Squeak fails to run after install: security problems?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Squeak fails to run after install: security problems?

Simon Guest-2
Hi,

I'm a maths teacher (and ex software engineer), and have been playing
with the developer version of Squeak for a while now, and although the
learning curve is fairly steep, I am using it successfully in school.

I see that the Squeakland release is recommended for teachers over the
squeak.org version, I guess because etoys have been made to work
nicely.  However, I am experiencing severe frustration in getting it
to run.  What is the security model?

Here's the problem.  On WinXP, I install it as administrator.  As soon
as I try to run as a normal user, it fails ("a primitive has failed",
although the error message is in German).  I think this is because I
cannot write to the image file, quite rightly, since it is owned by
the administrator, and as a normal user I could not be trusted not to
muck it up.

So I copied the image file into my own directory, and ran the
Squeakland vm on it, but it fails with the same error.  Can anyone
help?

I'm a little discouraged, as I'm wondering how I will persuade much
less technically oriented colleagues in school that Squeak is useful
for teaching if the installation is a black art.  I am sure my mode of
use must be the most common among school users of Squeak.  Could it
not be supported by the default install?

cheers,
Simon

_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

Offray Vladimir Luna Cárdenas
Hi Simon,

We're are working in a restricted Windows environment in the university
classroom. What we made is to install the virtual machine and the image
in any file where the user have read and write permissions and then drop
the *.image file on the Squeak mouse Icon. May be is not the most
efficient way, but it works fine and the people can then go with their
image an virtual machine in a usb drive and keep working on other places.

I hope this helps,

Offray

Simon Guest escribió:

> Hi,
>
> I'm a maths teacher (and ex software engineer), and have been playing
> with the developer version of Squeak for a while now, and although the
> learning curve is fairly steep, I am using it successfully in school.
>
> I see that the Squeakland release is recommended for teachers over the
> squeak.org version, I guess because etoys have been made to work
> nicely.  However, I am experiencing severe frustration in getting it
> to run.  What is the security model?
>
> Here's the problem.  On WinXP, I install it as administrator.  As soon
> as I try to run as a normal user, it fails ("a primitive has failed",
> although the error message is in German).  I think this is because I
> cannot write to the image file, quite rightly, since it is owned by
> the administrator, and as a normal user I could not be trusted not to
> muck it up.
>
> So I copied the image file into my own directory, and ran the
> Squeakland vm on it, but it fails with the same error.  Can anyone
> help?
>
> I'm a little discouraged, as I'm wondering how I will persuade much
> less technically oriented colleagues in school that Squeak is useful
> for teaching if the installation is a black art.  I am sure my mode of
> use must be the most common among school users of Squeak.  Could it
> not be supported by the default install?
>
> cheers,
> Simon
>
> _______________________________________________
> Squeakland mailing list
> [hidden email]
> http://squeakland.org/mailman/listinfo/squeakland
>
>  
_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

korakurider
In reply to this post by Simon Guest-2
Hi Simon.

> I see that the Squeakland release is recommended for
> teachers over the
> squeak.org version, I guess because etoys have been
> made to work
> nicely.
   Exactly.

> Here's the problem.  On WinXP, I install it as
> administrator.
   Could you confirm if Squeak run as administrator?

> As soon as I try to run as a normal user, it fails ("a
primitive has failed",
> although the error message is in German).
   In squeakland image, "the security plugin" is enabled
by default.  Each user have his own crypt key file
"squeak.keys" located in folder
"C:\program files\squeak\plugin\(username)".
   The folder and file are created on first run of the
user.  Your "normal user" might not be able to create
them.

   A workaround is to arrange other location for them by
"SecureDirectory" setting in Squeak.INI, that is located
in same folder as squeak.exe.  The documentation for the
INI file is:
http://wiki.squeak.org/squeak/3274 .

   Other possible error source is squeak.ini, that is
created on first run.

> So I copied the image file into my own directory,
> and ran the
> Squeakland vm on it, but it fails with the same
> error.
   You could arragne location of image as well if you
need.

   hope this heps.

Cheers,
/Korakurider

--------------------------------------
Start Yahoo! Auction now! Check out the cool campaign
http://pr.mail.yahoo.co.jp/auction/

_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

Alan Kay
In reply to this post by Simon Guest-2
Hi Simon --

Just for a little context ...

The Squeak you have been using (probably 3.6 or so) has a complete
Etoys in it. It might still be the most useful vehicle for what you
are trying to do. A shift-alt on any graphical object will bring up
an Etoys halo of handles, and the blue eyeball will open a viewer for
that Etoy player. Dragging out a behavior tile (like "forward 5")
onto the desktop will make a script and put the "forward 5" into the script.

You can also get an Etoys developer image. This, again, is the
regular Squeak with certain preferences set. Let us know if you are interested.

The Etoys version (from Squeakland) is aimed mostly at ages 9-12, but
has worked well for younger children, and to a lesser extent for
older children (they could use a few more facilities). Many teachers
(especially non-technical teachers) have enjoyed using EToys.

Etoys and Squeak have no external security models, so the
difficulties you are encountering are solely due to some combination
of MS and the sysAdmins in your shop, plus where the Squeakland
installer puts things so it can be run as a plugin.

Because the Squeakland version is also set up to be able to run as a
plugin, it is sandboxed for safety. It is possible that you would
like more control over things. Basically, the Squeakland version is
pretty much a regular Squeak with a number of preferences set to
limit the view that the end-user takes of what's available. You may
very well want to relax these preferences. Let us know and we'll
explain how to do it.

Basically, to take more control, you need to gather three or four files:
  - the image, which contains the system and the objects
  - the VM, which contains the equivalent of the Squeak OS and the
interpreter, graphics kernel, sound, sockets, etc.
  - the sources, which contains the indexed text of all the source
code in the system
  - the changes, which contains the incremental additions that have
been made to the system and allows the Squeak developer to revert to
earlier versions, etc. The Squeakland image is set to not write to
changes, but this can be changed.

If you drop the image on the VM, then Squeak will start up. MS can
also be told to use a particular VM as a default for a double click
on an image.

You should be familiar with these already from your experience with Squeak.

We are interested in what you are trying to do and would like to
help. Please ask.

Cheers,

Alan



At 01:25 PM 2/6/2007, Simon Guest wrote:

>Hi,
>
>I'm a maths teacher (and ex software engineer), and have been playing
>with the developer version of Squeak for a while now, and although the
>learning curve is fairly steep, I am using it successfully in school.
>
>I see that the Squeakland release is recommended for teachers over the
>squeak.org version, I guess because etoys have been made to work
>nicely.  However, I am experiencing severe frustration in getting it
>to run.  What is the security model?
>
>Here's the problem.  On WinXP, I install it as administrator.  As soon
>as I try to run as a normal user, it fails ("a primitive has failed",
>although the error message is in German).  I think this is because I
>cannot write to the image file, quite rightly, since it is owned by
>the administrator, and as a normal user I could not be trusted not to
>muck it up.
>
>So I copied the image file into my own directory, and ran the
>Squeakland vm on it, but it fails with the same error.  Can anyone
>help?
>
>I'm a little discouraged, as I'm wondering how I will persuade much
>less technically oriented colleagues in school that Squeak is useful
>for teaching if the installation is a black art.  I am sure my mode of
>use must be the most common among school users of Squeak.  Could it
>not be supported by the default install?
>
>cheers,
>Simon
>
>_______________________________________________
>Squeakland mailing list
>[hidden email]
>http://squeakland.org/mailman/listinfo/squeakland

_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

Michael Rueger-3
In reply to this post by korakurider
korakurider wrote:

 >    In squeakland image, "the security plugin" is enabled
 > by default.  Each user have his own crypt key file
 > "squeak.keys" located in folder
 > "C:\program files\squeak\plugin\(username)".
 >    The folder and file are created on first run of the
 > user.  Your "normal user" might not be able to create
 > them.
 >
 >    A workaround is to arrange other location for them by
 > "SecureDirectory" setting in Squeak.INI, that is located
 > in same folder as squeak.exe.  The documentation for the
 > INI file is:
 > http://wiki.squeak.org/squeak/3274 .

One modification to the Squeak.ini file that resides in the Squeak
installation folder (usually C:\Program Files\Squeak\Plugin) could be to
add

[security]
UserDirectory=%HomePath%

This would direct Squeak to use the respective user's home directory to
create the files it needs.

Michael
_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

Simon Guest-2
In reply to this post by korakurider
At Wed, 7 Feb 2007 14:40:58 +0900 (JST),
korakurider  wrote:
>
> > Here's the problem.  On WinXP, I install it as
> > administrator.
>    Could you confirm if Squeak run as administrator?

Sorry, of course I should have tried this already.  Yes it works fine
as administrator.

>
> > As soon as I try to run as a normal user, it fails ("a
> primitive has failed",
> > although the error message is in German).
>    In squeakland image, "the security plugin" is enabled
> by default.  Each user have his own crypt key file
> "squeak.keys" located in folder
> "C:\program files\squeak\plugin\(username)".
>    The folder and file are created on first run of the
> user.  Your "normal user" might not be able to create
> them.
>
>    A workaround is to arrange other location for them by
> "SecureDirectory" setting in Squeak.INI, that is located
> in same folder as squeak.exe.  The documentation for the
> INI file is:
> http://wiki.squeak.org/squeak/3274 .

I changed the location of the UserDirectory and the SecureDirectory in
the squeak.ini file to point into my profile, like this:

[Security]
UserDirectory=%USERPROFILE%\Application Data\Squeak\UserDirectory
SecureDirectory=C:\Documents and Settings\sjg\Application Data\Squeak\SecureDirectory

This causes it all to work just fine as a normal user (sjg).  Thanks
for the suggestion.

However, I note that environment variables are not supported in the
SecureDirectory, so it's not actually possible to set this to
different directories for different users, which would be ideal.  I
had a quick look at the file sqWin32Security.c in the VM source code.
Lines 226-230 (in the latest version) do this:

  /* Expand any environment variables in user directory. */
  dwSize = ExpandEnvironmentStrings(untrustedUserDirectory, tmp, MAX_PATH-1);
  if(dwSize > 0 && dwSize < MAX_PATH)
    strcpy(untrustedUserDirectory, tmp);

but there is no corresponding line for the SecureDirectory.  
Could I suggest a similar thing be done as this?  Otherwise it is not
in fact possible, I think, to easily set up Squeak to run for
different users from the same installation.

I'm still investigating the effect of sharing an image file between
different users, and whether I need to address this as well.

Thanks to all for the help so far.

cheers,
Simon

_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

Simon Guest-2
In reply to this post by Alan Kay
Alan,

Thanks for the detailed response.  Let me summarise what I am trying
to do.  

For background, I have served my time as a professional
programmer (C, C++, Java, Ada, Perl, Python, Haskell, but no
Smalltalk) for 15 years or so, but recently left all that to become a
maths teacher.  I am looking for ways of presenting mathematical ideas
in an interesting and dynamic way to my classes of 11 to 18 year olds,
and also for software that the students themselves can get their hands
on.

It seems to me that Smalltalk and Squeak in particular (via Morphic)
provide a very malleable medium for creating such dynamic interactive
stuff.  By contrast, Powerpoint, for instance, simply forces me to
follow a carefully prepared script, rather than allowing for
interaction and investigation in a classroom context.

I have done a tiny amount of Smalltalk programming to produce some
classroom demonstrators of simple concepts, but find sadly I have
little time to do anything substantial.  So, onto Morphic and/or Etoys
and direct manipulation, which I have used successfully to illustrate
some ideas in the classroom.

What I like about Squeak is:
- direct manipulation with Morphic is very productive
- Etoy scripting sometimes does just what I want, and when it does,
it's a quick way of building something (perhaps the balance will
change as I get better at Smalltalk)
- there's some good stuff on SqueakMap

Questions I have include these:

1. When I find something doesn't work, I'm not sure if it's because it
   broke recently, or never worked.  This is part of the "which
   version should I be using?" question.  For example, if what I'm building
   starts filling up the screen, I saw I could shift-drag to select a
   group of objects, and use Extras->Put In a Window, which would enable
   me to temporarily minimize a group of morphs.  But this gives
   MessageNotUnderstood.  Is there a version of Squeak in which this
   works?  Would it be easily fixable in the current developer version?
   
2. From what you say, and my experiments, it seems Etoys still works
   OK in the latest developer version (well, I have been using 3.9).
   But discussion on squeak-dev seems to suggest Etoys are not a
   priority in this development strand, so do I need to be using a
   different version to maintain a good experience of Etoys?

3. The Squeak plugin looks like a good way to deploy Squeak content to
   others in school.  But I'm not sure what to do if something I want
   to use is not in the Squeakland image.

I guess I'm halfway between dabbling in Smalltalk and dabbling in
Etoys, and am not sure which version is right for me.

I think I've rambled too much here.  Sorry about that.

cheers,
Simon

_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

korakurider
In reply to this post by Michael Rueger-3
--- Michael Rueger <[hidden email]> wrote:

> One modification to the Squeak.ini file that resides
> in the Squeak
> installation folder (usually C:\Program
> Files\Squeak\Plugin) could be to
> add
> [security]
> UserDirectory=%HomePath%
>
> This would direct Squeak to use the respective
> user's home directory to
> create the files it needs.

  Unfortunately "UserDirectory" setting affect only
projecct store for loading/saving (i.e. alternate my
squeak) as described in document.  To modify crypt key
location you need to adjust SecureDirectory setting.
(at least I could confirm this on mybox with 3.7.1 VM)

  One pitfall of SecureDirectory trick (for 3.7.1 VM) is
that you need to describe path without environemnt
variable like %HOME%, while you can use it in
UserDirectory.


--------------------------------------
Start Yahoo! Auction now! Check out the cool campaign
http://pr.mail.yahoo.co.jp/auction/

_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

Scott Wallace
In reply to this post by Simon Guest-2
Hi, Simon,

Both the squeakland.org-based "development" variant of the current  
Squeakland image and the squeak.org-based "Squeak3.8.1" would likely  
suit your purposes pretty well.

Urls for these two are:

http://www.squeakland.org/installers/SqueakPluginImage-dev.zip

and

http://ftp.squeak.org/3.8/Squeak3.8.1-6747-full.zip


If you adopt either of these, you'll also want to obtain the  
SqueakV3.sources file from:

http://ftp.squeak.org/3.8/SqueakV3.sources.gz

and also get the VM appropriate to your platform, if you don't  
already have it, from:

http://ftp.squeak.org/3.8/

And if you use the Squeakland development image, be sure to load code  
updates.


The "squeakland.org" alternative is essentially the same as the  
standard Squeakland "plug-in" image currently in use in schools  
around the world, but additionally comes with a "changes" file, which  
anyone orchestrating Morphic from straight Smalltalk code (as opposed  
to etoy scripts) is likely to want.  Projects created with this image  
will be freely readable by all recent (from the past two years)  
Squeakland images on any platform, and conversely projects created  
with any recent Squeakland will be usable into your development image.

The "squeak.org" alternative has the advantage that it comes with  
SqueakMap and Monticello (and some other packages) pre-installed.  A  
marginal downside however is that it does not come with the  
Connectors package pre-installed, which the Squeakland image does have.

It's possible to install SqueakMap and Monticello into a Squeakland-
based image, and to install packages found on SqueakMap into such an  
image.  It is unfortunate that Squeakland releases are not listed on  
SqueakMap, so no SqueakMap packages indicate which, if any, versions  
of Squeakland image they are appropriate for.  However, in nearly  
every case it works fine to load packages designated for "Squeak3.8"  
into Squeakland images.

----------------------

Your needs could also, as you suggest, be served by 3.9, the latest  
"stable" release from squeak.org.  However, afaik 3.9 projects are  
incompatible with 3.8 images, and vice-versa, and I think that most  
education-oriented users, below university level at any rate, are  
using Squeakland images.  Also, all of the active enhancements, bug-
fixes, documentation writing, and support that have been done for  
etoys within the past couple of years have been done in 3.8-based  
systems and on the Squeakland mailing list.

OTOH discussions about programming in Morphic, about use of  
SqueakMap, etc. are are much more likely to be found on the squeak-
dev mailing list:

http://lists.squeakfoundation.org/mailman/listinfo/squeak-dev

and/or the Squeak "beginner's list":

http://lists.squeakfoundation.org/mailman/listinfo/beginners

so you would probably benefit from subscribing to those lists as well  
as the Squeakland mailing-list, regardless of which version you  
decide to use.

Hope this helps,

   -- Scott


On Feb 7, 2007, at 1:46 PM, Simon Guest wrote:

> For background, I have served my time as a professional
> programmer (C, C++, Java, Ada, Perl, Python, Haskell, but no
> Smalltalk) for 15 years or so, but recently left all that to become a
> maths teacher.  I am looking for ways of presenting mathematical ideas
> in an interesting and dynamic way to my classes of 11 to 18 year olds,
> and also for software that the students themselves can get their hands
> on.
>
> It seems to me that Smalltalk and Squeak in particular (via Morphic)
> provide a very malleable medium for creating such dynamic interactive
> stuff.  By contrast, Powerpoint, for instance, simply forces me to
> follow a carefully prepared script, rather than allowing for
> interaction and investigation in a classroom context.
>
> I have done a tiny amount of Smalltalk programming to produce some
> classroom demonstrators of simple concepts, but find sadly I have
> little time to do anything substantial.  So, onto Morphic and/or Etoys
> and direct manipulation, which I have used successfully to illustrate
> some ideas in the classroom.
>
> What I like about Squeak is:
> - direct manipulation with Morphic is very productive
> - Etoy scripting sometimes does just what I want, and when it does,
> it's a quick way of building something (perhaps the balance will
> change as I get better at Smalltalk)
> - there's some good stuff on SqueakMap
>
> Questions I have include these:
>
> 1. When I find something doesn't work, I'm not sure if it's because it
>    broke recently, or never worked.  This is part of the "which
>    version should I be using?" question.  For example, if what I'm  
> building
>    starts filling up the screen, I saw I could shift-drag to select a
>    group of objects, and use Extras->Put In a Window, which would  
> enable
>    me to temporarily minimize a group of morphs.  But this gives
>    MessageNotUnderstood.  Is there a version of Squeak in which this
>    works?  Would it be easily fixable in the current developer  
> version?
>
> 2. From what you say, and my experiments, it seems Etoys still works
>    OK in the latest developer version (well, I have been using 3.9).
>    But discussion on squeak-dev seems to suggest Etoys are not a
>    priority in this development strand, so do I need to be using a
>    different version to maintain a good experience of Etoys?
>
> 3. The Squeak plugin looks like a good way to deploy Squeak content to
>    others in school.  But I'm not sure what to do if something I want
>    to use is not in the Squeakland image.
>
> I guess I'm halfway between dabbling in Smalltalk and dabbling in
> Etoys, and am not sure which version is right for me.
>
> I think I've rambled too much here.  Sorry about that.
>
> cheers,
> Simon

_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

Markus Schlager-2
In reply to this post by Simon Guest-2
On Wed, 7 Feb 2007, Simon Guest wrote:

> >    A workaround is to arrange other location for them by
> > "SecureDirectory" setting in Squeak.INI, that is located
> > in same folder as squeak.exe.  The documentation for the
> > INI file is:
> > http://wiki.squeak.org/squeak/3274 .
>
> I changed the location of the UserDirectory and the SecureDirectory in
> the squeak.ini file to point into my profile, like this:
>
> [Security]
> UserDirectory=%USERPROFILE%\Application Data\Squeak\UserDirectory
> SecureDirectory=C:\Documents and Settings\sjg\Application Data\Squeak\SecureDirectory
>
> This causes it all to work just fine as a normal user (sjg).  Thanks
> for the suggestion.
>
> However, I note that environment variables are not supported in the
> SecureDirectory, so it's not actually possible to set this to
> different directories for different users, which would be ideal.  I
> had a quick look at the file sqWin32Security.c in the VM source code.
> Lines 226-230 (in the latest version) do this:
>
>   /* Expand any environment variables in user directory. */
>   dwSize = ExpandEnvironmentStrings(untrustedUserDirectory, tmp, MAX_PATH-1);
>   if(dwSize > 0 && dwSize < MAX_PATH)
>     strcpy(untrustedUserDirectory, tmp);
>
> but there is no corresponding line for the SecureDirectory.  
> Could I suggest a similar thing be done as this?  Otherwise it is not
> in fact possible, I think, to easily set up Squeak to run for
> different users from the same installation.
>

Running  squeak on Linux-machines, I'd apprechiate such a solution, too.
For the moment I'm using forced symbolic links, which works, but is
complicated, since the computers at our school are so-called
multiseat-systems, whence up to four users are using the same image
simultaniously at the same time.

> I'm still investigating the effect of sharing an image file between
> different users, and whether I need to address this as well.

No problem with this on Linux - in my case, the image-file is
write-protected.

Markus
-----------------------------------------------
 Markus Schlager               m.slg(at)gmx.de
_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Squeak fails to run after install: security problems?

Bert Freudenberg
On Feb 11, 2007, at 0:39 , Markus Schlager wrote:

> Running  squeak on Linux-machines, I'd apprechiate such a solution,  
> too.
> For the moment I'm using forced symbolic links, which works, but is
> complicated, since the computers at our school are so-called
> multiseat-systems, whence up to four users are using the same image
> simultaniously at the same time.

With a recent VM, you have two environment variables that let you  
specify the user directory and the secure directory independently of  
the (shared) image location. For example, to put both in a directory  
named "Etoys" in each user's home you could put this in the startup  
script:

etoysdir="$HOME/Etoys"
export SQUEAK_SECUREDIR="$etoysdir/private"
export SQUEAK_USERDIR="$etoysdir/MyEtoys"
[ ! -d "$SQUEAK_SECUREDIR" ] && mkdir -p "$SQUEAK_SECUREDIR"
[ ! -d "$SQUEAK_USERDIR" ] && mkdir -p "$SQUEAK_USERDIR"
chmod 700 "$SQUEAK_SECUREDIR"
chmod 755 "$SQUEAK_USERDIR"

- Bert -


_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland