Re: Bring up a screen giving option to open a series of orgmode files

[Jean Louis]

* Maxim Nikulin <manikulin@gmail.com> [2020-11-30 20:10]:
> 2020-29-11 Jean Louis wrote:
> > * Maxim Nikulin [2020-11-28 18:52]:
> >
> > Any viewer should have option to quickly construct a hyperlink and
> > store it somewhere with its annotation and other meta data so that
> > such can be reused by any other program.
>
> Xpdf do not have option to construct hyperlink, it allows to execute
> arbitrary command (if context matches) and pass some parameters
> using substitutions. It is enough e.g. to copy target of the link,
> to do something with page number (construct hyperlink to this
> page). Maybe selection region could be passed to pdftotext to
> extract selection text that could be inserted to a note.

That is great reference, thank you! That allows now for PDFs to get
quickly captured.

Authors have made this command possible:

        setSelection(pg,ulx,uly,lrx,lry)
                Set the  selection to the specified  coordinates on the
                specified page.

And external command can capture selection made with mouse. That means
one can mark the text, and annotate such in a hyperdocument and then
provide hyperlink. Once PDF is opened the selection can be
automatically highlighted.

Capturing page number becomes trivial. This is great for my research,
development of Hyperscope and generation of elementary objects such
as:

- specific pages of PDF
- specific selections of the PDF

To note is that not every PDF has text inside. They may be made from
images.

External command needs a script that will ask user how to store it. It
can be done similar to bookmarklets for org-capture.

        run(external-command-string)
                Run  an external  command.  The  following escapes  are
                allowed in the command string:

                    %f => PDF file name (or an empty string if no
                                file is open)
                    %b => PDF file base name, i.e., file name minus
                                the extension (or an empty string if no
                                file is open)
                    %u => link URL (or an empty string if not over
                                a URL link)
                    %p => current page number (or an empty string if
                                no file is open)
                    %x => selection upper-left x coordinate
                                (or 0 if there is no selection)
                    %y => selection upper-left y coordinate
                                (or 0 if there is no selection)
                    %X => selection lower-right x coordinate
                                (or 0 if there is no selection)
                    %Y => selection lower-right y coordinate
                                (or 0 if there is no selection)
                    %i => page containing the mouse pointer
                    %j => x coordinate of the mouse pointer
                    %k => y coordinate of the mouse pointer
                    %% => %

                The external command string  will often contain spaces,
                so the whole command must be quoted in the xpdfrc file:

                    bind x "run(ls -l)"

That means if user prepares the ~/.xpdfrc to contain the following
line:

,----
| bind ctrl-l any "run(capturexpdf.sh %f %p)"
`----

and prepares `capturexpdf.sh' to be executable and contains following:

,----
| #!/bin/bash
| capture="/home/data1/protected/xpdfcaptured.org"
| entry=`zenity --entry`
| hyperlink="[[$1:$2][$entry]]"
| echo $hyperlink >> $capture
`----

then by pressing C-l in xpdf the hyperlink containing exact file name,
page number and hyperlink name created by using `zenity' tool will be
saved into "/home/data1/protected/xpdfcaptured.org":

Then later regardless which PDF viewer is used, as long as they
support page number access it will be possible to invoke that
different PDF viewer on elementary objects or hyperdocuments to
specific PDF file and page number.

It is great tool for researchers to quickly annotate specific PDF
pages for later references.

> Surprisingly PDF viewers built in into browser have fences
> preventing access of browser extensions to the text content. I did
> not expect such limitations.

It does not sound as progress. Evince maybe originates from xpdf but
does not have nearly these options as xpdf. We go back and become more
beautiful with software but less useful.

One big thank you for giving these references. I will extract text
from PDF files and then index such files and use relevance search to
find references to specific subjects like mining, minerals, etc. and
then those relevant pages may be opened based on the query to
construct more precise hyperlink. The activity can be performed by
several people. It also becomes possible to quickly capture PDF
hyperlink references straight into the database.

> There are extensions that offer translation of text selected in PDF
> files however. It seems they use bundled pdf.js to replace built-in
> viewer. Unsure that JS working with PDF file runs in proper security
> context. I expected a robust way for integration with note taking
> applications.

Sadly.

> > > De facto, extensions should communicate with HTTP servers, to
> > > protect users, access to filesystem is not allowed any more.
> >
> > Alright, only if it would be that secure, then this type of advise
> > would not be there:
> >
> > How to Run a More Secure Browser
> > https://www.dragonflybsd.org/docs/handbook/RunSecureBrowser/
>
> Just one problem, if one uses a browser extension that works with local
> files then he have content accessible by extensions.

When using a different user on a file system for secure browsing then
one should not have any files in such user's space. The point of using
different user name when browsing is that no files would exist there
that could be compromised. Malicious application would have hard time
accessing the main user space as it would need to have either sudo
privileges without password or attempt to crack password.

 +-----------+          +------------+       +-----------+
 |  MAIN     |          | BROWSING   |       | MALICIOUS |
 |  USER     |----->    |   USER     |  <--- |   CODE    |
 |           |          | NO FILES   |       |           |
 +-----------+          +------------+       +-----------+

On GNU/Linux and BSD derivatives user space is protected from other
users. It is advisable that each user has their /home/user directory
readable, searchable and writeable only by user. Permissions should
look like this:

  drwx------ 246  92K Nov 30 21:08 protected

rather than this:

  drwxr-xr-x   4 4.0K Oct 13 12:00 protected

> In the previous message I was writing about very specific problem: extension
> author could put code that steal files or ruin them. To solve it, extension
> developers were force to store user content on a remote server instead of
> local files. I do not think it is significantly safer.

All that code and in various browsers could be unsafe. It is good
solution to browse by using ssh -X user@localhost which does not have
any files to be compromised. Org capture and other files created by
browser can be later transferred to main account.

> And finally, running browser under a different user is likely not enough.
> Browser for working with "external" resources should be isolated from home
> or office network (network namespace, container, virtual machine). There are
> enough web sites that checks which ports are open at least on the localhost.
> Local network could be scanned through browser as well.

I agree, only that it is not practical for majority of us. In my
opinion browsing machines should be separate with few sensitive
files if any.

chroot on GNU/Linux or jail on BSD derivatives may separate execution
of browsers on one computer. Tor may protect source of the computer.

> Page inspector in developer tools has a context menu entry to copy XPath to
> particular element. Likely you will prefer to generate link in a more smart
> and stable way, e,g, by looking for an element with id attribute nearby and
> construct a link relative to it. Maybe it is possible to implement protocol
> handler for custom scheme with XPath references
> https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registerProtocolHandler

Another solution is converting HTML to OPML or other type of a tree
and obtaining references and republishing it.

> > My surprise was
> > big when I realized that Org is there with features to manage tasks
> > but does not offer feature to "send the task".
>
> In my opinion, you have demonstrated that emacs and org mode are powerful
> enough to allow users to implement rather specific workflow with a quite
> small piece of code.

Yes and no. Such customizations are not for end users. When I get
mobile device in my hand it allows me to share pictures to email,
chat, web server, to other file managers, and so on. Desktop operating
systems are not so well integrated as mobile systems. End user does
not or cannot learn Emacs Lisp easily. I was programming in Common
Lisp since years and have been using Emacs for that without doing more
with Emacs Lisp than configurations. There is plethora of obstacles
that prevent users integrate features themselves.

> It may be a dedicated package but I do not think it worth including
> such features to the base set. Docs will be longer than the
> code. Personally, I would expect export-based solution that strips
> comments, takes email addresses from some properties and saves
> messages to the draft folder for review before sending them.

Sounds like a queue method.

Jean