[Etoys] finalStripping hangs waitForCommand
bert at freudenbergs.de
Tue Jun 16 06:34:32 EDT 2009
On 16.06.2009, at 12:08, K. K. Subramaniam wrote:
> On Tuesday 16 June 2009 02:49:39 pm Bert Freudenberg wrote:
>> This is either really dangerous or you cannot exchange projects
>> anymore. Which of the two evils did you choose?
> The latter. But it is not really evil ;-). It serves our purpose
> LatexMorph Etoy is a tool that uses OSProcess to invoke latex on the
> underlying host to typeset LaTeX commands but the resulting graphic
> is cached
> in the Etoy. On hosts without LaTeX, the graphic can be seen but not
> Of course, a project with this Etoy will not load into an image
> LatexMorph. The Etoy itself can be trashed after the graphic is
> extracted into
> an ImageMorph if its use outside of our schools is intended.
> The code is available in http://www.squeaksource.com/LatexMorph. It
> OSProcess (in the image) and latex and dvipng on the host. See
> class for examples of usage.
> How is OSProcess more dangerous than console shell access?
It can be invoked from an Etoys script. Someone could make a project
that deletes your user directory as soon as you load it on your
machine. To prevent this, the file sandbox gets enabled as soon as you
load a project authored by someone else.
That's why Dave put in a feature to disable OSProcess if the file
sandbox is enabled. But that means you cannot invoke OSProcess
functions anymore, hence you cannot edit a LatexMorph someone else
sent you even if you have Latex installed.
That's what I meant with having to choose between security and project
exchange (even if all users are using the same image).
Or are you running in Sugar on the XO under Rainbow? Then of course it
would be fine, because Rainbow provides a sandbox that covers native
code, too (and hence we do not enable the Etoys sandbox under
Rainbow). Too bad there is so little interest in Rainbow elsewhere :(
- Bert -
More information about the Etoys