> On 14 Aug 2015, at 2:43 pm, Mark Wieder wrote:
>
> I'm just saying that if the team is working on this now or plans to in the
> future while lcVCS development is going on then it's a wasted effort. I'm not
> saying that the team needs to telegraph their intentions every step of the
> way (a
On 08/13/2015 09:24 PM, Monte Goulding wrote:
There wasn’t a parallel effort. They wanted the import/export in the engine
which was fair enough so I’ve only done minor maintenance since then with the
plan that once released I’d redo my IDE integration to work with the new format.
Right. I'm
> I'd also be happy to throw money into this endeavor (Monte - reach out to me
> and let's talk), but…
Thanks Mark
>
> 1. I really think this needs to be integrated as an out-of-the-box experience
> into the IDE's menu, and not as a third-party add-on. Even as a plugin, it
> needs to be offici
OK, glad I asked the list had a hunch my understanding was inadequate.
Not using real data for the tests...
Guess I need to go study. Any pointers to good articles appreciated!
Tim Selander
Tokyo, Japan
On 15/08/14 12:50, Mark Wieder wrote:
On 08/13/2015 04:29 PM, Tim Selander wrote:
My
On 08/13/2015 04:29 PM, Tim Selander wrote:
My remaining question is on keeping text data secure on our web server
(on-rev). I use LC scripts in the cgi folder. My understanding is that
the cgi folder is secure from any outside breach. Is that understanding
correct? So if I store my company's cu
On 08/13/2015 03:21 AM, Paul Richards wrote:
+ 1 !
I also think there might be a few more on here that would be willing to
contribute to the lcVCS !
I'd also be happy to throw money into this endeavor (Monte - reach out
to me and let's talk), but...
1. I really think this needs to be integ
On 08/13/2015 10:45 AM, Richard Gaskin wrote:
"A good plan violently executed now is better than a perfect plan
executed next week."
- Gen. George S. Patton
"plans are useless, but planning is indispensable."
- Gen. Dwight D. Eisenhower
--
Mark Wieder
ahsoftw...@gmail.com
__
On 08/13/2015 04:09 AM, Mark Waddingham wrote:
That's very true. Indeed, perhaps one could argue that GitHub needs
service-hooks which allow customization of merging and diff display.
That general feature there would solve the VCS problem in a natural way
for a number of types of data which are
Dave,
Thanks for the clarifications.
I'm changing my app over to server side middleware using LC server and
opening one local connection to the MySQL DB.
My client/server model.
1) The LC server script has the DB username/password and no one can see
that. That protects the DB.
2) LC scripts
Thanks Dave. I think it's beginning to sink in.
In answer to your question, I never trust my users!
On Thu, Aug 13, 2015 at 4:17 PM Dave Cragg wrote:
>
> > On 13 Aug 2015, at 23:56, Peter Haworth wrote:
> >
> > Thanks Dave. That's good info.
> >
> > My questions are specifically related to m
Hi all,
I work at a small broadcast production company, and since HC days have
made in-house programs that have helped us in a variety of ways. Now
using a bit of LC v7 with its unicode support.
Would like to have data available to staff who are on the road. A few
months ago, asking about sq
> On 13 Aug 2015, at 23:56, Peter Haworth wrote:
>
> Thanks Dave. That's good info.
>
> My questions are specifically related to mySQL which is able to accept
> remote connections by design.
Sorry if I wasn't clear. I was suggesting that it's generally a bad idea to
allow remote connections.
On Thu, Aug 13, 2015 at 3:56 PM, Peter Haworth wrote:
> I do like the idea of only a single connection to the db from the server
> side script. But don't you then start getting into multiple thread issues
> for performance reasons?
>
I will be needing a persistent server for my remote clients,
Thanks Dave. That's good info.
My questions are specifically related to mySQL which is able to accept
remote connections by design.
I see your point about passing the credentials but, as mentioned to Bill,
doesn't opening the database connection using SSL take care of that? Same
for your point
Thanks Bill, it does make sense. But doesn't the use of SSL when opening
the database connection prevent outside interference with the SQL command?
Just trying to understand this before going down the wrong path :-)
On Thu, Aug 13, 2015 at 3:03 PM William Prothero
wrote:
> Peter:
> The answ
> On 13 Aug 2015, at 22:44, Peter Haworth wrote:
>
> I agree that SQL doesn't have much in the way of data sanitizing but
> Livecode does. I also agree that there must be a good reason why most of
> the world uses server side scripting, just trying to understand exactly
> what that is.
>
> I'v
Peter:
The answer to the question is “where does the security failure occur?” The weak
link is the transmission of the command from the local computer to the server.
If you tokenize the command at the local computer level, you still have the
problem. The remote server can be accessed by anybody
On Thu, Aug 13, 2015 at 10:16 AM, Peter Haworth wrote:
> What are the pluses and minuses you get from using php as a middleman to
> access a mySQL database on a server versus accessing the mySQL database
> directly from LC?
>
Also note that LiveCode can't handle compound commands with mySQL, whi
On Thu, Aug 13, 2015 at 3:20 AM, Richmond
wrote:
> I would also like to say how much I feel for you over your bereavement.
>
I do, as well. We've been there, and the loss just can't be described.
--
Dr. Richard E. Hawkins, Esq.
(702) 508-8462
___
I agree that SQL doesn't have much in the way of data sanitizing but
Livecode does. I also agree that there must be a good reason why most of
the world uses server side scripting, just trying to understand exactly
what that is.
I've been under the impression that if I use the variableslist parame
Peter Haworth wrote:
It still seems to me that, once security matters are dealt with, the choice
of server side script versus direct connection is more a matter of
preferred application architecture more than anything else.
Ah, but there's the rub, "once security matters are dealt with".
Corre
Thanks BIll. I understand about the tokenization but Livecode can already
do that within a direct connection without a server side script and, at
least for mySQL, can open a direct connection using SSL.
It still seems to me that, once security matters are dealt with, the choice
of server side scr
+1
> William Prothero wrote
> That said: I love the application and am grateful for it every day that I use
> it.
Ralph DiMola
IT Director
Evergreen Information Services
rdim...@evergreeninfo.net
___
use-livecode mailing list
use-livecode@lists.runre
The big response on this topic illustrates to me that the community is very
concerned about the possibility of a two-tiered livecode environment where we
need to pay extra to get added premium features that we all will want.
Personally, I am very happy with the direction and work that the dev te
+2 also
Ralph DiMola
IT Director
Evergreen Information Services
rdim...@evergreeninfo.net
-Original Message-
From: use-livecode [mailto:use-livecode-boun...@lists.runrev.com] On Behalf Of
William Prothero
Sent: Thursday, August 13, 2015 3:59 PM
To: Use-livecode Use-livecode
Subject: Re:
Peter:
> I'm probably still not understanding this completely, but how do I protect
> against SQL injection attacks when using a server side interface? I can do
> that very easily from within Livecode by using the parameterized variables
> available with the revdbxxx calls but it seems like I woul
+2
Very important.
Bill
> On Aug 13, 2015, at 11:33 AM, Richmond wrote:
>
> +1
>> Hi all,
>>
>> Kevin mentioned in his orignal mail:
>> … and a PDF Viewer.
>>
>> Please, please, please also give this one to „the masses“!
>> We’ve been waiting for this for ages.
>>
>>
>> Best
>>
>> Klaus
>>
Thanks for all the inout. I should probably have phrased my question a
little differently and asked about the pros and cons of a sever side
interface versus a direct connection rather than referencing php
specifically. The php reference came about because of a recent post on its
use.
It appears t
So it is not just me :-)
Thanks Bill
Martin
--
View this message in context:
http://runtime-revolution.278305.n4.nabble.com/OT-ish-naming-a-MeetUp-group-tp4694690p4694984.html
Sent from the Revolution - User mailing list archive at Nabble.com.
___
Or even worse:
SELECT content FROM data WHERE user=;DROP TABLE data
On Thu, Aug 13, 2015 at 10:50 AM Mark Waddingham wrote:
>
> Here the input field is not being validated in anyway, nor is the value
> being escaped. This means that I am then free (as a user of the client)
> to put anything I
+1
Hi all,
Kevin mentioned in his orignal mail:
… and a PDF Viewer.
Please, please, please also give this one to „the masses“!
We’ve been waiting for this for ages.
Best
Klaus
--
Klaus Major
http://www.major-k.de
kl...@major-k.de
___
use-livecod
Hi all,
Kevin mentioned in his orignal mail:
… and a PDF Viewer.
Please, please, please also give this one to „the masses“!
We’ve been waiting for this for ages.
Best
Klaus
--
Klaus Major
http://www.major-k.de
kl...@major-k.de
___
use-livecode mai
LiveCode is unusual in many ways. If there are anomalies with how it
integrates with VCSes designed for very different languages that would
really be the least of our concerns.
Indeed - that is a good way to look at it.
If accommodating other people's expectations of "normal" were a
priority
Mark Waddingham
> As a simple (rather stupid) example consider a client application
> which has a field which expects a number, and an output field.
>
> The user enters a number into the field and the client does a query
> to fetch a piece of data mapped to that number in the DB. e.g.
> query "
Here 'unsafe' means something which has come from the client via some
sort of user input without being vetted or checked.
I should clarify here that user input doesn't necessarily come from
input fields in a UI - it can come from any data passed from the client
to the server which originates f
Aloha, Kevin:
A well considered response. I'll be with you for the long haul, no
question about that.
Please do consider - hear our "pleas" for tools that are expected out of
the box in an open source arena
1) long, long, long, long standing request SFTP on board. Make a widget
fo that asa
Good question. Why is LC server instead of PHP not an option for you?
I
know this has been talked about on the list before but I still don't
have a
solid handle on this. I'm still am not clear on how SQL injection can
be
done with a direct MySQL connection using ssl. Also when using a web
serv
Monte Goulding wrote:
> One thing worth considering is as complex widgets develop the number
> of objects on a stack should reduce dramatically making it much
> easier to work out what you’re looking at. Combined with scriptified
> stacks it’s starting to look like a reasonable solution.
LiveCode
Peter,
Good question. Why is LC server instead of PHP not an option for you? I
know this has been talked about on the list before but I still don't have a
solid handle on this. I'm still am not clear on how SQL injection can be
done with a direct MySQL connection using ssl. Also when using a web
In general it is not advised to directly connect to databases over the Internet
and it is considered better practice to front your db access through an http
interface (which you could equally well implement in LC server running and
connecting locally to the db on the server).
One reason to do t
Yep, even a non-profit on a tight budget would spring some contribution
as this advancement would open door to collaboration that are really
important to us.
Brahmanathaswami
Skip Kimpel wrote:
+1 for contribution.
This has been one of my sticking points over the years and would love to s
What are the pluses and minuses you get from using php as a middleman to
access a mySQL database on a server versus accessing the mySQL database
directly from LC?
Web sources typically mention two main benefits: php runs on any platform,
and it's easier to create dynamic web pages. I think the fi
This is a great way to learn programming, but there are a few caveats that
might be considered.
As I learned to program, i could never get thru more than one lecture (pascal).
Ungodly boring! I needed a project and the docs. However, other folks may have
different learning styles. Some may be
Hi LiveCode Community,
We have a great new, timely blog for you today. It's called:
How to Create a Free iOS Provisioning Profile
You no longer need a subscription to test your apps on physical iOS
Devices! It's pretty awesome.
Check it out and let us know what you think: http://buff.ly/1DN6pWJ
On August 13, 2015 4:24:33 AM CDT, Peter Bogdanoff wrote:
>
>I was working in LC 7.1 dp 1 and chose to not save a stack, quit,
>reopened and got the message.
>
>On my Mac the TimeMachine backups from earlier in the evening are also
>reporting as corrupted. I had also saved a version from the Finde
On August 13, 2015 8:15:44 AM CDT, Terence Heaford wrote:
>
>Did you advise the Open Source backers at any point prior to or during
>the KickStarter campaign that the Commercial product would be different
>than the Open Source product except in the area of code protection?
Brett's post cleared th
Yes.
Perhaps it would help to understand this in context if you look some more
at how some other dual licensed open source projects are run.
Kind regards,
Kevin
Kevin Miller ~ ke...@livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
On 13/08/2015 14:15, "Terence Heaf
I have seen this, but it isn't because iOS devices are necessarily
better
for businesses, but it's more of a perception of security and control.
Apple does a great job of marketing this. My experience with Android
has
never involved malware infections, and any that have shown up in the
media
h
On Wed, Aug 12, 2015 at 7:12 PM, Monte Goulding wrote:
>
> > On 13 Aug 2015, at 5:08 am, Richard Gaskin
> wrote:
> >
> > To put it into perspective, half of all iOS revenues go to only the top
> 100 developers, and the majority of those apps are available on both
> platforms. The top 1,000 deve
I have been using lcVCS while developing my application and I don't think I
could do without it. The ability to have a repository to track changes to
a LiveCode application and to have those integrated with the issue tracking
features at bitBucket is game changing for me.
I would support a cr
> On 13 Aug 2015, at 13:58, Kevin Miller wrote:
>
> We said during Kickstarter that the product would be dual licensed. That
> means we have an Open Source Community Edition and a closed source
> Commercial Edition. We made it clear we would continue to have a
> commercial product. At no stage d
Thank you to everyone for all your input so far.
Kickstarter was never intended to cover all development costs for
everything we do. Software moves on, platforms move on, development
continues at an astonishing speed in the digital world. Kickstarter was
intended to fund extra developers to help d
Today I had to go and have the oil and filter changed in my car, and as
I was waiting I decided to try and install
LiveCode 7.0.5 on their public access Windows XP box (which failed), and
I came across this:
http://www.livecode.com/
And that was interesting as I haven't looked at that page for
> On 13 Aug 2015, at 9:09 pm, Mark Waddingham wrote:
>
>> True but it’s not like there aren’t other funky file formats in
>> GitHub… storyboard, xib etc.. nasty stuff. Keep the UI as code light
>> as possible and the code in nicely named scriptified stacks and it’s
>> reasonable as far as I can t
True but it’s not like there aren’t other funky file formats in
GitHub… storyboard, xib etc.. nasty stuff. Keep the UI as code light
as possible and the code in nicely named scriptified stacks and it’s
reasonable as far as I can tell. You could even put in some commit
hooks to enforce a rule on th
> To be fair it is a killer if you do not have such a front-end and want to
> have multiple people working in a rigorous way on a single LiveCode project ;)
True but it’s not like there aren’t other funky file formats in GitHub…
storyboard, xib etc.. nasty stuff. Keep the UI as code light as po
+1 for contribution.
This has been one of my sticking points over the years and would love to see a
fully developed solution to the issue as hand.
Thanks again, Monte, for everything that you do!
SKIP
> On Aug 13, 2015, at 6:21 AM, Paul Richards wrote:
>
> + 1 !
>
> I also think there m
I’m not convinced it’s a killer. I just think it needs some special
tools. It really wouldn’t be that hard to build a third party code
review web app that integrated with GitHub via service hooks. Such a
beast would know the export stack file format and present the objects
in the same way the proj
> On 13 Aug 2015, at 8:20 pm, Richmond wrote:
>
> Hey: we all have dirty laundry of some sort, and we all manage to leak it
> out, unwittingly, onto the internet sooner
> or later - and yours is not nearly as dirty as some I have seen.
>
> It also proves interesting reading :)
And I forgot to
> On 13 Aug 2015, at 09:39, Richard Gaskin wrote:
>
> What compels you to keep writing like that?
This is how I feel as an Open Source backer, let down.
Now if I had been an open Source backer who laid out thousands for the
principal of Open Source, let down would not begin to cover it.
Many
> On 13 Aug 2015, at 09:39, Richard Gaskin wrote:
>
> As an open source user, why would you even consider the proprietary license?
Because if LC Open Source is limited in some way there may be something
available in the paid product I would like to incorporate in an Open Source
stack but cann
How about a Kickstarter effort for it? (or something similar)
On 13 Aug 2015, at 11:21, Paul Richards wrote:
> + 1 !
>
> I also think there might be a few more on here that would be willing to
> contribute to the lcVCS !
>
> -Original Message-
> From: use-livecode [mailto:use-liveco
+ 1 !
I also think there might be a few more on here that would be willing to
contribute to the lcVCS !
-Original Message-
From: use-livecode [mailto:use-livecode-boun...@lists.runrev.com] On Behalf Of
Richmond
Sent: 13 August 2015 11:20
To: How to use LiveCode
Subject: Re: lcVCS in
On 13/08/15 13:16, Monte Goulding wrote:
Woah… folks I’m a bit tired and forgot to check if that was a private email…
sorry for airing my dirty laundry
Hey: we all have dirty laundry of some sort, and we all manage to leak
it out, unwittingly, onto the internet sooner
or later - and yours is
Woah… folks I’m a bit tired and forgot to check if that was a private email…
sorry for airing my dirty laundry
> On 13 Aug 2015, at 8:14 pm, Monte Goulding
> wrote:
>
> Hi Todd
>
> There’s a bit of a story here. Towards the end of 2013 I lined up with Kevin
> to sell him the IP for $10k so l
Hi Todd
There’s a bit of a story here. Towards the end of 2013 I lined up with Kevin to
sell him the IP for $10k so lcVCS and my IDE integration could be rolled into
the IDE. After some discussions I managed to convince him that it should be in
both community and commercial IDEs. Then in Januar
> On 13 Aug 2015, at 5:48 pm, Mark Waddingham wrote:
>
> This is where UUID based on-disk formats fail - given a PR and its patch it
> is exceptionally difficult to work out in which objects the changes are being
> made. Given that LiveCode allows (and indeeds encourages you!) to spread code
> On 13 Aug 2015, at 5:50 pm, Peter TB Brett wrote:
>
> On 2015-08-13 09:07, Mark Waddingham wrote:
>> On 2015-08-12 23:57, Monte Goulding wrote:
>> As I said way back when, I'm not averse to Object UUIDs being added as
>> metadata for the purposes of VCS (i.e. sideline data in objects). I'm
>>
Hi,
Is there a way to restore a corrupted stack (that is also encrypted)?
I was working in LC 7.1 dp 1 and chose to not save a stack, quit, reopened and
got the message.
On my Mac the TimeMachine backups from earlier in the evening are also
reporting as corrupted. I had also saved a version fr
Terence Heaford wrote:
> The view of an Open Source User follows:
...
> I cannot justify the serious outlay for an Indie Licence in LC
As an open source user, why would you even consider the proprietary license?
> I now await to be slammed by RG. I won’t take it seriously.
Who's slamming who
Just my 2 cents worth:
When I was studying math as an undergraduate and as a graduate student, many of
the classes were taught by the (R. L.) Moore Method. In this method the
professor gives axioms, definitions and just the statements of the theorems.
The students have to prove the theorems the
Hi Monte,
If you are looking for tech and money support then lets talk, I am happy to
help with both. I agree with Richard that this is HUGE and needs to be
available.
--Todd
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this
The view of an Open Source User follows:
I have come to LiveCode from SuperCard on the Mac and was attracted by the
KickStarter campaign which would provide LC as Open Source.
I contributed the minimum amount as LC is for my personnel use and I doubted
the sincerity at the time.
I did consider
On 2015-08-13 09:07, Mark Waddingham wrote:
On 2015-08-12 23:57, Monte Goulding wrote:
As I said way back when, I'm not averse to Object UUIDs being added as
metadata for the purposes of VCS (i.e. sideline data in objects). I'm
still yet to be persuaded that replacing 'ids' with them is worthwhi
On 2015-08-12 23:35, Peter TB Brett wrote:
On 2015-08-12 22:52, Richard Gaskin wrote:
Now that we're talking about a much broader scope, and especially
given the central role of VCS in fostering healthy open source work,
my opinion is now more open than before, and somewhat undecided.
If it tu
On 2015-08-12 23:57, Monte Goulding wrote:
Thanks for the details Peter. I had thought the BAF was a product of
your work on the file format. I wonder if the current situation
warrants a further investigation into the things that would assist my
script based solution? Object UUIDs and more suppor
76 matches
Mail list logo