Re: [Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[Petr Fischer]

> > Hello, two questions about Seaside sessions:
> >
> > 1) URL sharing between different users - what if "boss" shares URL from
> > his browser and send it to another regular user - of course, easy way,
> > whole URL with session (_s=) - when another/regular user opens that
> > link -> whole "boss" session opens in regular user's browser, with all
> > "boss" permissions, UI state etc etc - very bad, is there any solution for
> > this? Rewrite every (!) URL with updateURL: is not solution :(
> >
> >
> Probably it's not what you need, but in my case I wanted to forbid (show an
> error) what you call "URL sharing" because of security issues. Anyway, if
> you want this, let me know and I show you how I did it.

Yes this is also possible, but instructing users that do not share their URLs 
is insufficient (they will do it!).

How is possible to "forbid" URL copy/pasting from one browser to another? With 
session + auth cookie tracking strategy (already suggested in this thread)?

> > 2) What is the actual way for "session expiration/login page"? There is
> > few tutorials and books on the inet - but info about session expiration is
> > obsolete :( Methods from tutorials not exists in Seaside 3.2.0.
> > Some trick with WAApplication subclass is actual?
> >
> > Thanks very much! pf
> >
> >
> 
> 
> -- 
> Mariano
> http://marianopeck.wordpress.com

Re: [Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[Petr Fischer]

> Mariano,
> 
> this would be a perfect article for your blog (hint, hint) and I'd be 
> one of the first and excited readers. I must admit I sometimes am 
> frightened by all the filters and whatnot that I could be using for 
> certain tasks. I always feel like I miss half of what the power of 
> Seaside is because there is no documentation or tutorias on all that 
> stuff (or are there)

Exactly! 

There is some documentiation on the net, but documentation is often obsolete - 
even official documentation (book.seaside.st for example).
Blog post is nice and welcome, but blogs and blog systems die sometimes and 
then what? Also there is some article/blog post for very old Seaside, another 
article for pre-actual Seaside and no article for actual Seaside... Central 
point (under pharo.org) for all the valid actual knowledge resources is 
necessary (IMHO).

> So it would be great if you could not only share your code but also 
> explain it a little bit, for dummies like me...
> 
> Joachim
> 
> 

Re: [Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[Petr Fischer]

> > > Hello, two questions about Seaside sessions:
> > >
> > > 1) URL sharing between different users - what if "boss" shares URL from
> > his browser and send it to another regular user - of course, easy way,
> > whole URL with session (_s=) - when another/regular user opens that
> > link -> whole "boss" session opens in regular user's browser, with all
> > "boss" permissions, UI state etc etc - very bad, is there any solution for
> > this? Rewrite every (!) URL with updateURL: is not solution :(
> >
> > If this is a concern, you can use a cookie for session tracking, but that
> > means you cannot have multiple Seaside sessions running in the same browser
> > at the same time.
> >
> > There are probably other ways, but I think the solution is not to rely on
> > a session key for authentication.
> > Here’s a strategy:
> > Keep the Seaside session key in the url for session tracking but use an
> > authorization cookie for authorization. Put that cookie when the user logs
> > in and check its presence when requests come in for a session.
> > I think that using a filter for that is a good choice.
> >
> > Whenever another user copy/pastes the url, he cannot ‘hijack’ the session
> > because he lacks the correct authentication cookie.
> >
> >
> That's exactly what I did in my case. And the way to implement that was
> with a custom session tracker that dealt with the cookie plus a filter for
> the checking and kickout.
> 
> I can share this if someone wants it (I think I already shared it before)

Other beginners with Pharo/Seaside might appreciate if it was standard part of 
Seaside.

In standard Seaside package, there is for example class 
WAIPSessionTrackingStrategy, it's nice as example, but unusable in real world.

Your session tracking strategy is definitely more useful - can you share? Can 
you share with Seaside developers? :)

> > > 2) What is the actual way for "session expiration/login page"? There is
> > few tutorials and books on the inet - but info about session expiration is
> > obsolete :( Methods from tutorials not exists in Seaside 3.2.0.
> > > Some trick with WAApplication subclass is actual?
> >
> > I’m not sure what the question is. Do you want to redirect users to a page
> > whenever the session is expired?
> >
> > cheers
> > Johan
> >
> -- 
> Mariano
> http://marianopeck.wordpress.com

Re: [Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[Petr Fischer]

> > Hello, two questions about Seaside sessions:
> > 
> > 1) URL sharing between different users - what if "boss" shares URL from his 
> > browser and send it to another regular user - of course, easy way, whole 
> > URL with session (_s=) - when another/regular user opens that link -> 
> > whole "boss" session opens in regular user's browser, with all "boss" 
> > permissions, UI state etc etc - very bad, is there any solution for this? 
> > Rewrite every (!) URL with updateURL: is not solution :(
> 
> If this is a concern, you can use a cookie for session tracking, but that 
> means you cannot have multiple Seaside sessions running in the same browser 
> at the same time.
> 
> There are probably other ways, but I think the solution is not to rely on a 
> session key for authentication.
> Here’s a strategy:
> Keep the Seaside session key in the url for session tracking but use an 
> authorization cookie for authorization. Put that cookie when the user logs in 
> and check its presence when requests come in for a session.
> I think that using a filter for that is a good choice.
> 
> Whenever another user copy/pastes the url, he cannot ‘hijack’ the session 
> because he lacks the correct authentication cookie.

This sounds reasonable. Thanks.

> 
> > 2) What is the actual way for "session expiration/login page"? There is few 
> > tutorials and books on the inet - but info about session expiration is 
> > obsolete :( Methods from tutorials not exists in Seaside 3.2.0.
> > Some trick with WAApplication subclass is actual?
> 
> I’m not sure what the question is. Do you want to redirect users to a page 
> whenever the session is expired?

Yes, just ordinary redirect to login page, with proper expiration notice (when 
session is expired). 

Another question is, how to handle session expiration inside AJAX call (also 
with proper redirect to login page with expiration notice) - this is harder - 
there is some solutions, like "ping" from web browser to Seaside server, so the 
session never expires, but this is in conflict with my/common needs (I want 
session timeout with auto logouts).
 
> cheers
> Johan

Re: [Pharo-users] Pharo not running with macOS Sierra

[JupiterJones]

Starting from the cmdline I get the following output - which I guess is
correct since none of the listed PlugIns are in that path :) But they
weren't in the path before the update either.

I had no lock with the linked VM either - same result as you.

./pharo-ui Pharo.image 
2016-09-22 09:22:05.231 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/LocalePlugin'
2016-09-22 09:22:05.232 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/LargeIntegers'
2016-09-22 09:22:05.232 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/LargeIntegers'
2016-09-22 09:22:05.233 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/LargeIntegers'
2016-09-22 09:22:05.434 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/UUIDPlugin'
2016-09-22 09:22:05.434 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/MiscPrimitivePlugin'
2016-09-22 09:22:05.435 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/MiscPrimitivePlugin'
2016-09-22 09:22:05.435 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/MiscPrimitivePlugin'
2016-09-22 09:22:05.435 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/FilePlugin'
2016-09-22 09:22:05.436 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/LargeIntegers'
2016-09-22 09:22:05.436 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/LargeIntegers'
2016-09-22 09:22:05.437 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/LargeIntegers'
2016-09-22 09:22:05.437 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/LargeIntegers'
2016-09-22 09:22:05.446 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/MiscPrimitivePlugin'
2016-09-22 09:22:05.447 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/MiscPrimitivePlugin'
2016-09-22 09:22:05.448 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/MiscPrimitivePlugin'
2016-09-22 09:22:05.449 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/FilePlugin'
2016-09-22 09:22:05.759 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/SqueakFFIPrims'
2016-09-22 09:22:05.759 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path
'/opt/pharo5/sep2016dev/pharo-vm/Pharo.app/Contents/MacOS/Plugins/SqueakFFIPrims'
2016-09-22 09:22:05.760 Pharo[48644:843238] *** -[NSPathStore2
stringByAppendingPathExtension:]: cannot append extension
'bundle/Contents/MacOS/' to path

Re: [Pharo-users] GLMPanePort hold instances of my classes?

[Bernardo Ezequiel Contreras]

sorry, no, i can't reproduce it.

thanks

On Wed, Sep 21, 2016 at 4:22 PM, Tudor Girba  wrote:

> Hi,
>
> No, this was not at all a stupid question. It might be that we have a
> memory leak.
>
> Could you reproduce the problem?
>
> Cheers,
> Doru
>
> > On Sep 21, 2016, at 4:34 PM, Bernardo Ezequiel Contreras <
> vonbecm...@gmail.com> wrote:
> >
> > everything was closed, i was using the simple workspace. but anyways
> there were references.
> >
> > it was a stupid question, i solved it starting from a fresh image.
> >
> > thanks
> >
> > On Wed, Sep 21, 2016 at 1:16 AM, Tudor Girba 
> wrote:
> > Hi,
> >
> > You should close the respective Glamour browser. Could it be that you
> have an opened inspector? If so, try closing it and see what happens.
> >
> > Doru
> >
> >
> > > On Sep 21, 2016, at 3:28 AM, Bernardo Ezequiel Contreras <
> vonbecm...@gmail.com> wrote:
> > >
> > > Hi,
> > >   is there a way to tell to GLMPanePort to release my stupid objects
> and classes?
> > > because i want to change a class and i can't. there's another bug when
> migrating
> > > instances (not easy to reproduce). so im trying to release all the
> references.
> > > is it possible??
> > >
> > > thanks.
> > >
> > > example:
> > > Port (pane=#evaluator name=#entity value=([A = A, A·. @ [45, 127]]))
> > > Port (pane='root' name=#selection value=([A = A, A·. @ [45, 127]]))
> > > JEPackedNode(ProtoObject)>>gtInspectorActionBrowse
> > > [ :aPresentation | each gtInspectorActions asOrderedCollection ]
> > > etc.
> > >
> > >
> > > Image
> > > -
> > > Pharo5.0
> > > Latest update: #50761
> > > Unnamed
> > >
> > > Virtual Machine
> > > ---
> > > CoInterpreter VMMaker.oscog-HolgerHansPeterFreyther.1880 uuid:
> 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > > StackToRegisterMappingCogit VMMaker.oscog-HolgerHansPeterFreyther.1880
> uuid: 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > > https://github.com/pharo-project/pharo-vm.git Commit:
> 3daf6cb181c8332cf6993b07430e0d5f0886fda9 Date: 2016-07-16 18:01:23 +0200
> By: GitHub  Jenkins build #597
> > >
> > > Unix built on Jul 18 2016 16:36:31 Compiler: 4.6.3
> > > VMMaker versionString https://github.com/pharo-project/pharo-vm.git
> Commit: 3daf6cb181c8332cf6993b07430e0d5f0886fda9 Date: 2016-07-16
> 18:01:23 +0200 By: GitHub  Jenkins build #597
> > > CoInterpreter VMMaker.oscog-HolgerHansPeterFreyther.1880 uuid:
> 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > > StackToRegisterMappingCogit VMMaker.oscog-HolgerHansPeterFreyther.1880
> uuid: 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > >
> > >
> > >
> > > --
> > > Bernardo E.C.
> > >
> > > Sent from a cheap desktop computer in South America.
> >
> > --
> > www.tudorgirba.com
> > www.feenk.com
> >
> > "Every thing has its own flow."
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > Bernardo E.C.
> >
> > Sent from a cheap desktop computer in South America.
>
> --
> www.tudorgirba.com
> www.feenk.com
>
> “The smaller and more pervasive the hardware becomes, the more physical
> the software gets."
>
>
>


-- 
Bernardo E.C.

Sent from a cheap desktop computer in South America.

Re: [Pharo-users] GLMPanePort hold instances of my classes?

[Tudor Girba]

Hi,

No, this was not at all a stupid question. It might be that we have a memory 
leak.

Could you reproduce the problem?

Cheers,
Doru

> On Sep 21, 2016, at 4:34 PM, Bernardo Ezequiel Contreras 
>  wrote:
> 
> everything was closed, i was using the simple workspace. but anyways there 
> were references. 
> 
> it was a stupid question, i solved it starting from a fresh image.
> 
> thanks
> 
> On Wed, Sep 21, 2016 at 1:16 AM, Tudor Girba  wrote:
> Hi,
> 
> You should close the respective Glamour browser. Could it be that you have an 
> opened inspector? If so, try closing it and see what happens.
> 
> Doru
> 
> 
> > On Sep 21, 2016, at 3:28 AM, Bernardo Ezequiel Contreras 
> >  wrote:
> >
> > Hi,
> >   is there a way to tell to GLMPanePort to release my stupid objects and 
> > classes?
> > because i want to change a class and i can't. there's another bug when 
> > migrating
> > instances (not easy to reproduce). so im trying to release all the 
> > references.
> > is it possible??
> >
> > thanks.
> >
> > example:
> > Port (pane=#evaluator name=#entity value=([A = A, A·. @ [45, 127]]))
> > Port (pane='root' name=#selection value=([A = A, A·. @ [45, 127]]))
> > JEPackedNode(ProtoObject)>>gtInspectorActionBrowse
> > [ :aPresentation | each gtInspectorActions asOrderedCollection ]
> > etc.
> >
> >
> > Image
> > -
> > Pharo5.0
> > Latest update: #50761
> > Unnamed
> >
> > Virtual Machine
> > ---
> > CoInterpreter VMMaker.oscog-HolgerHansPeterFreyther.1880 uuid: 
> > 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > StackToRegisterMappingCogit VMMaker.oscog-HolgerHansPeterFreyther.1880 
> > uuid: 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > https://github.com/pharo-project/pharo-vm.git Commit: 
> > 3daf6cb181c8332cf6993b07430e0d5f0886fda9 Date: 2016-07-16 18:01:23 +0200 
> > By: GitHub  Jenkins build #597
> >
> > Unix built on Jul 18 2016 16:36:31 Compiler: 4.6.3
> > VMMaker versionString https://github.com/pharo-project/pharo-vm.git Commit: 
> > 3daf6cb181c8332cf6993b07430e0d5f0886fda9 Date: 2016-07-16 18:01:23 +0200 
> > By: GitHub  Jenkins build #597
> > CoInterpreter VMMaker.oscog-HolgerHansPeterFreyther.1880 uuid: 
> > 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > StackToRegisterMappingCogit VMMaker.oscog-HolgerHansPeterFreyther.1880 
> > uuid: 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> >
> >
> >
> > --
> > Bernardo E.C.
> >
> > Sent from a cheap desktop computer in South America.
> 
> --
> www.tudorgirba.com
> www.feenk.com
> 
> "Every thing has its own flow."
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> Bernardo E.C.
> 
> Sent from a cheap desktop computer in South America.

--
www.tudorgirba.com
www.feenk.com

“The smaller and more pervasive the hardware becomes, the more physical the 
software gets."

Re: [Pharo-users] Pharo not running with macOS Sierra

[vivus-ignis]

Martin, 

which image were you using? The "unofficial" VM from the link presents a
dialog to open a file and once I select an image, it just disappears and
nothing happens after that.



--
View this message in context: 
http://forum.world.st/Pharo-not-running-with-macOS-Sierra-tp4916468p4916529.html
Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.

Re: [Pharo-users] doesNotUnderstand: infinit loop

[Hilaire]

Hi Guille,

I was wondering if I could have kill manually this process, but the
process browser does not let you do that mistake.

Thanks for the tip.

Hilaire

Le 21/09/2016 à 12:11, Guille Polito a écrit :
> Hi Hilaire, all,
> 
> I started digging this morning on this issue, and I see why we can have
> such problems.
> 
> Apparently, there is some strange case that produces a bug in UIManager.
> To explain it with code, the UIManager should satisfy allways the
> following invariant.
> 
> "If executed from a workspace/playground. i.e., the UI process itself:"
> UIManager default uiProcess == Processor activeProcess. => true
> 
> Somehow, in the image you provided me, it is not the case.
> 
> I'm still taking a look at what would cause this. And I also think we
> still have this bug in pharo 6 (and thus pharo 5) because I found it
> lately very often.
> 
> In the meantime, if you find that your image is causing you these
> problems, you can workaround it by executing:
> 
> UIManager default spawnNewProcess.
> 
> Once you do that, the ui process should come back to a correct state and
> the debugger should behave as expected.
> 
> Guille

-- 
Dr. Geo
http://drgeo.eu

Re: [Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[jtuc...@objektfabrik.de]

Mariano,

this would be a perfect article for your blog (hint, hint) and I'd be 
one of the first and excited readers. I must admit I sometimes am 
frightened by all the filters and whatnot that I could be using for 
certain tasks. I always feel like I miss half of what the power of 
Seaside is because there is no documentation or tutorias on all that 
stuff (or are there)


So it would be great if you could not only share your code but also 
explain it a little bit, for dummies like me...


Joachim

Re: [Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[Mariano Martinez Peck]

On Wed, Sep 21, 2016 at 11:50 AM, Johan Brichau  wrote:

>
> > On 21 Sep 2016, at 12:31, Petr Fischer  wrote:
> >
> > Hello, two questions about Seaside sessions:
> >
> > 1) URL sharing between different users - what if "boss" shares URL from
> his browser and send it to another regular user - of course, easy way,
> whole URL with session (_s=) - when another/regular user opens that
> link -> whole "boss" session opens in regular user's browser, with all
> "boss" permissions, UI state etc etc - very bad, is there any solution for
> this? Rewrite every (!) URL with updateURL: is not solution :(
>
> If this is a concern, you can use a cookie for session tracking, but that
> means you cannot have multiple Seaside sessions running in the same browser
> at the same time.
>
> There are probably other ways, but I think the solution is not to rely on
> a session key for authentication.
> Here’s a strategy:
> Keep the Seaside session key in the url for session tracking but use an
> authorization cookie for authorization. Put that cookie when the user logs
> in and check its presence when requests come in for a session.
> I think that using a filter for that is a good choice.
>
> Whenever another user copy/pastes the url, he cannot ‘hijack’ the session
> because he lacks the correct authentication cookie.
>
>
That's exactly what I did in my case. And the way to implement that was
with a custom session tracker that dealt with the cookie plus a filter for
the checking and kickout.

I can share this if someone wants it (I think I already shared it before)



> > 2) What is the actual way for "session expiration/login page"? There is
> few tutorials and books on the inet - but info about session expiration is
> obsolete :( Methods from tutorials not exists in Seaside 3.2.0.
> > Some trick with WAApplication subclass is actual?
>
> I’m not sure what the question is. Do you want to redirect users to a page
> whenever the session is expired?
>
> cheers
> Johan
>



-- 
Mariano
http://marianopeck.wordpress.com

Re: [Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[Johan Brichau]

> On 21 Sep 2016, at 12:31, Petr Fischer  wrote:
> 
> Hello, two questions about Seaside sessions:
> 
> 1) URL sharing between different users - what if "boss" shares URL from his 
> browser and send it to another regular user - of course, easy way, whole URL 
> with session (_s=) - when another/regular user opens that link -> whole 
> "boss" session opens in regular user's browser, with all "boss" permissions, 
> UI state etc etc - very bad, is there any solution for this? Rewrite every 
> (!) URL with updateURL: is not solution :(

If this is a concern, you can use a cookie for session tracking, but that means 
you cannot have multiple Seaside sessions running in the same browser at the 
same time.

There are probably other ways, but I think the solution is not to rely on a 
session key for authentication.
Here’s a strategy:
Keep the Seaside session key in the url for session tracking but use an 
authorization cookie for authorization. Put that cookie when the user logs in 
and check its presence when requests come in for a session.
I think that using a filter for that is a good choice.

Whenever another user copy/pastes the url, he cannot ‘hijack’ the session 
because he lacks the correct authentication cookie.

> 2) What is the actual way for "session expiration/login page"? There is few 
> tutorials and books on the inet - but info about session expiration is 
> obsolete :( Methods from tutorials not exists in Seaside 3.2.0.
> Some trick with WAApplication subclass is actual?

I’m not sure what the question is. Do you want to redirect users to a page 
whenever the session is expired?

cheers
Johan

Re: [Pharo-users] GLMPanePort hold instances of my classes?

[Bernardo Ezequiel Contreras]

everything was closed, i was using the simple workspace. but anyways there
were references.

it was a stupid question, i solved it starting from a fresh image.

thanks

On Wed, Sep 21, 2016 at 1:16 AM, Tudor Girba  wrote:

> Hi,
>
> You should close the respective Glamour browser. Could it be that you have
> an opened inspector? If so, try closing it and see what happens.
>
> Doru
>
>
> > On Sep 21, 2016, at 3:28 AM, Bernardo Ezequiel Contreras <
> vonbecm...@gmail.com> wrote:
> >
> > Hi,
> >   is there a way to tell to GLMPanePort to release my stupid objects and
> classes?
> > because i want to change a class and i can't. there's another bug when
> migrating
> > instances (not easy to reproduce). so im trying to release all the
> references.
> > is it possible??
> >
> > thanks.
> >
> > example:
> > Port (pane=#evaluator name=#entity value=([A = A, A·. @ [45, 127]]))
> > Port (pane='root' name=#selection value=([A = A, A·. @ [45, 127]]))
> > JEPackedNode(ProtoObject)>>gtInspectorActionBrowse
> > [ :aPresentation | each gtInspectorActions asOrderedCollection ]
> > etc.
> >
> >
> > Image
> > -
> > Pharo5.0
> > Latest update: #50761
> > Unnamed
> >
> > Virtual Machine
> > ---
> > CoInterpreter VMMaker.oscog-HolgerHansPeterFreyther.1880 uuid:
> 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > StackToRegisterMappingCogit VMMaker.oscog-HolgerHansPeterFreyther.1880
> uuid: 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > https://github.com/pharo-project/pharo-vm.git Commit:
> 3daf6cb181c8332cf6993b07430e0d5f0886fda9 Date: 2016-07-16 18:01:23 +0200
> By: GitHub  Jenkins build #597
> >
> > Unix built on Jul 18 2016 16:36:31 Compiler: 4.6.3
> > VMMaker versionString https://github.com/pharo-project/pharo-vm.git
> Commit: 3daf6cb181c8332cf6993b07430e0d5f0886fda9 Date: 2016-07-16
> 18:01:23 +0200 By: GitHub  Jenkins build #597
> > CoInterpreter VMMaker.oscog-HolgerHansPeterFreyther.1880 uuid:
> 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> > StackToRegisterMappingCogit VMMaker.oscog-HolgerHansPeterFreyther.1880
> uuid: 16138eb3-2390-40f5-a6c8-15f0494936f8 Jul 18 2016
> >
> >
> >
> > --
> > Bernardo E.C.
> >
> > Sent from a cheap desktop computer in South America.
>
> --
> www.tudorgirba.com
> www.feenk.com
>
> "Every thing has its own flow."
>
>
>
>
>
>
>


-- 
Bernardo E.C.

Sent from a cheap desktop computer in South America.

Re: [Pharo-users] Get implementors list window from Spotter

[Johan Fabry]

> On Sep 21, 2016, at 01:14, Tudor Girba  wrote:
> 
>> Speaking for myself, I honestly would not think about clicking on the ? icon 
>> to expect these kinds of instructions. I cannot say exactly why, I only have 
>> a feeling that the ? does not transmit to me that there are ‘power user’ 
>> tips, and I expect a ? icon to just tell me basic things. 
> 
> Thanks for the feedback. Still, my question remains: is the help explanatory 
> enough or do we need to improve it?

After reading through everything, I think it’s actually too long. There is too 
much information and it is structured as a story. You could read all of this 
once (although I think many people will give up after a few pages), but there 
is no way to remember all of this information.

My suggestion is to add something like a quick reference card (remember those?) 
for Spotter. For example like 
http://marc-abramowitz.com/archives/2006/04/10/emacs-22-reference-card/ This 
has to be manually curated, something like the ‘Extensions installed in the 
image’ is not right because again it’s too much info and not ordered in 
sequence of importance. Then add a button to the UI so that this can be shown 
when needed.

--
Does this mail seem too brief? Sorry for that, I don’t mean to be rude! Please 
see http://emailcharter.org .

Johan Fabry   -   http://pleiad.cl/~jfabry
PLEIAD and RyCh labs  -  Computer Science Department (DCC)  -  University of 
Chile

Re: [Pharo-users] Using a Unix filedescriptor in a FileStream?

[Mariano Martinez Peck]

On Wed, Sep 21, 2016 at 3:55 AM, Holger Freyther  wrote:

>
> > On 20 Sep 2016, at 20:38, Mariano Martinez Peck 
> wrote:
> >
> > Hi Holger,
>
>
> Good Morning,
>
> thank you for your reply.
>
>
Good morning.


> > | reader |
> > reader := OSSAttachableFileStream name:'myStream' attachTo: aFileID
> writable: false.
> > reader setNonBlocking "optional"
>
> the only issue is that i have a "int fd" and not a SQFile. In
> >>#name:attachToCFile:writable: you create a SQFile* out of a FILE*
> (OSSCFile) but judging the comment it doesn't work.



Thanks! That was the method I was trying to remember and I was failing!
hahahaha.



> The 32/64 bit issue can be solved by using FFIExternalStructure to model
> SQFile but the question if the VM was built with large file support on
> GNU/Linux is a tricky one.
>
>
Yes exactly. The basic scenario was working, but having it working in all
the different flavors of OS and VMs was tricky as the comment says. My
conclusion in this case was that it's not worth trying to do this from
image side via UFFI and that instead we should have a VM primitive.



> So maybe we create another primitive to convert a FILE* to a SQFile* (and
> have it manage the lifetime of that memory?)? And maybe another primitive
> to do the same for a Socket?
>
>
Exactly. I have been wanting this a couple of times while doing
OSSubprocess.


>
> > I still didn't understand why do you mean with a). What do you mean by
> "monitor it from being readable" ?
>
> Imagine you want to exit the image in case the file /exit changes. You
> will charge inotify to watch this filepath and if the fd becomes readable
> you already know the answer, you don't have to read the event. But true if
> I have a Socket or FileStream I can do blocking read on it as well.
>

OK, now I understand. But if you do blocking read, wouldn't be locking the
rest of the image by that read?  Of course, you can do busy waiting with
none blocking reads but for that, inotify may be more performant?


>
>
> > I think you could dig a bit in OSSPipe, OSSAttachableFileStream and
> their usage. All classes have class comments, all methods are also
> documented, and there is quite some documentation in [1].
>
> Will look again but I didn't see anything obvious. E.g. primCreatePipe
> seems to already return two SQFile* ("fileId")?
>
>
Yes, exactly. I remember now. And as I said, I also wanted to be able to
work at fd or FILE* level and I failed.

Cheers,


-- 
Mariano
http://marianopeck.wordpress.com

Re: [Pharo-users] Pharo not running with macOS Sierra

[MartinW]

Thank you, Henrik.

This VM first shows a black window too, but it comes alive, once you click
one time into the window.

Best regards,
Martin.


Henrik Sperre Johansen wrote
>> i just updated to macOS Sierra, and Pharo now starts with an empty black
>> window and 100% CPU load and stays like this forever.
> 
> It's not an "official" official release, but the following link to a new
> VM build was posted on Slack yesterday; two user have reported it working
> ("briefly" and "for several hours" respectively) on Sierra so far:
> https://bintray.com/estebanlm/pharo-vm/build/201609201407#files
> https://bintray.com/estebanlm/pharo-vm/build/201609201407#files;





--
View this message in context: 
http://forum.world.st/Pharo-not-running-with-macOS-Sierra-tp4916468p4916474.html
Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.

Re: [Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[Mariano Martinez Peck]

On Wed, Sep 21, 2016 at 7:31 AM, Petr Fischer  wrote:

> Hello, two questions about Seaside sessions:
>
> 1) URL sharing between different users - what if "boss" shares URL from
> his browser and send it to another regular user - of course, easy way,
> whole URL with session (_s=) - when another/regular user opens that
> link -> whole "boss" session opens in regular user's browser, with all
> "boss" permissions, UI state etc etc - very bad, is there any solution for
> this? Rewrite every (!) URL with updateURL: is not solution :(
>
>
Probably it's not what you need, but in my case I wanted to forbid (show an
error) what you call "URL sharing" because of security issues. Anyway, if
you want this, let me know and I show you how I did it.



> 2) What is the actual way for "session expiration/login page"? There is
> few tutorials and books on the inet - but info about session expiration is
> obsolete :( Methods from tutorials not exists in Seaside 3.2.0.
> Some trick with WAApplication subclass is actual?
>
> Thanks very much! pf
>
>


-- 
Mariano
http://marianopeck.wordpress.com

Re: [Pharo-users] Pharo not running with macOS Sierra

[Henrik Johansen]

> On 21 Sep 2016, at 2:07 , MartinW  wrote:
> 
> Hello,
> 
> i just updated to macOS Sierra, and Pharo now starts with an empty black
> window and 100% CPU load and stays like this forever.
> Any ideas?
> 
> Best regards,
> Martin.

It's not an "official" official release, but the following link to a new VM 
build was posted on Slack yesterday; two user have reported it working 
("briefly" and "for several hours" respectively) on Sierra so far:
https://bintray.com/estebanlm/pharo-vm/build/201609201407#files 


Cheers,
Henry


signature.asc
Description: Message signed with OpenPGP using GPGMail

[Pharo-users] Pharo not running with macOS Sierra

[MartinW]

Hello,

i just updated to macOS Sierra, and Pharo now starts with an empty black
window and 100% CPU load and stays like this forever.
Any ideas?

Best regards,
Martin.



--
View this message in context: 
http://forum.world.st/Pharo-not-running-with-macOS-Sierra-tp4916468.html
Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.

Re: [Pharo-users] doesNotUnderstand: infinit loop

[Denis Kudriashov]

2016-09-21 12:11 GMT+02:00 Guille Polito :

>
> I'm still taking a look at what would cause this. And I also think we
> still have this bug in pharo 6 (and thus pharo 5) because I found it lately
> very often.
>
> In the meantime, if you find that your image is causing you these
> problems, you can workaround it by executing:
>
> UIManager default spawnNewProcess.


But be careful. It could lead to multiple UI processes which will cause
strange things on screen.

Re: [Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[Esteban A. Maringolo]

1) If you share the url with the _s parameter, then you can continue
that session in other browser/machine.

This is so because by the default the application uses
WAQueryFieldHandlerTrackingStrategy as the #trackingStrategy config.
But you can override it and use any of the WAHandlerTrackingStrategy
concrete subclasses, to make it cookie based or IP based.

2) There is no special trick regarding the session, but it is true
there is no default "authentication/login" component ready to be used.
All sessions have an instance of WASession, preferably one subclass of
your own, which you must "login" or "logout" based on your own
criteria. You can modify the expiration time as well as completely
remove it explicitly by sending #unregister to the session object,
usually as part of a "logout" or "signout" method of your own.

I hope this helps.

Regards,
Esteban A. Maringolo


2016-09-21 7:31 GMT-03:00 Petr Fischer :
> Hello, two questions about Seaside sessions:
>
> 1) URL sharing between different users - what if "boss" shares URL from his 
> browser and send it to another regular user - of course, easy way, whole URL 
> with session (_s=) - when another/regular user opens that link -> whole 
> "boss" session opens in regular user's browser, with all "boss" permissions, 
> UI state etc etc - very bad, is there any solution for this? Rewrite every 
> (!) URL with updateURL: is not solution :(
>
> 2) What is the actual way for "session expiration/login page"? There is few 
> tutorials and books on the inet - but info about session expiration is 
> obsolete :( Methods from tutorials not exists in Seaside 3.2.0.
> Some trick with WAApplication subclass is actual?
>
> Thanks very much! pf
>

[Pharo-users] Sharing Seaside URLs between users (security) + what is actual way for session expiration page

[Petr Fischer]

Hello, two questions about Seaside sessions:

1) URL sharing between different users - what if "boss" shares URL from his 
browser and send it to another regular user - of course, easy way, whole URL 
with session (_s=) - when another/regular user opens that link -> whole 
"boss" session opens in regular user's browser, with all "boss" permissions, UI 
state etc etc - very bad, is there any solution for this? Rewrite every (!) URL 
with updateURL: is not solution :(

2) What is the actual way for "session expiration/login page"? There is few 
tutorials and books on the inet - but info about session expiration is obsolete 
:( Methods from tutorials not exists in Seaside 3.2.0.
Some trick with WAApplication subclass is actual?

Thanks very much! pf

Re: [Pharo-users] doesNotUnderstand: infinit loop

[Guille Polito]

Hi Hilaire, all,

I started digging this morning on this issue, and I see why we can have 
such problems.


Apparently, there is some strange case that produces a bug in UIManager. 
To explain it with code, the UIManager should satisfy allways the 
following invariant.


"If executed from a workspace/playground. i.e., the UI process itself:"
UIManager default uiProcess == Processor activeProcess. => true

Somehow, in the image you provided me, it is not the case.

I'm still taking a look at what would cause this. And I also think we 
still have this bug in pharo 6 (and thus pharo 5) because I found it 
lately very often.


In the meantime, if you find that your image is causing you these 
problems, you can workaround it by executing:


UIManager default spawnNewProcess.

Once you do that, the ui process should come back to a correct state and 
the debugger should behave as expected.


Guille

 Original Message 

Guille,

Can you send me your email at hilaire [at] drgeo.eu, I can't have it
through the Gmane news forum.

Hilaire

Le 19/09/2016 à 10:21, Guille Polito a écrit :

Hillaire, if you have an image with the problem, can you forward it to
me? I'm looking forward to kill this bug with my axe.

Re: [Pharo-users] Using a Unix filedescriptor in a FileStream?

[Holger Freyther]

> On 20 Sep 2016, at 20:38, Mariano Martinez Peck  wrote:
> 
> Hi Holger,


Good Morning,

thank you for your reply.

> | reader |
> reader := OSSAttachableFileStream name:'myStream' attachTo: aFileID writable: 
> false.
> reader setNonBlocking "optional"

the only issue is that i have a "int fd" and not a SQFile. In 
>>#name:attachToCFile:writable: you create a SQFile* out of a FILE* (OSSCFile) 
but judging the comment it doesn't work. The 32/64 bit issue can be solved by 
using FFIExternalStructure to model SQFile but the question if the VM was built 
with large file support on GNU/Linux is a tricky one.

So maybe we create another primitive to convert a FILE* to a SQFile* (and have 
it manage the lifetime of that memory?)? And maybe another primitive to do the 
same for a Socket?


> I still didn't understand why do you mean with a). What do you mean by 
> "monitor it from being readable" ?

Imagine you want to exit the image in case the file /exit changes. You will 
charge inotify to watch this filepath and if the fd becomes readable you 
already know the answer, you don't have to read the event. But true if I have a 
Socket or FileStream I can do blocking read on it as well.


> I think you could dig a bit in OSSPipe, OSSAttachableFileStream and their 
> usage. All classes have class comments, all methods are also documented, and 
> there is quite some documentation in [1]. 

Will look again but I didn't see anything obvious. E.g. primCreatePipe seems to 
already return two SQFile* ("fileId")?

cheers
holger

[Pharo-users] Synectique is recruiting

[stepharo]

Synectique provides comprehensive and sophisticated analysis tools to
improve the quality of software, reduce maintenance costs, and thus enable
easier software evolution.

The company was created in 2013 and already got some renowned customers.
To sustain our growth we are looking for a full-time Smalltalk (Pharo)
developer with some additional non Smalltalk skills.
2+ years OO programming experience or equivalent, with strong skills in OO
design, front-end JavaScript and back-end Seaside/Pharo.

The ideal candidate should be comfortable with meta-model approaches,
client-side web technologies (HTML, CSS, JavaScript), be familiar with
code parsing and master different languages (Java, C++, C#, ADA,
Smalltalk).


The job is based in Lille, which is centrally located with good 
connections by train to everywhere (one hour from Paris, 1h20 from 
London, 35 min from Brussels).


Duration: Permanent (CDI)
Starting date: September 2016
Salary: depending on skill set/experience
Ready to travel if needed.

Additional Skills:
Object-oriented design/programming
Agile Methodologies
Fluent in French and/or English
Please send your applications to philippe.vale...@synectique.eu.