Fun with NX stuff

2009-10-15

So, I was trying out various NX servers because I’d had very good luck with NX in the past and generally found it faster than VNC, RDP, or X11 over SSH. My options appeared to be:

  • NoMachine’s server (here), which is free-as-in-beer but supports only 2 simultaneous sessions.
  • FreeNX made from the components that NoMachine GPLed. It’s open souce, but apparently is a total mess and notoriously hard to set up. However, it doesn’t limit you to two sessions, as far as I know.
  • neatX, implemented from scratch in Python/bash/C by Google for some internal project because apparently FreeNX was just too much of a mess. Like FreeNX, it lacks the two-session limitation; however, it doesn’t handle VNC or RDP, only X11.

NoMachine’s server was a cinch to set up (at least on Fedora). The only thing I remember having to do is put my local hostname (idiotbox) in /etc/hosts. Performance was very good (though I haven’t tried RDP or VNC over a slower link yet – only a LAN with VirtualBox’s built-in RDP server).

neatX was a bit tougher to set up, primarily because the documentation I saw was very sparse. This blog post was helpful. It advised that you should make sure you could log in with SSH manually before checking anything else, which gave me a starting point for my problems.

I took these notes on how I made it work:

  1. Install all of the dependencies it says. ALL OF THEM!
  2. Follow the other instructions in “INSTALL”.
  3. Go to /usr/local/lib/neatx and run ./nxserver-login
    If it looks like this, you’re probably good:

    [hodapp@idiotbox neatx]$ ./nxserver-login
    HELLO NXSERVER - Version 3.3.0 - GPL
    NX> 105

    If not, you may need to install some dependencies or check paths of some things. If it complains about not being able to import neatx.app, add something like this to the top of nxserver-login:

    import sys
    sys.path.append("/usr/local/lib/python2.6/site-packages")

    Replace that path with your own if it’s different, of course.
  4. Set up password-less login for user ‘nx‘ using something like ‘ssh-keygen -t rsa’ and putting the private & public keys someplace easy to find. Check that this works properly from another host (i.e. put the public key in the server’s authorized_keys file in ~nx/.ssh, copy the private key to the client, and use ‘ssh -i blahblahprivatekey nx@server’ there to log in. It should look something like this:

    chris@momentum:~$ ssh -i nx.key nx@10.1.1.40
    Last login: Sun Oct 11 13:11:49 2009 from 10.1.1.20
    HELLO NXSERVER - Version 3.3.0 - GPL
    NX> 105

    If it asks for a password, something’s wrong.
    If it terminates the connection immediately, SSH is probably okay, but something server-side with neatX is still messed up. SSH logs can sometimes tell things.

Once I’d done all this, neatX worked properly. However, I had some issues with it – for instance, sometimes the entire session quit accepting mouse clicks, certain windows quit accepting keyboard input, or things would turn very sluggish at random. But for the most part it worked well.

After setting up SSH stuff, FreeNX server worked okay from Fedora’s packages after some minor hackery (i.e. setting user the login shell for user ‘nx‘ to /usr/libexec/nx/nxserver. I haven’t yet had a chance to test it over a slow link, whether with X11 or RDP or VNC, but it worked in a LAN just fine. Someone in the IRC channel on FreeNode assures me that it runs flawlessly over a 256 kilobit link.

Then, for some reason I really don’t remember, I decided I wanted to run all three servers at once on the same computer. As far as I know, all of the NX clients log in to the server initially by passing a private key for user ‘nx‘. The server then runs the login shell set in /etc/passwd for nx – so I guess that shell determines which NX server handles the session.

So, amidst a large pile of bad ideas, I finally came up with this workable idea for making the servers coexist:  I would set the login shell to a wrapper script which would choose the NX server to then run. The only data I could think of that the NX client could pass to the server were the port number and the private key, and this wrapper script would somehow have to get this data.

Utilizing the port number would probably involve hacking around with custom firewall rules or starting multiple SSH servers, so I opted to avoid this method. It turns out if you set LogLevel to VERBOSE in sshd_config (at least in my version), it’ll have lines like this after every login from the NX client:
Oct 14 18:11:33 idiotbox sshd[15681]: Found matching DSA key: fd:e9:5d:24:59:3c:3c:35:c5:29:74:ef:6d:92:3c:e4
You can get that key fingerprint with ‘ssh-keygen -lf foo.pub‘ where foo.pub is the public key.

So I generated 3 keys (one for neatX, NoMachine’s server, and FreeNX), added them all to authorized_keys, found the fingerprints, and ended up with a script that was something like this:

#!/bin/sh
FINGERPRINT=$(grep "Found matching RSA key" /var/log/secure |
     tail -n 1 | egrep -o "(..:){15}..")
if [ $FINGERPRINT == "26:dd:67:82:c1:2d:cc:c0:c6:13:ac:d4:49:0e:79:a3" ]; then
    SERVER="/usr/local/lib/neatx/nxserver-login-wrapper"
elif [ $FINGERPRINT == "35:fb:bd:45:c5:71:91:ce:d6:d9:7f:0b:dc:84:f4:b3" ]; then
    SERVER="/usr/NX/bin/nxserver"
elif [ $FINGERPRINT == "b5:d7:a5:18:0d:c4:fa:18:19:58:20:00:1d:3b:3c:84" ]; then
    SERVER="/usr/libexec/nx/nxserver"
fi
$SERVER

I saved this someplace, set it executable, and set the login shell for nx in /etc/passwd to point to it. Make sure the home directory points someplace sensible too, as the install script for some NX servers are liable to point it somewhere else. But as far as I can tell, the only thing they use the home directories for is the .ssh directory and all the other data they save is in locations that do not conflict.So I copied the three public keys to the client and manually did ‘ssh -i blah.key nx@whatever‘ on each key.

chris@momentum:~$ ssh -i freenx-key nx@10.1.1.40
HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
NX> 105
chris@momentum:~$ ssh -i neatx-key nx@10.1.1.40
HELLO NXSERVER - Version 3.3.0 - GPL
NX> 105
chris@momentum:~$ ssh -i nomachine-key nx@10.1.1.40
HELLO NXSERVER - Version 3.4.0-8 - LFE
NX> 105

The different versions in each reply were a good sign, so I tried the same keys in the client, and stuff indeed worked (at least according to my totally non-rigorous testing). Time will tell whether or not I completely overlooked some important details or interference.

Advertisements

2009.08.12

2009-08-14


videos,paranoia

  • Here and here – videos from Prof. James Duane and Officer George Bruch about why talking to the police is almost never a good idea.

software

  • omploader – A place to upload files. It can also be done with a firefox extension or in a script.
  • Paperback, from the OllyDbg guy. This lets you store data on paper (about 500 KB for A4 at 600 DPI).

web

  • HTML5 Canvas Experiment – Perhaps good for comparing different Javascript engines. It chokes on Firefox 3.5 on my Atom 330, but works well on 3.6.
  • drop.io – A file sharing site which Wired mentioned because of its ability to set an expiration date on any file you upload. It also appears to have a collection of other, much cooler features for collaboration.

programming,linux

  • Bash cures cancer – Some helpful stuff for commandline Unix/Linux. It seems to have not been updated in about a year though.
  • Learn You a Haskell for Great Good! – My friend Lincoln showed me this. It’s a decent Haskell tutorial with some very oddball illustrations.
  • How to Design Programs – A book, freely available online, which teaches software design using Scheme (or is it DrScheme?)
    • How to Design Worlds: Interactive Programming in DrScheme – Another freely available book from the same guys that made HtDP, but this one is about writing interactive applications using pure functional programming.

games

  • Kongregate – A large collection of rather addictive online Flash games.

books

  • The Underground History of American Education by John Taylor Gatto; the full text is readable for free online. I haven’t read it, I just noted the link, so I can neither agree nor disagree with the contents of it.
  • Wishcraft by Barbara Sher; I came across this motivational book from Havi Brooks. I haven’t read this either, but I should at some point. It’s free as a series of PDFs.

food


hippie


something

2009.07.21

2009-07-22


local,links

  • Queen City Discovery – An interesting blog about urban exploration in Cincinnati that some guys in Hive13 told me about
  • Amidst a pile of other new-age and holistic bullshit in some free magazine, I miraculously discovered an ad for the “Uptown Farmer’s Market” at Garden Park – 3581 W. Galbraith Road, Fridays 12-7, Saturdays 10-2, 513-238-6616

programming

  • MapReduce – I don’t care what your opinion of MapReduce is or how much it might suck, I am just putting this here so I will encounter it later and remember that it exists.
  • Epigrams on Programming from Alan Perlis – Written in 1982 but still pretty true.

software


video,books


games

  • Balance of Power – A geopolitics game by Chris Crawford (also with his interesting essay/article here).

lit,historical

  • We the People Network – I was searching for an image of the Declaration of Independence here and discovered they have rather high-resolution scans (like, the Declaration is 63 megapixels) of that and many other historical documents too.

2009.06.19

2009-06-23


apps,photography

  • So, I’m on a quest to find a photo organization tool for Linux (or, on a later note, for any OS) that does some things like…
    • Allow me to apply metadata to images, like comments and groups and tags (preferably hierarchical)
    • Store the metadata IN THE ACTUAL IMAGE, IN A STANDARD FORMAT. This also means it will probably need to support IPTC or XMP, preferably XMP. (No, shut up about GQview, it doesn’t cut it.)
    • Allow me to set metadata as a batch operation. I am thoroughly uninterested in having to manually go through the process of setting metadata for each individual image. And when I say “batch operation”, “batch” really needs to be more generic than “all files in a directory.” (No, shut up about scripting it with ExifTool or Exempi or Exiv2. Yes, they can edit XMP data on groups of files, but scripting doesn’t cut it as a solution unless someone can show me how to make this integrate with a GUI.)
  • Here are the apps recommended thus far:
  • And my responses thus far:
    • digiKam:
      • Has a pretty nice UI (though overdone sometimes)
      • The built-in editing features and plugins are handy and quick. I’m kind of cheating here because I’m already pretty familiar with digiKam.
      • Searching capabilities are pretty good.
      • Only wants to edit IPTC/XMP metadata one image at a time.
      • All its metadata (besides IPTC/XMP that you do one image at a time) is stored in an SQLite database, not in the image
      • Interface can get pretty slow sometimes.
    • imgSeek:
      • The interface works okay but it’s a little clumsy, and sometimes things are slow (I loaded about 10K pictures).
      • Finding pictures based on similarity to other pictures or to a hand-drawn image is an interesting feature.
      • The grouping/batching features are powerful, but a bit slow.
      • I am unsure if imgSeek lets me add IPTC or XMP data easily.
      • There is no easy way I can see to search based on date.
    • F-Spot:
      • I’m told the IPTC/XMP support in this isn’t that great.
      • I have yet to try this program.
    • LightZone:
      • This is proprietary, but they have a 30-day trial.
      • “Linux users will especially enjoy access to the new LightZone Relight Tool l which can achieve HDR effects from a single negative revealing hidden HDR detail in both the highlights and the shadows, using just a single exposure. For instance, you’ll see both saturated colors of a sunset and bright detail in the face of a back lit subject that was formerly lost. Achieving such stunning results from a single exposure without LightZone would require multiple flashes, reflectors and shades at the time the photograph — if it could be possible at all.” . . . sorry, but if you honestly believe this, you don’t have the slightest understanding what HDR is. Oh well, it’s all marketing.
      • Having tried this software, I cannot see any batch metadata editing capability, or any reason why I’d want to pay for this.
    • PicaJet FX:
      • This is proprietary with a 15-day trial.
      • I tried this software and could not find any batch-editing features for XMP.
    • Lightroom
      • This is the expensive stuff from Adobe ($300, but there’s a 30-day trial). Some people in #photogeeks on Freenode recommended it.
      • This is a “workflow app designed for professional photographers” and it’s from Adobe. If anything at al supports XMP batch-editing, and a billion other features, this would have to be it.
    • Razuna
      • I don’t know. This is an open source, web-based Digital Asset Management application.
      • It looks very nice (check out the videos there), but I don’t think it’s whatI need for this task.
    • Any application I failed to mention: I either ignored it on the basis of provided specifications, or I ignored it because I’m just too lazy.