World: r3wp

Not all platforms supported by R3 have permissions elevation. We 
support Windows all the way back to 2000, and permissions elevation 
wasn't introduced until Vista. Plus, that wouldn't work for multiuser 
systems where the user doesn't have the admin password (possible 
because they're the target market of these restrictions).

Must run now, I'm late already :(

So that's a "yes, that would solve the security issue", I gather.

With a "but (some) OSes can't do this" constraint.

See you later.

With a "some OSes won't allow users to edit or save their own preferences, 
so preferences are half broken on those OSes" constraint, that would 
solve the issue.

I am still having issues with what is considered "secure" here. As 
far as REBOL goes, for me, it is not unsecure, if it relies on the 
user environment being secure. (How can any program be secure, if 
it runs in an insecure environment?) Thus, the only concern I do 
have as far as REBOL goes is my wish for the REBOL interpreter to 
not overwrite the %user.r file unless specifically allowed to do 
that.

Any additional security is just an illusion for me.

I agree.

It seems that rebol3 is having some real problems. What's this I 
hear about Carl getting a job?

He did

Is he still the benevolent overlord of r3?

He's the absent overlord

What's happened to development?

Well, he can only spend his time once

Has it stopped?

Pretty much

When did this start?

Almost half a year ago, at least visibly, in hindsight

Other people have the source code don't they?

No, why would they?

Otherwise the community will just rot.

Better pinch your nose

I feel let down. If Carl takes a break he has to entrust the source 
code and development to someone else.

Is there much action on boron?

That makes more of us. The overriding argument for REBOL and its 
closedness was always that Carl was the leader, he always knew best, 
and development always continued

Boron is going steady, but it's an isolated project, much in the 
same style as REBOL. The community is more interested in Red

I heard about it. What's red for?

Programming :-)

haha

How many people are working on it?

Four or five or so

maturity? what can it do atm?

One month :-)

Why is it more popular than boron? Did the boron guy start red?

It can do loops, but not indexing, so you could have called me out 
on claiming it can do programming ;-)

It seems very low level

Yes, so far, but that's only Red/System

What are the plans for it?

Have you read the sites?

Oh, there's a to do list

I was looking for more of a long term outlook

Yes, and an extensive specification for Red/System

The roadmap is in the original announcement

Thanks. How does the community communicate?

google groups or altme?

Here in the Red group, to the chagrin of the creator. :-) Better 
switch to that

:-)

Ladislav, the two most popular desktop OSes in use today are Windows 
XP and 2000. Both will be and have to be supported by R3, and neither 
is secure enough for a regular person to run without antimalware 
software. We don't want R3 flagged as malware *again* (it already 
happened with one of the early alphas). That is why we are putting 
effort into making R3 more secure.

The R3 process needs to be able to save the %user.r file with the 
current user's permissions in order to allow the user to save their 
preferences. And we don't have a safe place to store the checksum 
of that file to compare against, without also making that checksum 
writeable by the user. That means that the checksum security can't 
be used for %user.r.