scripting GNOME

So, lots of talk about sripting engines on Planet GNOME. I was first planning this as an answer to Alex’s GScript introduction, but I thought others might be interested, so here it goes:

Here’s the three things I’d care about in a GNOME scripting environment a lot:

The most important thing is of course the bindability. You need to make it incredibly simple to bind stuff to or from GObject stuff. It looks like GScript already does an awesome job at this with natively marshalling everything and so on.

Another important thing is this: Does GScript ship programming tools and provide a way to do RAD? I’m thinking console, debugger, dnd script installation etc here. Not just for people writing scripts (where I’d want completion and built-in documentation), but also for me when making my application scriptable and having to debug refcounting issues because a script holds on to a GObject that my C code thinks is gone already.

But the most important thing for scripting I think is security. I want to be able to download scripts from untrusted sources (read: the Internet) without fear of them doing anything bad to my computer or its data. This is doubly complicated if exposing stuff is too easy. So if you expose “RemoveSong” in Rhythmbox, you already have a problem.
The reason you want to allow this, is twofold: 1) We are incredibly bad at maintaining a useful set of plugins (or art – same issue for themes). That’s not due to lack of capability, but because it’s booooring. 2) If you would set up a website where everyone can upload/download/vote on scripts and even integrated that site into your application, you would make the application self-improve and lower the barrier of entry for new people incredibly.
Here’s a use example

  1. I want to remove red eyes in the GIMP. So I open the plugin browser, enter “red eye” and get a list of plugins (note that none of these plugins are installed). I select the highest-rated (or most-installed one) and it launches, asking me to select the red eyes and afterwards removes it.
  2. I decide I’m smart and can write code that detects the red eyes automatically, so I select the script, click on “edit” and modify the script. After half an hour (read: 2 weeks) it does what I want. I’m happy.
  3. When looking through my scripts, I see the “upload” button next to my red-eye removal tool. So I click it and it’s available for everyone else.
  4. Go to 1, replace “I” with “you” and “selecting the area” with “speed”, “accuracy” or whatever other feature.

This gets you the whole bazaar style software evolution without human intervention, automatically and for free. The only people I know that are doing something like this are Userscripts for Greasemonkey, but even that doesn’t look very professional.


#1 Sam Thursfield on 09.09.08 at 12:36

I’m quite happy with RemoveSong() being exposed, /as long as the script is reversible/. If I run a script and it deletes all my songs, my first thought is to undo, and if this works I have no complains.

#2 Janne on 09.09.08 at 12:48

Aren’t you mixing the idea of scripting applications a la Applescript or Bash on one hand; and implementing applications by means of scripting on top of a base implementation on the other?

What most people are talking about is the second thing, not the first, and security is basically a non-issue since the scripting layer needs full, unhindered access to every nook and cranny of the base layer (having RemoveSong not be avaialbe to scripting would be like not allowing the Emacs lisp engine access to delete-word).

#3 Chris Parker on 09.09.08 at 17:52

What about something like Kross?

#4 otte on 09.10.08 at 06:15

Janne, I’m talking about the second thing (and I do believe sripts should be able to RemoveSong). What I’m talking about is getting people without an SVN account and without review to submit code, because frankly, I often can’t be bothered to write bug reports and discuss about a feature I want in an app. Especially if it gets rejected later, even though I know a bunch of people who like it.

Chris, I think Kross is more on one level with gobject-introspection. And (just like gobject-introspection) it doesn’t look like it tackles security at all.