[Admin Note (JTH): Please be aware that KidSafe is currently early testing software. You should read the readme.txt within KidSafePortable\App\KidSafe *BEFORE* you run this app. In some instances, it can lock a computer or be flagged by antivirus as malware.]
Application: KidSafe
Category: Utilities
Description: KidSafe is a computer-locking application designed to keep young children from messing anything up.
Ever had your desktop icons scrambled or your Word document deleted by a little kid? KidSafe's for you.
Note: This is my own application, created by me and released under the GPL.
Download KidSafe Portable 0.36.0.0 Development Test 1 [2.36MB download / 8.0MB installed]
(MD5: d2cd40bf659c6fc49f2bdca79460554d)
Release Notes:
You can get the release notes within the KidSafe download, or you can find them on the web here.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
Updated 2010-01-24, see above for details.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I have found several serious bugs in KidSafe 0.23.0.0 due to the changed API calls; KidSafe 0.23.0.0 has been removed in favor of the stable KidSafe 0.21.0.0.
KidSafe 0.23.0.0 will be re-released once I get the bugs worked out.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I'm really sorry about the upgrade/downgrade/upgrade chaos, but things are even more chaotic here in my dev environment than they are on the release pages, if you can believe that.
Here's what's going on:
This morning, I created version 0.22.0.0 with some important fixes; I intended to add Unicode support, a seemingly-trivial thing (adding Unicode support is supposed to be a little matter of changing API declarations, something REALbasic can do with ease), and push the Unicode support with the important fixes for version 0.24.0.0, only some testing & language packs from being ready to go.
Instead, KidSafe kept crashing in one place and silently failing in another after I updated the API calls; it took me the better part of the morning to find the source of the silent-failure bug: for some reason, characters were being incorrectly converted from one encoding to another, and were eventually being misread & mishandled by the OS.
However, KidSafe kept crashing - and crashing - and crashing - and crashing. The bug was both regular and reproducible: typing any character into the "Unlock text" box would crash KidSafe. I couldn't get the debugger into the probably culprit method, since KidSafe crashed before I could view any debugger output.
I stuffed the code with debug logging statements, but everything looked OK; after 4 or 5 hours of debug logging, I finally joined the #winapi IRC channel, where I got an answer within 5 minutes: my calling convention was wrong. One line of code fixed the crash, and everything looked good again. That is, until random crashes started popping up.
I stuck more calling-convention-changing code in the affected methods (since that was apparently the problem there, too - each crashing method was a keyboard callback). Late this afternoon, 0.23.0.0 finally made it on to Google Code, apparently bug-free. Fortunately, that myth was shattered quickly - only two people downloaded the trouble-ridden version before I found out what was going on and pulled it from the servers.
For some unknown reason, opening certain windows (the Help window and About window both trigger this behavior, but the Options dialog doesn't for some weird reason) completely crashes KidSafe. I suspect it has something to do with the keyboard handler: because it's receiving a message every time a key is pressed, it shouldn't be blocked. However, the modal windows did just that - they blocked the messaging queue until they were closed. That crashed KidSafe.
The Options dialog has its own keyboard handler, designed for getting the KidSafe hotkey, which apparently took over from the regular keyboard handler and prevented a crash.
Anyway, here's where KidSafe is right now:
* Version 0.24.0.0
* Unicode support
* KidSafe's modal windows are causing crashes unless they implement their own keyboard handler
I started trying to rewrite KidSafe in C++, but quickly realized something: a modal window is still a modal window, even in C++, and a messaging queue that shouldn't be blocked still shouldn't be blocked if the app is written in C++. I've also come to the conclusion that I can't turn off the modality of those windows - it's pretty important for various reasons.
I have decided to implement what seems to me to be the best way: give each KidSafe window its own keyboard handler. After some lengthy testing by me (I have no intention of putting something potentially crash-happy on the Internet), I'll post another status check (and hopefully another build) tomorrow.
Thanks for having so much patience!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
the dates you have listed in all of those posts should be 2010, not 2009
Thanks for pointing that out.
Although my computer's in 2010, apparently my brain is still in '09.
I do have some good news with 0.23.0.0; I started from 0.22.0.0 and have been adding Unicode API calls one by one, with lots of testing after each one. So far, the keyboard callback and half-a-dozen Unicode API's seem to be working correctly; if everything keeps going this well, I could have 0.23.0.0 out within a few days.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
is it ready for testing again?
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Yes, 0.22.0.0 is definitely in need of testing.
A lot of stuff has changed, and it's certainly possible there are new bugs in this one. If you and ve4jhj could give this one a really, really thorough going-over (like, try to break everything) I would be very appreciative.
0.23.0.0 is going to be very complicated under-the-hood, so it's important that 0.22.0.0 is completely vetted so we can rollback to 0.22.0.0 if anything goes wrong.
Also, ve4jhj, could you test in Wine? I was in IRC with Chris Morgan last night; he ran KidSafe in Wine and a bunch of things apparently went haywire. I'm going to try fixing those Wine-specific bugs, but I don't know exactly what went wrong.
Thanks, guys!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Well, I have some good news: KidSafe now has full Unicode support.
The crashing was due to an improperly-written method to remove the "Move" item from each window's menu; the method worked just fine on English Ansi systems, but failed on non-English systems and downright crashed when I tried adding Unicode support. I rewrote the method to be 1. more standard and less hackish, 2. Unicode-supporting, and 3. localization-friendly.
I'm working on adding localization support now; it's a bit complicated, but will hopefully come out OK in a day or two.
For the time being, I have a question (open to anybody who feels like commenting): how should the options dialog function? Should I leave the YES/NO textboxes there, or should I replace them with checkboxes and a confirmation dialog as Chris Morgan and a few others have suggested?
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I thing you should have checkboxes
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Same here.
Checkboxes are done & tested; they'll be coming out in 0.25.0.0, probably later tonight.
KidSafe is almost completely translation-ready; I have one more window to prepare (the Options dialog) and it's ready for the translators. I also have one new feature for 0.25.0.0; this could be the biggest update "pack" (0.22.0.0, 0.23.0.0, 0.24.0.0, 0.25.0.0) yet.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated 2010-01-27, see above for details.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Anybody who wants to test can go right ahead.
agdurrette, ve4jhj, anyone else who feels like testing: please try to break KidSafe. There's been a lot of changes made since 0.21.0.0, and it's possible something has gotten screwed up. I've done a lot of testing on my end, but I can't catch everything - especially 64-bit only bugs.
Also, I need to know if the new "Lock removable devices" feature works on Vista and Seven - the documentation for the API calls I used says that the calls are only supported up to XP, but I'm inclined to believe they'll work just fine on Vista and Seven. If anybody could give me a definite answer, that would be great.
In a couple of days, if everything looks good, I'll send this to the translations subforum - the final step before getting approval!
Thanks for all the continued help & support, guys! Keep up the great work!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Hey computer freaker: where's the source code? I can't find it on Google Code.
It's in the builds - look in the main folder in the Zip builds or the Other\Source folder for the PAF builds.
I've been meaning to get SVN set up, but haven't gotten to it yet.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Thanks for the answer. I hadn't yet looked in other\source.
I added a bug on google code.
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Fixed, thanks!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated (again) 2010-01-27, see above for details
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Could somebody on Vista or Seven (especially 64-bit) test the LockRemovableDevices feature? The documentation for the API calls I used states that the calls are only supported up to XP, but I'm pretty sure they'll work on Vista/Seven too.
Feedback on this would be much appreciated!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I just talked to Bensawsome in IRC; he generously offered to test this feature on his Windows 7 VM, and it worked. Just three more steps until we're ready to go official!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
When I run this program from a limited privileges account and select "Administrator Unlock", It pops up with the normal Windows "Run as" dialog window. Entering my admin password causes this window to go away, but KidSafe doesn't close.
Also, if you're still open to suggestions, when I enter my KidSafe password into the textbox and hit enter, it simply goes to a new line instead of trying my password. Do you mean to have the option of a multi-line password, and is that necessary to keep out kids? It seems like it would be more convenient to have it automatically test your password on an enter key press.
And finally, when I click on "Ok" on the locked screen with a bad password and get a dialog box, should it automatically clear the text box to accept new input? I was just thinking what if a letter on the keyboard was jambed for a little while, and you had to go back and delete the whole bad password.
These are all just suggestions, feel free to ignore them if you'd like. It seems like a really neat idea and a nice implementation in this program.
edit: this is XP Pro SP3 on a limited account
Weird. That didn't happen on my XP Pro SP3 box, which is actually where I've been developing; then again, I have admin rights and a fairly weird system setup, so it's certainly possible something's wrong. I'll try to reproduce your error on my box.
I almost always am; the only time I'm not open to suggestions is a week or so before an intended drop, in which case I'll still take suggestions for the next version. There's no drop planned (or even hoped for) for at least three weeks and probably more like a month or two, so I'll incorporate fixes/suggestions pretty quickly (usually in the next version).
yep, it's intended to be used for a mult-line password. I've been mentally debating the usefulness vs. inconvenience of it; you're the first person to ask, but I'll be more than happy to go back to a single-line password if enough people show interest.
Great idea! That hadn't occurred to me, but your logic is sound.
I'll implement that for 0.26.0.0.Done in 0.25.2.0; I had some fairly-critical bugs to fix, so I put that improvement in too.Thanks for the kind words!
Thank you very much for those details - that's the first thing I need to know for debugging purposes, so now I can get to work finding & fixing the "Admin unlock" bug you're experiencing.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I second the single line txtbox.
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
OK, I'll change it to a single-line textbox in 0.25.3.0.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated 2010-01-28; see above for details
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated 2010-01-29, see above for details.
This is intended to be one of the final two builds.
If no bug reports or feature requests are filed within the next 48 hours, I will begin asking for translations; once translations are complete and I've thoroughly commented the source code (something I've been rather lax about doing, regrettably), KidSafe should be completely ready to go. More testing, probably a few weeks worth, will confirm that.
Potential timeline:
* 48 hours: send KidSafe to the Translations forum
* 1-2 weeks: post the intended final build of KidSafe with all translations and fully-commented source on board
* 3 weeks - release time: testing, testing and more testing, possibly with some point releases along the way to repair any problems.
If you have any bug reports or feature requests, no matter how minor, please file them now so they can make it into the intended final build!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I have tested what I can, I was not able to test the admin lock because I don't have the password.
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
OK, thank you! I really appreciate you taking time to test!
Don't worry about the admin unlock feature; it's fairly simple, unlike some of the other code in KidSafe, and somebody else will point out anything I overlooked.
I think we've got everything pretty well covered: the "main" features have been around long enough (2 months) to get thoroughly cleaned up, Bensawsome cleared the "Lock Removable Devices" feature on Seven, and I'm going to go through the localization code again later today just to be sure I didn't screw something else up in there. Besides, when you test something, it's tested. You always do a great job!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated 2010-02-10, see above for details
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
If anybody's willing to translate KidSafe into another language, I would be very appreciative. The more translations we can get, the better!
You can find translation instructions here.
Thank you!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I just got another report of the administrator unlock feature failing on Windows Seven; I have a pretty good idea what might be happening, but I need more information.
* Does it happen on 32-bit Seven, 64-bit Seven, or both?
* Does it happen on Vista (32-bit, 64-bit, or both)?
* Does changing the UAC settings change the results?
The sooner I get this feedback, the better - we're so close to an official release, but there's no way I'll let this go (and even if I did, John wouldn't) without a working admin unlock on all supported versions of Windows.
Thanks in advance!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
32-bit Windows 7 here and Administrator Unlock doesn't work. UAC is enabled, no password on admin account. I get the elevation prompt, but it doesn't actually unlock.
Give me a bit and then I'll try turning UAC off and see what happens.
Update:
Okay, here are the results of my tests so far (Win7 x86, admin account):
Update 2:
Second round of tests, this time with a standard (limited) account:
Thanks for testing!
It looks like my ShellExecuteEx call is giving me grief again; I had a lot of trouble with it earlier, and it could be doing the same thing now. Also looks like my IPCSockets are having trouble, since you mentioned getting the prompt for a username/password but not being able to unlock.
When you say "causes an elevation prompt", are you referring to something like the XP RunAs dialog?
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
You know how UAC works, right? When you run something that requires admin privs, it dims the desktop (to prevent malware from interfering with it--so it's all on the user if something gets through) and pops up a dialog asking to elevate your account to full administrative privileges. Not sure if you knew this, but Vista and 7 run limited by default with UAC on. If you're logged in with a standard account, the same elevation prompt also asks for an admin account and its password.
I know how it's supposed to work, but I've never seen it in action. Never used a Vista or Seven machine before, either (never even seen a Seven machine, just a few screenshots).
Thanks for the information; that's pretty helpful.
Now I've got 3 more questions; they should bring us much closer to a solution.
Would you happen to know if my recollection of Seven blocking cross-process access when the two processes have different security contexts is correct?
When you were running as admin and tried the admin unlock feature, did you elevate the process in the same account as the original KidSafe process, or did you elevate it in a different account? (Sorry if that isn't clear; let me try an example. When running an executable, Admin1 hits the "Run as" option, then chooses to run the exe as Admin2. Is that what you did, or did you run the process as Admin1 as well?)
Does the "RunAs" thing require two prompts (UAC and the XP-style "RunAs" dialog) or just one (UAC)?
Thanks!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
1. Cross-process policy in 7 (and I believe Vista as well) is that a lower-privilege process can't interfere with a higher-privilege one. This shouldn't affect us, since KidSafe is going to be running limited and the unlock process has full admin privileges.
2. I tried both. My first round of tests were running on an admin account, so the elevatated process ran in the same account as KidSafe (in theory--UAC technicalities mean this may not technically be the case). My second round of tests were done on a separate standard account, and the elevation prompted required me to enter the password for the admin account.
3. Not sure about RunAs, as Vista and 7 don't expose the feature in the interface--right click and "Run As" on an executable in Explorer is replaced by "Run as Administrator", which leads to an elevation prompt. In any case, clicking Administrator Unlock in KidSafe only resulted in one prompt--the UAC elevation. With UAC off, absolutely NOTHING happened when I clicked the button.
1. That's what I thought; thanks for confirming it. (hmm, I hadn't known Vista did that though. I thought that was only in Seven; still, it shouldn't matter)
2. "I tried both. My first round of tests were running on an admin account, so the elevatated process ran in the same account as KidSafe" - that's what I was looking for. Looks like I have at least one major fail to deal with, and possibly two.
3. Thanks for the info.
One last question, and the answer is critical. If you try clicking the Admin Unlock button, does a second KidSafe process launch? (Better use Process Explorer for that - if a second KidSafe process shows up, it'll probably quit almost immediately. Process Explorer should still let you see it there, though, for about 10 seconds before removing it from the process list)
Thanks for all the help!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Vista and 7 run on basically the same kernel, so basically everything security-related in 7 was originally introduced in Vista.
As for your question, yes, a second KidSafe process comes up. Which makes sense, since UAC elevation works on a per-process basis: Once a process is running, you can't change its security credentials.
Edit: You are aware that a UAC elevation done on an admin account in Vista/7 doesn't require password entry, right? Once you're logged in, whether your account has a password or not, the UAC prompt merely asks you to confirm the operation (and optionally shows the name of the EXE being launched so you can confirm it's not malware). This means it would be trivial to defeat KidSafe once this is working. The only way it's secure is if you run KidSafe on a standard account, since UAC then prompts for the admin's password.
OK, that makes life simpler than I had previously thought.
Oh, isn't that interesting. I thought the problem was with my ShellExecuteEx call, in which case there wouldn't be a second KidSafe process launched. Looks like that's OK, which means there's potentially a much bigger headache waiting.
Thanks for the warning; it holds true on XP as well. I've known about it for some time, but I haven't thought of a good solution since KidSafe checks for admin rights based on username (if username is in the administrators group or not), not actual privileges.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I got my parents to take off the admin password, after I get a paper done I will get right on the vista testing.
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Take your time, there's no rush to test - your school work is way more important.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I'm a bit confused by this talk of admin passwords and such. When we chatted on IM, I'd said that the only way this could be approved is if it was designed only to prevent kids (as in young kids) from being able to come up and mess with a machine. If it has any ability to lock a machine in any fashion with an arbitrary password that a user can choose, it won't be approved, because people could then use it to lock public machines (which are not theirs and shouldn't be locked) or to mess with other people by locking their machines. The app shouldn't be able to be used in an abusive manner. It's fine if you want to design it that way, but it won't be listed as an official PA.c release if it's possible.
Sometimes, the impossible can become possible, if you're awesome!
The admin password is the password of the computer's local admin.
Sure, it can lock a machine with an arbitrary password, but the computer's local admin can unlock it with their Windows admin password. I can give you a screenshot if you want; there's a prominently-placed "Admin unlock" button that the local admin can use to shut KidSafe down. When we talked on IM, I believe that was one of the things you said was acceptable. If not, please let me know.
hmm. I've gotten feedback already saying "this could be some good low-level security for little companies with little budgets", and "for kids? I know some adults who need this". As long as the Windows admin unlock idea is acceptable, I'll leave it that way. If not... it's time for a major overhaul (which I'd rather not do, since it involves changing almost everything, from core functionality to the GUI to the translation files).
Bottom line: You're in charge. If the Windows admin unlock thing is good, great. If not, say the word and I'll redesign.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
...or don't, I'll just reiterate: UAC doesn't ask for the password if you're already logged in as an an administrator.
The potential for abuse is there.
When we discussed on IM, I'd mentioned the anti-kid app on my android phone that shows pretty pictures a kid can mess with, but in order to unlock it, you need to click the four corners of the phone in order and there is a message to that effect on the screen.
While your app is called kidsafe, it's main functionality with an arbitrary password is to lock a machine. As in lock so no one else can use it except an admin. I'd said on IM if there was a potential for abuse, it was not acceptable. There is a HUGE potential for abuse with it in its current state.
I can walk into a computer lab and lock every single computer in the lab by downloading kidsafe to the desktop of each (or copying it from a flash drive to the desktop) and locking them. Some of them could be in use by other people who have just stepped away for a minute. None of them will be able to unlock them or shut do anything without losing their work. This is the exact example I gave you on IRC that was the reason behind setting ANY password being an exceedingly bad idea.
If you'd like your app to prevent kids messing about with a computer (which is what the name KidSafe implies) it should be limited to that. To unlock, it should be obvious to any adult how to unlock the app without knowing an arbitrary password. If there is a password, it should be shown on the screen. Or a math problem. Basically, something an adult can do but a younger child can't. And that app can be listed here.
If you'd like to create an app to act as a security feature to lock random computers that aren't your own, that's fine, too. But it should probably be billed as such (which a name like KidSafe doesn't really imply) so that people understand that. An app like that will not be listed here since it's main purpose is to do things with a computer that you should not be doing (either by school policy, work policy or net cafe policy). Listing apps like that here would encourage schools and offices to either block our website or block the ability to run our software, which is incredibly counterproductive.
Sometimes, the impossible can become possible, if you're awesome!
It has the arbitrary password, yes, but you don't need it: There's an "admin unlock" button that, when clicked, prompts for the password for the machine's own admin account, thereby bypassing KidSafe's own passphrase. Whoever is in charge of the machine in question should definitely know their own password...
At work, you know your own password, but you're not an admin... so if a coworker does that to you, you're going to have to call IT to come unlock it (which will probably get portableapps.com banned). Many schools work the same way (so you'd have to have the admin come over and unlock all of those PCs, which would get portableapps.com banned). If you're using a family computer, only the parents may know the password and the current user may not.
Basically, requiring an admin to unlock does allow something to unlock it, but doesn't really ease the huge abuse abilities of the app.
Sometimes, the impossible can become possible, if you're awesome!
Dang it, I hadn't followed that all the way through. I got as far as needing the admin to unlock the computer; it hadn't occurred to me that the admin would follow up by blocking PA, but you're right.
As for schools... especially in grade school, there's generally a mischief-maker in every crowd. Your logic is pretty devastating there, especially in big schools with grade-schoolers and high-schoolers - one mischievous little kid could get all the high-schoolers banned from PA.
At this point, I'm totally frustrated, mainly because I have no idea how to handle this.
EDIT: cleaned up the frustration a bit; there wasn't anything bad there, but it could have been misconstrued as such.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Thats exactly the way its here at my university. Lots of people lock their machines and leave and its always frustrating if the Admins have left and all other workstations are in use. So I'm on Johns side here.
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Worse, I've seen Windows machines that are set up to automatically lock themselves after a period of inactivity. So a simple failure to log out can cause the issue, too, not just purposeful malicious locking. And in this case it's built into the operating system, so there's not much you can do about it.
I'm working on it as fast as I can; creating a database of 100 math problems (need that many to prevent kids from "dialing into" one or two problems, then refreshing until they get the one(s) they know), with nasty conversions from picture to database record, is slow work.
The framework for the problems is complete; I just need to finish up with the DB.
Incidentally, there are a couple of other fixes coming in 0.25.6.0 (the version with the math problems), including a fix for the admin unlock feature not working on Vista/7.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
It's okay; I was referring to malicious use of the built-in Windows locking (Win+L) which was being discussed above, not specifically referring to KidSafe or trying to rush you. Sorry for the confusion.
Go ahead and rush me anyway; this addition is definitely a high priority.
I'll be encrypting the DB, too, so that means more modules to add to an already-full project.
0.25.6.0 is going to be very, very busy on the backend.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
The problem is older kids (as in, >2 years old). I had a scaled-down version of KidSafe that just required a key combination to unlock, and that key combination was shown in plain sight. Tried it out with my younger siblings, and even the 4-year-old took just 30 seconds to get through it.
No, no, no, no, no, no. That is SO not what I'm trying to do.
I'm not trying to create something abusable, I'm trying to find the right balance between lockdown and preventing abuse. If I lock the darn thing down, any script kiddie can and will delight in causing chaos with it. If I open it up so anybody can break it, it's a pointless waste of disk space.
I can handle coding, but this is almost too much. And yes, I promise you I've thought about this until I'm sick.
Understood, and, as I said above, it's not what I'm trying to do.
*despair*
John, Bruce, would you mind coming into IRC to discuss it? There's got to be some middle ground that keeps kids under, say, 8 or 10 off the computer but lets adults through. Problem is, I have no idea what that middle ground is, and I've exhausted every single idea I've had. The real problem here is that, on a computer, kids of 8 or 10 can do about anything an adult can do. (Heck, there's probably some tech-savvy 10-year-olds who know more about the machine than a 30-year-old non-techie - more despair)
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Sorry I disappeared so suddenly, I had to go to work. However, something occurred to me earlier: Can't everything KidSafe does be accomplished just as well just by pressing Win+L to lock the machine? Do that and you then need either the current logged-in user's password or an admin's to unlock it, and nobody can mess with the computer at all until it's unlocked.
No problem with you leaving suddenly; I frequently have to leave like that, so I know how it goes.
That's probably the most frequently asked question I get (
I'll have to stick it in the FAQDone), and the answer is "no".KidSafe has more features than Windows + L or the Windows screen saver. Like a screen saver, KidSafe can be customized to run after a certain period of inactivity; it also supports a hotkey and a tray icon. Windows + L can cut off some processes (e.g. it always pauses my virus scanner and media player, and turns off my Internet); KidSafe doesn’t do that. The Windows screen saver requires a period of inactivity – hard to get if a little kid if pounding your keyboard – but KidSafe’s hotkey and tray icon make instantly locking your machine easy.
KidSafe also has more locking capabilities than Windows + L or a password-protected screensaver. For example, you can still open the CD tray while your screensaver is running; however, you can't do that if you set the appropriate option in KidSafe.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
rcmaehl just provided a potentially game-winning idea: "ask them a college level math quesion that cannot be googled". He said he's used that tactic before with great success - a 98.7% success rate - and it sounds like the perfect way to go. I defy any kid younger than 14 to solve anything college-level, and adults should be able to take it with ease.
Suppose I create a new menu item: "Tools -> Anti-abuse shutdown", and have it bring up a new window with a dynamically-generated college-level math question. How satisfactory would that be?
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
The very nature of the app means it can be abused. It's designed to stop kids from messing with the machine. This means you can't have a very obvious "click here to unlock" button that they can immediately find and click--there has to some mechanism to prevent it from being easily circumvented.
I think that's the intent of the admin unlock feature (you unlock it with your machine's own admin password, something the machine's owner should definitely know), but due to the nature of UAC this is insecure: UAC doesn't prompt for a password if you're already logged in as an admin.
Which is exactly the problem I talked about above.
Exactly!
Process de-elevation might be good here, but I've got to talk to John and work out a significantly bigger problem first. His example is still valid, unfortunately, since public computers generally have only a few people who know the admin password. (Although, for a computer lab, a library, or any other public computer, there's probably a sysadmin around almost all the time in case of trouble; still, that's playing with fire, and eventually it's going to catch up to us when there isn't a sysadmin available)
EDIT: more cleanup to prevent the post from being misconstrued
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Personal View:
The way I would use KidSafe, and how other people might use it, is at a library or college to keep people getting on the computer as they step away for awhile. By making it not use a password or having other ways of unlocking it would limit KidSafe to only keeping your desktop from little kids. If you made other ways to unlock KidSafe, I think you should make a option for witch way you want to unlock KidSafe.
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
If I make an option for how you want to unlock KidSafe, anybody with malicious intentions would be quick to turn off the math-problem and admin-unlock approaches. Big, big headaches coming with that route, and I don't think John's going to like it either.
Even if I don't allow the admin-unlock route to be disabled, John's example of locking all the machines in a computer lab until the admin gets there is still painfully valid.
He also has a point with the name - KidSafe, not ComputerSafe. The focus has pretty much been dealing with little kids, and it's going to have to stay that way. Trying to separate kids from adults with the math-problem approach is difficult enough without trying to separate kids and adults from adults simply based on their intentions.
I really value your input, and I'm sorry to do this, but it's the only way to take without destroying KidSafe, both concept and app. If you've got an idea, I'll be delighted to hear it; I've been torn by this issue since day #1, and even the math-problem approach has a few problems.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated 2010-02-19, see above for details.
Note: the anti-abuse math problems system has not been forgotten; there have been numerous technical difficulties getting it working, so it's been delayed to 0.25.7.0 or 0.25.8.0. It will be released as soon as possible.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Sorry, I have not tested Kidsafe for some time.
It loaded a little slow on the first run.
And the unlock text was all ready set, I had to delete the contents of UnlockText=
I will test more soon, Everything on Win xp pro(I think) and vista Home (I think)
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Better hold off on testing a bit - I've got another version nearly ready to drop, with more fixes.
Thanks for the update!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated 2010-03-12, see above for details
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
The requested URL /files/KidSafePortable_0.28.0.0_Development_Test_1_English.paf.exe was not found on this server.
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Fixed, thanks.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I was really looking forward to testing it
but I found an error before I could test it.
Picture:
http://dl.dropbox.com/u/1882171/Pictures/err.PNG
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Looks like the compression screwed it up. I'll run some more tests, then probably upload an uncompressed build, unless I can figure exactly what went wrong.
UPDATE: compression & the digital cert don't play well together. A compressed, unsigned build works; an uncompressed, signed build works; only the compressed, signed build doesn't work. Until I can figure out what's going on, the cert takes precedence.
Thanks for the report!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated (again) 2010-03-12; this one should actually work, since it's not compressed.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
It runs o wine :).... Kinda
I have pictures:
http://dl.dropbox.com/u/1882171/Pictures/Kidsafe%2BWine/Screenshot.png
http://dl.dropbox.com/u/1882171/Pictures/Kidsafe%2BWine/Screenshot-1.png
http://dl.dropbox.com/u/1882171/Pictures/Kidsafe%2BWine/Screenshot-2.png
http://dl.dropbox.com/u/1882171/Pictures/Kidsafe%2BWine/Screenshot-3.png
http://dl.dropbox.com/u/1882171/Pictures/Kidsafe%2BWine/Screenshot-4.png
http://dl.dropbox.com/u/1882171/Pictures/Kidsafe%2BWine/Screenshot-5.png
I had fun testing it on wine, and i would like to share what happened:
even with all the lock down options set to yes.
Screenshot.png
It did not hide everything at first, and title of Kidsafe was going crazy, it was showing random letters and numbers.
Screenshot-1.png
got it to hide the panels.
Screenshot-2.png
The options menu was hiding at first I had to bring the start menu up and started terminal up to see the panels so I could see the options menu. Went on and set the password.
Screenshot-3.png
Could not enter the unlock text so I went to see what els I could do.
Screenshot-4.png
Testing the math thingy, could not enter the math problem as it would not let me.
Screenshot-5.png
Hehe, compize hide desktop worked
Now on to windows xp and vista testing.
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Thanks for testing under Wine!
I wasn't expecting it to work very well, since Wine isn't complete; a Linux port is planned, as is a Mac port, but I've got to get the Windows version finished first.
I am surprised by the textboxes not working, though. Any idea why? (Were they disabled, were they locked ... ? Or were the textboxes working and the appropriate button was disabled?)
Working as expected.
KidSafe constantly changes its title to avoid automated kill tools; that won't stop it from being killed by process name, but it should provide enough protection to deter any little kids.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I was not expecting it to work as it did either
I did it out of boredom and linux is what i had running at the time.
Every thing seems to be working, I have found any thing on vista and xp.
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Were the textboxes disabled, or were they just readonly? I'm not quite sure why they'd do that, so I'm going to try and track this back to its source. (I have one idea, but it's a fairly slim chance, and wouldn't tell me much about the reason behind the problem)
Great!
No bug reports yet, and all previous bugs seem to be resolved, so it's possible KidSafe is finally ready for its final trimmings. If nobody reports a bug within two weeks, I'll add the rest of the math problems, then send it to the Localizations subforum. We could be ready for pre-release within a month if all goes well.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Sorry, forgot to answer that :/
It seemed read only I think I was able to click in them, but I did not test pay much attention to it. I could not type in them for sure, once I get my computer set back up I will take a closer look into it.
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
When I use this on a computer with dual screens (extended desktop) it works perfectly on the main desktop, but does not lock the second desktop at all. I just see my normal unlocked second desktop where I can edit files and stuff.
Also, these math problems seem kinda tricky. I mean, I'm majoring in Computer Engineering right now, so I get a good bit of math, but without paper and pencil, some of these would take me a minute or so to think through. It seems like your average teacher could still get pretty frustrated over a machine locked with a problem that takes them more than 20 seconds to solve.
This second point is just something you might want to think about, not really a bug or anything. But when I hear that a program locks the screen, I personally would assume it would either lock both screens, or it would specify that it is unable to do so.
I'm testing this still on XP SP3 limited permissions. (I can test on windows 7 admin if necessary or XP SP3 admin).
Thanks for keeping with this program, its interesting!
--Edit--
I realize you guys have talked about the math stuff for a while now, so I don't want to bring it up again if you are firm in your opinion of what's happening. I was just giving you another opinion if you're still open
Known bug, and one I'm not quite sure how to deal with. It's on the to-do list (one of just three items), but I haven't found a fix yet. Thanks for reporting!
Agreed. I'll see if I can get a fix in for 0.29.0.0; with any luck, MS won't make life too difficult for me. However, given Windows Explorer's problems with multiple monitors, I'm not convinced it'll be easy.
The problems are deliberately tricky - keep a special lookout for traps with order of operations, negative numbers, and exponents. The idea is to make little kids think two or three times about whether they even want to try breaking the problems; since the problems are just basic algebra with some tricks, though, adults should be able to take them with ease.
If you want to drop me an e-mail (take my forum name, add "eatsspam", and find me on GMail), I'm still open to making changes. Better do it soon, though, as I've started requesting help with creating the math problems - there are only 20 right now, but once we reach 50 I'm not going to make changes without a very compelling reason. At that point, there'll be too much work to throw away without some serious thought put into the decision.
If you want to give it a spin on Win7, that would be great. I don't have access to anything but XP, so my handling of other systems may not be ideal.
Thanks!
It's been a pleasure! I've really enjoyed developing KidSafe, and I really appreciate all the support & help I've gotten.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated, 2010-03-19; see above for details.
The last known bug has been fixed, and KidSafe should be completely abuse-proof; I'm going MIA for awhile, but hopefully we can get pre-release status once I get back.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
The online changelog needs to be updated to 0.29
Taken care of, thanks.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated, 2010-04-06; see above for details.
News: we've reached KidSafe's 50th build! There's still more to come; the to-do list has gotten pretty full over the past few days. Thanks for all the support, advice, and testing you guys have provided! KidSafe has gotten much, much further than I ever imagined, and it's mostly due to PortableApps members.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I just saw the #portableapps IRC logs and your note.
I don't believe KidSafe is "early testing software" or "pre-alpha". Since day 1, the biggest focus has been on stability; I'd rather have a feature not work than have one work too well.
We've released 50 builds, so KidSafe is getting to be quite a mature product as well. As the development rate slows down (which it already has), it'll stabilize even more.
Our bug-fixing speed is quite good, too; for serious bugs, a fix is usually out within hours and always within 2 days. Less-serious bugs are usually fixed within a week.
I'm aware that some anti-virus apps react to KidSafe's system hooks; I've already contacted a few anti-virus companies about this, and so far results have been favorable. I wasn't aware that Kaspersky had any problems with KidSafe, though; I'll get in touch with them as soon as possible.
I'm also looking into a way to keep a failed system-hook attempt from causing serious trouble; I'm not aware of a good way to do this, but I have a few ideas I'll be trying over the next few releases.
Also, I have verified rcmaehl's bug; it's a regression. I'll post a fix in a few minutes.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
We won't be hosting an app that immediately locks down (or attempts to lock down) a desktop as soon as you run it. What it should do is launch an interface allowing you to lock it down. That's better user behavior.
I ran it for the first time last night and was very annoyed when it immediately started trying to lock my desktop and failed absolutely miserably getting caught by Kaspersky 1/2 way through the process, leaving me with a machine where I had to kill kidsafe, block it in kaspersky and then manually kill and then run explorer.exe via task manager.
I added that note under the assumption that you were gone for a few months, as you had told me would happen.
Additionally, this still seems to be a password-locking program. The anti-abuse bit is buried and the math equations are too complex for folks many years post-college (who will likely not remember how to do them). If the point is a password-locking program, that's fine, but we won't list it here. If the point is *ONLY* to keep *young* children from messing with your computer, then we will consider it. But that is not the point of the current app at all. It shouldn't have a password, it shouldn't look like it's locked others out. It should look like something to prevent a kid or a cat from messing about with the keys and be completely and utterly obvious to someone who has never seen the app before how to unlock it within a few seconds without solving an advanced algebra equation.
Like I said, I'm not dictating how you create your app, that's up to you. Just the conditions under which something like this can be listed here. If it can be abused, we will not list it.
Sometimes, the impossible can become possible, if you're awesome!
I'm not sure exactly what you're looking for here; KidSafe won't lock anything down unless it's explicitly told to (via the Options dialog).
OK, I can take care of the desktop-locking. Just another option in the prefs dialog, with a default of false (as usual).
I'll also get in touch with Kaspersky and see about getting their defs fixed.
As I mentioned in my last note, I'm also trying to find a better way of handling failed system-hook attempts; that's likely to be somewhat difficult, since there's not much I can do other than what I already am.
Yeah, I was supposed to be gone (and was gone, at least for a couple of days).
I came back to put out some fires, particularly with KidSafe, and I'll be fading out again once things settle down.
A key-combo unlock option is in the works; I just haven't had the time to finish it.
Where would you like me to put it? Maybe a button right under the standard-unlock controls?
I deliberately put a couple of simple traps in there to take care of older kids who might be tempted to take a round of shots at unlocking KidSafe; nothing more complex than order-of-operations and some exponent stuff, though.
How simple do you want things? (A sample problem would be good, because your last statement - that I, my parents, and my brother should all be able to solve it - is fairly broad)
The point is keeping all kids under, say, 10 from abusing a computer. By definition, that involves a password; kids older than 5 or 6 won't have any trouble with some "touch the corners of the screen" instructions, which seriously limits things.
The point is to keep children younger than 10 from wrecking a computer.
I can do that, but then it's totally useless for any kid above the age of 2 or so.
I appreciate you listing the acceptance conditions, and I'm willing to go pretty far to accommodate them.
However, I don't want to weaken KidSafe to the point of letting a 4-year-old unlock it; it's supposed to keep kids 10 and under off the machine. Is that acceptable?
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
The issue is complexity. If you have complex problems, then the program can easily be abused by running around a computer lab and locking all the machines, thus requiring the admin to run around and have to solve multiple problems requiring paper and pencil math, which is absurd. The problems should be simple along the lines of "enter the 2nd, 4th and 7th letters of the alphabet". That would lock out a child who would just mess with the keys.
Locking out a 10 year old is basically not gonna work, as the problem will have to be sufficiently complex to be beyond them. Unfortunately, that same complexity will be beyond some adults. And the adults it is not beyond, it will require time to solve, which figures into the abuse scenario I laid out in the original statement.
I honestly can't thing of a way for you to accomplish what you want (locking out kids 10 and under) without having a huge abuse potential in it, so it may just be that this app won't get listed on PA.c but you can make it available on your own site and Google Code.
Sometimes, the impossible can become possible, if you're awesome!
Looks like this problem's fundamental to any computer-locking app.
If I simplified the math problems, made the anti-abuse shutdown more obvious (like a button on the main screen), and made the desktop-locking an option with a default value of Off, would that be acceptable? (If so, please give me an example of a "simple" problem that you find acceptable; I'm not at all certain at this point)
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated, 2010-04-14. See above for details.
All users are strongly encouraged to update to the latest version of KidSafe.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Updated, 2010-04-16; see above for details.
John, I'd like to get your feedback on 0.34.0.0; I've taken some more steps to make KidSafe more compliant with your requirements. It's not there yet, but hopefully getting there.
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Will be testing some time today/tomorrow Windows xp(admin and guest) and Vista (admin)
"It's just an online installer. It's not going to mug you.", JTH
"The shell is the key to unlock Linux's greatest advantages."
Pages