update README for Meteor plugin

plugins/Meteor/README

@@ -2,25 +2,26 @@ This is a plugin to automatically load notices in the browser no
 matter who creates them -- the kind of thing we see with
 search.twitter.com, rejaw.com, or FriendFeed's "real time" news.
 
-NOTE: this is an insecure version; don't roll it out on a production
+It requires a meteor server.
-server.
 
-It requires a cometd server. I've only had the cometd-java server work
+   http://meteorserver.org/
-correctly; something's wiggy with the Twisted-based server.
 
-After you have a cometd server installed, just add this code to your
+Note that the controller interface needs to be accessible by the Web
-config.php:
+server, and the subscriber interface needs to be accessible by your
+Web users. You MUST firewall the controller interface from users;
+otherwise anyone will be able to push any message to your subscribers.
+Not good!
 
-    require_once(INSTALLDIR.'/plugins/Comet/CometPlugin.php');
+You can enable the plugin with this line in config.php:
-    $cp = new CometPlugin('http://example.com:8080/cometd/');
 
-Change 'example.com:8080' to the name and port of the server you
+addPlugin('Meteor', array('webserver' => 'meteor server address'));
-installed cometd on.
 
-TODO:
+Available parameters:
+
+* webserver: Web server address. Defaults to site server.
+* webport: port to connect to for Web access. Defaults to 4670.
+* controlserver: Control server address. Defaults to webserver.
+* controlport: port to connect to for control. Defaults to 4671.
+* channelbase: a base string to use for channels. Good if you have
+  multiple sites using the same meteor server.
 
-* Needs to be tested with Ajax submission. Probably messes everything
-  up.
-* Add more timelines: personal inbox and tags would be great.
-* Add security. In particular, only let the PHP code publish notices
-  to the cometd server. Currently, it doesn't try to authenticate.