Okay, so I've been meaning for a long time to rewrite my old StatusGauge program so that it becomes more stable and works out of the box. The recent surfacing of Lua as a "truely embedded" scripting language, the UDP callbacks, and the window positioning callbacks all combined to make it worth the while to look at the StatusGauge code again. Since I don't have to use COM, stability improves by an order of magnitude, since I can get the window positions for Mushclient, I can think of some scheme of docking StatusGauge, since I can use Lua, I can package StatusGauge into an executable and the users won't even need to have vbs installed on their system to make its controlling plugin work, etc.
However, there are still a couple of concerns. Firstly, the problem with launching StatusGauge. Before, I could easily do it through COM, since that automagically gets all the needed data from registry. Now I have to shell execute the program manually, and to do that I need to know where the program is on the disk. Using some installer I can more or less easily record the program's path in the registry, but I can't use Lua to later read that path from the plugin. This leaves me with requiring the user to install the program in some subfolder in Mushclient's directory, which isn't too big of a problem either, but I still don't like that idea for some reason. Besides, I am not sure, but I don't think there's even a way to find out Mushclient's own path from a script, which means that the user would have to manually tweak the plugin code to set the path. Maybe a callback to read the registry could be added to make fully automated custom installs of 3rd party software really possible. Along with a callback to get the path to Mushclient's main directory, without needing to know the registry key where that sits.
Secondly, the Lua sandbox. I agree that it improves the safety and is a great idea overall, but I think that it could use some further improvements. Namely, since it is already possible to set up separate sandboxes for individual plugins, maybe there should be a way to automate the process for the user. Something along the lines of how web browsers install additional software, where you get a popup window asking you whether you want to allow this program to install. The plugin author could request access to certain os and io methods from OnPluginInstall, providing a short description of why such access is needed, and the user would be prompted for confirmation on each request:
function OnPluginInstall()
RequestSandboxPermission ("os. execute", "Needed to launch StatusGauge.exe graphical display component.")
end
Resulting in the user seeing something like:
Plugin "StatusGauge" (id: xxxxxxxxxxxxx) requests access to the os.execute method. Reason:
Needed to launch StatusGauge.exe graphical display component.
Author: Xxxxx
Date written: xx-xx-xxxx
Purpose: xxxx xxxx
If you answer Yes, this method will be enabled only for this plugin.
Click Yes to grant permission, No to refuse.
Yes No
|