RevNet certification(?)
davidsyes
davidsyes at naughtycal-artkitekture.com
Thu May 22 23:50:01 EDT 2003
Hello Richard/all,
To enhance the actual or analagous "Verisign" benefit, would it be feasible
to:
1. create a CVS (Concurrent Version System) repository and
2. appoint a PRB or Peer-Review Board (where then by peer-review members are
chosen to be on a body of initial reviewers) to review code
3. generate user/community support (although products should still be
permitted a price tag for devs to recoup their dev costs)?
1. In step 1, the repository would hold all the various submissions. They
could be depostied into whatever database you (the PRB) feel/s is most
flexible and VERY fast. Ideally, the database would be friendly to the PRB
(Peer Review Board), friendly to the world at large, and be absolutel
OS-agnositic, meaning portability is extended to Revolution (see the 2nd pare
after para 3). I must admit I know nothing about Mac/Apple-friendly databases
other than maybe FileMaker/Pro which I used years ago but never owned as I
think in 1996 it was not on the wintel platform or it was too new for me.
Between Linus & Bill, I'd go with MySQL or PostgreSQL, as I am a Linux user,
but still use w98, and because the aforementioned DBs support multple OS
access, multiple servers on the same host, and SHOULD be Mac/OS-X
-Accessible.
Or, just choose something that is ported to multiple operating systems AND
which is widely supported at lower costs by ISPs. ISPs tend to charge $20 or
more LESS for a Linux/MySQL server arrangement than for the alternative
operating system. (I might have the "match" or the "wind' but not both to the
possibly ensuing "holy wars")
2. In step 2, the PRB would be an Apple/Mac equivalent of the Open Source
community (not from a dollars/charging perspective) in that they simply will
be the men and women who guard the vault, test the alarms, review the content
if something heinous is deposited, and offer commentary or code changes when
time permits
3. In step 3, the community still gets paid for a living, for we all need to
eat, right?
Ideally, you (the PRB) should be able to support community submissions by
showcasing "good" (as in stable and ready-for-primetime) products, as well as
highlight those with ramped-up mutual suppot, and, of course, boot out those
which are horrible or malicious code meant to harm users rather than be
simiple novice code. But the reality is that without a decent database
tracking, querying, and bug-submission system as well as "viral" or
"flawed-code" alert, the system would bog down rather quickly.
Heck, even Revolution could be a front-end to this, demonstrating that
Revolution in action (no concatenation of the preceding words (in) and
(action), mind all) and that end users could simply download the
platform-specific runtime, install it, and use it to access the PRB database.
I image that this would have a positive and an attendant negative effect on
rapidly making changes to Revolution's native database facilities, but then
again, I am a newbie here and cannot yet access ("connect" to, to be precise)
the MySQL server on my local machine via Revolution. ((I have connected with
Lotus Approach, MySQLGG (deprecated GUI) and MySQLCC (the current "control
center"), as well as via Webmin (on https://localhost or
https://your-machine-IP-/). However, two other development tools I am testing
also would not present the data I am trying to see. Maybe I need a
reinstalled .so file for the Linux driver. (Lotus Approach, being a win98
app, requires an ODBC driver, and this driver permitted Approach on .102 IP
to read and export tables to MySQL on a .101 IP, both on the same
machine/host physically, but Approach runs inside w98 which runs inside
Win4Lin, an emulator deceiving win98 into thinking it "owns" my laptop.))
((Yes, parens, heheh, hehe ))...
Please forgive me if I started a mess here or accelerated something that might
put a "crimp" in timing of things. I am not a DBA, but I am learning MySQL,
as I have to post several databases in the near future and want to deploy
OS-independent runtimes. Revolution seems to be a particularly very nice way
to do what I aim, but my focus will of course be heavily on relational joins,
master/detail table exploits, and presentation of charting tools by which the
desktop or PDA users can analyse the data content I serve up. Unfortunately,
it also means my end-users would need to ad-hoc change those relations, as I
cannot predict what fields would suit their own analysis, although I can
pre-build numerous forms to anticipate suiting them.
(YALSA--- Yet Another Long Submission Afoot)
David Syes
=================
On Thursday 22 May 2003 14:20, Richard Gaskin wrote:
> To clarify the risks inherent in downloading any executable over the 'Net,
> I'll be adding a new screen to RevNet soon which will appear only once
> requiring confirmation of its terms before proceeding (just standard
> liability waiver stuff -- I'm in California <g>).
>
> It occurs to me that there may be benefit from having a way to distinguish
> between "trusted" and "unknown" contributors to RevNet's index of
> user-contributed downloadable stacks.
>
> I could easily create a scheme in which certain domains (like Ken's,
> Chipp's, Jacque's) are on a "trusted domain" list, and their contributions
> to the index could have a small star next to them (or smiley face or
> whatever -- you get the idea) to indicate the resource is hosted on a site
> known by RevNet's admin (today that would be me) to be under the control of
> a person who is not likely malicious by nature (except for Jacque, who
> makes evil time-sucking games).
>
> Certifying people I know is a no-brainer. The hard question is:
>
> How do I verify the intentions of new certificate applicants
> who are not known to me?
>
> To be fair, any criteria for "trusted" certification should be objective; I
> don't want to be in a position of making value judgements about people, nor
> risk approving a virus writer by giving undue benefit of the doubt.
>
> In the absence of any objective criteria, I may call the certificate
> program "Friends of Fourth World", and limit it to people I know personally
> (literally friends). Since I know most of the folks likely to add lots of
> entries into RevNet's index, today it's not much of an issue. But down the
> road, as Rev's audience grows, I'd like to find some means of verifying
> "trustworthiness" but without risking offending anyone.
>
> Any suggestions?
>
> Ironically, certificates issued by Verisign, a logo that carries all sorts
> of feel-good "trustworthiness", are really nothing more than a verification
> that data transmitted is reasonably secure and that they have verified the
> email address of the domain owner. For all the feel-good associated with
> that logo, beyond verifying the admin's email it says nothing about the
> trustworthiness of anything available at the site. Expectations management
> is a funny buiness....
More information about the use-livecode
mailing list