Squeak fails to run after install: security problems?
Locked
Squeak fails to run after install: security problems?
 
|
Hi,
I'm a maths teacher (and ex software engineer), and have been playing with the developer version of Squeak for a while now, and although the learning curve is fairly steep, I am using it successfully in school. I see that the Squeakland release is recommended for teachers over the squeak.org version, I guess because etoys have been made to work nicely. However, I am experiencing severe frustration in getting it to run. What is the security model? Here's the problem. On WinXP, I install it as administrator. As soon as I try to run as a normal user, it fails ("a primitive has failed", although the error message is in German). I think this is because I cannot write to the image file, quite rightly, since it is owned by the administrator, and as a normal user I could not be trusted not to muck it up. So I copied the image file into my own directory, and ran the Squeakland vm on it, but it fails with the same error. Can anyone help? I'm a little discouraged, as I'm wondering how I will persuade much less technically oriented colleagues in school that Squeak is useful for teaching if the installation is a black art. I am sure my mode of use must be the most common among school users of Squeak. Could it not be supported by the default install? cheers, Simon _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
Re: Squeak fails to run after install: security problems?
|
|
Hi Simon,
We're are working in a restricted Windows environment in the university classroom. What we made is to install the virtual machine and the image in any file where the user have read and write permissions and then drop the *.image file on the Squeak mouse Icon. May be is not the most efficient way, but it works fine and the people can then go with their image an virtual machine in a usb drive and keep working on other places. I hope this helps, Offray Simon Guest escribió: > Hi, > > I'm a maths teacher (and ex software engineer), and have been playing > with the developer version of Squeak for a while now, and although the > learning curve is fairly steep, I am using it successfully in school. > > I see that the Squeakland release is recommended for teachers over the > squeak.org version, I guess because etoys have been made to work > nicely. However, I am experiencing severe frustration in getting it > to run. What is the security model? > > Here's the problem. On WinXP, I install it as administrator. As soon > as I try to run as a normal user, it fails ("a primitive has failed", > although the error message is in German). I think this is because I > cannot write to the image file, quite rightly, since it is owned by > the administrator, and as a normal user I could not be trusted not to > muck it up. > > So I copied the image file into my own directory, and ran the > Squeakland vm on it, but it fails with the same error. Can anyone > help? > > I'm a little discouraged, as I'm wondering how I will persuade much > less technically oriented colleagues in school that Squeak is useful > for teaching if the installation is a black art. I am sure my mode of > use must be the most common among school users of Squeak. Could it > not be supported by the default install? > > cheers, > Simon > > _______________________________________________ > Squeakland mailing list > [hidden email] > http://squeakland.org/mailman/listinfo/squeakland > > Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
Re: Squeak fails to run after install: security problems?
|
|
In reply to this post by Simon Guest-2
Hi Simon.
> I see that the Squeakland release is recommended for > teachers over the > squeak.org version, I guess because etoys have been > made to work > nicely. Exactly. > Here's the problem. On WinXP, I install it as > administrator. Could you confirm if Squeak run as administrator? > As soon as I try to run as a normal user, it fails ("a primitive has failed", > although the error message is in German). In squeakland image, "the security plugin" is enabled by default. Each user have his own crypt key file "squeak.keys" located in folder "C:\program files\squeak\plugin\(username)". The folder and file are created on first run of the user. Your "normal user" might not be able to create them. A workaround is to arrange other location for them by "SecureDirectory" setting in Squeak.INI, that is located in same folder as squeak.exe. The documentation for the INI file is: http://wiki.squeak.org/squeak/3274 . Other possible error source is squeak.ini, that is created on first run. > So I copied the image file into my own directory, > and ran the > Squeakland vm on it, but it fails with the same > error. You could arragne location of image as well if you need. hope this heps. Cheers, /Korakurider -------------------------------------- Start Yahoo! Auction now! Check out the cool campaign http://pr.mail.yahoo.co.jp/auction/ _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
|
|
In reply to this post by Simon Guest-2
Hi Simon --
Just for a little context ... The Squeak you have been using (probably 3.6 or so) has a complete Etoys in it. It might still be the most useful vehicle for what you are trying to do. A shift-alt on any graphical object will bring up an Etoys halo of handles, and the blue eyeball will open a viewer for that Etoy player. Dragging out a behavior tile (like "forward 5") onto the desktop will make a script and put the "forward 5" into the script. You can also get an Etoys developer image. This, again, is the regular Squeak with certain preferences set. Let us know if you are interested. The Etoys version (from Squeakland) is aimed mostly at ages 9-12, but has worked well for younger children, and to a lesser extent for older children (they could use a few more facilities). Many teachers (especially non-technical teachers) have enjoyed using EToys. Etoys and Squeak have no external security models, so the difficulties you are encountering are solely due to some combination of MS and the sysAdmins in your shop, plus where the Squeakland installer puts things so it can be run as a plugin. Because the Squeakland version is also set up to be able to run as a plugin, it is sandboxed for safety. It is possible that you would like more control over things. Basically, the Squeakland version is pretty much a regular Squeak with a number of preferences set to limit the view that the end-user takes of what's available. You may very well want to relax these preferences. Let us know and we'll explain how to do it. Basically, to take more control, you need to gather three or four files: - the image, which contains the system and the objects - the VM, which contains the equivalent of the Squeak OS and the interpreter, graphics kernel, sound, sockets, etc. - the sources, which contains the indexed text of all the source code in the system - the changes, which contains the incremental additions that have been made to the system and allows the Squeak developer to revert to earlier versions, etc. The Squeakland image is set to not write to changes, but this can be changed. If you drop the image on the VM, then Squeak will start up. MS can also be told to use a particular VM as a default for a double click on an image. You should be familiar with these already from your experience with Squeak. We are interested in what you are trying to do and would like to help. Please ask. Cheers, Alan At 01:25 PM 2/6/2007, Simon Guest wrote: >Hi, > >I'm a maths teacher (and ex software engineer), and have been playing >with the developer version of Squeak for a while now, and although the >learning curve is fairly steep, I am using it successfully in school. > >I see that the Squeakland release is recommended for teachers over the >squeak.org version, I guess because etoys have been made to work >nicely. However, I am experiencing severe frustration in getting it >to run. What is the security model? > >Here's the problem. On WinXP, I install it as administrator. As soon >as I try to run as a normal user, it fails ("a primitive has failed", >although the error message is in German). I think this is because I >cannot write to the image file, quite rightly, since it is owned by >the administrator, and as a normal user I could not be trusted not to >muck it up. > >So I copied the image file into my own directory, and ran the >Squeakland vm on it, but it fails with the same error. Can anyone >help? > >I'm a little discouraged, as I'm wondering how I will persuade much >less technically oriented colleagues in school that Squeak is useful >for teaching if the installation is a black art. I am sure my mode of >use must be the most common among school users of Squeak. Could it >not be supported by the default install? > >cheers, >Simon > >_______________________________________________ >Squeakland mailing list >[hidden email] >http://squeakland.org/mailman/listinfo/squeakland _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
Re: Squeak fails to run after install: security problems?
|
|
In reply to this post by korakurider
korakurider wrote:
> In squeakland image, "the security plugin" is enabled > by default. Each user have his own crypt key file > "squeak.keys" located in folder > "C:\program files\squeak\plugin\(username)". > The folder and file are created on first run of the > user. Your "normal user" might not be able to create > them. > > A workaround is to arrange other location for them by > "SecureDirectory" setting in Squeak.INI, that is located > in same folder as squeak.exe. The documentation for the > INI file is: > http://wiki.squeak.org/squeak/3274 . One modification to the Squeak.ini file that resides in the Squeak installation folder (usually C:\Program Files\Squeak\Plugin) could be to add [security] UserDirectory=%HomePath% This would direct Squeak to use the respective user's home directory to create the files it needs. Michael _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
Re: Squeak fails to run after install: security problems?
|
|
In reply to this post by korakurider
At Wed, 7 Feb 2007 14:40:58 +0900 (JST),
korakurider wrote: > > > Here's the problem. On WinXP, I install it as > > administrator. > Could you confirm if Squeak run as administrator? Sorry, of course I should have tried this already. Yes it works fine as administrator. > > > As soon as I try to run as a normal user, it fails ("a > primitive has failed", > > although the error message is in German). > In squeakland image, "the security plugin" is enabled > by default. Each user have his own crypt key file > "squeak.keys" located in folder > "C:\program files\squeak\plugin\(username)". > The folder and file are created on first run of the > user. Your "normal user" might not be able to create > them. > > A workaround is to arrange other location for them by > "SecureDirectory" setting in Squeak.INI, that is located > in same folder as squeak.exe. The documentation for the > INI file is: > http://wiki.squeak.org/squeak/3274 . I changed the location of the UserDirectory and the SecureDirectory in the squeak.ini file to point into my profile, like this: [Security] UserDirectory=%USERPROFILE%\Application Data\Squeak\UserDirectory SecureDirectory=C:\Documents and Settings\sjg\Application Data\Squeak\SecureDirectory This causes it all to work just fine as a normal user (sjg). Thanks for the suggestion. However, I note that environment variables are not supported in the SecureDirectory, so it's not actually possible to set this to different directories for different users, which would be ideal. I had a quick look at the file sqWin32Security.c in the VM source code. Lines 226-230 (in the latest version) do this: /* Expand any environment variables in user directory. */ dwSize = ExpandEnvironmentStrings(untrustedUserDirectory, tmp, MAX_PATH-1); if(dwSize > 0 && dwSize < MAX_PATH) strcpy(untrustedUserDirectory, tmp); but there is no corresponding line for the SecureDirectory. Could I suggest a similar thing be done as this? Otherwise it is not in fact possible, I think, to easily set up Squeak to run for different users from the same installation. I'm still investigating the effect of sharing an image file between different users, and whether I need to address this as well. Thanks to all for the help so far. cheers, Simon _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
Re: Squeak fails to run after install: security problems?
|
|
In reply to this post by Alan Kay
Alan,
Thanks for the detailed response. Let me summarise what I am trying to do. For background, I have served my time as a professional programmer (C, C++, Java, Ada, Perl, Python, Haskell, but no Smalltalk) for 15 years or so, but recently left all that to become a maths teacher. I am looking for ways of presenting mathematical ideas in an interesting and dynamic way to my classes of 11 to 18 year olds, and also for software that the students themselves can get their hands on. It seems to me that Smalltalk and Squeak in particular (via Morphic) provide a very malleable medium for creating such dynamic interactive stuff. By contrast, Powerpoint, for instance, simply forces me to follow a carefully prepared script, rather than allowing for interaction and investigation in a classroom context. I have done a tiny amount of Smalltalk programming to produce some classroom demonstrators of simple concepts, but find sadly I have little time to do anything substantial. So, onto Morphic and/or Etoys and direct manipulation, which I have used successfully to illustrate some ideas in the classroom. What I like about Squeak is: - direct manipulation with Morphic is very productive - Etoy scripting sometimes does just what I want, and when it does, it's a quick way of building something (perhaps the balance will change as I get better at Smalltalk) - there's some good stuff on SqueakMap Questions I have include these: 1. When I find something doesn't work, I'm not sure if it's because it broke recently, or never worked. This is part of the "which version should I be using?" question. For example, if what I'm building starts filling up the screen, I saw I could shift-drag to select a group of objects, and use Extras->Put In a Window, which would enable me to temporarily minimize a group of morphs. But this gives MessageNotUnderstood. Is there a version of Squeak in which this works? Would it be easily fixable in the current developer version? 2. From what you say, and my experiments, it seems Etoys still works OK in the latest developer version (well, I have been using 3.9). But discussion on squeak-dev seems to suggest Etoys are not a priority in this development strand, so do I need to be using a different version to maintain a good experience of Etoys? 3. The Squeak plugin looks like a good way to deploy Squeak content to others in school. But I'm not sure what to do if something I want to use is not in the Squeakland image. I guess I'm halfway between dabbling in Smalltalk and dabbling in Etoys, and am not sure which version is right for me. I think I've rambled too much here. Sorry about that. cheers, Simon _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
Re: Squeak fails to run after install: security problems?
|
|
In reply to this post by Michael Rueger-3
--- Michael Rueger <[hidden email]> wrote:
> One modification to the Squeak.ini file that resides > in the Squeak > installation folder (usually C:\Program > Files\Squeak\Plugin) could be to > add > [security] > UserDirectory=%HomePath% > > This would direct Squeak to use the respective > user's home directory to > create the files it needs. Unfortunately "UserDirectory" setting affect only projecct store for loading/saving (i.e. alternate my squeak) as described in document. To modify crypt key location you need to adjust SecureDirectory setting. (at least I could confirm this on mybox with 3.7.1 VM) One pitfall of SecureDirectory trick (for 3.7.1 VM) is that you need to describe path without environemnt variable like %HOME%, while you can use it in UserDirectory. -------------------------------------- Start Yahoo! Auction now! Check out the cool campaign http://pr.mail.yahoo.co.jp/auction/ _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
Re: Squeak fails to run after install: security problems?
|
|
In reply to this post by Simon Guest-2
Hi, Simon,
Both the squeakland.org-based "development" variant of the current Squeakland image and the squeak.org-based "Squeak3.8.1" would likely suit your purposes pretty well. Urls for these two are: http://www.squeakland.org/installers/SqueakPluginImage-dev.zip and http://ftp.squeak.org/3.8/Squeak3.8.1-6747-full.zip If you adopt either of these, you'll also want to obtain the SqueakV3.sources file from: http://ftp.squeak.org/3.8/SqueakV3.sources.gz and also get the VM appropriate to your platform, if you don't already have it, from: http://ftp.squeak.org/3.8/ And if you use the Squeakland development image, be sure to load code updates. The "squeakland.org" alternative is essentially the same as the standard Squeakland "plug-in" image currently in use in schools around the world, but additionally comes with a "changes" file, which anyone orchestrating Morphic from straight Smalltalk code (as opposed to etoy scripts) is likely to want. Projects created with this image will be freely readable by all recent (from the past two years) Squeakland images on any platform, and conversely projects created with any recent Squeakland will be usable into your development image. The "squeak.org" alternative has the advantage that it comes with SqueakMap and Monticello (and some other packages) pre-installed. A marginal downside however is that it does not come with the Connectors package pre-installed, which the Squeakland image does have. It's possible to install SqueakMap and Monticello into a Squeakland- based image, and to install packages found on SqueakMap into such an image. It is unfortunate that Squeakland releases are not listed on SqueakMap, so no SqueakMap packages indicate which, if any, versions of Squeakland image they are appropriate for. However, in nearly every case it works fine to load packages designated for "Squeak3.8" into Squeakland images. ---------------------- Your needs could also, as you suggest, be served by 3.9, the latest "stable" release from squeak.org. However, afaik 3.9 projects are incompatible with 3.8 images, and vice-versa, and I think that most education-oriented users, below university level at any rate, are using Squeakland images. Also, all of the active enhancements, bug- fixes, documentation writing, and support that have been done for etoys within the past couple of years have been done in 3.8-based systems and on the Squeakland mailing list. OTOH discussions about programming in Morphic, about use of SqueakMap, etc. are are much more likely to be found on the squeak- dev mailing list: http://lists.squeakfoundation.org/mailman/listinfo/squeak-dev and/or the Squeak "beginner's list": http://lists.squeakfoundation.org/mailman/listinfo/beginners so you would probably benefit from subscribing to those lists as well as the Squeakland mailing-list, regardless of which version you decide to use. Hope this helps, -- Scott On Feb 7, 2007, at 1:46 PM, Simon Guest wrote: > For background, I have served my time as a professional > programmer (C, C++, Java, Ada, Perl, Python, Haskell, but no > Smalltalk) for 15 years or so, but recently left all that to become a > maths teacher. I am looking for ways of presenting mathematical ideas > in an interesting and dynamic way to my classes of 11 to 18 year olds, > and also for software that the students themselves can get their hands > on. > > It seems to me that Smalltalk and Squeak in particular (via Morphic) > provide a very malleable medium for creating such dynamic interactive > stuff. By contrast, Powerpoint, for instance, simply forces me to > follow a carefully prepared script, rather than allowing for > interaction and investigation in a classroom context. > > I have done a tiny amount of Smalltalk programming to produce some > classroom demonstrators of simple concepts, but find sadly I have > little time to do anything substantial. So, onto Morphic and/or Etoys > and direct manipulation, which I have used successfully to illustrate > some ideas in the classroom. > > What I like about Squeak is: > - direct manipulation with Morphic is very productive > - Etoy scripting sometimes does just what I want, and when it does, > it's a quick way of building something (perhaps the balance will > change as I get better at Smalltalk) > - there's some good stuff on SqueakMap > > Questions I have include these: > > 1. When I find something doesn't work, I'm not sure if it's because it > broke recently, or never worked. This is part of the "which > version should I be using?" question. For example, if what I'm > building > starts filling up the screen, I saw I could shift-drag to select a > group of objects, and use Extras->Put In a Window, which would > enable > me to temporarily minimize a group of morphs. But this gives > MessageNotUnderstood. Is there a version of Squeak in which this > works? Would it be easily fixable in the current developer > version? > > 2. From what you say, and my experiments, it seems Etoys still works > OK in the latest developer version (well, I have been using 3.9). > But discussion on squeak-dev seems to suggest Etoys are not a > priority in this development strand, so do I need to be using a > different version to maintain a good experience of Etoys? > > 3. The Squeak plugin looks like a good way to deploy Squeak content to > others in school. But I'm not sure what to do if something I want > to use is not in the Squeakland image. > > I guess I'm halfway between dabbling in Smalltalk and dabbling in > Etoys, and am not sure which version is right for me. > > I think I've rambled too much here. Sorry about that. > > cheers, > Simon _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
Re: Squeak fails to run after install: security problems?
|
|
In reply to this post by Simon Guest-2
On Wed, 7 Feb 2007, Simon Guest wrote:
> > A workaround is to arrange other location for them by > > "SecureDirectory" setting in Squeak.INI, that is located > > in same folder as squeak.exe. The documentation for the > > INI file is: > > http://wiki.squeak.org/squeak/3274 . > > I changed the location of the UserDirectory and the SecureDirectory in > the squeak.ini file to point into my profile, like this: > > [Security] > UserDirectory=%USERPROFILE%\Application Data\Squeak\UserDirectory > SecureDirectory=C:\Documents and Settings\sjg\Application Data\Squeak\SecureDirectory > > This causes it all to work just fine as a normal user (sjg). Thanks > for the suggestion. > > However, I note that environment variables are not supported in the > SecureDirectory, so it's not actually possible to set this to > different directories for different users, which would be ideal. I > had a quick look at the file sqWin32Security.c in the VM source code. > Lines 226-230 (in the latest version) do this: > > /* Expand any environment variables in user directory. */ > dwSize = ExpandEnvironmentStrings(untrustedUserDirectory, tmp, MAX_PATH-1); > if(dwSize > 0 && dwSize < MAX_PATH) > strcpy(untrustedUserDirectory, tmp); > > but there is no corresponding line for the SecureDirectory. > Could I suggest a similar thing be done as this? Otherwise it is not > in fact possible, I think, to easily set up Squeak to run for > different users from the same installation. > Running squeak on Linux-machines, I'd apprechiate such a solution, too. For the moment I'm using forced symbolic links, which works, but is complicated, since the computers at our school are so-called multiseat-systems, whence up to four users are using the same image simultaniously at the same time. > I'm still investigating the effect of sharing an image file between > different users, and whether I need to address this as well. No problem with this on Linux - in my case, the image-file is write-protected. Markus ----------------------------------------------- Markus Schlager m.slg(at)gmx.de _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
Re: Squeak fails to run after install: security problems?
|
|
On Feb 11, 2007, at 0:39 , Markus Schlager wrote:
> Running squeak on Linux-machines, I'd apprechiate such a solution, > too. > For the moment I'm using forced symbolic links, which works, but is > complicated, since the computers at our school are so-called > multiseat-systems, whence up to four users are using the same image > simultaniously at the same time. With a recent VM, you have two environment variables that let you specify the user directory and the secure directory independently of the (shared) image location. For example, to put both in a directory named "Etoys" in each user's home you could put this in the startup script: etoysdir="$HOME/Etoys" export SQUEAK_SECUREDIR="$etoysdir/private" export SQUEAK_USERDIR="$etoysdir/MyEtoys" [ ! -d "$SQUEAK_SECUREDIR" ] && mkdir -p "$SQUEAK_SECUREDIR" [ ! -d "$SQUEAK_USERDIR" ] && mkdir -p "$SQUEAK_USERDIR" chmod 700 "$SQUEAK_SECUREDIR" chmod 755 "$SQUEAK_USERDIR" - Bert - _______________________________________________ Squeakland mailing list [hidden email] http://squeakland.org/mailman/listinfo/squeakland |
«
Return to SqueakLand
|
1 view|%1 views
| Free forum by Nabble | Edit this page |