Re: Please do not attack this messenger. Why have NVDA add-ons not done better?


 

That could be true of all programs.

But yeah, jaws, etc is semi protected from this, because its all a customised language.

There really isn't any way right now to stop nonsecured addons running unless everyone has a personal certificate.

The only way I could see this is if everyone used pgp or gpg but thats another step on the steps to handle.

I am not sure how to make a personal cert or anything that easily.

On 24/12/2020 2:13 am, Brian's Mail list account via groups.io wrote:
It is also easy to accidentally to compromise security merely by trying to make a helpful add on. Python one assumes could easily be used to write malicious code of any type.
Brian

bglists@blueyonder.co.uk
Sent via blueyonder.
Please address personal E-mail to:-
briang1@blueyonder.co.uk, putting 'Brian Gaff'
in the display name field.
Newsgroup monitored: alt.comp.blind-users
----- Original Message ----- From: "Shaun Everiss" <sm.everiss@gmail.com>
To: <nvda-addons@nvda-addons.groups.io>
Sent: Wednesday, December 23, 2020 10:40 AM
Subject: Re: [nvda-addons] Please do not attack this messenger. Why have NVDA add-ons not done better?


Thats true.

Another major issue is securing addons, there is a reason to not have everything in community, and a reason to watch things a bit.

Python can do a few things jaws scripting can't, you can run programs within programs.

Blindextra was a bad example of this and no one really does that to much though some stuff has done stuff like running external programs in the past though its not encouraged.

Point is, we need to be sure we have control so keeping things small does help.

In reality, there is no reason someone couldn't do something like blindextra again, sure we are smarter but it still could happen.

We really don't have much more protection except for our heads if someone abused the system.

As for docs and such this is a work in progress.



On 23/12/2020 10:56 pm, Noelia Ruiz wrote:
Hello, this is feedback from my part, as a person who wrote JAWS
scripts too. In fact, I think that JAWS scripts documentation was much
more complete and well structured than NVDA's developer guides. But I
feel that Python is a wider language and we  can use lots of external
libraries, so, by nature, NVDA's documentation will not be so
complete.
In the other hand, we can see a wider diversity of examples about
NVDA's add-ons than JAWS scripts, and personally my approach to write
some NVDA add-ons was:
1. Read the NV Access developer guide and part of NVDA's code.
2. Write plugins and see NVDA's log.

This means that imo we cannot expect the same approach for developing
JAWS scripts and NVDA add-ons, considering that JAWS scripts language
is more limited (not open source, so no extensible by the community in
the same way that Python). With JAWS scripts, we can read structured
documentation which can explain many features of that language.
About add-ons posted on the official website, I created plugins posted
on the website, but not alll of them received a reply by reviewers. I
think that maintaining a website requires a lot of work by translators
and reviewers, and that we cannot expect that our work will result
interesting or useful to the community now or in the future.
I think, honestly, that when Mesar, the person who hosted the website
in the first place, first creator of the add-ons guidelines and the
review process, was active, we have a better coordination. Later it
was more difficult and some people made efforzs to maintain the
website. Also, Joseph wrote a developer guide and I wrote several
small articles in the wiki, among other tutorials that I may don't
know.
A different approach would be to create a system where everyone could
post add-ons recognized by NVDA without needing to be reviewed.
But I don't think we have to believe that it's a right to have our
add-ons posted on the website, sincerely. One of the aspects
considered in the review guidelines was the possibility of merging
several add-ons. What happens if some of them have very similar
features? Is this good for the website?
Cheers

2020-12-23 8:51 GMT+01:00, Meisam Amini <meisamamini21@gmail.com>:
I'm a beginner and just learning to write add-ons. From my point of
view the biggest problem is the lack of documentation and tutorials.
And the development for NVDA not being very non-professional
programmer friendly.

I dabbled in writing scripts for JAWS a bit some time ago, and a very
pleasant part of it was a complete tutorial and a single .chm
reference file. The file included categorized documentation for every
single function used in scripting for JAWS.

Almost every tech savvy person can write a simple script for JAWS
after learning how to, but only a relatively advanced Python
programmer can write add-ons for NVDA.

I love NVDA and hope it grows more and more, for that I think the
community needs to put some effort on creating more and better
documentation and tutorials.

Also, I guess there are a lot of add-ons that haven't been posted on
the official page.

On 12/23/20, Shaun Everiss <sm.everiss@gmail.com> wrote:
To be honest, the current infrastructure for the addons system sucks.

I think its being updated though.

To submit to community, it needs to be done manually at some point.

I really think there should be a way to have repositories of things
official and not, I mean linux does it.

We did sadly have blindextra and those at the top want to keep things
secure.

Saying that, there are more unofficial and perfectly legal addons out
there which are not on the main system.

There are also alegal ones, older ones, etc.

I am not sure how to handle this but there is actually more out there
than is on the main page.



On 23/12/2020 8:19 pm, Héctor Javier Benítez Corredera wrote:
Good morning. It is very simple.

I think I have installed 4 or 5 official accessories.

Unofficial I have a lot, you have to wonder why the developers do not
even want to appear here.

A month ago I submitted an add-on for review which only Paul replied
that it overlapped with an option in his NVDAExtensionGlobal add-on to
which I replied that it did not.

Yesterday, the Jose Manuel Proxy add-on was also presented which has
not even received a comment, seeming to me to be an add-on that even
solves an issue that has been open for years in the core of NVDA.

Well my opinion is simple, we behave like children in the school yard
by developers of this community and that in the long run comes in
prejudice of the whole community.

It seems to me that it is not very serious to screen who can have an
official complement and who can't. That in the end puts the developers
off.

And I'm very sorry for that, but I'm leaving my add-ons to the
Hispanic community and if someone likes them, I don't care if they are
official or not, but I'm very sorry and I'm not going to allow people
in this community to look down on me.

I think that this approach could also be added to the list of why NVDA
is not progressing more and better and it is really a shame that it is
so difficult to share knowledge through nets that in the end it is a
detriment.
Greetings

El 23/12/2020 a las 7:33, Reef Turner escribió:
Hi Jamal,

I think this is a good conversation to have, we may be able to
identify small ways that the ecosystem can be improved immediately,
or a road map for longer term goals. I'll be interested to hear the
different opinions that add-on authors have.

Jamal, could you expand on your own experience? What has motivated
you to write add-ons / extensions / scripts for JAWS and Window-Eyes?

Reef Turner
Software Developer - NV Access

On Wed, 23 Dec 2020 at 13:40, Jamal Mazrui <jamal@empowermentzone.com
<mailto:jamal@empowermentzone.com>> wrote:

     I write this message in an attempt to provoke both thoughts and
     solutions. If I am attacked as a result, it is misplaced. For
     years, I
     have wanted NVDA to succeed in 3rd party extensions more than any
     previous screen reader. Its open source nature made me hopeful,
     but for
     whatever reasons, it has under-performed in this area so far.


     As background, I have probably written and shared more JAWS
     scripts than
     anyone after accounting for Freedom Scientific, Doug Lee, and Brian
     Hartgen. I have bonafides on this issue.


     I also developed more Window-Eyes apps/scripts than anyone after
     GW Micro.


     I love the open source nature of NVDA; its use of one of the most
     popular programming languages today, having a wealth of community
     packages to do almost anything; and the folks on this list who
     help one
     another in enabling the screen reader to do more.


     When I visit the official add-ons page, however, I am struck by a
     couple
     of things. There are not nearly the number of extensions that I
     would
     expect for a screen reader that has had an API for several
     years. The
     sophistication of the packages that do exist, moreover, are usually
     quite limited.


     Again, my purpose is not to insult NVDA core developers, extension
     developers, or satisfied users. I have no interest in doing so.
It
     would be easier just to say nothing while carrying these
     observations
     and not finding evidence to change them.


     There are probably multiple explanations for this situation. I
will
     propose just one at this time. The complexity for creating an
     extension, whether app-specific or global, is too high. Partly,
     this is
     because of the amount and sophistication of the code required.
     Partly
     it is because of the lack of developer documentation, including
     tutorials, that keep pace with the screen reader.


     I hope this message is taken in the spirit in which it is
     intended. Why
     are the quantity and sophistication of NVDA extensions not
     substantially
     greater today? What can be done to fundamentally change this
     pattern?


     Jamal


















Join nvda-addons@nvda-addons.groups.io to automatically receive all group messages.