Archive for the ‘Uncategorized’ Category

Fun with NX stuff


So, I was trying out various NX servers because I’d had very good luck with NX in the past and generally found it faster than VNC, RDP, or X11 over SSH. My options appeared to be:

  • NoMachine’s server (here), which is free-as-in-beer but supports only 2 simultaneous sessions.
  • FreeNX made from the components that NoMachine GPLed. It’s open souce, but apparently is a total mess and notoriously hard to set up. However, it doesn’t limit you to two sessions, as far as I know.
  • neatX, implemented from scratch in Python/bash/C by Google for some internal project because apparently FreeNX was just too much of a mess. Like FreeNX, it lacks the two-session limitation; however, it doesn’t handle VNC or RDP, only X11.

NoMachine’s server was a cinch to set up (at least on Fedora). The only thing I remember having to do is put my local hostname (idiotbox) in /etc/hosts. Performance was very good (though I haven’t tried RDP or VNC over a slower link yet – only a LAN with VirtualBox’s built-in RDP server).

neatX was a bit tougher to set up, primarily because the documentation I saw was very sparse. This blog post was helpful. It advised that you should make sure you could log in with SSH manually before checking anything else, which gave me a starting point for my problems.

I took these notes on how I made it work:

  1. Install all of the dependencies it says. ALL OF THEM!
  2. Follow the other instructions in “INSTALL”.
  3. Go to /usr/local/lib/neatx and run ./nxserver-login
    If it looks like this, you’re probably good:

    [hodapp@idiotbox neatx]$ ./nxserver-login
    HELLO NXSERVER - Version 3.3.0 - GPL
    NX> 105

    If not, you may need to install some dependencies or check paths of some things. If it complains about not being able to import, add something like this to the top of nxserver-login:

    import sys

    Replace that path with your own if it’s different, of course.
  4. Set up password-less login for user ‘nx‘ using something like ‘ssh-keygen -t rsa’ and putting the private & public keys someplace easy to find. Check that this works properly from another host (i.e. put the public key in the server’s authorized_keys file in ~nx/.ssh, copy the private key to the client, and use ‘ssh -i blahblahprivatekey nx@server’ there to log in. It should look something like this:

    chris@momentum:~$ ssh -i nx.key nx@
    Last login: Sun Oct 11 13:11:49 2009 from
    HELLO NXSERVER - Version 3.3.0 - GPL
    NX> 105

    If it asks for a password, something’s wrong.
    If it terminates the connection immediately, SSH is probably okay, but something server-side with neatX is still messed up. SSH logs can sometimes tell things.

Once I’d done all this, neatX worked properly. However, I had some issues with it – for instance, sometimes the entire session quit accepting mouse clicks, certain windows quit accepting keyboard input, or things would turn very sluggish at random. But for the most part it worked well.

After setting up SSH stuff, FreeNX server worked okay from Fedora’s packages after some minor hackery (i.e. setting user the login shell for user ‘nx‘ to /usr/libexec/nx/nxserver. I haven’t yet had a chance to test it over a slow link, whether with X11 or RDP or VNC, but it worked in a LAN just fine. Someone in the IRC channel on FreeNode assures me that it runs flawlessly over a 256 kilobit link.

Then, for some reason I really don’t remember, I decided I wanted to run all three servers at once on the same computer. As far as I know, all of the NX clients log in to the server initially by passing a private key for user ‘nx‘. The server then runs the login shell set in /etc/passwd for nx – so I guess that shell determines which NX server handles the session.

So, amidst a large pile of bad ideas, I finally came up with this workable idea for making the servers coexist:  I would set the login shell to a wrapper script which would choose the NX server to then run. The only data I could think of that the NX client could pass to the server were the port number and the private key, and this wrapper script would somehow have to get this data.

Utilizing the port number would probably involve hacking around with custom firewall rules or starting multiple SSH servers, so I opted to avoid this method. It turns out if you set LogLevel to VERBOSE in sshd_config (at least in my version), it’ll have lines like this after every login from the NX client:
Oct 14 18:11:33 idiotbox sshd[15681]: Found matching DSA key: fd:e9:5d:24:59:3c:3c:35:c5:29:74:ef:6d:92:3c:e4
You can get that key fingerprint with ‘ssh-keygen -lf‘ where is the public key.

So I generated 3 keys (one for neatX, NoMachine’s server, and FreeNX), added them all to authorized_keys, found the fingerprints, and ended up with a script that was something like this:

FINGERPRINT=$(grep "Found matching RSA key" /var/log/secure |
     tail -n 1 | egrep -o "(..:){15}..")
if [ $FINGERPRINT == "26:dd:67:82:c1:2d:cc:c0:c6:13:ac:d4:49:0e:79:a3" ]; then
elif [ $FINGERPRINT == "35:fb:bd:45:c5:71:91:ce:d6:d9:7f:0b:dc:84:f4:b3" ]; then
elif [ $FINGERPRINT == "b5:d7:a5:18:0d:c4:fa:18:19:58:20:00:1d:3b:3c:84" ]; then

I saved this someplace, set it executable, and set the login shell for nx in /etc/passwd to point to it. Make sure the home directory points someplace sensible too, as the install script for some NX servers are liable to point it somewhere else. But as far as I can tell, the only thing they use the home directories for is the .ssh directory and all the other data they save is in locations that do not conflict.So I copied the three public keys to the client and manually did ‘ssh -i blah.key nx@whatever‘ on each key.

chris@momentum:~$ ssh -i freenx-key nx@
HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
NX> 105
chris@momentum:~$ ssh -i neatx-key nx@
HELLO NXSERVER - Version 3.3.0 - GPL
NX> 105
chris@momentum:~$ ssh -i nomachine-key nx@
HELLO NXSERVER - Version 3.4.0-8 - LFE
NX> 105

The different versions in each reply were a good sign, so I tried the same keys in the client, and stuff indeed worked (at least according to my totally non-rigorous testing). Time will tell whether or not I completely overlooked some important details or interference.



2009.04.20 == log * If I am lucky, then this text file is being posted from the commandline via blogpost from and possibly screwed-up by being processed first by AsciiDoc which I have not yet bothered to learn.

2008.09.26 – 2008.11.09, really overdue stuff





  • A Look at NoMachine NX – I discovered NX performs better for remote access than anything else I’ve tried (i.e. RDP, X11, VNC, and straight SSH+screen if you happen to need GUI), particularly over slow links. Unfortunately, it doesn’t handle links with 93% packet loss very well.
  • Quagga Routing Suite – GPLed routing software for IPv4/IPv6 that handles a number of routing-related protocols (a list of them is here)
  • Yersinia – network tool designed to take advantage of some weaknesses in different network protocols… I haven’t used this but the guys from cinci2600 did a presentation with it
  • Etherboot/gPXE booting – an open source network bootloader, providing a direct replacement for many proprietary PXE ROMs. I have yet to try this.
  • LTSP, Linux Terminal Server Project – adds thin-client support to Linux servers, so thin clients or dumpster PCs can be used for something useful within a school or business.

Programming/general computer stuff

  • “Roles Before Objects” by Doug Lea – some sort of pattern for software development, particularly for “organizing activities that separate object-independent from object-dependent matters”
  • “10 Amazingly Alternative Operating Systems etc.” – maybe overly prophetic and lofty, but a good article nonetheless
  • Twibright Optar – OPTical ARchiver, a codec for encoding data on paper; it gets about 200 KB per page at 200 DPI which is reliable for most paper, and contains some pretty heavy error correction. This might be neat for long-term archival purposes of smaller data.

Other projects

  • MAgtALo (MultiAgent Argumentation, Logic and Opinion) – a prototype tool for virtual round-table meetings. I don’t really know much about this. I just read about it in some IEEE publication I found on the ground.
  • LibriVox – free audiobooks from the public domain
  • Geographic British Isles – a project aiming to collect geographically representative photographs of every square kilometer of Great Britain and Ireland


  • “High Voltage Sparks and Arcs” – My friend Mark found this, and it has a collection of videos and photos of some pretty spectacular incidents at high voltages. The only casualties are machines, if you are worried.
  • How Transistors REALLY Work, from William Beaty who is annoyed at the way many textbooks teach transistors to students


  • Lunar – an artist Jeremy likes, self-described as “An eclectic blend of electronica, rock, dance, ambient, drum ‘n’ bass and classical.” They have two albums available for free download as of now.

Tinfoil hat stuff

  • Money Masters: How International Bankers Gained Control of America (Google Video link)… I don’t know what to think of this, but I did watch it.
  • Maltego: “Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.”

Economics of the non-tinfoil-hat variety

  • “Where to put your money if it’s just sitting in a checking account”
  • ABSEL – Association for Business Simulation and Experiential Learning; “professional association whose purpose is to develop and promote the use of experiential techniques and simulations in the field of business education and development”
  • M.U.L.E. – an early video game that was praised for its elements of economic simulation
  • The Progress Paradox: How Life Gets Better While People Feel Worse, by Gregg Easterbrook (Amazon link)

Other stuff

  • Anti-pattern – something that distinguishes itself from a conventional bad idea or bad practice in a particular way; “Some repeated pattern of action, process or structure that initially appears to be beneficial, but ultimately produces more bad consequences than beneficial results.”


2008.08.22 – 2008.09.26 or something like that


Reference stuff

Technical stuff

Music, demoscene, and other shiny stuff

  • Future Crew – Second Reality – very impressive demo from 1993 (actual program for DOS here)
  • ChibiTracker – portable Impulse Tracker clone (i.e. “a small, compact music composing application that is easy to learn and powerful enough to sound good”); GPLed and runs on Windows, Linux, MacOS, BSD, and BeOS
  • Map of Science – trying to visualize connections between various sciences… Flash-based and interactive and kinda neat