Yup, it's same. I forgot about it so i implemented my own solution!

You can do the map function yourself inside C2 also, it just returns //(x - in_min) * (out_max - out_min) / (in_max - in_min) + out_min //

You can find the plugin here.

This simple plugin provides two expressions; Map and Constrain.

Map re-maps a number from one range to another.

Constrain constrains a number to be within a range.

Cheers!

I agree with GeometriX and —

This is the topic that's really often on the nw mailing list. There are ways to send malicious nodejs code to someone using node-webkit exported app. After all, it just an browser with capability to munch nodejs code.

There are ways to control this and be safe.

You can mess with the manifest file, and set "node-remote" field, or "nodejs" field to enabling/disabling nodejs.

With iframes, you can check out this wiki page for more info.

The idea is that your app doesn't have any malicious code, and that you protect yourself from others injecting possibly malicious code.

Although, i have contemplated of a fast platformer that deletes your hard drive when you die.

Cheers!

edit: Wiki on security

Well, with Chromium alone, you can't do much more than with any other browser. The "power" comes when you add node.js to the mix. Nodejs adds whole "real" platform feeling.

It's all in the name node-webkit (node.js + chromium webkit = node-webkit)

It's more than possible, you can check here for one way to do it. I implemented shell in my node-webkit plugin, but haven't tested it thoroughly. There are other ways to do it, here's one of the possible ways

GeometriX Node-webkit is not entirely browser environment, it's much more than that. Node-webkit is an app runtime based on Chromium and node.js, which means it can do anything that Chromium can, and also it can do anything node.js can, including creating servers, deleting all of your hard drive, and much more.

Develop and debug web services

Ngrok is a secure reverse proxy that exposes a locally running web service to the internet and captures all traffic for detailed inspection and replay.

ngrok.com

Ran into this tool, looks helpful.

<center><font size="6">SockJS</font></center>

Sockjs can be used as an alternative to official websocket plugin or socket.io.

As we wait for a Socket.io 1.0 I've decided to put my efforts on SockJS plugin. Because of the design of sockjs library, the plugin is almost identical to the official websocket plugin, but enables you to use all advantages of sockjs. There's more work to be done, if you are using this plugin, please report back on how did it go.

From the official SockJS readme:

SockJS is a browser JavaScript library that provides a WebSocket-like object. SockJS gives you a coherent, cross-browser, Javascript API which creates a low latency, full duplex, cross-domain communication channel between the browser and the web server.

Under the hood SockJS tries to use native WebSockets first. If that fails it can use a variety of browser-specific transport protocols and presents them through WebSocket-like abstractions.

SockJS is intended to work for all modern browsers and in environments which don't support WebSocket protcol, for example behind restrictive corporate proxies.

You can find a simple test demo here, and the plugin here.

If you find any bugs, or have some ideas on how to improve this plugin, please head over here

For more info on SockJS, check here.

Cheers!

I like the way you think, and i hope you'll manage to get this project in a some stable state...

Although i respect your decision to get some early thought of the other c2 users, i think it would e the best for the project to get to a more or less stable state before you release anything, or try to get useful feedback form users. A lot of people, a lot of opinions. Sometimes useful, sometimes not.

On the other hand, release early, release often.

But, when in doubt, C4!

I'll follow this thread carefully, sounds like you have something here.

---

oohh, i forgot, i even did a simple plugin for writing udp servers in C2, if anybody is interested, here's the thread.

Servers written in C2 have already been done.

It was a just-for-fun project, if this can be helpful for this idea, i'll release the code!

Good work, it's interesting to see where C2 is going!

edit: ahh, sorry, looks like you aren't using nodejs.

Kyatric's plugin is the only way i know of to make your ajax post's more or less secure.

Your server should be sure that your post (and its parameters) came from your application, and from nowhere else.

The only "secure" way to do this is HMAC (http://en.wikipedia.org/wiki/Hash-based_message_authentication_code). Sounds complex, but basically very simple.

Your application signs request parameters with standard parameters and sends a hash (aka message digest). Hash to compute the parameters themselves + a shared secret key (it is very important that the key is not public, and known to both sides who want to safely talk, but no one else).

So if you're using php on your server, you should call savescores.php (preferably POST request) and post some data like:

• Name
• Score
• Hash

variables. Hash should be generated before posting (in php code):

$ Str_params = $ name. ''. $ Score;

$ Hash = hash_hmac ('sha1', $ str_params, SHARED_SECRET_KEY);

(Only would you have to do it in JavaScript, that's where kyatric's plugin comes into play)

PHP then gets all the POST parameters (each variable separately + hash), and has at its (the server) side to make verification hash (digest).

Server side doing so generates hash (digest) in the same way as the client (with the received variables).

And, if the received hash generated hash is equal that means that the parameters sent to the application came from your client (because they signed the same secret key which is known only the application and server).

If the hash is not identical, that means that someone is trying to cheat (or extremely, that you didn't generated the hashes in a correct way)

Now, the problem is how to get the SHARED_SECRET_KEY to the client?

You should think of an ability to send a key to the client without anybody knowledge. (Because if you use Ajax, then again, everyone can read it) - namely, how to pass to c2runtime a SHARED_SECRET_KEY, and that no one else knows? Server it should not send Client, otherwise the whole thing falls apart!

Take this whole post with a grain of salt, i'm sure there are better ways to do this, but i don't know them!

Guys, regarding node-webkit and "real" full screen performance, there was an interesting conversation on the nw mailing list;

groups.google.com/forum

You can check out here for a decent starting point for a geolocation plugin:

link

It's still rough around the edges, but it believe it'll save you some amount of time.

Cheers!

edit: to see what i've added to the Podes version, check this link: link