Re: [ANN] Stacks published on the Web
Hi Rick, Actually, if you have doubts about the security of running an application inside your web browser, you should contact the author with specific questions about the operation of this application. Look for example this example: http://capellan2000.000space.com/examen.html This is a test in spanish created by a friend of mine (using a template that i give him) for his computer classes. He told me that this test is largely unfinished and needs to correct ortography and the wording of selection items. I believe that he had to change his images to reduce the stack size and check in detail the importance of every question. But the point, about this exam is that when you enter the page, it ask for permissions to use the network and write files to your disk. Effectively, when you finish this (still incomplete) exam, the stack ask you to save the results in your hard disk. Ideally, the stack should be able to: 1) send the results directly to the teacher's mail from the stack, just like PHP or Perl scripts do... 2) write output to a file in the server, so user could download this file from the webpage... 3) write a record inside a database running in the server... 4) show the results in a field so user could copy and paste the results in a text file... and there should be other options that i am not aware of... or simply have forget. Stacks should be able to do their work without these warning dialogs. This weekend, i will apply some of these ideas to the stacks that i posted. In this way, there will be no warning when visitors enter the page. Have a nice weekend! al -- View this message in context: http://www.nabble.com/-ANN--Stacks-published-on-the-Web-tp24766085p24849244.html Sent from the Revolution - User mailing list archive at Nabble.com. ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
I understand your concern, Coliln. What I did was to create a new user with no admin rights, then log in as that user and download and run the stacks within the plugin (fast user switching makes that so easy). Even if a stack contained the equivalent of 'rm -rf', such a command would only affect that temporary user's directories. I'd be interested to know, do you never download stacks from revOnline? Or if you download a stack from Richard Gaskin's or Sarah Reichelt's website, would you type 'set the secureMode to true' before you did that? At some level I think we need to trust the other users on this list (especially those like Alejandro who have been around a while). In 7 years on this list I don't remember a single instance of someone reporting that another user had distributed malicious code. Maybe this is going to be a serious problem in distributing apps via the plugin. When someone downloads an app themselves, they (generally) don't worry about what it might do to their system. But when the plugin presents a warning dialog like it currently does, it might make people reluctant to let the code run, when they would have had no worries about running an application they had downloaded themselves. I don't think Flash apps running in a plugin even have the possibility to access the filesystem. I think users may be alarmed by the warning that the Rev plugin throws up, because it's not behaviour they're used to seeing within their browser. Bernard On Sat, Aug 1, 2009 at 5:20 PM, Colin Holgateco...@rcn.com wrote: I have no idea what the other two links do, because I'm not going to allow permission for the stacks to write files to my hard drive. ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
I have downloaded stacks before, but playing stacks in a plugin should just load and run, and not be asking permission to write files to the hard drive. If the files needing to be written are just preference settings, then the language of the warning should change. As it stands you could be giving permission for the stack to completely fill up your drive with large movie files or images. I don't think that the plugin should insist on asking the user for permission to load content from the web. After all, the stack itself came from the web, so it's too late already! The way it is in Shockwave works ok. If the content being loaded is from the same web site, there is no warning, if it's from another web site, the user is presented a dialog at the time of the reading of the data, and there are three options to choose from. You can see that in action here: http://xfiles.funnygarbage.com/~colinholgate/dcr/solarsystem.dcr Click past the first screen, then click on the cartoon looking element, and click in the 3D space to make a planet with that texture. At that instant you get asked for permission. The actual texture doesn't work, Cartoon Network removed that file long ago. The way that Flash works with writing local content works well. Flash can, by default, write up to 100k of local data without asking for permission. The user can increase or decrease that at any time. So, in coming up with the best ways to warn people, take a good look at how it's done in Flash and Shockwave. ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
Le 2 août 09 à 17:24, Colin Holgate a écrit : I don't think that the plugin should insist on asking the user for permission to load content from the web My personal tought : Yes, as long as this web contents can only interact with the user without any local-filesystem access, but only as inside the plugin runnable code and medias. No, in any other cases. The way that Flash works with writing local content works well. Flash can, by default, write up to 100k of local data without asking for permission. The user can increase or decrease that at any time. But in terms of real ability to fill very unfriendly code to the client-side computer, 100 k is enought to kill anything of the local file-system and even the hard-disk it-self by speeding it up until it definitivelly crash via a 6ko sniplet. So, if 100 k is enought to kill and hack anything, both, the Java or Flash security models are only non-sense in anything else out of marketing considerations. In my humble advice, as a real honest team, management and company, RunRev know and does exactly what need to be done to protect the client-side computer and i think for my own that they are just doing the best of what need to be done. On the other hand, i would appreciate to be able to avoid the display of any local-file system access autorisation demand, each time i purpose a plugin-app witch don't interact in any way with the local file system (updating it-self via post, get, realtime video-streaming, video-conferencing, etc...) even if to stay fluent in terms of user's experience, this need for me, to be able to save its personal plugin's preferences to my own server, instead of in writing them to its local file-system. Mes deux centimes d'Euro ;-) Pierre -- Pierre Sahores mobile : 06 03 95 77 70 www.sahores-conseil.com ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
On Aug 2, 2009, at 12:35 PM, Pierre Sahores wrote: But in terms of real ability to fill very unfriendly code to the client-side computer, 100 k is enought to kill anything of the local file-system and even the hard-disk it-self by speeding it up until it definitivelly crash via a 6ko sniplet. So, if 100 k is enought to kill and hack anything, both, the Java or Flash security models are only non-sense in anything else out of marketing considerations. This isn't a worry, because the 100k is effectively a text file, and Flash has no way to execute the file. It's only for storing things like preferences. ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
Le 2 août 09 à 18:43, Colin Holgate a écrit : On Aug 2, 2009, at 12:35 PM, Pierre Sahores wrote: But in terms of real ability to fill very unfriendly code to the client-side computer, 100 k is enought to kill anything of the local file-system and even the hard-disk it-self by speeding it up until it definitivelly crash via a 6ko sniplet. So, if 100 k is enought to kill and hack anything, both, the Java or Flash security models are only non-sense in anything else out of marketing considerations. This isn't a worry, because the 100k is effectively a text file, and Flash has no way to execute the file. It's only for storing things like preferences. Would not be a good idea to insist and i will hangup there after just some last words : this is just what the marketing says. Any master2 n- tier security course just make us green about all what can, in fact, be done behind the scene. In my own case, the best i learned about the subject credits more an army officier thesis than the unmodeled course contents... ..., Pierre -- Pierre Sahores mobile : 06 03 95 77 70 www.sahores-conseil.com ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
Bernard Devlin wrote: Maybe this is going to be a serious problem in distributing apps via the plugin. When someone downloads an app themselves, they (generally) don't worry about what it might do to their system. But when the plugin presents a warning dialog like it currently does, it might make people reluctant to let the code run, when they would have had no worries about running an application they had downloaded themselves. I have to agree that the generic warning is a little too scary to encourage widespread adoption. Allowing developers to supply their own warning would help. For example, if the warning said This Revlet wants permission to write a preference file to your hard drive I wouldn't have many qualms. On the other hand, if RR gives control over the prompt to the developer, there's no way to police it. The prompt could ask for permission to write a text file and instead proceed to wipe the drive. I'm not sure what the right approach is. -- Jacqueline Landman Gay | jac...@hyperactivesw.com HyperActive Software | http://www.hyperactivesw.com ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
On Aug 2, 2009, at 1:26 PM, J. Landman Gay wrote: I have to agree that the generic warning is a little too scary to encourage widespread adoption. An example of too many dialogs preventing adoption is Shockwave. Even with 60% of people having Shockwave installed, clients tend not to want to use it because installing the plugin has opt-out add-ons, and if you access content on another valid site for the same company, Shockwave would show that security dialog. With the latest Shockwave version you can now check the crossdomain.xml policy file, and so at last can get around that issue for using content on another one of the client's sites. Flash security is extremely tough and limiting, and manages to do all that without having to bother the user with permission dialogs. About 15 years of effort has gone into the thinking behind how Shockwave and Flash security is handled, so there is a chance that some of what they have done is a good way to work. So, Rev stacks online for your relatives to see your work is fine, but for real large client work it won't succeed if every user that uses the piece has to cope with security and permissions dialogs, because clients will tell you to use Flash instead. ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
Hi there, I think this problem is a huge mess! I found myself feeling really paranoid about trying the stacks due to the nasty sounding dialogs. There has to be a better solution or people will not adopt using the plug-in. Just my 2 cents. Rick On Aug 2, 2009, at 1:41 PM, Colin Holgate wrote: On Aug 2, 2009, at 1:26 PM, J. Landman Gay wrote: I have to agree that the generic warning is a little too scary to encourage widespread adoption. An example of too many dialogs preventing adoption is Shockwave. Even with 60% of people having Shockwave installed, clients tend not to want to use it because installing the plugin has opt-out add-ons, and if you access content on another valid site for the same company, Shockwave would show that security dialog. With the latest Shockwave version you can now check the crossdomain.xml policy file, and so at last can get around that issue for using content on another one of the client's sites. Flash security is extremely tough and limiting, and manages to do all that without having to bother the user with permission dialogs. About 15 years of effort has gone into the thinking behind how Shockwave and Flash security is handled, so there is a chance that some of what they have done is a good way to work. So, Rev stacks online for your relatives to see your work is fine, but for real large client work it won't succeed if every user that uses the piece has to cope with security and permissions dialogs, because clients will tell you to use Flash instead. ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution __ Rick Harrison You can buy my $10 music album Funny Time Machine digital CD on the iTunes Store Now! To visit the iTunes Store now to listen to samples of my CD please click on the following link. (Please note you must have iTunes installed on your computer for this link to work.) http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewAlbum?playListId=213668290 ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
Alejandro!!! awesome work sqb - Stephen Barncard San Francisco http://barncard.com 2009/7/31 Alejandro Tejada capellan2...@yahoo.com Hi all, Visit the following pages with 3 stacks saved for web: http://aulasdigitales.net/test01.html http://aulasdigitales.net/test02.html http://aulasdigitales.net/test03.html These pages will be available until Sunday. Have a nice weekend! al Visit my site: http://www.geocities.com/capellan2000/ ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
I get a lot of problems with this one: http://aulasdigitales.net/test02.html I tried it twice, and clicking around on various different features caused the rev plugin and the browser to become unresponsive. When this happened on the 2nd occasion I had Activity Monitor open and the plugin had stopped responding and was using up most of the cpu. OS X 10.4 PPC Safari 4.0.2 Bernard On Sat, Aug 1, 2009 at 5:57 AM, Alejandro Tejadacapellan2...@yahoo.com wrote: Hi all, Visit the following pages with 3 stacks saved for web: http://aulasdigitales.net/test01.html http://aulasdigitales.net/test02.html http://aulasdigitales.net/test03.html These pages will be available until Sunday. Have a nice weekend! al Visit my site: http://www.geocities.com/capellan2000/ ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
On Jul 31, 2009, at 9:57 PM, Alejandro Tejada wrote: Hi all, Visit the following pages with 3 stacks saved for web: http://aulasdigitales.net/test01.html http://aulasdigitales.net/test02.html http://aulasdigitales.net/test03.html These pages will be available until Sunday. Good stuff. It is exciting to think that I will be getting into the world of On- Rev in the middle of August. It will be boring data manipulation tools, but exciting to me. Thanks, Jim Ault Las Vegas ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
On Aug 1, 2009, at 12:57 AM, Alejandro Tejada wrote: http://aulasdigitales.net/test01.html http://aulasdigitales.net/test02.html http://aulasdigitales.net/test03.html The third link leads to having to force quit Safari, but that may have been to do with threads still running from the first two links. I have no idea what the other two links do, because I'm not going to allow permission for the stacks to write files to my hard drive. ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
I saw no instructions. Typing mogie.pdf in the text area and clicking the Export button appears to do nothing but lock up Safari. Hard. Not pleasant. OS X 10.5.7, Safari 3.2.3. k On Jul 31, 2009, at 9:57 PM, Alejandro Tejada wrote: http://aulasdigitales.net/test01.html ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
Al, For test01 what is supposed to happen when I click the export button? it would be helpful to modify the test page with some instructions. When nothing happens after a while, I try to close the Safari window and I get the infinite beachball until I force quit. Regards, Bruce Pokras Blazing Dawn Software www.blazingdawn.com On Aug 1, 2009, at 12:57 AM, Alejandro Tejada wrote: Hi all, Visit the following pages with 3 stacks saved for web: http://aulasdigitales.net/test01.html http://aulasdigitales.net/test02.html http://aulasdigitales.net/test03.html These pages will be available until Sunday. Have a nice weekend! al Visit my site: http://www.geocities.com/capellan2000/ ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
Al, After I quit Safari, what should I find but a save dialog with which to save the exported PDF! So you need to find a way for the save dialog to pop above rather than pop under the Safari window that is displaying your revLet. Otherwise, it looks like nothing is happening. Regards, Bruce On Aug 1, 2009, at 6:52 PM, Bruce Pokras wrote: Al, For test01 what is supposed to happen when I click the export button? it would be helpful to modify the test page with some instructions. When nothing happens after a while, I try to close the Safari window and I get the infinite beachball until I force quit. Regards, Bruce Pokras Blazing Dawn Software www.blazingdawn.com On Aug 1, 2009, at 12:57 AM, Alejandro Tejada wrote: Hi all, Visit the following pages with 3 stacks saved for web: http://aulasdigitales.net/test01.html http://aulasdigitales.net/test02.html http://aulasdigitales.net/test03.html These pages will be available until Sunday. Have a nice weekend! al Visit my site: http://www.geocities.com/capellan2000/ ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
After I quit Safari, what should I find but a save dialog with which to save the exported PDF! So you need to find a way for the save dialog to pop above rather than pop under the Safari window that is displaying your revLet. Otherwise, it looks like nothing is happening. Not Al's fault. This is a known issue with the plugin which the RunRev people are working on. They have put in a hack to make answer ask dialogs work, but not the others. Cheers, Sarah ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: [ANN] Stacks published on the Web
Hi All, i have posted the revlets in this free webspace from the webhosting company 000space. http://www.capellan2000.000space.com/test01.html http://www.capellan2000.000space.com/test02.html http://www.capellan2000.000space.com/test03.html In this site, revlets seem to work fine and i am planning to move my stacks to this server, but if you have any problem loading the revlets from this site, told me so. Revlets test01 and test02 ask for permission to use your disk, because they save or export a pdf, svg or adobe ilustrator file. (currently, these plain simple svg files open using Inkscape, not Firefox) i understand that there are some issues with handlers that require drag and drop, as Jim Hurley noted in a previous message, so this would explain the lock-up that you see in Mac OS X. i use Windows XP, so could not check how problematic is this in other platforms, but you could download the stacks from my site and compare: http://www.geocities.com/capellan2000/exportVector_v03.zip http://www.geocities.com/capellan2000/newPentoolScript_v02.zip http://www.geocities.com/capellan2000/walkingman_2.zip Have a nice weekend! al Visit my site: http://www.geocities.com/capellan2000/ ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution