"Unofficial" NVDA Add-Ons Repository


 

Hello All,

           I am very well aware of the official website for vetted NVDA Add-Ons at https://addons.nvda-project.org/index.en.html, and have directed a lot of people there to snag the various scripts that might prove useful to them.

           However, there have got to be untold numbers of "unvetted" add-ons out there that people have created for more obscure programs, old programs, or stuff I can't even conceive of as a non-screen-reader user that exist out there that others might find handy that, as far as I know, there is no mechanism to share.

           Am I correct or am I wallowing in the darkness of ignorance of same?

           If there isn't such, does interest exist in creating one?   Any add-ons that would exist in such a repository would, of course, be used "at your own risk" but I doubt that there's a cadre of NVDA add-on writers out there creating malware add-ons to decimate the user community.

           If such a locale already exists then I'd love to know where it is.

--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

     Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.

          ~ H.L. Mencken, AKA The Sage of Baltimore

 

 


 

On 6/3/2018 10:08 AM, Brian Vogel wrote:
Hello All,

           I am very well aware of the official website for vetted NVDA Add-Ons at https://addons.nvda-project.org/index.en.html, and have directed a lot of people there to snag the various scripts that might prove useful to them.

           However, there have got to be untold numbers of "unvetted" add-ons out there that people have created for more obscure programs, old programs, or stuff I can't even conceive of as a non-screen-reader user that exist out there that others might find handy that, as far as I know, there is no mechanism to share.

           Am I correct or am I wallowing in the darkness of ignorance of same?

           If there isn't such, does interest exist in creating one?   Any add-ons that would exist in such a repository would, of course, be used "at your own risk" but I doubt that there's a cadre of NVDA add-on writers out there creating malware add-ons to decimate the user community.

           If such a locale already exists then I'd love to know where it is.

--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

     Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.

          ~ H.L. Mencken, AKA The Sage of Baltimore

 

 


 

Lanie,

           Thanks much!   I'd far rather not "reinvent the wheel" and if someone has something they don't find in the official repository, or already in Jeff's, they'd ought to be sending them to him.

--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

     Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.

          ~ H.L. Mencken, AKA The Sage of Baltimore

 

 


mattias
 

What about jefs nvda addon repository?

 

Skickades från E-post för Windows 10

 

Från: Lanie Molinar
Skickat: den 3 juni 2018 17:17
Till: nvda@nvda.groups.io
Ämne: Re: [nvda] "Unofficial" NVDA Add-Ons Repository

 

Hi. Try 'Jeff's NVDA Add-on Repository'.

 

On 6/3/2018 10:08 AM, Brian Vogel wrote:

Hello All,

           I am very well aware of the official website for vetted NVDA Add-Ons at https://addons.nvda-project.org/index.en.html, and have directed a lot of people there to snag the various scripts that might prove useful to them.

           However, there have got to be untold numbers of "unvetted" add-ons out there that people have created for more obscure programs, old programs, or stuff I can't even conceive of as a non-screen-reader user that exist out there that others might find handy that, as far as I know, there is no mechanism to share.

           Am I correct or am I wallowing in the darkness of ignorance of same?

           If there isn't such, does interest exist in creating one?   Any add-ons that would exist in such a repository would, of course, be used "at your own risk" but I doubt that there's a cadre of NVDA add-on writers out there creating malware add-ons to decimate the user community.

           If such a locale already exists then I'd love to know where it is.

--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

     Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.

          ~ H.L. Mencken, AKA The Sage of Baltimore

 

 

 


Ian Blackburn
 

Safer to stick with the official add-on repository
Things have been tested there


On 3 Jun 2018, at 11:27 pm, Brian Vogel <britechguy@...> wrote:

Lanie,

           Thanks much!   I'd far rather not "reinvent the wheel" and if someone has something they don't find in the official repository, or already in Jeff's, they'd ought to be sending them to him.

--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

     Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.

          ~ H.L. Mencken, AKA The Sage of Baltimore

 

 


 

On Sun, Jun 3, 2018 at 06:25 pm, Ian Blackburn wrote:
Safer to stick with the official add-on repository
Things have been tested there
That's not really the issue.  There exist add-ons written for software that are not a part of the official add-on repository.

I agree that the stuff at the official repository is great, but that doesn't mean that stuff that's been "privately developed" is not equally useful.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

     Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.

          ~ H.L. Mencken, AKA The Sage of Baltimore

 

 


 

Hi,

The position of the NVDA add-ons community is that we encourage add-on authors to submit add-ons for review so they can be featured on the community add-ons website. This allows new authors to be recognized for their contributions and for folks to find add-ons more easily, and eventually, allow add-on updates from official sources (for now).

In the past, the review process for add-ons was strict. This was greatly relaxed in 2016 to check for basics only, with an option for authors to request more stringent reviews on a case by case basis. I think this may have caused authors to not submit add-ons in the past, but that’s slowly changing.

There are two more reasons (more of a technical nature) that submitting add-ons for review are encouraged (and I will go around the add-ons community to help out once more):

  1. Python 3 compatibility: the foundation is being laid to upgrade to Python 3 in the future. In terms of the add-ons community, people who will be most affected by will be those running really outdated add-ons that wasn’t edited to Python 3 standards.
  2. wxPython 4: soon, NVDA users will get a chance to test wxPython 4 code again. This impacts any add-on that relies on GUI and wxPython features for certain tasks.

 

There is a third reason why we encourage reviews: NVDA Core code compatibility. Some add-on authors, including I, have declared that due to various reasons, latest add-on releases (current and future) will require NVDA 2018.2 and later for optimal functionality, and usually add-on reviewers catch this quite early. Also, there will come a day when add-ons that declare themselves incompatible with a certain minimum version of NVDA will not be loaded by NVDA itself (unless overridden by developers). These changes are first applied to add-ons on official community add-ons repo, and then cascades to others.

Cheers,

Joseph

 

From: nvda@nvda.groups.io <nvda@nvda.groups.io> On Behalf Of Brian Vogel
Sent: Sunday, June 3, 2018 6:37 PM
To: nvda@nvda.groups.io
Subject: Re: [nvda] "Unofficial" NVDA Add-Ons Repository

 

On Sun, Jun 3, 2018 at 06:25 pm, Ian Blackburn wrote:

Safer to stick with the official add-on repository

Things have been tested there

That's not really the issue.  There exist add-ons written for software that are not a part of the official add-on repository.

I agree that the stuff at the official repository is great, but that doesn't mean that stuff that's been "privately developed" is not equally useful.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

     Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.

          ~ H.L. Mencken, AKA The Sage of Baltimore

 

 


Vlad Dragomir
 

I totally agree with you Brian! Besides, this obsession about safety isn't always a great thing. I'm not saying that we should go out and look for trouble. However, non-official rarely means dangerous. I've been using computers since 2001, and benefited so much from taking risks and trying new things. Of course accidents happen sometimes,no one is 100 % safe from anything. But if you start by believing that every unknown person is a killer, we might as well spend the rest of our lives terrified in a buddhist monastry up in the mountains. And even that might not be safe actually.

I simply felt I should express these thought for those who might want to listen. This way, those who still hesitate can make an informed decision.

Best regards to all of you, both adventurous and afraid of their own shadows! *smile*

Vlad.


Brandon Cross <bcross3286@...>
 

I think people don't submit their addons for code review because hey don't want to be told their bloody var names aren't up to spec. I don't see what it matters if you use camel case, pascal case, or no case. I think auditing code should focus on things that actually do matter, like confirming that the code in question is non-malicious, will not significantly decrease NVDA's performance, will not collect and disseminate data without gaining user's permission and so on.

I should write an addon and see how far I get. Probably not far as I am not a good coder. It would be interesting what kinds of feedback I would get. If it was stuff like var names, or make sure your indents are the signature four spaces, etc. I'd probably chuckle and hand it over to someone like Jeff's repository. Though if I got feedback like, a better way to go about this is X, Y, and Z, I'd take it more seriously and try to implement it. I do see the necessity of this stuff if you're submitting a PR, or working with Core, because then it does matter. I also see the significance of conforming to the style of a project if you are a collaborator, but an addon is independent, and optional, if someone write a var like thisIsTheKeyThatTheUserPressedAndNowWeWillDoThingsWithIt, I mean I would never do that, but I mean who cares. My vars are like idx and itm, short which is how I like it, and if I think its questionable what it will do I will comment. I am bad about putting comments in code too, and I do realize the importance of that, since some of my work takes place at 3 in the morning right before I go to bed sometimes and I don't remember doing it. I also wish that sometimes I would have written more useful things in the comments rather than strings of expletives. I mostly code in MOO on a MOO and the only other person who will care about it is the owner so, there's that.

As far as safety goes, I do agree, I wouldn't want to be seeing people destroy their machines over malicious addons, but what an you do, I'd definitely throw a disclaimer up on the community site if there isn't one already that says basically that NVAccess is not held responsible for the use of addons, and the use of addons outside this site may be dangerous, etc. There's only so much you can do to protect someone from themselves. And believe me, if they get bitten, they'll learn, I have and I have learned. I wiped out the data across two drives one time while messing around with partitioning on Linux when I didn't know what I was doing. I learned to do it correctly, I was, shall we say, highly motivated.

On Mon, Jun 4, 2018 at 2:14 AM, Vlad Dragomir <vladdragomir1983@...> wrote:
I totally agree with you Brian! Besides, this obsession about safety isn't always a great thing. I'm not saying that we should go out and look for trouble. However, non-official rarely means dangerous. I've been using computers since 2001, and benefited so much from taking risks and trying new things. Of course accidents happen sometimes,no one is 100 % safe from anything. But if you start by believing that every unknown person is a killer, we might as well spend the rest of our lives terrified in a buddhist monastry up in the mountains. And even that might not be safe actually.

I simply felt I should express these thought for those who might want to listen. This way, those who still hesitate can make an informed decision.

Best regards to all of you, both adventurous and afraid of their own shadows! *smile*

Vlad.





Brian's Mail list account <bglists@...>
 

I think though that one is always going to find people writing thing out of a requirement they have not always conforming to the strict guidelines we have. It is always up to the user to decide the risks.
I also concede that anyone doing this and not in the know about new nvda versions might end up having an add on that screws up the software.
Also when python 3 version of nvda comes along simply dealing with the old legal and tested add ons is going to be a very big task for somebody!
Brian

bglists@blueyonder.co.uk
Sent via blueyonder.
Please address personal E-mail to:-
briang1@blueyonder.co.uk, putting 'Brian Gaff'
in the display name field.

----- Original Message -----
From: "Ian Blackburn" <ianblackburn@westnet.com.au>
To: <nvda@nvda.groups.io>
Sent: Monday, June 04, 2018 2:25 AM
Subject: Re: [nvda] "Unofficial" NVDA Add-Ons Repository


Safer to stick with the official add-on repository
Things have been tested there
On 3 Jun 2018, at 11:27 pm, Brian Vogel <britechguy@gmail.com> wrote:

Lanie,

Thanks much! I'd far rather not "reinvent the wheel" and if someone has something they don't find in the official repository, or already in Jeff's, they'd ought to be sending them to him.

--
Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134
Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.
~ H.L. Mencken, AKA The Sage of Baltimore


 

On Sun, Jun 3, 2018 at 08:09 pm, Joseph Lee wrote:
The position of the NVDA add-ons community is that we encourage add-on authors to submit add-ons for review
Which would be ideal, if  everyone did it, but they don't for myriad reasons.

I think that most sentient adults are capable of making risk assessments and deciding whether or not they wish to take them.  Those using add-ons from other than the official repository must know, or they do now, that doing so is at your own risk (AYOR).

But, my experience with software in general far more closely mirrors that of Vlad, "non-official rarely means dangerous."   I cannot count the number of "very focused purpose" mini-utilities I've used that were developed by some individual based upon their need that later fulfilled one of mine, and perfectly and safely.  

One of the big mistakes I think that both NVDA and JAWS have made is not setting up "official but unvetted" repositories for user-created add-ons/scripts.   There is just so much material out there that's been created for "odd little needs" that could so easily be shared if the mechanism existed "at the source," but it doesn't.  I got huge push-back from "the powers that be" when I started a repository (personally maintained) of repair, restoration, & other miscellaneous resources for Rolls-Royce motorcars.  The Rolls-Royce Owners' Club wouldn't touch it, saying they couldn't be responsible if any of the goods or services were found to be substandard, but it's now become a reference that's used the world over (at least if the e-mail messages I've received over time, and keep receiving, are any indication).  In this day and age there is just no excuse for not promoting information sharing so long as those on the receiving end know that they need to do their own risk assessment about its use, which they should be doing anyway for anything, and letting the chips fall where they may.  The world at large is not, and will never be, "sanitized for your protection" and one must move through the world with that always in the back of one's mind.  How far to the back will vary, greatly, depending on the situation and stakes at play.
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

     Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.

          ~ H.L. Mencken, AKA The Sage of Baltimore

 

 


 

Hi,

I will bring all this to the attention of add-ons community in about five minutes.

Cheers,

Joseph

 

From: nvda@nvda.groups.io <nvda@nvda.groups.io> On Behalf Of Brian Vogel
Sent: Monday, June 4, 2018 7:17 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] "Unofficial" NVDA Add-Ons Repository

 

On Sun, Jun 3, 2018 at 08:09 pm, Joseph Lee wrote:

The position of the NVDA add-ons community is that we encourage add-on authors to submit add-ons for review

Which would be ideal, if  everyone did it, but they don't for myriad reasons.

I think that most sentient adults are capable of making risk assessments and deciding whether or not they wish to take them.  Those using add-ons from other than the official repository must know, or they do now, that doing so is at your own risk (AYOR).

But, my experience with software in general far more closely mirrors that of Vlad, "non-official rarely means dangerous."   I cannot count the number of "very focused purpose" mini-utilities I've used that were developed by some individual based upon their need that later fulfilled one of mine, and perfectly and safely.  

One of the big mistakes I think that both NVDA and JAWS have made is not setting up "official but unvetted" repositories for user-created add-ons/scripts.   There is just so much material out there that's been created for "odd little needs" that could so easily be shared if the mechanism existed "at the source," but it doesn't.  I got huge push-back from "the powers that be" when I started a repository (personally maintained) of repair, restoration, & other miscellaneous resources for Rolls-Royce motorcars.  The Rolls-Royce Owners' Club wouldn't touch it, saying they couldn't be responsible if any of the goods or services were found to be substandard, but it's now become a reference that's used the world over (at least if the e-mail messages I've received over time, and keep receiving, are any indication).  In this day and age there is just no excuse for not promoting information sharing so long as those on the receiving end know that they need to do their own risk assessment about its use, which they should be doing anyway for anything, and letting the chips fall where they may.  The world at large is not, and will never be, "sanitized for your protection" and one must move through the world with that always in the back of one's mind.  How far to the back will vary, greatly, depending on the situation and stakes at play.
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

     Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.

          ~ H.L. Mencken, AKA The Sage of Baltimore

 

 


derek riemer
 



On Mon, Jun 4, 2018 at 3:40 AM Brandon Cross <bcross3286@...> wrote:
I think people don't submit their addons for code review because hey don't want to be told their bloody var names aren't up to spec. I don't see what it matters if you use camel case, pascal case, or no case. I think auditing code should focus on things that actually do matter, like confirming that the code in question is non-malicious, will not significantly decrease NVDA's performance, will not collect and disseminate data without gaining user's permission and so on.
Here is our review policy as it currently stands.
Here are the exact words on our review policy. We don't require anything more than this.
 
I should write an addon and see how far I get. Probably not far as I am not a good coder. It would be interesting what kinds of feedback I would get. If it was stuff like var names, or make sure your indents are the signature four spaces, etc. I'd probably chuckle and hand it over to someone like Jeff's repository. Though if I got feedback like, a better way to go about this is X, Y, and Z, I'd take it more seriously and try to implement it. I do see the necessity of this stuff if you're submitting a PR, or working with Core, because then it does matter. I also see the significance of conforming to the style of a project if you are a collaborator, but an addon is independent, and optional, if someone write a var like thisIsTheKeyThatTheUserPressedAndNowWeWillDoThingsWithIt, I mean I would never do that, but I mean who cares. My vars are like idx and itm, short which is how I like it, and if I think its questionable what it will do I will comment. I am bad about putting comments in code too, and I do realize the importance of that, since some of my work takes place at 3 in the morning right before I go to bed sometimes and I don't remember doing it. I also wish that sometimes I would have written more useful things in the comments rather than strings of expletives. I mostly code in MOO on a MOO and the only other person who will care about it is the owner so, there's that.

As far as safety goes, I do agree, I wouldn't want to be seeing people destroy their machines over malicious addons, but what an you do, I'd definitely throw a disclaimer up on the community site if there isn't one already that says basically that NVAccess is not held responsible for the use of addons, and the use of addons outside this site may be dangerous, etc. There's only so much you can do to protect someone from themselves. And believe me, if they get bitten, they'll learn, I have and I have learned. I wiped out the data across two drives one time while messing around with partitioning on Linux when I didn't know what I was doing. I learned to do it correctly, I was, shall we say, highly motivated.

On Mon, Jun 4, 2018 at 2:14 AM, Vlad Dragomir <vladdragomir1983@...> wrote:
I totally agree with you Brian! Besides, this obsession about safety isn't always a great thing. I'm not saying that we should go out and look for trouble. However, non-official rarely means dangerous. I've been using computers since 2001, and benefited so much from taking risks and trying new things. Of course accidents happen sometimes,no one is 100 % safe from anything. But if you start by believing that every unknown person is a killer, we might as well spend the rest of our lives terrified in a buddhist monastry up in the mountains. And even that might not be safe actually.

I simply felt I should express these thought for those who might want to listen. This way, those who still hesitate can make an informed decision.

Best regards to all of you, both adventurous and afraid of their own shadows! *smile*

Vlad.






--

Derek Riemer: Improving the world one byte at a time!

  • University of Colorado Boulder Department of computer science, 4th year undergraduate student.
  • Accessibility enthusiast.
  • Proud user of the NVDA screen reader.
  • Open source enthusiast.
  • Skier.

Personal website