Using Seaside with SqueakSSL on Windows

This is an update to a previous post on using SqueakSSL with Seaside but with specific instructions for Windows.

Note: If you are a long-time user of SqueakSSL, you will want to update both the SqueakSSL packages as well as download the latest plugin since there have been a few changes done for this article.

Using Seaside with SqueakSSL on Windows is not much different from using it on Linux. The biggest difference is in handling certificates which is poorly documented by Microsoft and often a guessing game. So before we begin with the actual content we need a brief introduction to working with certificates on Windows:

1. Creating Certificates
Windows uses (mostly) .pfx files for storing certificates. Your CA (if you bought a certificate) might be able to give you one right away but often you will end up with a .cert or .pem file and have to convert those. Fortunately, this can be done using the OpenSSL toolchain. For example, when converting mycert.cert and mycert.pem into mycert.pfx run openssl as follows:

openssl pkcs12 -inkey mycert.pem -in mycert.cert -export -out mycert.pfx

Voila, there is your .pfx file. And if you have any other certificates that you need to convert, spend some time with the openssl documentation. It’s worth it.

2. Importing Certificates
On your windows box, make sure you’re logged in as the user you want to run Seaside under. Next, open the explorer and navigate to the .pfx file you want to import. You should make sure that the icon for the file includes a little key in it – what that means is that the certificate includes a private key which is required for the use by SqueakSSL. If the certificate has no private key it will not work.

Double-click on the file to import it into the certificate store. This will open the Certificate Import Wizard. Go through the Wizard (all the defaults should be okay) and the import should complete successfully.

3. Finding Certificates
Once imported you will want to check that the certificate is in the proper location. Unfortunately, Microsoft makes finding certificates amazingly difficult. First, run the “mmc” command (i.e., go to the start menu, type “mmc” into the run command box, and hit enter to launch it). Inside MMC, go to “File”, “Add/Remove Snap-in…”, select “Certificates” from the left list, and hit the “Add” button. Choose “My user Account” when asked for the account from which to view certificates, and then hit “Finish”, and “OK”. Inside MMC, you will now see the certificates. Open the tree, and select the certificates under “Personal”. You should be able to see your imported certificate like here:

Certificates in MMC

Note that you can import certificates from here as well. But more importantly, you can right-click on the certificate, select “Properties” from the context menu and edit the “Friendly Name” for the certificate. This is important since the friendly name is what will be used by SqueakSSL to select the proper certificate.

4. Using the Certificate
Once you have installed the certificate, you can follow the instructions from the previous post with the following adjustments:

1. Download and Launching Squeak:
   Launch Squeak.exe instead of squeak.sh
2. Download and install SqueakSSL:
   Put the file SqueakSSL.dll from the binary download next to Squeak.exe
3. Install SqueakSSL and WebClient:
   No changes here.
4. Setting up Seaside:
   Instead of the path to the .pem file use the “Friendly Name” of the certificate
5. Trying it all out:
   No changes here

Once everything is done, you’ll have Seaside running with SqueakSSL on Windows.

Seaside with SqueakSSL on Windows

Advertisement

Automated Testing in Seaside using WebClient

A nice use of WebClient for some automated testing of forms in Seaside:

http://www.tonyfleig.com/smallthoughts/blog/seasideautomatedtesting

Teleplace and Agile

Happy 2011 everyone! I thought I’d start this year by sharing a great article Ron wrote about Teleplace and Agile:

http://support.teleplace.com/entries/382651-agile-development-in-teleplace

That’s the kind of stuff people do with and in Teleplace.

WebClient with NTLM and SPNEGO authentication

A post on the Squeak mailing list made me reevaluate how difficult it would be to add NTLM and SPNEGO support to WebClient. Since I had done this at work before (via a plugin interface to support both Windows and Mac transparently) I figured it would be straightforward to implement it using the Squeak FFI interface. And indeed it is. The code is pretty small and a reasonable example on how to use the FFI to access the Microsoft SSP interface.

To try out NTLM authentication in WebClient, you first need to install the FFI (the latest version since I’m using a feature I only just added):

(Installer repository: 'http://source.squeak.org/FFI')
    install: 'FFI-Pools';
    install: 'FFI-Kernel';
    install: 'FFI-Tests'. 

Once the FFI is installed, load the WebClient-SSP package:

(Installer repository: 'http://squeaksource.com/WebClient')
    install: 'WebClient-SSP'. 

The WebClient-SSP package includes class WebClientSSP which provides support for NTLM and SPNEGO. You can use it with explicit authentication like here:

(WebClientSSP new)
	username: 'DOMAIN\username';
	password: 'password';
	httpGet: 'http://your.domain.com/'.

or you can fire off WebClientSSP without credentials and let it use SSO or ask you for credentials.

Coopetition in Squeak

An excellent article by Hannes Hirzel. Quoted with permission.

I would like to comment on the trigger word “competition” which Pavel has brought up in connection with Squeak / Etoys / Pharo and Cuis. Andreas is advocating a discussion which actually promotes the work and I support this.

1) There is competition – sure – but as a whole it is just a sign of a healthy eco-system to have Squeak / Etoys / Scratch / Pharo and Cuis around. I have written this earlier this year when we were asked to fill in a questionnaire. In fact as a user of a Squeak based Smalltalk “distribution” or “fork” I am happy that there are alternatives. The use of these alternatives may vary though.

2) It is probably more precise to speak of coopetition.

Coopetition or Co-opetition (sometimes spelled “coopertition” or “co-opertition”) is a neologism coined to describe cooperative competition. Coopetition occurs when companies work together for parts of their business where they do not believe they have competitive advantage and where they believe they can share common costs.

Or maybe we should speak of a ‘distributed’ development approach or just having different distributions which share ideas / concepts / strategies / code snippets and packages. This is reuse on all levels (analysis, design, implementation, package, methods). A recent example is the WebClient and the release announcment of Pharo 1.1 for example states (http://www.pharo-project.org/pharo-download/release-1-1).

StandardFilestream now performs read-buffering, dramatically speeding up some operations like “Object compileAll” (2x improvement) as well as various other operations (scanning change lists etc). This change was taken from Squeak.

and further down

A new general cleanup protocol has been added. The cleanUp protocol takes an optional argument to indicate whether we’re doing an aggressive cleanup (which involves deleting projects, change sets, and possibly other destructive actions) or a more gentle cleanup that’s only supposed to clean out transient caches. This change was taken from Squeak.

3) Squeak, Etoys, Pharo, Scratch and Cuis have different “missions” so to say. Or we could say “different customer groups”.

As a reminder for the goals of Squeak I would like to mention the article “Personal Dynamic Media” written in 1977 which is to be found on http://www.scribd.com/doc/454106/Personal-Dynamic-Media. It is amazing what was there at that time.

The problem in the past was that Squeak development did not scale in terms of developers working together and going for forks was the only reasonable thing to do at that time. But this does not mean that new approaches are not feasible. Scratch so to say was ‘silent’ fork. And at the same time a very successful one. It did not create much noise on this list. Maybe we should call it an application. In the area of Squeak these borders are blurred (intentionally) and this might be part of the causes for these kinds of discussions.

4) Going for a minimal kernel with loadable packages maintained by various people is actually meant to stimulate “competition”. People will be encouraged to take the minimal kernel and load all kinds of things on it and distribute the result and create communities around it.

5) For this to work the kernel has to be minimal in a sense that it can be managed by a small team. This is the aspect Cuis strongly promotes and we want to adapt for Squeak. Actually this is not new at all. It has been a long standing goal. But for many reasons about which we have pondered many times it had not been achieved so far. Juan has given the real-life proof that it is possible to maintain his own fork as a single person while at the same time adapting important changes from elsewhere. In addition he has contributed back to the main-line Squeak development. From this point of view we should really de-emphasise the negative aspects of competition.

6) This time we have Andreas, Pavel and Juan for the core, Eliot on the VM side and Bert for the Etoys link working together. Others are working on various aspects improving the system. I think this is an opportunity and there is a real chance of success.

7) As an illustration I did a sketch. (see attached PNG file). I think the overlap of the distributions is considerable. As a follow up it would be nice to have some simple statistics like no. of classes per distribution. Number of classes with identical names across distributions. As the picture is very rough somebody might post a more accurate one.

Squeak, Etroys, Pharo, Cuis

Cheers

Hannes

P.S. Please note that in the meeting report this thread is about Randal says that he wants to contact the other Squeak based projects to talk about a minimal core.

New Teleplace Server Release

We just finalized the release of the Teleplace Enterprise Server 3.5 which is our first product release based on Squeak 4.1. The process of moving our code base from the (3.8 based) Croquet images to Squeak 4.1 had been ongoing for a while by me posting most of our internal patches to the base system into the trunk during 4.1 development. Once this was done we were basically ready to switch but due to the potential risks of such a fundamental change the switch didn’t happen until after the Teleplace 3.5 client release went out.

For those of you interested in the details, our base images are “moderately shrunk” versions of Squeak 4.1, meaning that we’ve unloaded many packages that we have no need for (incl. Traits, Etoys, Protocols, SqueakMap, Universes etc) but keep some (like MVC) that for historical reasons other packages depend on, and others (the various Tests packages) that have high value for a relatively small footprint. Our typical base image starts around 10MB, after we’ve loaded all of our development packages it goes up to some 27MB and when it’s been readied for deployment (which removes unnecessary fonts and trims the MC ancestry) it’s at 17MB total. Needless to say, all of this is powered by Cog.

Oh, and in case you were wondering why I’ve been somewhat quiet recently: Not only did we just finish a release, we also have a new CEO. Either one alone would keep me busy, having both at the same time is … a bit overkill 🙂 Hopefully I’ll find some more time to spend on Squeak soon.

Using SqueakSSL with Seaside

Update: I have included instructions for Pharo along the way.
Update: There is now a separate post with Windows instructions.

With the SqueakSSL work progressing nicely, it’s time to look at having it integrated with Seaside so here is a quick tutorial about how to get SqueakSSL going with Seaside 3.0. The integration is pretty straightforward, but the setup can be a bit daunting since there are several pieces to it. Let’s get started:

Step 1: Download Squeak 4.1 and Seaside 3.0rc
First off, we’re going to use Squeak 4.1 with Seaside 3.0rc on Ubuntu (since this is the only tested server configuration at this point). To download Squeak 4.1 with Seaside 3.0rc fetch the Seaside 3.0 Easy-Install from Squeak.org. Unzip the contents into a place of your choice and make sure you can run Seaside by cd-ing into the “Seaside 3.0.app” directory and launching “./squeak.sh”. This should bring up the Welcome screen shown here:

Seaside Welcome Screen

If you want to use Pharo you should fetch the Seaside OneClick image from the Seaside web site.

Step 2: Download and install the SqueakSSL plugin
Download the binary version of the plugin and extract it. Copy the plugin from “SqueakSSL-bin/unix/so.SqueakSSL” into the directory “Seaside 3.0.app/Contents/Linux-i686/lib/squeak/4.0.3-2202”. The plugin (so.SqueakSSL) should now be next to many other plugins in the same directory all called “so.XXX”.

Step 3: Install SqueakSSL and WebClient
Next, go back to your Seaside image, open a workspace and in the workspace evaluate the following code to install SqueakSSL and WebClient:

(Installer ss)
	project: 'SqueakSSL';
		install: 'SqueakSSL-Core';
		install: 'SqueakSSL-Tests';
	project: 'WebClient';
		install: 'WebClient-Core';
		install: 'WebClient-Tests';
		install: 'WebClient-Seaside'.

For Pharo users, you need an additional package (WebClient-Pharo) and you’ll want to use Gofer, like here:

(Gofer new)
	squeaksource: 'SqueakSSL';
		package: 'SqueakSSL-Core';
		package: 'SqueakSSL-Tests';
	squeaksource: 'WebClient';
		package: 'WebClient-Core';
		package: 'WebClient-Tests';
		package: 'WebClient-Pharo';
		package: 'WebClient-Seaside';
	load.

Step 4: Setting up Seaside
First thing, make sure you close the existing Seaside Control Panel and open a new one via world menu, “open…”, “Seaside Control Panel”. In the control panel, choose “Add adaptor…” and select “WAWebServerAdaptor” (this should be the last item in this list). Choose port 8443 (or any other convenient port) and accept. Select the adaptor in the control panel and right-click to get the context menu. In the context menu select “Use SSL (https)…” (if you cannot find the menu item, you haven’t closed and reopened the control panel, so go ahead and do that now):

Enabling SqueakSSL in Seaside

SqueakSSL requires a certificate to be used with this instance. Enter the full path to the .pem file which must include both the certificate and the private key. You can create .pem files using the openssl tool chain. Once you’ve entered the certificate path, accept the dialog.

Step 5: Trying it all out
Start the adaptor if you hadn’t done this earlier and point your web browser to https://localhost:8443/ At this point there are several ways in which your browser might react:

• The browser complains that “the connection was reset”. This almost always means that there is some issue with your cert. Check the command line output to see if it says something relevant such as “file not found” or similar.
• The browser complains that “the connection is untrusted”. That means your certificate is either self-signed or it doesn’t match the host name. Both are expected outcomes, you should tell the browser to proceed and add an exception for this site.
• The browser complains that “the page is partially encrypted”. That means some contents on the page is using http instead of https. You should ignore this warning (it’s a bug in the welcome page that should be fixed in Seaside 3.0 final).

But once you’re through with all of these issues you should be able to browse your site like here:

Seaside and SqueakSSL

Congrats! At this point SqueakSSL and Seaside are happily running together. You should be able to browse your site with no restrictions.

Croquet in Squeak 4.1

Wow! Looks like the Cobalt folks have been making huge headway with moving Croquet forward to Squeak 4.1. Nikolay Suslov just posted on his blog that he’s got it running! Here is a screenshot from his site:

Croquet in Squeak 4.1

That’s wonderful news! Together with our just announced Seaside images this will make Squeak 4.1 more attractive than ever.

New Squeak 4.1 / Seaside Images

Good news, we just finalized a series of preloaded Seaside images on Squeak.org. This became necessary since builder.seaside.st is no longer accessible and consequently our instructions for installing Seaside in Squeak were out-of-date. The new images fix this problem and provide an easy install (for new users; this includes image, sources, vms etc. in an all-in-one setup) as well as an expert install (which just includes the images):

• Seaside 3.0 Easy Install
• Seaside 3.0 Expert Install

In addition, we now also provide 2.8 based images for people who have existing Seaside 2.8 applications in older versions in Squeak:

• Seaside 2.8 Easy Install
• Seaside 2.8 Expert Install

Here is a screenshot of the welcome screen:

Seaside 3.0 in Squeak 4.1

Oh, and if you want to load Seaside 2.8 / 3.0 into your custom Squeak variants; the above images include instructions about how they were created so you should be able to apply the same procedure to your own images.

SqueakSSL released

I’ve just released a bit of work that I had been working on for a while. SqueakSSL is a plugin based interface to the native SSL/TLS facilities on your platform. On Windows, it uses the SChannel SSPI and on Unix it uses the OpenSSL implementation. The Mac’s still out there but I’m hoping that the OpenSSL version will work there too.

The official announcement is here: [ANN] SqueakSSL – a platform interface for SSL/TLS