This is a read-only archive of the old Scratch 1.x Forums.
Try searching the current Scratch discussion forums.

#1 2007-05-16 04:57:35

dominic_hunter
Scratcher
Registered: 2007-05-16
Posts: 4

Networking Scratch

We are looking to use scratch in our school but our technicians seem to think that scratch can't be networked. This doesn't seem right to me - scratch is educational software being used in other schools right?

Any help? Perhaps instructions we can give to our technicians?

We desperately want to be able to use this software in our school.

Cheers.

Offline

 

#2 2007-05-16 05:41:48

daveleonard
Scratcher
Registered: 2007-05-16
Posts: 1

Re: Networking Scratch

Why network it? It's only 35Mb. Stick it in an .msi package and assign it to the computers you want to use it on. Students can run the software locally and share projects on the network. :-)

Offline

 

#3 2007-05-16 08:03:43

johnm
Scratcher
Registered: 2007-03-08
Posts: 100+

Re: Networking Scratch

Hi, Dominic.

Scratch can be run from a shared networked drive, and many schools do run it that way. In a few cases, I have seen problems where the network or file server was extremely slow or unreliable, but overall Scratch works well from a shared drive on both Mac and WIndows configurations.

I hope you can convince your IT folks to give it a try. I think they will find that Scratch is an easy to manage.

  -- John

Offline

 

#4 2007-05-16 16:28:21

loiskertesz
Scratcher
Registered: 2007-03-30
Posts: 18

Re: Networking Scratch

I have students running it from flash drives - handy if you allow it.
I have students that did not have much in their student folder and we allow exe files so they copied it to there.
I did not have time to get the machines re-ghosted so must kids copy a folder from a student server location and paste it on the desktop - takes almost no time

Offline

 

#5 2007-05-16 20:37:25

room209
Scratcher
Registered: 2007-03-17
Posts: 94

Re: Networking Scratch

I am using it on both networked machines and stand alone laptops--macs all.  We've had a few problems with saving--for some reason changes in a file don't stick the next time the file gets opened.  That was with a previous version, though, (an older machines) so I'm hoping the 1.1 version install takes care of that.

Tell your technicians that the (relatively small) effort to get it going is worth every minute.  My students have exploded in interest as the web connection opened up.  Several of them are actively posting to the web site from home, then come in to school as experts who help other kids solve programming problems.

Offline

 

#6 2007-05-17 04:42:56

dominic_hunter
Scratcher
Registered: 2007-05-16
Posts: 4

Re: Networking Scratch

Hi Folks,

Thanks for all the info - apparently our problem is that saving in Scratch allows pupils to bypass our Security (Ranger), allowing pupils access to every drive on the network. Obviously this is a huge problem.

To you people on the scratch team - if you can come up with a solution to this I would be very grateful. I'll be seriously disapointed if we can't use scratch at our school.

Cheers.

Offline

 

#7 2007-05-17 06:22:11

PriorySchool
Scratcher
Registered: 2007-05-16
Posts: 12

Re: Networking Scratch

Yep this has been logged in Troubleshooting and Suggestions. Technicians don't just randomly decide software can't be used and don't say that they won't because it will be some effort!

Apart from the drive security issue Scratch is easy to package up to put out on a network or even as others have suggest run from a central location.  It is just the drive security is such a hole that most IT people I have spoken to have said that it will stop them using it.

@johnm: Is there an official position on this at all?  Is it being looked at?

Ta

Offline

 

#8 2007-05-17 06:30:14

rdmiller3
Scratcher
Registered: 2007-05-17
Posts: 2

Re: Networking Scratch

Hi dominic_hunter,

Sorry to hear that... it looks like your network is inherently insecure.  Access to network resources should be controlled at/by those resources, not at the user's workstation.

For example, a bank protects its vault by locking the doors of the bank and posting a guard, *in the bank*.  If they hired a security company that worked like "Ranger", they'd leave the bank doors wide open and assign a security guard to follow every customer to make sure he/she doesn't rob the bank.

Whoever is managing those computers seriously needs to get a clue.

Rick Miller, engineer, Linux pioneer (see /usr/src/linux/CREDITS)

Offline

 

#9 2007-05-17 07:03:28

PriorySchool
Scratcher
Registered: 2007-05-16
Posts: 12

Re: Networking Scratch

rdmiller3 wrote:

Hi dominic_hunter,

Sorry to hear that... it looks like your network is inherently insecure.  Access to network resources should be controlled at/by those resources, not at the user's workstation.

For example, a bank protects its vault by locking the doors of the bank and posting a guard, *in the bank*.  If they hired a security company that worked like "Ranger", they'd leave the bank doors wide open and assign a security guard to follow every customer to make sure he/she doesn't rob the bank.

Whoever is managing those computers seriously needs to get a clue.

Rick Miller, engineer, Linux pioneer (see /usr/src/linux/CREDITS)

Sorry but that is such a clueless thing to say and very insulting to many people who have come across this problem and do have lots of clue.

If you had spent one minute researching the problem you will see in the other posts that security is assigned.  On our system users can not get at c: for instance, they can not even see it.  Every other program they use can not access c: as the user can not see it and does not have access to it.  Scratch on the other hand lists every drive there.  Someone else has noted that Scratch lists hidden folders that users can't see anywhere else.
  Admittedly it is highly unlikely that the users will be able to write to actual protected areas of the file system but there are areas that are open because they need to be so they would be able to write to them by accident and potential lose their work as they would be on a different machine or the machine is reimaged and the work not be backed up.  This is part of the problem.  In no other program can they even get access to these areas as they can not even see the drive to get there.  If users open a Drive list here they get 2 drives a: and a shared area.  In Scratch they have another 8 or so that users have to be able to access for resources and but shouldn't be able to see.  Once again I will repeat, this only happens in Scratch.  As such maybe listing it as a security hole is a little misleading but being able to see areas we don't want them to is a problem.
  Okay we could suck it up but it would be us chasing round trying to find the work that the kids had managed to save in a random folder on a random machine.  It will also be use that has to sort out any fall out if by being able to see all the drives the kids can find out something to help them on their way.  It will be us that will have to sort out a problem if something Scratch allowed them access to did cause a problem.
  By your anaology you wouldn't allow a person in a bank to wander around areas able to look at everything when they don't have access to be there.

Sorry if this comes across as a rant but being told I don't have a clue by someone that hasn't looked at the problem fully or doesn't know the needs of our users, and the users of many of my colleagues, grates just slightly.

Offline

 

#10 2007-05-17 07:51:03

ICTSM
Scratcher
Registered: 2007-05-16
Posts: 3

Re: Networking Scratch

Clueless?  I'm insulted also.  RDMiller - stick to Linux and leave the Windows gripes to us 'clueless' people.

I have never seen such a productive piece of software that would be fun to use and bring students understanding of following instructions be it personal or programming.  I'm sure the Scratch team will pull through for us lowly Windows users.

Offline

 

#11 2007-05-17 09:39:51

johnm
Scratcher
Registered: 2007-03-08
Posts: 100+

Re: Networking Scratch

Hi, all.

There is a related thread at http://scratch.mit.edu/forums/viewtopic.php?id=194.

As I said there, I would like to get a better understanding of the problem and possible solutions.

  -- John

Offline

 

#12 2007-05-17 10:09:40

abhhba
Scratcher
Registered: 2007-05-17
Posts: 1

Re: Networking Scratch

We have a network with a specific are on the server that students can run software from.  I have only just started 'playing' with Scratch but I have managed to network it in a fashion.  If a student has a copy of the ScratchImage file in their area and then drags and drops this onto a Scratch shortcut Icon on the desktop it starts up the software and away they go!

I am sure that it would be possible to set up some kind of ini file with a pathway thay automatically sets the Scratch application to point to this file in a user's area, but I will leave this to the 'techies'

Offline

 

#13 2007-05-18 13:20:42

mrdatahs
Scratcher
Registered: 2007-05-18
Posts: 3

Re: Networking Scratch

We run ours on thin clients - single install on the Windows terminal server and up they go.

Performance has been great!

Offline

 

#14 2007-05-18 13:39:02

mrdatahs
Scratcher
Registered: 2007-05-18
Posts: 3

Re: Networking Scratch

dominic_hunter wrote:

Hi Folks,

Thanks for all the info - apparently our problem is that saving in Scratch allows pupils to bypass our Security (Ranger), allowing pupils access to every drive on the network. Obviously this is a huge problem.

To you people on the scratch team - if you can come up with a solution to this I would be very grateful. I'll be seriously disapointed if we can't use scratch at our school.

Cheers.

Any way to run Scratch in a virtual machine?  That way you would avoid access to other network drives.  It's too bad there isn't a Linux version yet since it seems as though it would be fairly straightforward to virtualize some distro, install Scratch, and then run on the VM, without running into any Windows licensing problems as you would running several instances of a Windows VM.

Just a thought - I've just started using Scratch here at our school, but it's such an incredible resource - hope everyone can get a chance to use this soon.

Last edited by mrdatahs (2007-05-18 13:39:39)

Offline

 

#15 2007-05-18 22:06:18

andresmh
Scratch Team at MIT
Registered: 2007-03-05
Posts: 1000+

Re: Networking Scratch

Thanks for using Scratch mrdatahs. See this for more info about Linux:
http://scratch.mit.edu/forums/viewtopic.php?id=252


Andres Monroy-Hernandez | Scratch Team at the MIT Media Lab
on identi.ca and  twitter

Offline

 

#16 2007-05-19 10:41:30

jldugger
Scratcher
Registered: 2007-05-19
Posts: 5

Re: Networking Scratch

PriorySchool wrote:

Sorry but that is such a clueless thing to say and very insulting to many people who have come across this problem and do have lots of clue.

If you had spent one minute researching the problem you will see in the other posts that security is assigned.  On our system users can not get at c: for instance, they can not even see it.  Every other program they use can not access c: as the user can not see it and does not have access to it.  Scratch on the other hand lists every drive there.  Someone else has noted that Scratch lists hidden folders that users can't see anywhere else.
  Admittedly it is highly unlikely that the users will be able to write to actual protected areas of the file system but there are areas that are open because they need to be so they would be able to write to them by accident and potential lose their work as they would be on a different machine or the machine is reimaged and the work not be backed up.  This is part of the problem.  In no other program can they even get access to these areas as they can not even see the drive to get there.  If users open a Drive list here they get 2 drives a: and a shared area.  In Scratch they have another 8 or so that users have to be able to access for resources and but shouldn't be able to see.  Once again I will repeat, this only happens in Scratch.  As such maybe listing it as a security hole is a little misleading but being able to see areas we don't want them to is a problem.
  Okay we could suck it up but it would be us chasing round trying to find the work that the kids had managed to save in a random folder on a random machine.  It will also be use that has to sort out any fall out if by being able to see all the drives the kids can find out something to help them on their way.  It will be us that will have to sort out a problem if something Scratch allowed them access to did cause a problem.
  By your anaology you wouldn't allow a person in a bank to wander around areas able to look at everything when they don't have access to be there.

Sorry if this comes across as a rant but being told I don't have a clue by someone that hasn't looked at the problem fully or doesn't know the needs of our users, and the users of many of my colleagues, grates just slightly.

Is Scratch able to write to these resources, or merely able to view them? Admittedly I don't fully understand what Ranger does. But based on your explanation, it seems  to be an add on to Windows that usually protects some resources from files, possibly by hiding them.  And a website I found seems to suggest it's a network software and mangement system.  I agree that Scratch should probably make some efforts to avoid hidden folders and files, (I does appear to ignore files starting with a "." but I doubt this helps much.

I guess my question is: "why Ranger is letting Squeak / Scratch write to things you don't want it to?" At least to me, if I didn't want people writing to C: I wouldn't give them permissions to, at the operating system level.  A security system that lets you into the vault if you ask the right way doesn't sound very secure to me.  This is what I think Rich was referring to with his bad analogy. Personally, I hope more people discover and improve Edubuntu, since primary schools are typically so cash strapped, free software with sane management tools is a great thing.

Offline

 

#17 2007-05-21 04:01:03

PriorySchool
Scratcher
Registered: 2007-05-16
Posts: 12

Re: Networking Scratch

Some of the drives have got write access as they are needed to be for systems and processes.  The C: drive is mostly unwrittable but there are areas that have to be writable again for programs to run properly.  With the drives all hidden kids can't do random saves to find these areas. Being able to browse allows them to try every folder (and if you think they wouldn't you underestimate the boredom of a 13yo kid sometimes!) means they can seek out where they can write to.
Also as I have said before if there is the possibility of saving somewhere they shouldn't there will be a kid who manages it.  But they won't know they have and won't remember where they saved and probably won't remember which computer they used last lesson (and sorry there will be some teachers that manage this too!).

So as I have said it doesn't bypass the read/write access, as on both the RM and Ranger systems that have been mentioned standard Windows security is in effect.  On everyother program we use we get only the 2 or 3 drives we allow appear to the users, this means they have only the areas they are allowed to save in there for them so no possibility of confusion.  The showing hidden folders as in system hidden folders I have no clue about.  As far as I am aware that is a system setting that shoudln't be able to be overridden but Scratch manages that too.

To go to the Bank analogy, it is like building a totally hardened glass bank.  People can't get to the good stuff but they are allowed to see everything in plain sight so get a good idea of where to go to get stuff and what is there to get.

Please remember that a Secondary/High school (11-16) school network isn't like your home computer/network just a bit bigger.  Nor is it like a corporate network. Slightly similar but still very different from a Uni/college computer system.

& don't even get me going on swapping to Edubuntu.  If I could I would but as everything there is so much more than saying "lets swap"!  I think also if you looked at primaries the systems are fairly good to run on it is the software that lets them down.  Educational software is mostly among the worst I have to work on across a raft of responsibilites!  That means when something decent comes along it is a god send, as long as it doesn't do anything nasty like this browsing problem.

Offline

 

#18 2007-05-21 12:58:57

jldugger
Scratcher
Registered: 2007-05-19
Posts: 5

Re: Networking Scratch

PriorySchool wrote:

Some of the drives have got write access as they are needed to be for systems and processes.  The C: drive is mostly unwrittable but there are areas that have to be writable again for programs to run properly.  With the drives all hidden kids can't do random saves to find these areas. Being able to browse allows them to try every folder (and if you think they wouldn't you underestimate the boredom of a 13yo kid sometimes!) means they can seek out where they can write to.
Also as I have said before if there is the possibility of saving somewhere they shouldn't there will be a kid who manages it.  But they won't know they have and won't remember where they saved and probably won't remember which computer they used last lesson (and sorry there will be some teachers that manage this too!).

I'm not sure what sort of environment your computers are operating in, but if your Windows versions are new enough (anything NT based), per user and directory permissions should be able to reduce the problem's scope.  I partly suspect that some educational software you're providing is so poorly written that it requires a specific place on C:\ to write to. In which case there isn't many options but to accomodate it.  Just a note that hiding things does not make them unwritable.  I recall during my years as a student browsing through things that were very much hidden but still readable, like a list of all teachers, including their addresses.  This is the sort of information you don't want glass windowed, possibly not even networked.

PriorySchool wrote:

So as I have said it doesn't bypass the read/write access, as on both the RM and Ranger systems that have been mentioned standard Windows security is in effect.  On everyother program we use we get only the 2 or 3 drives we allow appear to the users, this means they have only the areas they are allowed to save in there for them so no possibility of confusion.  The showing hidden folders as in system hidden folders I have no clue about.  As far as I am aware that is a system setting that shoudln't be able to be overridden but Scratch manages that too.

Hopefully this gets fixed shortly.  Scratch comes with a very liberal mix, alter, distribute, change, whatever license, but I can't seem to find the source code directly.  ScratchRs: perhaps an email to the Ranger authors is in order to determine why other programs respect the settings?

PriorySchool wrote:

To go to the Bank analogy, it is like building a totally hardened glass bank.  People can't get to the good stuff but they are allowed to see everything in plain sight so get a good idea of where to go to get stuff and what is there to get.

Please remember that a Secondary/High school (11-16) school network isn't like your home computer/network just a bit bigger.  Nor is it like a corporate network. Slightly similar but still very different from a Uni/college computer system.

Indeed.  But at least you can have passwords and users at that age.  And centralized authentication.  Our university is slowly, but sometimes unsuccessfully, rolling out a centralized account server to replace the several existing ones each department rolled out. 

And of course we have the benefit of having many underpaid, overworked administrators, rather than only a few  smile

PriorySchool wrote:

& don't even get me going on swapping to Edubuntu.  If I could I would but as everything there is so much more than saying "lets swap"!  I think also if you looked at primaries the systems are fairly good to run on it is the software that lets them down.  Educational software is mostly among the worst I have to work on across a raft of responsibilites!  That means when something decent comes along it is a god send, as long as it doesn't do anything nasty like this browsing problem.

I didn't mean to suggest you switch.  I just meant to communicate my hope that Edubuntu continues to improve to where people in your position can honestly recommend it to their bosses and users.  I haven't used it, but I'm sure you can point out more than a few programs with no suitable replacement.

I'm sorry that RDmiller insulted so many people by mistaking Ranger for a security program.  Nobody appreciates smug users.

Offline

 

#19 2007-05-22 04:04:52

PriorySchool
Scratcher
Registered: 2007-05-16
Posts: 12

Re: Networking Scratch

jldugger wrote:

I'm not sure what sort of environment your computers are operating in, but if your Windows versions are new enough (anything NT based), per user and directory permissions should be able to reduce the problem's scope.  I partly suspect that some educational software you're providing is so poorly written that it requires a specific place on C:\ to write to. In which case there isn't many options but to accomodate it.  Just a note that hiding things does not make them unwritable.  I recall during my years as a student browsing through things that were very much hidden but still readable, like a list of all teachers, including their addresses.  This is the sort of information you don't want glass windowed, possibly not even networked.

We are on XPSP2 on 2003 servers.  Sorry, I think I keep explaining myself wrongly.  WE have user group security and directory security through out.  We reject instantly any software that isn't happy with installing to the usual Program Files folder, but when I am saying C: I am using it in the general sense of the drive, not just specifially the C: level.  Example is the Program Files folder has to be writable so the programs in there can keep temp files and adjust settings.  Students have been known in other schools to store stuff in there to try and hid it.  It is a known folder that has to be on every computer so they save there.  If they can't browse to it though they can't retrieve anything and often they don't think they have access to it so don't try and save.  We know it isn't bomb proof but for the exception of having a fodler unlocked the next best thing is for it to be unaccessible to the users.  It is this mechanism that Scratch is getting around.
We have been very ruthless in not allowing poorly written software in as it really does encourage the industry to keep doing it.  We have had suprise from some publishers that we wouldn't allow it to be installed and then they ask if their tech people can talk to use to resolve it. The poor tech people phone back and can only admit that it is poo, apologise for the company and assure us they are trying to get it rewritten!  It is coming around slowly.
  Another reason why it is so great when something like Scratch comes about and why I am trying so hard to help out

jldugger wrote:

I didn't mean to suggest you switch.  I just meant to communicate my hope that Edubuntu continues to improve to where people in your position can honestly recommend it to their bosses and users.  I haven't used it, but I'm sure you can point out more than a few programs with no suitable replacement.

I'm sorry that RDmiller insulted so many people by mistaking Ranger for a security program.  Nobody appreciates smug users.

I wish we could switch.  Dump it all and over we go.  Be marvellous, but I think that is from a personal view of the challenge and all the learning potential. 

Yes, smug users are never pleasant.

I have a feeling the only thing Ranger and the CC3 system does is use the registry entry that someone found in another thread, the troubleshooting one I think.  I'll dig around some more to check that is what is doing it.

smile

Offline

 

#20 2007-05-25 09:28:59

dominic_hunter
Scratcher
Registered: 2007-05-16
Posts: 4

Re: Networking Scratch

Hi Folks,

I notice things have gone a little quiet on here. Have there been any developments in the area of specifying drives to save to? or simply preventing Scratch from seeing the hidden drives?

It would be nice to know if something is in the pipeline or not - if scratch is going to stay the way it is for the foreseeable future then i'm gonna have to give up on it (something I really dont want to do).

Offline

 

#21 2007-06-20 12:55:24

johnm
Scratcher
Registered: 2007-03-08
Posts: 100+

Re: Networking Scratch

Hi, all.

We're still evaluating this issue.

It appears to be easy to keep Scratch from showing hidden files and folders. It's more difficult to hide entire drives because there are at least two approaches used by different security packages. So my question is, would implementing the former be sufficient?

I'm hoping to find a simple solution that addresses the security concerns without making Scratch any more difficult to configure or use. I will post here when there is additional news about this issue.

  -- John

Offline

 

#22 2007-06-25 07:52:47

colinm
Scratcher
Registered: 2007-06-25
Posts: 2

Re: Networking Scratch

Hi John

Our school also hides drives through Group Policy.

Obviously, ideally Scratch would automatically get this list from our Group Policy.
But a minimum that would let us use scratch here (there is a lot of interest in it),  would be some mechanism for us to manually tell Scratch which drives to show and hide (e.g. the ability to add an .ini file to the scratch folder containing drives we don't want the pupils to see). 

Just hiding hidden files and folders wouldn't be enough as it would still leave big security holes in our network.  If you are interested in details about why just hiding hidden files / folders isn't enough for us, then drop me an email I'd be happy to talk more with you in private about the security issues behind this.

Colin

Offline

 

#23 2007-06-26 07:48:22

johnm
Scratcher
Registered: 2007-03-08
Posts: 100+

Re: Networking Scratch

Hi, Colin.

Thanks for the input.

Others have also said that they need the ability to limit which drivers are visible in addition to suppressing hidden files and folders. The consensus seems to be it would be workable if there was a way to manually edit an .ini file in the Scratch folder to specify which drives should be visible to Scratch users. All other drives would be hidden. This file could then be distributed using an MSI (but you'll need to build your own MSI).

Would that work for you?

  -- John

Offline

 

#24 2007-06-29 06:14:23

colinm
Scratcher
Registered: 2007-06-25
Posts: 2

Re: Networking Scratch

Hi,

Yes - an .ini file in the Scratch folder to specify visible drives would be sufficient for our school.  Are you able to give any idea of when such a fix might be available?     

Thank to everyone involved for your hard work - overall Scratch is a great project. 

Colin

Offline

 

#25 2007-07-17 05:15:48

hagueb
Scratcher
Registered: 2007-07-17
Posts: 1

Re: Networking Scratch

The method that windows explorer uses to hide files is the NoDrives registry key,
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93573.mspx?mfr=true. It might be easier to use that rather than creating a separate mechanism.

Offline

 

Board footer