Hi, I'm filtering the commands you provided to improve security. I don't perform chroot and still use the apache user (too much work). I improved the Latex a little.
For installation or linking please use http://www.mediawiki.org/wiki/Extension:Axiom . I tested http://wiki.axiom-developer.org/VeryLongLaTeX and all of them work. I'm not really sure how to do formula line breaking - is there a latex option I could insert at the beginning? If you want to provide any Latex tests please edit http://www.eisber.net/StatWiki/index.php/Axiom - it would be nice if you register, so I know you added it. I'll try graphics right now. Thx Markus -----Original Message----- From: Bill Page [mailto:[EMAIL PROTECTED] Sent: Sonntag, 27. Mai 2007 20:42 To: Markus Cozowicz Cc: axiom-developer@nongnu.org Subject: RE: Axiom on MediaWiki (was: Axiom) Markus, Thank you very much for this initial work! I think it is very promising. On May 27, 2007 12:19 PM Markus Cozowicz wrote: > > I found some time on the weekend to work on it. > > Have a look at http://www.eisber.net/StatWiki/index.php/Temp > > I'm actually reusing <math>-tag from MediaWiki, which has > limited Latex support. Thus I have to do some conversions and > stripping. I don't think full support of all Latex outputted > by Axiom is possible, but to get a reasonable amount, I'd have > to go through some more samples. > > Some questions: > > - Do you have list of functions that impose security problems? There are at least two classes of operations that potentially pose security threats when running Axiom pubicly online. One is the )system ... command which permits the user to open access to all system commands. The 2nd entry point is via Lisp which can be invoked either as a commands such as )lisp and )fin of via a function call like this (SI_:_:SYSTEM "...")$Lisp Both of these leave the system wide open. Unfortunately both of them also have potentially quite valid uses. I think it fair to say that the developers of Axiom have given almost no thought at all to the need for security since the standard model is to have Axiom running only locally on you desktop. If you are concerned about security (I don't it take for granted that you necessarily need to be, given our experience over the last three years at axiom-developer.org), then I would highly recommend that first of all you should run Axiom in a chroot environment. > - Do you have testcases for Latex output? > No, I am sorry that we do not have such official test cases. I would be glad to develop these with you. We have however documented some problem cases on the Axiom Wiki. E.g. http://wiki.axiom-developer.org/VeryLongLaTeX > I saw that you support graphics too with postscript output. Axiom can generate graphics with postscript output if it is run in an X-windows environment. This is possible even on a headless server by installing the virtual framebuffer driver Xfbdev and the xvfb-run, although I have had some trouble interacting with this configuration via a pipe. I think to do this successfully requires pty support and something like pexpect. Right now we do cannot automatically generate graphics for inclusion in the Axiom Wiki. See some sparse notes here: http://wiki.axiom-developer.org/SummerOfCode http://wiki.axiom-developer.org/GraphicsOnMathAction > The R-plugin for media wiki already does postscript to png > conversion for R graphics... > It shouldn't be too hard to adapt that for Axiom. > Great! Regards, Bill Page. > > -----Original Message----- > From: Bill Page [mailto:[EMAIL PROTECTED] > Sent: Dienstag, 10. April 2007 03:08 > To: Markus Cozowicz > Cc: 'Axiom-Developer' > Subject: Axiom on MediaWiki (was: Axiom) > > Markus, > > I hope you do not mind that I am copying this to the Axiom > developer mailing list. I think there may be some other > people here who are interested in this subject. > > On April 9, 2007 6:43 PM Markus Cozowicz wrote: > > > I'm actually trying to integrate Axiom into MediaWiki. I'm > > using it to write my statistics homework (www.eisber.net/StatWiki). > > Well, I thinks that's a pretty ambitious project just to do > your homework! :-) But I think this is interesting for much > more than that. > > > MediaWiki is written in PHP. > > Yes. Very famous. It is the wiki software behind Wikipedia. > I think it is a very good choice (except for PHP, but that's > a different story). > > > I'm not sure if I actually want to properly interface with > > Axiom, as I'm only interested in the generated latex, that > > needs to be piped into texvc (yet another binary - the latex > > interface used in MediaWiki). > > I don't know what you mean exactly by "properly interface with > Axiom". Axiom can generate LaTeX output for the results that it > calculates. I assume that if you are interested in Axiom, you > are also interested in symbolic computer algebra in some form > or other - otherwise I don't see much point in using Axiom just > to generate LaTeX output. I think you would find it rather > awkward if that was all you wanted it to do. > > I suppose that you are familiar with the Axiom Wiki web site: > http://wiki.axiom-developer.org > If you are using Axiom for statistics - even if it is just for > a course - then you are certainly welcome to use this web site > (which is publically available) or it's sister portal site: > http://portal.axiom-developer.org > where you can log-in and control who gets access to the pages > you prepare. We are always interested in more examples of > applications where Axiom can be used. Your exercises might > help other people realize how Axiom can be used in their > own situation. > > As you can discover from the wiki site, these web sites are > based on Zwiki, Zope and Python - quite different from most > PHP applications although they accomplish mostly the same > thing in the end. > > If you are more interested in continuing the development of > a general purpose MediaWiki plug-in that allows MediaWiki to > send commands to Axiom and display the results on a wiki page > in nicely LaTeX typeset form, then as an Axiom developer I am > very interested in that. I would very much like to be able to > offer such an interface for Axiom to other MediaWiki users. > So I would be glad to help you with this. > > > Can I disabled shell execution in Axiom? Because for security > > reason, I probably don't want anybody to execute arbitrary > > code on my server. > > Axiom is not designed with this kind of security in mind, but > in the PHP interface to Axiom, it would be possible to intercept > commands which might execute arbitrary code and still leave a > significant subset of Axiom available to the user. If malicous > code is a serious risk, I think the best option would be to run > Axiom in a chroot environment or perhaps on a separate virtual > machine using Xen or other VM tool. > > Regards, > Bill Page. > > > > _______________________________________________ Axiom-developer mailing list Axiom-developer@nongnu.org http://lists.nongnu.org/mailman/listinfo/axiom-developer