--On Tuesday, December 24, 2002 00:27:41 -0600 Chipp Walters
[EMAIL PROTECTED] wrote:
b) be certified as 'safe' by a reputable 3rd party (the Microsoft
approach).
My thinking on the subject is that a 3rd party could build a player and
infrastructure for registering (certifying) stacks. Then
--On Monday, December 23, 2002 18:59:14 -1000 Sannyasin Sivakatirswami
[EMAIL PROTECTED] wrote:
What's being
proposed here is a responsible security concern, IMHO.
Ken,
I am embarrassingly naive about these issues. when you say responsible
security concern What do you mean? How is this any
Andu,
Chipp says:snip
b) be certified as 'safe' by a reputable 3rd party (the Microsoft
approach).
Andu replies:snip
This is what tripped me in your previous message too, and this is what I
was referring to as the illusion of security being worse then no security
at all.
The 3rd
Chipp Walters wrote:
The 3rd party 'certification' I was referring to is through Verisign
Certificates (not Microsoft), the *same* guys who do the SSL server IDs.
Over 90% of SSL (Secure Socket Layer) websites use Verisign, so apparently
they are a trustworthy source.
What specific steps
--On Tuesday, December 24, 2002 08:11:48 -0800 Richard Gaskin
[EMAIL PROTECTED] wrote:
Chipp Walters wrote:
The 3rd party 'certification' I was referring to is through Verisign
Certificates (not Microsoft), the *same* guys who do the SSL server IDs.
Over 90% of SSL (Secure Socket Layer)
[please pardon the OT hummor]
andu wrote:
What specific steps would be needed to use a Verisign certification for
RunRev stacks?
$300 for a 1 year subscription or $700 for 2 years plus all the personal
information about you and your family. That's all.
And since Dr. Kissinger won't
Here's a less microsoftian solution for a sane MC helper application for
browsers:
make a stack which opens off screen or invisible with something like...
on startup
answer Ready to format your hard drive??\
with OK and Cancel
if it is Cancel then quit
exit startup
Move the answer dialog into
What specific steps would be needed to use a Verisign certification for
RunRev stacks?
$300 for a 1 year subscription or $700 for 2 years plus all the
personal information about you and your family. That's all.
Regards, Andu Novac
From the latest newsletter from pair.com
pair Networks SSL
Andu:
Thanks for lightening up this thread... ( I had to hold myself down
after reading
OJ certified not guilty)
Much needed/appreciated laughter aside: you make a good point. The
sense of security when in fact anyone with ill intentions will find a
way around it... etc. can be more
Chipp Walters wrote:
The big problem with a *sanctioned* web-savvy MetaCard or RunRev player is
the potential for *very dangerous viruses*!!
While the potential for malicious abuse is clear, it's no more a problem for
Rev than it is for ActiveX controls, Director extensions, or downoading
--On Monday, December 23, 2002 09:46:31 -0800 Richard Gaskin
[EMAIL PROTECTED] wrote:
Chipp Walters wrote:
The big problem with a *sanctioned* web-savvy MetaCard or RunRev player
is the potential for *very dangerous viruses*!!
I don't understand this discussion, one can DD a stack on the
Richard Gaskin a écrit :
Chipp Walters wrote:
The big problem with a *sanctioned* web-savvy MetaCard or RunRev player is
the potential for *very dangerous viruses*!!
While the potential for malicious abuse is clear, it's no more a problem for
Rev than it is for ActiveX controls,
Chipp Walters wrote:
The big problem with a *sanctioned* web-savvy MetaCard or RunRev player
is the potential for *very dangerous viruses*!!
I don't understand this discussion, one can DD a stack on the engine on
all platforms which support it and have it play. For browsers
one can
Richard,
While the potential for malicious abuse is clear, it's no more a
problem for
Rev than it is for ActiveX controls, Director extensions, or downoading
applications from Downoad.com.
I disagree. See my response on this subject to Andu. Also, Director
extensions are not necessarily
--On Monday, December 23, 2002 14:31:40 -0600 Chipp Walters
[EMAIL PROTECTED] wrote:
Chipp Walters wrote:
The big problem with a *sanctioned* web-savvy MetaCard or RunRev
player is the potential for *very dangerous viruses*!!
I don't understand this discussion, one can DD a stack on the
Andu,
Like what kind of safety measures, a warning that the script (like any
script) *could* do this and that to the data on the hard drive if
executed?
As to Shockwave it never asks me if it's ok to load this or that moving
thing once I have the plugin installed. Java also, it just displays
Perhaps the one player could use the two modes.
- mode 1 = secureMode is true and is used when the player is launched from
a hyperlink. Useful for interactive forms and such.
- mode 2 = secureMode is false and is used when the player interface (AKA
Java WebStart) is launched. Useful for
Ken,
Thanks for the *clearer* explanation!
If you click on a .doc file link on a web page it will download and
automatically launch Word. Since Word has macros, this *should* be a
security concern of Microsoft's. Now suppose this link is in an onload
event. Merely going to that page will
--On Monday, December 23, 2002 15:50:01 -0600 Ken Ray
[EMAIL PROTECTED] wrote:
snip
What's being
proposed here is a responsible security concern, IMHO.
Ok you convinced me Ray. I think the solution though is not going to be
easy or pleasant. On the same note, this player might want to
On Monday, December 23, 2002, at 05:47 PM, andu wrote:
snip
What's being
proposed here is a responsible security concern, IMHO.
What's being
proposed here is a responsible security concern, IMHO.
Ken,
I am embarrassingly naive about these issues. when you say responsible
security
Ok these security issues are good to thrash out... but when switching
the name of this thread to Web-dedicated it was not the intention to
imply that browsers be involved in terms of a launching/viewing
platform. In fact, just the opposite, the objective being to 'just use
the wires! and
The security concerns raised here are valid and serious. But as with the
rest of the Internet, they are show-stoppers for only a subset of uses.
For things taking place inside a browser window, folks have indeed become
accustomed to such things not having file I/O or access to system resources
Sivakatirswami,
I think there are two seperate issues here...and perhaps they are a bit
confusing. A standalone player, (like Macromedia and SuperCard have) versus
a web-enabled (auto boot as you call it) player. In the case of the
standalone player, an individual has to take action in order to
Richard,
Indeed, in the absence of a browser plug-in for Rev, everything
that can be
done in Rev must take place outside of a browser.
Good point.
With all of its security technology, when it comes to downloading EXEs the
browser still relies on the oldest mechanism available: individual
The big problem with a *sanctioned* web-savvy MetaCard or RunRev player is
the potential for *very dangerous viruses*!!
It would be relatively simple to create a stack which deleted all the files
in the Windows folder using a simple mouseOver of an image on a web page --
without the user never
Well, there is one nugget already in the language which would help:
set the secureMode to true
Brian
Ouch! I didn't think about that.
The big problem with a *sanctioned* web-savvy MetaCard or RunRev player is
the potential for *very dangerous viruses*!!
PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, December 22, 2002 6:29 PM
Subject: Re: Web-Dedicated Metacard
Well, there is one nugget already in the language which would help:
set the secureMode to true
Brian
Ouch! I didn't think about that.
The big problem with a *sanctioned* web-savvy
From my reading of the docs it's per session.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ken Ray
Sent: Monday, 23 December 2002 11:17 AM
To: [EMAIL PROTECTED]
Subject: Re: Web-Dedicated Metacard
Wow, Brian... cool stuff! I noted that once
My guess would be per session, but I've never used it.
Anything built from libmc ("embedded Metacard") could presumably always set the property if need be, which would pretty much tackle the browser plugin problem.
As far as helper applications, a standalone player could probably be made that
Good point. Didn't know about 'secureMode'. Though it's pretty much what I
was referring to when I mentioned 'sandbox.' Thanks for the tip.
Though, if one of the requisites for a player is that it be able to store
stacks locally, I guess the securemode couldn't be invoked.
-Chipp
Well, there is
One tidbit from playing around:
You can easily secure your Metacard distribution from third-party stacks (as far as I can see), by adding the following to your home stack:
on startup
set the secureMode to true
end startup
Of course, it's easily hackable on your own machine (just move the home
In a message dated 12/22/02 8:56:56 PM, [EMAIL PROTECTED] writes:
Oops, that was a little premature. The home stack won't get this message if you drag the stack directly onto the Metacard application. Perhaps on openStack would be better, or maybe this needs a whole standalone to be built...
in our stack that were need to run properly...
On Friday, December 20, 2002, at 01:07 AM, Chipp Walters wrote:
From: Chipp Walters [EMAIL PROTECTED]
Date: Fri Dec 20, 2002 1:07:16 AM Pacific/Honolulu
To: [EMAIL PROTECTED]
Subject: RE: Web-Dedicated Metacard
Reply-To: [EMAIL PROTECTED]
So, what
At one point the Rev team announced the development of a player but it
hasn't come about yet. It's something that wouldn't take much work but
really should be handled by either Rev or MC.
I'd suggest that we need launching of programs from web links but also
something like Java WebStart where
So, what kinds of strategies can anyone suggest to take this beyond the
consensus reality barrier?
FWIW, I'm using RR/MC to build application which are web-aware.
The apps can update themselves using the web, and also download plugins by
just clicking on an image in a web page (which
:
Just as you say, Alain and we, all, are going to open l'avenue des
Champs-Elysees to the web-dedicated metacard developments.
Because they did'nt know it was impossible,... ;-)
___
metacard mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman
So, what kinds of strategies can anyone suggest to
take this beyond the consensus reality barrier?
Start with the unparalleled interactivity
performance of REAL software like MetaCard, versus
mere web-browser based access to HTML + JavaScript.
For example: once the web page is rendered, can
Sannyasin Sivakatirswami wrote:
I changed the thread on this because I am also following the
MC--PostGreSQL closely in its own right...
OK, so agreed, we can use Metacard to provide content over the web.
I am doing it already in a very small way... but let's we discuss this
in a larger
Message: 3
Date: Thu, 19 Dec 2002 08:17:01 -1000
Subject: Web-Dedicated Metacard
From: Sannyasin Sivakatirswami [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
I changed the thread on this because I am also following the
MC--PostGreSQL closely in its own right...
OK
39 matches
Mail list logo