Re: AW: Unicode: LC 7.0 - PHP - MySQL?

[Martin Baxter]

Tiemo,

Not sure what your database is collated as now as I thought you said it
was ascii_general_ci in your original post. But the collation of the
database columns affects sorting, indexing and so-on. I don't think it
actually stops you storing unexpected characters.

Anyway, I believe that for single-byte characters, UTF-8 is equivalent
to ISO-8859-1, so if your single byte umlaute are encoded using a
compatible variant of that, then there won't be a problem whichever
character set LC is expecting.

Ü (Uuml)

for example is at position 220 for unicode (e.g utf8) and also
ISO-8859-1 (and therefore typical windows charsets that have that
character at the same position) So you wouldn't notice a conflict in
that case, but still might get some issues with things like curly quotes
perhaps and some of the less common characters.

That would be my assumption about what's going on, anyway.

Martin

On 31/10/14 10:49, Tiemo Hollmann TB wrote:
> Hello Martin,
> thank you for your helpful informations, though I am a little puzzeled,
> probably because I am missing something.
> What I don't understand is that I currently get all of my German Umlaute
> properly from LC via PHP into my UTF-8 MySQL db, though the columns in my
> table are set to ascii_general_ci and the German Umlaute don't belong to the
> plain ASCII subset. And I don't see where this collation is changed by PHP.
> Do you have any explanation for that?
> Thanks for your coaching
> Tiemo
> 
> 
>> -Ursprüngliche Nachricht-
>> Von: use-livecode [mailto:use-livecode-boun...@lists.runrev.com] Im
> Auftrag
>> von Martin Baxter
>> Gesendet: Freitag, 31. Oktober 2014 11:19
>> An: How to use LiveCode
>> Betreff: Re: Unicode: LC 7.0 - PHP - MySQL?
>>
>> A little additional info from me.
>>
>> If your database will only ever contain ascii characters, then
> ascii_general,
>> utf-8 and latin1_swedish will all work fine because the ascii characters
> are
>> the same in all of them.
>>
>> I would expect problems though if mixing these up and subsequently
> attempting
>> to introduce non-ascii characters to the data.
>>
>> latin1_swedish was the default in MYSQL, since it was originally developed
> by
>> Swedes.
>>
>> You should set the desired collation for the database when you create it,
> but
>> it is also possible to change it later.
>>
>> In my experience it is important to get the character set defined
> consistently
>> throughout the workflow.
>>
>> This involves:
>>
>> 1) The collation of the database (and individual columns) Normally set
> when
>> database created.
>> 2) The database connection should specify the character set to be
> transmitted
>> (done in php when making the connection)
>> 3) Character manipulations in php may need to specify the character set
>> 4) LC scripts of course need to take character set into account.
>> 5) Any html involved should specify and be written using the same
> character
>> set, especially if forms are acquiring user input to be stored in the
>> database.
>>
>> For web-based work, utf-8 is very popular and utf8_general_ci is often
>> nowadays the default collation in web database front ends.
>>
>> HTH
>>
>> Martin Baxter
>>
>> On 29/10/14 16:11, Tiemo Hollmann TB wrote:
>>> Hello,
>>>
>>> I have a LC 6 program communicating through PHP with a MySQL db.
>>> Because my background about Unicode, PHP and MySQL is limited I wonder
>>> what I have to care about, when migrating to LC 7.
>>>
>>> I have read the release notes of LC 7. My limited thinking was, that
>>> UniCode really has a unique code for each sign on the planet. But why
>>> is there a
>>> UTF-8 / UTF-16. Which one is LC using? Which one is my MySQL db using?
>>> I don't find any information about UTF-8/16 in my db description. How
>>> is the collation of the db related to UTF-x and to LC?. My tables are
>>> collated in ascii_general_ci. In some of my PHPs a "COLLATE
>> latin1_swedish_ci" is used.
>>> I have no idea why this Swedish collation is in my german PHP and how
>>> it can be compatible with my ascii_general_ci DB. (The PHPs are made
>>> by third
>>> party)
>>>
>>> What do I have to change in my LC program when migrating to 7. Where
>>> to start?
>>>
>>> Is LCs Unicode really the magic thing, where I don't have to care
>>> about any charset related thing and all my thinking is just waste? Or
>>> do I have to migrate, test and dig into one cras

Re: Unicode: LC 7.0 - PHP - MySQL?

[Martin Baxter]

A little additional info from me.

If your database will only ever contain ascii characters, then
ascii_general, utf-8 and latin1_swedish will all work fine because the
ascii characters are the same in all of them.

I would expect problems though if mixing these up and subsequently
attempting to introduce non-ascii characters to the data.

latin1_swedish was the default in MYSQL, since it was originally
developed by Swedes.

You should set the desired collation for the database when you create
it, but it is also possible to change it later.

In my experience it is important to get the character set defined
consistently throughout the workflow.

This involves:

1) The collation of the database (and individual columns) Normally set
when database created.
2) The database connection should specify the character set to be
transmitted (done in php when making the connection)
3) Character manipulations in php may need to specify the character set
4) LC scripts of course need to take character set into account.
5) Any html involved should specify and be written using the same
character set, especially if forms are acquiring user input to be stored
in the database.

For web-based work, utf-8 is very popular and utf8_general_ci is often
nowadays the default collation in web database front ends.

HTH

Martin Baxter

On 29/10/14 16:11, Tiemo Hollmann TB wrote:
> Hello,
> 
> I have a LC 6 program communicating through PHP with a MySQL db. Because my
> background about Unicode, PHP and MySQL is limited I wonder what I have to
> care about, when migrating to LC 7.
> 
> I have read the release notes of LC 7. My limited thinking was, that UniCode
> really has a unique code for each sign on the planet. But why is there a
> UTF-8 / UTF-16. Which one is LC using? Which one is my MySQL db using? I
> don't find any information about UTF-8/16 in my db description. How is the
> collation of the db related to UTF-x and to LC?. My tables are collated in
> ascii_general_ci. In some of my PHPs a "COLLATE latin1_swedish_ci" is used.
> I have no idea why this Swedish collation is in my german PHP and how it can
> be compatible with my ascii_general_ci DB. (The PHPs are made by third
> party)
> 
> What do I have to change in my LC program when migrating to 7. Where to
> start? 
> 
> Is LCs Unicode really the magic thing, where I don't have to care about any
> charset related thing and all my thinking is just waste? Or do I have to
> migrate, test and dig into one crash after the other? Or do you have any
> helpful hints, how to start such a migration and what to look for?
> 
> Thanks
> 
> Tiemo
> 


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Making the content of LC Server Scripts Safe

[Martin Baxter]

On 22/05/14 16:52, AndyP wrote:
> Also apart from having the details in separate file, encrypt the file
> and place it outside your public html folder, this way no would be
> able to stumble onto the file by erm... 'accident'
> 
> 
> 
> - Andy Piddock

Storing files outside web root is always the recommended solution I
think. But that is not always allowed. In such a case (and assuming your
webserver is Apache), a folder containing includes you want to keep
secret can be protected with an .htaccess file like so:


deny from all


Which bans Apache from serving any files from that folder, but livecode
should still be able to access the contents.

Martin Baxter

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Delivering Files with lcServer ?

[Martin Baxter]

On 25/04/14 10:32, Peter W A Wood wrote:
> Hi Scott
> 
> With a little help from Google, I have managed to put together this
> example of serving a file from LiveCode Server:
> 
> This is the html file from which you can request the download:
> 
>  click here 
> 
> and here is the LiveCode server page (webtest.lc)
> 
>  put "test.zip" into tName   
> put url ("binfile:" & tName) into theFile
> put header "Content-Description: File Transfer"
> put header "Expires: 0"
> put header "Cache-Control: must-revalidate"
> put header "Pragma: public"
> put header "Content-Type: application/octet-stream"
> put header "Content-Disposition: attachment; filename=" & tName
> put header "Content-Transfer-Encoding: binary"
> put header "Content-Length:" && the length of theFile
> put binary theFile
> ?>
> 

> The biggest problem that I had was getting LiveCode to download a
working zip file until I added the "binary" to put. (I read to do that
in the release notes for LiveCode Server 4.6.3, thanks to Google).
> 
> Hope this helps.
> 
> Regards
> 
> Peter

Yes, that looks right,

I think that:

header("Content-Description: file Transfer");

Is the interesting part. IIRC that should prompt the browser to
recognise that this is a file download.

Then you just have an href= to the script that handles the download, in
the usual way, and when the link is clicked, the browser should
recognise the intent by inspection of the headers, and by default should
not attempt to change the page location.

Your download scipt might want to explicitly change the location in the
case of an error or something, however.

Martin

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: file checksums

[Martin Baxter]

On 23/04/14 01:38, Richard Gaskin wrote:
> I see a lot of sites that offer files to download also including an MD5
> value or other checksum, ostensibly so we can verify the integrity of
> the package before running it.
> 
> Sounds good, but if a hacker has sufficient control of a server to
> replace the package, would he not also be able to update the checksums
> displayed there to reflect those in his modified package?
> 
> I like the idea of providing checksums, but I'm having a hard time
> seeing the practical benefit.
> 
> What am I missing?
> 

Richard,

What you say is obviously true, there is no ultimate guarantee from
checksums.

The checksum is not useless though. It gives pretty good confidence that
the file didn't get altered in transit, whether by a network error, a
disk writing error, or by the intervention of a malcious actor as MITM
replacing the requested file with a doctored version of their own. It
may not provide ultimate trust but is better than no checks at all.

Some places sign their downloads with PGP, which in theory gives a
stronger guarantee of authenticity. However I think there are similar
issues with that. To verify it, you must install the public key of the
signer and assert (but on what basis?) that it is strongly trusted. Here
too, if the malicious actor can subvert both the download file and the
public key, the method fails. Most downloaders don't know anything about
the signer or have prior knowledge of his/her public key and may not see
anything amiss if they are somehow subverted.

It gets better I suppose once you have had a trusted key in your keyring
for a while and it has a good track record of vouching for software that
you have confidence in. However, if the key that you originally
installed and more or less blindly trusted was actually a fraud, then
you are in trouble.

Martin




___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Email Using LiveCode Server?

[Martin Baxter]

On 22/04/14 00:06, Scott Rossi wrote:
> Thanks to Alex and Matthias for the responses.  Matthias's comment
> prompted me to do some more searching and I found the problem, which was
> partly script related, and partly host related: outside-domain email
> addresses are not allowed.
> 
> Some time ago, DreamHost stepped up their anti-spam practices, and
> disabled the ability of sending mail from an address that is not connected
> to any of your hosted domains.  Clearly this makes sense.  But the form I
> have uses the sender's email in the "from" variable, which apparently gets
> rejected by the mail process.  As soon as I changed the "from" address to
> one of my domain addresses, sendmail worked right away.
> 

Maybe that is only one some Dreamhost servers because I have a web to
email form hosted at dreamhost that uses the submitter's sender address
in the from: and reply-to: fields and it has always worked ok.
Admittedly it's written in PHP rather than LC but I wouldn't have
thought that would make any difference.

Martin



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: set stack rect in startup handler

[Martin Baxter]

On 26/03/14 16:55, Robert Brenstein wrote:
> On 24.03.2014 at 18:13 Uhr +0000 Martin Baxter apparently wrote:
>> Turns out that, when startup is run in the IDE, setting the stack rect
>> works as I would expect, the size and position are modified correctly.
>> But in a standalone, the stack size is set but not its position. So the
>> startup handler obviously runs, but setting the stack rect doesn't have
>> the side-effect of setting the loc.
>>
>> The same line in a preopenstack handler does work correctly however, so
>> it is specifically in a standalone's startup handler that this issue
>> appears to manifest.
>>
>> Anyway I have now bug-reported it.
>>
>> Martin
> 
> Curious that this worked in an earlier version. Isn't startup run before
> anything else? If so, it is quite likely that stack windows are not
> there yet when it runs.
> 
> RObert
> 

Hi Robert

Startup runs before any other scripts but the standalone must at least
be completely loaded into memory beforehand, in order for the startup
script to be accessible and executable.

I would expect that setting the stack rect can precede the creation of
the stack window, in the startup handler it's probably just stored as a
property, and not actually used until some time later when the window is
actually drawn.

I've been doing that in standalone startup handlers since way back, so
it is definitely 6.6 that is different.

The bug report is now marked as confirmed BTW.

Martin

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: set stack rect in startup handler

[Martin Baxter]

Hi Phil,

That's correct, although as Craig pointed out you can run the startup
handler in the IDE from the message box, which I did on his suggestion
as a test.

Turns out that, when startup is run in the IDE, setting the stack rect
works as I would expect, the size and position are modified correctly.
But in a standalone, the stack size is set but not its position. So the
startup handler obviously runs, but setting the stack rect doesn't have
the side-effect of setting the loc.

The same line in a preopenstack handler does work correctly however, so
it is specifically in a standalone's startup handler that this issue
appears to manifest.

Anyway I have now bug-reported it.

Martin

On 24/03/14 17:51, Phil Davis wrote:
> If I remember correctly, the startup message isn't available to our
> stacks in the IDE. Otherwise (in standalones) it should be.
> 
> Phil Davis
> 
> 
> On 3/24/14, 7:21 AM, Martin Baxter wrote:
>> This:
>>
>> on startup
>>set the rect of this stack to "100,100,300,300"
>> end startup
>>
>> Does not seem to work in version 6.6 (at least for me, on Linux)
>>
>> Obviously the idea is to set the initial position of an application
>> window.
>>
>> What happens is that the window is correctly sized to 200 * 200 px, but
>> the specified position on screen is not honoured. The stack window may
>> open centered or displaced by whatever other windows are already open.
>> Setting the loc doesn't seem to work either.
>>
>> This worked for me in 6.5.2 and earlier.
>>
>> I'm thinking this is a bug, does anyone else have any insight on this?
>>
>> Martin


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: set stack rect in startup handler

[Martin Baxter]

Hi Craig,

In the IDE it works correctly when startup is invoked from msg, but once
the stack is built into a standalone it doesn't.

The standalone in question is just to test this issue, and has only a
quit button. I build it with a size different from 200 by 200, so I can
tell that the on startup handler runs, because the stack is resized to
200 by 200, but is not placed at screen loc 300,300 as expected.

However the line does work as desired if placed into the preopenstack
handler instead of on startup.

I'm not keen to move my configuration code to the app's preopenstack if
I can avoid it though - in the actual application that I'm working on
that could be a bit untidy, the real-world case is more involved than
the test stack of course.

Martin

On 24/03/14 15:15, dunb...@aol.com wrote:
> Martin.
> 
> 
> What happens if you run this line from msg after the window is open?
> 
> 
> 
> Craig
> 
> 
> 
> -Original Message-
> From: Martin Baxter 
> To: How to use LiveCode 
> Sent: Mon, Mar 24, 2014 10:22 am
> Subject: set stack rect in startup handler
> 
> 
> This:
> 
> on startup
>   set the rect of this stack to "100,100,300,300"
> end startup
> 
> Does not seem to work in version 6.6 (at least for me, on Linux)
> 
> Obviously the idea is to set the initial position of an application window.
> 
> What happens is that the window is correctly sized to 200 * 200 px, but
> the specified position on screen is not honoured. The stack window may
> open centered or displaced by whatever other windows are already open.
> Setting the loc doesn't seem to work either.
> 
> This worked for me in 6.5.2 and earlier.
> 
> I'm thinking this is a bug, does anyone else have any insight on this?
> 
> Martin
> 


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

set stack rect in startup handler

[Martin Baxter]

This:

on startup
  set the rect of this stack to "100,100,300,300"
end startup

Does not seem to work in version 6.6 (at least for me, on Linux)

Obviously the idea is to set the initial position of an application window.

What happens is that the window is correctly sized to 200 * 200 px, but
the specified position on screen is not honoured. The stack window may
open centered or displaced by whatever other windows are already open.
Setting the loc doesn't seem to work either.

This worked for me in 6.5.2 and earlier.

I'm thinking this is a bug, does anyone else have any insight on this?

Martin




___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: RELEASE: LiveCode 6.6

[Martin Baxter]

On 23/03/14 08:45, Peter Alcibiades wrote:
> Thanks for the suggestion!  I've tried to follow it, but the problem is I can
> get detailed instructions for how to install the pango 32 bit libs on
> earlier versions of Debian which had the ia32 libs. However this has
> vanished from the repositories with the latest releases to be replaced by
> multiarch, which of course is installed.
> 
> I have come on an article from 2007 (!) which reports a similar problem and
> offers a fairly complicated workaround.  But that depends on having ia32
> 
> This is really a bit ridiculous.  64 bit is here to stay, so is Debian, lets
> just get it done.  I have tried installing the 7.0 preview, and the same
> thing happens there too.
> 
> My version that I got installed and running is 6.1.1, so I guess I'll be
> sticking with it until a 64 bit release comes out.  I cannot be alone in
> having this issue surely?  Well, maybe
> 
> Peter

Peter,

FWIW, as noted earlier, I have a multiarch setup on Debian Wheezy and
xfce where 6.6 is installed and working. It was indeed difficult to set
it up in the first place, especially as my experience is limited and I
was a multiarch noob.

I worked out the dependencies from what is given in the docs and from
running ldd on a separate working system, and then very painfully
ferreted out which packages needed to be installed to satisfy them.
(Both luck and judgement were involved).

Of course Multiarch has first to be enabled,
https://wiki.debian.org/Multiarch/HOWTO

then

dpkg --add-architecture i386
apt-get update

(One can then:
apt-get install package:architecture
)

According to the admittedly somewhat muddled notes I made at the time,
the following are the i386 packages that I actually installed. Of course
YMMV, depending on what is already on your system and what is applicable
to it. But installing these installed all the other requirements in my
case (that I care about - I don't need the more esoteric "optional"
capabilities for my purposes).

libc6
libx11-6
libxext6
libxcb1
libxau6
libxdmcp6
libgtk2.0-0
libgtk-3-0

After this livecode now runs acceptably. I say acceptably because theme
support remains imperfect, but I assume that is because of livecode's
emulated interface elements rather than the system itself.

Martin

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: RELEASE: LiveCode 6.6

[Martin Baxter]

On 20/03/14 20:13, Warren Samples wrote:
> On 03/20/2014 01:45 PM, Richmond wrote:
>> I am sorry to say that the middle button: "You Only" does not
>> work as it stops with a windows that states this:
>>
>> "The installer will automatically continue when these conflicting
>> applications are closed:
> 
> 
> Running openSUSE with KDE. I just installed by opening 6.5.2 and
> choosing to update when offered the option. As soon as the update
> started downloading (while it was downloading) I quit 6.5.2. This would
> be the conflicting application you're being warned about. The update
> proceeded normally, installing for only my user, correctly installed in
> ~/.runrev and appears in the launch menu as expected.
> 
> Warren
> 

I did much the same under debian wheezy with xfce / multiarch:
Update from within 6.5.2,
selected install for you only,
unchecked launch and quit,
ran 6.6 from the menu
All works as expected.

Martin



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Famous at last, though not in the best way

[Martin Baxter]

Our favourite tool used to make bitcoin wallet stealing malware:



Martin

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: [OT] Michigan Repository

[Martin Baxter]

On 23/02/14 23:03, Bob Sneidar wrote:
> What really made me give up on Hypercard and Supercard was the fact
> that stacks with more that 2000 cards kept corrupting themselves, and
> the xcmd’s capable of accessing dBase databases were sketchy at best.
> 
> 
> What got me BACK into using a Hypercard-like environment was Runtime
> Revolution which had support for databases. I think if Hypercard had
> done that way back then, and Jobs hadn’t killed it, we might still
> have Hypercard today.
> 
> Bob
> 

I have been using hyprecard this morning. Even after all these years I
haven't got around to migrating my invoicing stack to livecode, though I
do plan to, REAL SOON NOW ;) . Its interface was quirky, even back in
1990, and relied on xcmds a lot. Today I just make sure nobody else sees
it in case they laugh at me. Using it is... ...err, different. So I
would suggest that it is more than just the lack of db access that
hampered Hypercard. Its quirkiness was perhaps the main culprit there,
at least from a mainstream perspective because it was something you
either got it totally or you didn't get it at all and the difference may
have been the ability to see it conceptually rather than superficially.

However, way back when, Oracle did produce an xcmd connector for
hypercard and sold it in a bundle with an interface stack and an Oracle
runtime, which was great. I think that was actually my intro to SEQUEL
as it was then called. So I can attest that there is something to what
you say, in that, as an ad hoc interface to a serious db, Hypercard was
in fact potentially useful.

Martin Baxter



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: DataGrid and launcher stack

[Martin Baxter]

On 21/02/14 16:11, Klaus major-k wrote:
> Hi Mats,
> 
> Am 21.02.2014 um 17:08 schrieb Devin Asay :
> 
>> On Feb 21, 2014, at 4:09 AM, Mats Åström  
>> wrote:
>> 
>>> I use a launch stack which is used to build the standalone and
>>> have now added a Data Grid to one of its substacks. Works fine in
>>> the IDE, but not in the standalone. I have tried BlueMangos
>>> suggestion and created a substack that "tricks the Standalone
>>> Builder into adding the necessary stack files" (the
>>> revDataGridLibrary) - no luck. The Data Grid is "dead" in the
>>> standalone. Anyone encountered this?
>> 
>> Mats,
>> 
>> I just add revdatagridlibrary.rev to my standalone manually (or you
>> can include it in the Stacks or Copy Files pane of the Standalone
>> Builder.) It's an extra step, but it's reliable. The stack is in
>> the Toolset folder in the OS X app bundle or the Windows program
>> folder.
> 
> or just add an empty datagrid to your launcher stack and hide it! 
> This way the library will be added automatically :-)
> 

Well, yes, that's true if you have "search for required inclusions when
saving the standalone application" selected.

However, you cannot set that and at the same time manually select
libraries in the section below, as those two mechanisms are XOR options.

Which is annoying, if you need the datagrid as well as several other
libs that are manually selectable, e.g. database, printing, xml; then
you have to fudge one or the other to get everything included.

I wonder, does anyone know, is there some difference between the
datagrid and the other libraries that can be manually included for
selection that rules out adding it to that list, or could it be? Should
it be?

Martin Baxter




___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Stupid simple version control using dropbox

[Martin Baxter]

On 07/02/14 14:50, Geoff Canyon wrote:
> Not sure if this has been posted before, but just in case: If you store
> your stack files in the dropbox folder on your computer, dropbox does a
> really good job of saving a copy of each separate file whenever the file is
> saved. You can look at a list of the saved versions and get/restore any of
> them.
> 
> It's not git, but as a file-level resource it's a 1000x better than
> nothing. I borked up some code last night (never try to solve a problem at
> 3am that stumped you at 9pm) so I'm really happy that I can just revert to
> the 9pm version and forget whatever it is I did later on.
>

In the interest of balance I feel I should put in a word for Spideroak,
which has given me similarly useful service.



It took me a while to configure it to my taste, as its UI is somewhat
eccentric, but I'm happy enough with it.

Its major SP is the zero-knowledge client-side encryption. While that
isn't verifiable and I personally have no inclination to use any
off-site service to store seriously valuable secrets (assuming I had
any), whether encrypted or not, there are sometimes passwords and so-on
embedded in my files and I'd rather not carry the vague or nagging worry
that I am exposing those in plaintext to the marauding legions of
network snoops and sneaks.

You don't have to set up a special folder for it, you can configure it
to backup whatever folders you want, and you have the option of keeping
a local offline repo as well. It certainly is really useful to be able
to dig out old, good copies of obscure files that have been corrupted
for months before you realised it, or even new ones that got trashed in
some "senior moment".

Worth a look maybe?

Martin


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Character Encodings

[Martin Baxter]

On 26/01/14 13:47, Richmond wrote:
> On 26/01/14 15:43, Martin Baxter wrote:
>> On 26/01/14 11:01, Richmond wrote:
>>> -
>>>
>>> This: http://www.php.net/manual/en/function.iconv.php
>>>
>>> Looks "dead sexy", and I wonder if somebody cannot roll that into
>>> Livecode
>>>
>>> 
>>>
>>> Richmond.
>> iconv is a command line utility, PHP just has an interface to it, so it
>> should be possible to use iconv via shell.
>>
>> Martin
>>
>>
> 
> I wouldn't doubt that for a moment.
> 
> What I wondered about was whether somebody could not incorporate that into
> Livecode so that is was portable (i.e. not dependent on other things)
> and cross-platform.
> 
> Richmond.
> 

Granted.

And it's all a bit moot anyway if you can't determine the existing
encoding of the string you are dealing with.

Martin


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Character Encodings

[Martin Baxter]

On 26/01/14 11:01, Richmond wrote:
> -
> 
> This: http://www.php.net/manual/en/function.iconv.php
> 
> Looks "dead sexy", and I wonder if somebody cannot roll that into
> Livecode
> 
> 
> 
> Richmond.

iconv is a command line utility, PHP just has an interface to it, so it
should be possible to use iconv via shell.

Martin


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: a couple of curios

[Martin Baxter]

On 22/01/14 21:51, Richard Gaskin wrote:
> Martin Baxter wrote:
> 
>> Sadly "unto" is not supported :(
> 
> You might consider submitting a request for that.
> 

It is... ...tempting

go unto stack "Portentous"
send myExFriend unto stack "purgatori" in 0 seconds
set the cursor unto watch [with theatrical flourish]

> See also:
> 
> <http://quality.runrev.com/show_bug.cgi?id=3157>
> 

That's perfectly sensible in my view.

Martin


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: a couple of curios

[Martin Baxter]

On 22/01/14 21:08, dunb...@aol.com wrote:
> on mouseUp
> 
>   local tmp
> 
>   put "do " into tmp
>   put "what?" after of of in in of in tmp -- !
>   put tmp
> end mouseUp

:D

Runrev anticipated my "coding style" apparently

Sadly "unto" is not supported :(

MArtin

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

a couple of curios

[Martin Baxter]

While reviewing some old scripts that have been in regular use but not
actually edited for some time I came across:

put ".js" after in jsfname

And was surprised it compiled but it does, it even works

on mouseUp
  local tmp

  put "do " into tmp
  put "what?" after in tmp
  put tmp
end mouseUp

## Output = "do what?"

Maybe "in" is being ignored by the compiler as a bit of "superfluous
cosmetic english"



And also the construct:

put "string" onto var

Not totally surprised that it compiles, but it surprised me to find that
it actually works:

on mouseUp
  local tmp

  put "safe" into tmp
  put "woops" onto tmp
  put tmp
end mouseUp

>> Produces "woops"

Martin

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Non-Ascii Chars in Filenames

[Martin Baxter]

On 10/01/14 02:28, Ender Nafi Elekcioglu wrote:
> The situation starts to be clarified a little bit.
> 
> First, if *ağaç.txt* opens in Linux as Martin stated but not in OS X and iOS, 
> then the underlying OS has a big role.  
> 
> It seems that in OS X and iOS, Livecode accepts only those chars with a 
> unicode hex point up to U+00FF;  
> That’s why *épøtç†.png* worked for John.
> Which, btw, I also tried and saw that works.
> 
> But, like I said, I can’t control the editors’ input.  
> I’ve already told them strictly not to use anything except Ascii-128.
> Still they enter filenames like *sophora-japonica-”pendula”.jpeg*
> At first look, it seems that it’ll work because that *a with breve* has a 
> lesser code point than FF;
> but it’s a messed up name.
> Try to copy that char, you won’t be able to.
> There are two more invisible chars after *â*.
> I wonder how they {editor guys} managed to achieve this :))
> 
> Nevertheless, they blame me and my app;   
> because it works on their desktop and on the website;
> but not on the iOS app :/
> 
> How can we make it work even with chars greater than U+00FF?  
> Isn’t there any Japanese or Chinese or Russian Livecoders?
> I wonder what they do about these kinda issues…
> 
> So, I’m still open to additional ideas :)
> 
> 
> Best,  
> 
> ~ Ender 

Ender,

Did you try using the answer file command to get the filepath and open
the image directly from that by script?

What happened?

Martin


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Non-Ascii Chars in Filenames

[Martin Baxter]

On 09/01/14 23:43, Ender Nafi Elekcioglu wrote:
> Hi,  
> 
> Is there any way to deal with files whose filenames contain non-ascii chars?  
> Assume that *tFilename* is *specialFolderPath(“desktop”) & “/ağaç.png”*
> 
> _set the filename of image 1 to tFilename  
> results with an empty image.
> 
> _set the filename of image 1 to URLEncode(tFilename)  
> same, an empty image.
> I even tried this:
> _set the filename of image 1 to uniEncode(tFilename, “utf8”)
> I know it’s kinda stupid but it was a desperate attempt.  
> 
> The thing is I can’t control the filenames.  
> There are thousands of images in the server
> and different people {editors} upload them.
> Some of those so-called computer literate editors insist to name the files 
> with non-ascii chars.
> Since the underlying OS or the server doesn’t complain
> {see, utf8 became a common standard for years if not decades}.
> they don’t notice the error and I end up with the headache.
> 
> 
> So, is there any workaround to make Livecode accept those files?  
> 
> 
> Thanks for all your help...  
> 
> Best,  
> 
> ~ Ender 

Hopefully someone has a better way than this, but I have just opened a
file that I had named ağaç.txt

I scripted answer file, selected the file and then used the returned
file path string directly to open the file.

Answer file seemingly returns the single byte string of which the path
actually consists, and while you would get nonsense if you displayed
that unmodified, it seems to work here to open the file.

You can maybe see what it returns:

answer file "select a file"
put it

If that works for you, you might be able to store that string somewhere
invisible for future reuse, you would just need to acquire it initially
through the answer file command or the files.

I think this is called cheating, and may not work in all cases/on all
platforms/your situation, perhaps.

I'm using Linux.

Martin

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: uuid types 3 and 5

[Martin Baxter]

On 09/01/14 22:53, Monte Goulding wrote:
> 
> On 10/01/2014, at 9:22 AM, Martin Baxter wrote:
> 
>> So I take it that the situations where you would use this type of
>> uuid are really similar to those situations where you might use a
>> hash, but where a simple hash wouldn't povide a high enough
>> probability of uniqueness for the context.
> 
> Actually a sha1 hash is more likely to be unique than a uuid. I
> really don't see the advantage of using type 3 or 5 uuid rather than
> sha1 as in: local tSHA get binaryDecode("h*",sha1Digest("hello"),
> tSHA) answer tSHA
> 
> Other than saving a few bits because the uuid is shorter... and
> perhaps that you can do things like upgrade from md5 based to sha
> based without messing with your database. Type 3 and 5 uuids are
> basically most bits form the hash and some other bits to identify the
> type.
> 
> I suspect git would be the most heavily used distributed database in
> use and it's built on the sha 1 hash. Even in the biggest git repo
> (the linux kernel) they only need to use the first 12 chars of the
> sha to uniquely identify the object in the database.
> 
> Cheers
> 

Interesting.

Because more bits = more entropy, presumably.

Martin

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: uuid types 3 and 5

[Martin Baxter]

On 09/01/14 20:58, Fraser Gordon wrote:
> 
> 
> On 09/01/2014 20:20, Martin Baxter wrote:
>> I have read that type 3 is deprecated, on the basis that md5 is not
>> considered secure these days, although I think that was one thing that
>> confused me because uuid is nothing to do with encryption or obfuscation
>> as far as I was aware.
> I believe the idea is to map a hierarchical system of names (like a
> filesystem) to fixed-length identifiers:
> 
> foo/bar - UUID = hash(bar + hash(foo))
> foo/baz/bar - UUID = hash(bar + hash(baz + hash(foo)))
> baz/bar - UUID = hash(bar + hash(baz))
> 
> will all (with overwhelming probability) have unique identifiers but the
> identifiers will be consistent whenever the UUID of a particular name is
> generated.
>> Is it perhaps that the "namespace" has to be obfuscated so that
>> "unspecified unauthorised persons" don't also deliberately create uuids
>> based on the same namespace?
>>
>> If that is the case, you wouldn't want to use this in an open-source
>> context, because the namespace would be a secret?
> UUIDs are not really intended to provide security - their purpose is for
> uncoordinated parties to generate identifiers without (realistic)
> probability of overlap.
> 
> The collision resistance is for a situation where you have
> filesystem-like paths that resolve to UUIDs that are then looked up in a
> table (this is a fairly normal hash table but based on the full path
> rather than hash components).  With such "unique" identifiers, you might
> decide not to allow UUID collisions. Now imagine a system where a number
> of people create records (e.g. a census) which have a UUID assigned
> based on some of the recorded information, e.g.:
> 
> /Country/State/City/Street/Building/Surname/FirstName/DateOfBirth
> 
> Some malicious person might deliberately change their name in such a way
> that their UUID will clash with another name - this will cause problems
> when the records are centralised and combined into the full data set.
> 
> This isn't a terribly realistic example but should hopefully indicate
> the motivation. I have no idea if anyone actually does this but similar
> hashing schemes exist in modern filesystems for things like metadata
> integrity checking.
> 
> Regards,
> Fraser
> 

I think I am maybe starting to see it.

RFC 4122 (thank you Mark) says:

The requirements for these types of UUIDs are as follows:

   o  The UUIDs generated at different times from the same name in the
  same namespace MUST be equal.

   o  The UUIDs generated from two different names in the same namespace
  should be different (with very high probability).

   o  The UUIDs generated from the same name in two different namespaces
  should be different with (very high probability).

   o  If two UUIDs that were generated from names are equal, then they
  were generated from the same name in the same namespace (with very
  high probability).

On the face of it, those requirements could be met by simply hashing the
inputs in some consistent manner, depending how you define "very high
probability".

So I take it that the situations where you would use this type of uuid
are really similar to those situations where you might use a hash, but
where a simple hash wouldn't povide a high enough probability of
uniqueness for the context.

Martin


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: uuid types 3 and 5

[Martin Baxter]

On 09/01/14 19:05, Mark Wieder wrote:
> Martin Baxter  writes:
> 
>>
>> Was looking at the uuid command.
>>
>> Type 4 is straightforward enough.
>>
>> Types 3 and 5 have me baffled though. Does anyone know what those types
>> are used for? I can't even guess, nor have my web searches led me to any
>> information about their usage.
> 
> Here's my take on uuid types 3 and 5:
> 
> 1. Don't bother with type 3 - it's been deprecated in favor of type 5. See
> RFC 4122 for more details.
> 2. Both these types are for generating uuids that are limited to a specific
> namespace in scope, and thus you can feed the namespace as an argument and
> guarantee that uuids generated at the same time *within the same namespace*
> will be identical.
> 

Why would I want identical uuids though? Aren't they supposed to be unique?

I have read that type 3 is deprecated, on the basis that md5 is not
considered secure these days, although I think that was one thing that
confused me because uuid is nothing to do with encryption or obfuscation
as far as I was aware.

Is it perhaps that the "namespace" has to be obfuscated so that
"unspecified unauthorised persons" don't also deliberately create uuids
based on the same namespace?

If that is the case, you wouldn't want to use this in an open-source
context, because the namespace would be a secret?

Or am I not getting it?

Martin



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

uuid types 3 and 5

[Martin Baxter]

Was looking at the uuid command.

Type 4 is straightforward enough.

Types 3 and 5 have me baffled though. Does anyone know what those types
are used for? I can't even guess, nor have my web searches led me to any
information about their usage.

I suppose if it isn't obvious to me then I probably have no need for
that and I shouldn't worry about it, but it's bugging me, that's all.

Martin Baxter

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: ziperr,illegal variable

[Martin Baxter]

Thank you! That does the trick.

It seems that for some reason the name of the variable holding the data
to be written needs to be quoted as if it were a string literal. The
other var names do not.

Now I can go back to plan A,

Martin


On 21/05/2013 18:22, Peter Haworth wrote:
> On Tue, May 21, 2013 at 4:56 AM, Martin Baxter <
> mblivec...@harbourhosting.co.uk> wrote:
> 
>>  revZipAddUncompressedItemWithData
>>
> 
> Haven't used  revZipAddUncompressedItemWithData but judging from other
> revZip commands, I think your variable tdataxxx needs to be in quotes. Not
> sure about tparamxxx.
> 
> Pete
> lcSQL Software <http://www.lcsql.com>



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

ziperr,illegal variable

[Martin Baxter]

When I run this in version 4.5.0:

on mouseUp

   put "/var/www/htdocs/ug/testarchive.zip" into tobjpath
   revZipOpenArchive tobjpath, "write"
   put "1) " & the result & return after msg

   put "doodah" into tdataxxx
   put "mimetype" into tparamxxx

   revZipAddUncompressedItemWithData tobjpath, tparamxxx, tdataxxx
   put "2) " & the result & return after msg

   revZipCloseArchive tobjpath

end mouseUp

No archive is created and the message box ends up with this in it:

1)
2) ziperr,illegal variable

The problem seems to be tdataxxx. If I comment out the line:
# put "doodah" into tdataxxx

the archive is created successfully containing a file called mimetype
but which contains the literal string "tdataxxx"

Can anyone shed any light on this?

BTW revZipAddItemWithData behaves the same

Martin Baxter

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: iRev database access security question

[Martin Baxter]

Hi Jonathan,

Sensible questions actually.

I would expect the situation to be the same as with php. In that
situation, if php crashes or becomes unavailable for some reason, and
precautions have not been taken, the webserver will serve the source
script rather than its output. I expect this applies to irev too.

It is usual to store database connection credentials in an include so it
can be accessed by multiple pages. If the hosting setup allows for
includes to be stored above webroot where the webserver has no access
but the scripting language does, then includes should be placed there.

If storage above webroot is not possible, keep includes in their own
directory having an htaccess (assuming apache) as follows:


order allow,deny
deny from all


This bars the webserver from accessing any files in the directory, but
does not bar the scripting engine. I expect that would work with irev too.

Martin Baxter

On 10/02/2012 12:18, Jonathan Lynch wrote:
> Hi everyone,
> 
> If I have an iRev page that is going to access a database, I have to
> use a database query that includes the user name and password. Is it
> safe to put that information directly into the iRev page? That seems
> risky to me.
> 
> If I put the information into another page and I use a script to pull
> in the information, wouldn't a hacker be able to look at the script,
> learn the location of the other page, and then directly access that
> page?
> 
> I realize that the scripts on an iRev page do not show up when you
> view the source of the page through a browser. Does this mean that
> the script information on an iRev page is genuinely secure?
> 
> I appologize if these are ignorant questions.
> 
> Many thanks,
> 
> Jonathan
> 


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: [OT] Urban OS

[Martin Baxter]

On 30/09/2011 17:23, stephen barncard wrote:
> THis is absurd for them to expect this to take off.
> 

Optimistic perhaps, absurd is too strong. It strikes me as YAOM (Yet
Another Optimistic Moonshot). If they are exactly on target they may do
very well. If they miss, even slightly, they probably get nothing.

> What about security - not trivial

Not achievable either as long as hordes of unaccountable and frequently
clueless people are involved, which will obviously be the case. The
whole concept is a nightmare really, but nobody will realise until it
actually goes badly wrong because that's the way we do things, rush in
where angels fear to tread and D'oh later.

However, security will be a nightmare regardless of any OS that is or
isn't used, the fundamental issue is opening everything to the
possibility of remote control or monitoring. If history is anything to
go by, the more we are accustomed to thinking of a device as a dumb or
passive mechanism, the more casual we will be about its security. There
are apparently wireless interfaces in modern cars that have no security
worth speaking of, which could theoretically allow wireless attacks to
control parts of the car while on the road, medical implants such as
pacemakers can be hacked wirlessly. I recall hearing that the Taliban
eavesdropped on the control traffic of military drones which nobody
thought to encrypt!! People already hack traffic signs and ticker tape
displays and so on.

> Is this proprietary? - if so, bound to fail

Microsoft, Apple, Oracle, bound to fail.

> what processor is this based on?

Don't know, but my guess is whatever processor makes commercial sense.

> Who coordinates development and support?

LOL. Moxie Marlinspike Maybe?

> How is it paid for?

My assumption was that this is probably funded by venture capital at
present, and likely looking for more investors, hence the article.

> 
> an OS of any kind is a big deal.  I am very skeptical.
> 

Seriously, the sinister world of interconnected mundane gadgets is
supposed to be an inevitable outcome of ubiquious networking and IPv6
and if that is the case, it is surely arguable that there should be an
OS designed specifically for purpose rather than relying on some
cannibalised desktop OS.

I think I share your scepticism of this particular project, if only
because I don't know enough about it, but I would not be surprised if
something of this general nature is very successful at some point.

If you want to make some quick money though, write a scifi blockbuster
movie based around the premise of an urban environment that is entirely
connected and controlled by AI software which has gone mad. CGI fun!
Comedy/paranoia genre. "Brazil" on steroids. Plausibility irrelevant.

Actually, just the other day I threw out my keyboard after I realised it
was typing characters by itself and sometimes sending random keypress
commands to the OS. That's a foretaste of the future perhaps.

Martin Baxter

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: OT: Is there any way for someone to see my MAC address over the internet?

[Martin Baxter]

On 25/08/2011 19:31, Richard Gaskin wrote:
> Michael D Mays wrote:
> 
>> Is there any way for someone to see any personal information about my
>> machine over the internet via a web browser?
> 

> I run with NoScript and a cookie blocker on, selectively activating
> scripts and cookies as needed.  Even that's at the edge of what my
> patience can endure, but at least I get to decide when I'm being
> cookie-tracked.
> 

Or so you believe.

You do remember to delete your browser cache as well?

<http://www.wired.com/epicenter/2011/07/undeletable-cookie/>

Martin Baxter


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: [OT] Flash is NOT Dead

[Martin Baxter]

On 03/08/2011 16:52, J. Landman Gay wrote:
> On 8/3/11 8:17 AM, Richard Gaskin wrote:
>> Kay C Lan wrote:
>>> On Wed, Aug 3, 2011 at 12:12 AM, Lynn Fredricks <
> 
>>> I recommend NoScripts
>> 
>> +1 on NoScript: makes browsing faster and safer.
> 
> I've been using NoScript for years. Last week I discovered Ghostery.
> It lets you know what sites are tracking you and allows you to block
> the trackers. I have been appalled by what's been going on without
> my knowledge. Some sites have a dozen or more trackers and web bugs
> installed.
> 

Me too on NoScript. It has saved my skin several times to my knowledge,
and probably more times than I know about.

I use Firefox mostly for general browsing, and keep it hardened. Some
sites I don't even want to leave my IP address behind and then I use
TOR. For sites I trust, where javascript and cookies are mandated, I use
SeaMonkey exclusively. Using an entirely separate browser for trusted
sites adds a little more separation between the heterogeneous security
realms I think and means you don't have to fiddle about so much managing
settings for individual cases.

Firefox users concerned about privacy might also be interested in the
RequestPolicy Addon. It allows a good degree of control over those
sneaky cross-site-requests that are embedded in so many pages.

I also use my hosts file to block the standard perps.

Martin Baxter


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Rev Customer Databased Hacked?

[Martin Baxter]

As well as changing your password, which I think should be done as a
matter of course, I would suggest also changing your onrev contact email
if you can. Ideally it should be a new one only used as contact email
for that account and maybe redirected to a real mailbox.

This is because there is danger of this stolen info being used in a
spear-phishing email, perhaps purporting to be from runrev about "your
onrev account" and containing a poisoned URL of some sort or some other
trickery.

If the contact email is unique to the account (and non-obvious), then it
makes it easier to identify any fraudulent emails of this sort.

IMO, online security is a contradiction in terms. Even if you are smart,
your security is nowadays crowdsourced and therefore dependent on so
many unknown others, many of whom are not smart, that it is wise to
assume everything online will eventually be compromised, and plan
accordingly. We are now in the "steal everything" era of online crime.

It always irritates me when online credentials consist of any factors
which cannot be changed if they are compromised - as in this case the
account id. This is the problem with biometric credentials, once they
are compromised, how do you change them to repair your security?

The weakest link is in-between the chair and the keyboard and,
unfortunately, cannot easily be upgraded or patched. ;-)

Martin Baxter


On 11/07/2011 14:34, Gregory Lypny wrote:
> Hello everyone,
> 
> Have any of you received this message from Heather?  Implications?
> 
> Gregory
> 
> 
>> Dear Gregory Lypny,



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: How to obtain browser version in web app?

[Martin Baxter]

On second thoughts I should have had my coffee before replying as you
are talking about a stack not an irev script and my reply is irrelevant.

In the revlet case I can't recall if there is a simple way off the top
of my head. It is possible, but awkward to get the user agent from
javascript and pass it to the revlet in its startup parameters. Not sure
if server variables are available inside the revlet itself.

Sorry for the preceding noise

Martin Baxter

On 02/06/2011 09:08, Martin Baxter wrote:
> Hi Kee,
> 
> You have to parse out the HTTP_USER_AGENT string yourself I think
> 
> This old test script might get you started:
> 
>  put $_SERVER["HTTP_USER_AGENT"] into tua
> put offset("MSIE",tua) into tie
> put offset("Safari",tua) into tmac
> put offset("Opera",tua) into topera
> put offset("Gecko/",tua) into tgecko
> 
> put "user agent: " & tua & ""
> put "offset of MSIE: " & tie & ""
> put "offset of Safari: " & tmac & ""
> put "offset of Opera: " & topera & ""
> put "offset of Gecko: " & tgecko & ""
> ?>
> 
> Sample output
> 
> user agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.17)
> Gecko/20110420 Firefox/3.6.17
> 
> offset of MSIE: 0
> 
> offset of Safari: 0
> 
> offset of Opera: 0
> 
> offset of Gecko: 62
> 
> 
> Probably needless to say that user agent strings aren't standardised.
> 
> Martin Baxter
> 
> 
> 
> On 01/06/2011 23:48, Kee Nethery wrote:
>> It is possible to get any information about the browser running a web
>> based livecode stack? If so, how? Didn't see anything in the
>> dictionary.
>>
>> For example, Safari 5.0.5 or IE 7.2 or anything like that?
>>
>> Thanks, Kee Nethery



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: How to obtain browser version in web app?

[Martin Baxter]

Hi Kee,

You have to parse out the HTTP_USER_AGENT string yourself I think

This old test script might get you started:

user agent: " & tua & ""
put "offset of MSIE: " & tie & ""
put "offset of Safari: " & tmac & ""
put "offset of Opera: " & topera & ""
put "offset of Gecko: " & tgecko & ""
?>

Sample output

user agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17

offset of MSIE: 0

offset of Safari: 0

offset of Opera: 0

offset of Gecko: 62


Probably needless to say that user agent strings aren't standardised.

Martin Baxter



On 01/06/2011 23:48, Kee Nethery wrote:
> It is possible to get any information about the browser running a web
> based livecode stack? If so, how? Didn't see anything in the
> dictionary.
> 
> For example, Safari 5.0.5 or IE 7.2 or anything like that?
> 
> Thanks, Kee Nethery


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: [OT] MacDefender

[Martin Baxter]

On 19/05/2011 19:50, Richmond Mathewson wrote:
> 
> My father (78-9) touched the 'update' thing on Ubuntu and fairly
> effectively hosed his
> laptop; now into week 4 of a trans-Europe (England-Bulgaria) e-mail
> attempt to "unhose"
> things . . .

I've done that with ubuntu too, the impressive part is how it hoses the
update thing itself. I assume that's to prevent you making the same
mistake again.

Updates, pah! We don't need no stinkin' updates.

Martin Baxter


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: launch URL in Linux

[Martin Baxter]

On 04/01/2011 21:11, Richard Gaskin wrote:
> Warren Samples wrote:
>> On Tue, 2011-01-04 at 15:42 -0200, Andre Garzia wrote:
>>> just tried that here and did not experience the bug. I am not
>>> using 4.5.2 though. If you're a Developer Program member, try one
>>> of the recent 4.5.x betas or try 4.5.0 and see if it happens
>>> again.
>>> 
>>> I am running (from) Ubuntu 10.10
>> 
>> Thanks Andre,
>> 
>> I just checked here in Linux Mint 9 (32 bit) and it works fine. I
>> have the problem in Mint 10 (64 bit), which is based on Ubuntu
>> 10.10. It happens 4.5.3-RC3 as well. It seems there's something
>> "special" about my environment.
> 
> I wonder if the "special" is that it's 64 bit?
> 
> I just tested here on a 32-bit system running Ubuntu 10.10 and
> launch url works fine.
> 
> Anyone else here running a 64-bit Debian-based build who can verify
> this?
> 

I also see the described behaviour with LC 4.5.0 on Ubuntu 10.04 64bit

LC IDE menus don't respond to mouse nor the tools window, until the
browser is closed (firefox in my test).

Martin Baxter

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: OT: Lunar Eclipse

[Martin Baxter]

On 21/12/2010 07:54, David C. wrote:
> On Tue, Dec 21, 2010 at 1:00 AM, Jerry J  wrote:
>> Clear here in Portola Valley. About half gone. --Jerry
>> 
>> On Dec 20, 2010, at 10:49 PM, stephen barncard wrote:
>> 
>>> It's starting this hour*Andre* -- I saw this on the NASA
>>> site:
>>> 
>>> "*Viewers in Brazil will see the moon set during totality. "* * 
>>> * http://www.nasa.gov/connect/chat/lunar_eclipse.html * * that
>>> means it will be REAL BIG and ORANGE - enlarged by the atmosphere
>>> and lit by earthlight.. Straight overhead ( in Alabama at the
>>> moment) and the skies are clear.  The moon is just starting to be
>>> obfuscated.
>>> 
>>> Sorry Californians can't see it. Too much rain.
>>> 
>>> 
>>> sqb
> 
> Pretty nifty! Here in N.E.Oklahoma we were able to see the whole 
> thing. Living in a rural area as we do, I was actually more (or at 
> least equally) amazed at the reaction from the critters in the
> area... just about the exact minute it was a full eclipse, all of the
> coyotes in the area went crazy with their singing. A beautiful,
> haunting song it was, indeed.
> 
> Best regards, David C.
> 

Wow,

Thanks for posting that David. Beautiful image.

Martin Baxter


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode