bit (e.g. in what context)?

e.g do you mean run the script before installing or before running 
a demo, or ?
Volker
29-Jun-2006
[1536x2]
To make the current plugin ready for demos.

if i point people to http://polly.rebol.it/test/test/game/use/game/game-plugin.html
currently, they allow everyone to send every script, by installing 
it.
Terry
29-Jun-2006
[1538]
Critical problem.. no Mac support.
Volker
29-Jun-2006
[1539]
if the pluin shows a big url and a warning: this script could be 
used to install malware, do youreally want.." and i tell them "thats 
my url" it would work
Carl
29-Jun-2006
[1540]
We have started to address Mac by getting better understanding of 
the method used there.
Volker
29-Jun-2006
[1541]
while a completesave sandbox is still far away i guess.
Graham
29-Jun-2006
[1542]
Script signing ?
Carl
29-Jun-2006
[1543]
Volker, you are talking about security. And that is the top item 
on "my list" regarding why it is not "complete".
Volker
29-Jun-2006
[1544]
needs infrastructure. a month later i guess.
Carl
29-Jun-2006
[1545]
For me, if a user must worry about malware by running any REBOL script, 
then that is a problem --- a show stopper.
Volker
29-Jun-2006
[1546x3]
Yes, but IMHO it is complete if users have a good way to allow/deny 
it.

the basic protection against filestealing is there.

and the other things are based on trust.  i guess it can be hacked, 
or at least flood the machine.
Carl
29-Jun-2006
[1549]
Graham, yes, signing.  Take a look at the updater script... we are 
already employing script signing, so it is possible to make that 
work.
Graham
29-Jun-2006
[1550]
Surely malware can be written by anything?
Carl
29-Jun-2006
[1551]
Yes, exactly.
Volker
29-Jun-2006
[1552]
But if that anything is not that popular/needed, like javascript/flash, 
it canbe not instlled too.
Graham
29-Jun-2006
[1553]
Does the plugin have to adhere to safety standards higher than any 
other plugin language?
Carl
29-Jun-2006
[1554x4]
So there are two basic needs: confirmation of  trust (signing) and 
program limits.

G: that is a good question.

We should be at least as high.

Note that we also now sign the DLL, to prevent the hack "modify the 
security requestor text".
Volker
29-Jun-2006
[1558]
IMHO we are the new guys, and the doors are locked more easily.
Carl
29-Jun-2006
[1559x2]
The DLL uses authenticode verification.

Ok, so it is 10:50 here in Paris... and I must go.  But I ask for 
your help so we can make the plugin complete, and as soon as possible.
Geomol
29-Jun-2006
[1561]
Carl, I hope, you have a good vacation! Paris is nice. I were there 
last week.
Graham
29-Jun-2006
[1562]
Thanks for logging in and making that committment, and writing in 
english!
Carl
29-Jun-2006
[1563]
In my mind, and as I've stated, I think we must consider a 2.6.3 
release as well -- for some bugs that are critical.
Volker
29-Jun-2006
[1564]
IMHO that would work. makesure the script is by me, and that icant 
look in your private stuff except i am extremely nasty.
Carl
29-Jun-2006
[1565]
Yes, Paris is a very nice town.
Volker
29-Jun-2006
[1566]
2.6.* is still a good language :)
Carl
29-Jun-2006
[1567x3]
I would like to move here to complete R3.0 --- But, Cindy does not 
seem that excited about doing so.

Yes, thanks.

So, must go now.  I will try to check in tomorrow too.  This timezone 
is easier for me to do so.
Volker
29-Jun-2006
[1570]
cu :)
Pekr
30-Jun-2006
[1571x2]
Complete 3.0? :-) Is 3.0 so close to alpha release or so? :-)

regarding plug-in, my concern is just one - proxy - without it it 
will be no-go for ppl behind the proxy. My understanding is, get-net-info 
needs update ...
Carl
30-Jun-2006
[1573x3]
Yes. Confirmed. Josh is working on better way to obtain the proxy 
information, according to MS methods.

Sorry, although 3.0 is highest priority, we are "multiplexing-in" 
a few other tasks.

Just so you know for sure: we do plan to make a 2.6.3 (1.3.3) update 
to fix various R2 bugs, including a range of OSX related issues.
older
newer		first
last