Everything In Between

Danica and I only managed to go to sleep nearing 5 AM yesterday. Which is really, really bad. We have so much to do that we just don’t have time to lazy about the house for hours on the few days we have off togethr. I was pissed at myself for not going to bed earlier last night.

I spent about 4 hours last night playing with Knoppix 3.6, since Fedora Core 3 is apparently bipolar too. Who knew? It wouldn’t install on my older PC, but after reading more carefully through the release notes I’m no longer convinced it had anything to do with the bug I encountered on the first pass. Instead, I think I might just need to upgrade the hardware on that box because, unfortuantely, it’s just too old. (Old 350 mhz Celeron, for instance. Blah!)

So I’ll see if I can install Fedora Core 3 on the other machine and hope it’ll take. While I do that, I need to go get a brand new motherboard and other internal components. I’ve never built my own system before, but this is as good a time as any to try it. Nothing fancy, just a good solid fileserver maybe.

This morning, however, I was pleasantly awoken by Danica’s gentle hugs at around half past noon. Late, of course, since I had hoped to be out of here by noon instead. I knew I’d have trouble waking up by going to sleep that late. Danica had prepared coffee and a slice of loaf cake for breakfast and we enjoyed each other’s company in sitting at the makeshift kitchen table.

And for something completely different, as I was blowing air through a small electrical cap for our new Gevalia coffee maker (I got it so we would be spending less money on Starbuck’s, and because it’s surprisingly good), I managed to whistle for the first time ever! I can’t seem to reproduce the effect, but it had me unproportionately excited for a few moments there.

Now it’s off to actually do what we have to do today: shop for cabinets and counter space for the kitchen, pick up random objects from our old apartment, and get curtains, drill bits, and other various items from around the city. Wish me luck and low prices.

Yesterday was much better than the past couple of days, and today is turning out to be truly awesome.

• I was still angry with Danica when she came home, so few words were exchanged at first. Some time later, she went to the kitchen (omg, we have a kitchen) and ate some leftover Thai for food for dinner. That’s when I stopped fiddling with my computers and came to join her.

  We spoke a little, hugged, played Race (an Israeli card game), and generally felt better. I’m not really sure if we’ve resolved to “not fight” anymore, but there is certainly less emotional pollution in the air right now. That, if nothing else, makes my day.

• I didn’t go to sleep last night. Instead, I finished inspecting the other PC I have. This is the lower-end machine, so instead of merely look at the data, I actually took the whole thing apart and took out the CD-ROM drive, the floppy disk drive, some PCI cards, and disconnected the power supply. Yes, I was like a kid in a candy store.

  This may sound odd to some of you (it sure does to me), but I’ve rarely ever seen the inside of a computer before. So this was really a lot of fun to do. I had my trusty power tool so screwing and unscrewing various parts was a snap. If I could, I would have literally opened up the CD-ROM drive to see what it looks like in there, but I didn’t have the right tools.

  I went out to Radio Shack, the hardware store, and various other locales around my neighborhood when it turned to morning and after I had fetched Danica her morning pastries and latè, but no store had the right sort of screwdrivers. I tried my best to open the small CD-ROM screws with one of those eyeglass repair kits with the little screwdriver but I only succeeded in hurting my hands.

  I did, however, buy myself a Linksys Fast Ethernet NIC for the PC which didn’t have an RJ-45 port. I installed it on the PCI slot in the motherboard myself, screwed it in place and am currently sitting next to the open computer. I spent a good deal of time cleaning the innards with a can of compressed air and rubbing the casing down with paper towels. Hopefully that’ll do some good.

• I’m finally installing Fedora Core 3, the Linux distro that was most often suggested to me to try first. I’m actually paging through the installer as I write this, which is incredibly exciting. I didn’t even finish setting up my workspace, but it’s really just about damn time I had a Linux box. I plan on installing one other Linux distro one of my two remaining PCs, and probably FreeBSD on the other because it’s what Mac OS X was “based on,” or so they say.

  Oh yeah. And Danica’s excellent music collection is playing off of her computer on my speakers. It’s awesome stuff. Really it is.

I have spent the past 5 hours pouring over the Cygwin/X FAQ and countless mailing list archives but have turned up empty. In brief, I am having trouble getting my Cygwin X Server to receive forwarded X11 connections.

More specifically, when I ssh -X user@remote-host from the Cygwin XTerm, the remote-host doesn’t have a DISPLAY environment variable set. Obviously, this is bad, because it means the X11 forwarding doesn’t have a display to go to (i.e., it is b0rk)!

I’ve tried to ssh -vv -X user@remote-host to get some interesting debugging output, but the only X11-related messages I get are too cryptic for my understanding:

debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-UbLPAD1860/xauthfile generate 127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-UbLPAD1860/xauthfile list 127.0.0.1:0.0 . 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0

The bit about “authentication spoofing” is unnerving. Could this “spoofing” simply not be working? If that’s the case, then the problem has something to do with the way xauth(1) is configured, no? (Yes, I’ve poured over the man pages as well, but to no avail. As far as I can tell the output fom xauth -v list is fine.)

Additionally, I’ve got doubts about whether or not it is okay that the xauth data is being written to a temp file like that with xauth ... generate .... Note that there doesn’t seem to be any problem forwarding the display of X client programs to a different server, only the other way around (forwarding other displays to my Cygwin X Server) causes problems.

Am I missing something really stupid?

After some more fiddling, I have gotten it to work if I set $DISPLAY manually through the SSH connection. That is, after I

Cygwin-Box$ ssh user@remote-host
Remote-Host% setenv DISPLAY "192.168.1.102:0.0"

then

emacs&

will work and its display will appear on Cygwin-Box. But why doesn’t ssh -X ... do this automatically?

Anyway, if anyone has any idea why SSH isn’t setting $DISPLAY for an X11 connection, I’d really appreciate some advice. Thanks in advance.

I absolutely love Apache. A while ago I ranted about the annoying prevalence of uneccessary redirects some sites make you click through. This topic comes up pretty often even today, although the issue of annoying HTTP “404 Not Found” errors has been mitigated somewhat by people wising up and creating helpful error pages. (Which I’ve been meaning to revise and improve on this site.)

Usually, the existene of broken links and the like is brushed off by saying something like, “We are undergoing a re-organization period,” usually followed by a request to “please bear with us” for the duration of said period.

Well, I know a thing or two about organization. In fact, I probably know more than most because I re-organize my my desk, my computer, my Web site, and even my refridgerator fairly frequently. As Danica will no doubt tell you, I like to make sure I am keeping things as effecient as possible.

In terms of serving up web pages to visitors, it means that I can reorganize and restructure my site as much as I’d like and you wouldn’t even know that I did it. The main tools I use for this are Apache’s Redirect directive (implemented via mod_alias) and the various, insanely powerful features offered by mod_rewrite (documentation). I’ve used these tools several times while working on this site but none of these examples even scratch the surface of what is possible.

• While moving the site from Blogger to WordPress, I also decided to change the blog’s address so that I had a shorter URL, devoid of any hint of the old site. Naturally, since I didn’t want to break incoming links, I used a Redirect to bounce visitors to the right address. Additionally, I tagged the redirect with the keyword permanent which emits a “301 Moved Permanently” HTTP response header so that decent clients will no longer request the old resource’s address. The full line in my .htaccess file looks like this

  Redirect permanent /bpd/blog/ http://www.maymay.net/blog/

  although I could have written it with the status code instead of the keyword like this:

  Redirect 301 /bpd/blog/ http://www.maymay.net/blog/

• At the same time, I also decided to give some common aliases to the /bpd subdirectory, so I started redirecting requests for things like /bipolardisorder to /bpd as well.

• I wanted to make a few “static pages” such as the About Meitar page, but I wanted a cruft-free URL for them as well. The simple solution was to start Apache’s mod_rewrite and map a nice-looking URL to the file I wanted to serve.

  # turn mod_rewrite on
  RewriteEngine on
  # restrict the following rule to /bpd/
  RewriteBase /bpd/
  # set /meitar or /meitar/ to meitar.php (or similar)
  RewriteRule ^/meitar/?$ meitar.php
  

Most recently, I was asked if there is some way Apache could automatically “redirect HTTP to HTTPS” transparently. Sure enough, this is a piece of cake:

RewriteEngine on
# is request not on HTTPS?
RewriteCond %{HTTPS} !=on
# if so, redirect it (the [R] flag) and stop processing (the [L] flag)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

A Brief Brief on Windowing Systems

I’ve been playing around with X11 a lot recently. This is one of the great things about Mac OS X; with its Unix (well, actually FreeBSD) underpinnings, Macs can now use the plethora of programs written for the X windowing system by running Apple’s X11 for Mac OS X or one of the various ports for it.

This is also one of the first times I’m getting a chance to play with a window manager (semi-)directly. It’s awe-inspiring to think of how integral window managers are to modern day desktop computing and how far personal computing has really come.

You could say that a windowing system is a lot like a language. It provides a way for you to tell your computer what you’d like it to do for you. To give some perspective, one alternative “language” to a windowing system is a textual user interface where you need to type commands at a textual prompt. DOS is a well known example of this sort of textual environment. The Unix command line is another.

Gnome and KDE for Linux, Quartz for Mac OS X, and Windows for (not surprisingly) Windows, in contrast, are all examples of graphical windowing systems.

The Productivity of X11 Forwarding

So I’ve been looking around for as many different X programs as I can find. OpenOffice is the first set of programs that came to mind. (By the way, can anyone recommend a good directory or repository of some sort for X programs? I seem to have temporarily forgotten about Freshmeat.net) I should get myself a completely separate box and install a Linux distro on it, and I will when I get the space in my new apartment. For the time being, however, I’m just putting all the programs I want on my old iMac.

By far the coolest thing about the X window manager is that you can run a server and client on different machines and they are still able to talk to each other over a network. This means I can be sitting in front of computer A and run an X-compatible program off computer B while having computer B send that program’s display over to computer A. For any user using computer B, there is no visual indication that I’m using their workstation.

For example, let’s say I need to edit my résumé which is on my Mac at home in Word document format, but I’m at Saint’s Alp Teahouse all the on Bleeker Street. I only have my Windows laptop with me. I can start an X-server, say Cygwin-X on my laptop, SSH into my Mac with X11 forwarding turned on and open up my résumé in OpenOffice’s Writer. Even though Writer will be running off my Mac at home, its display will be forwarded through the SSH tunnel to my laptop’s screen. As an aside, this is one of the most useful applications of SSH that I’ve ever personally encountered.

Thinking Out of the Application

But that’s doing things one program at a time, and I don’t really have full GUI access to the remote computer’s desktop environment. For that, there’s VNC.

Virtual Network Computing is a lot like X11 forwarding on steroids. It gives you a large window on your local machine (the VNC client) inside of which is a picture of the entire screen of the remote computer (which has to be running a VNC server). You may be familiar with programs like Symantec’s PCAnywhere, Windows Remote Assistance, or Apple Remote Desktop. These are all basically proprietary, platform-specific VNC implementations with a few added bells and whistles. Frankly, I never saw the point of shelling out any money for something I can get free-of-charge.

For my Mac, I installed OSXvnc and Chicken of the VNC. Ever since we got Danica’s Windows XP laptop working again after the insane, avoidable delays caused by Best Buy’s horrendous Geek Squad disaster I installed RealVNC servers and clients on each of our machines.

RealVNC has got a slick, very well-integrated interface with Windows, and easy-to-understand settings and dialouges. It does a good job of giving the native Windows feel, and the VNC server can be run like an NT service (called service-mode) or like any other user-initiated program (called application- or user-mode). I do wish there was a built-in way to encrypt the VNC traffic travelling over the network, not just the password, but I suppose that’s what an SSH tunnel is for. Using an SSH tunnel also prevents me from having to punch open some holes in several different firewalls to get it working. On the other hand, if you don’t have access to SSH and you’re paranoid, you can configure RealVNC to use some other port than the default one (which is 5900) to make intrusion a little harder for a would-be cracker.

VNC via SSH Resources:

• For windows, a guide to setting up PuTTY for VNC port-forwarding.
• Tunneling Windows NT VNC Traffic over SSH2.

This screen shot shows what the reality of VNC is actually like. Here, I’ve set up an SSH tunnel with PuTTY to connect securely from my Windows XP laptop to my iMac at home.

The Network is Half-Full

I’m still getting started with all this remote computing, but in the short time I’ve experimented, I’ve had a lot of fun. There are many benefits to productivity with this technology, and for me they are doubly important because I absolutely hate to work at home, in my cramped and tiny apartment. With X11 forwarding and VNC on my side, I can pick up my laptop and go anywhere with an Internet connection, and still feel like I’m at my home workstation. What a convenience!

Also, I can leave love notes on Danica’s laptop even when I’m out of the house and she’s not looking. ;)

When I need to temporarily (or permanently) take down a bunch of resources from my Apache webserver, I usually put the following in a .htaccess file in the appropriate directory:

Redirect gone /directory/not/to/serve/

However, sometimes I’d actually like to continue serving a specific document somewhere within the redirected direcotry, but only that specific file. So I searched high and low for a way to tell Apache “respond to all requests for any files in /directory/not/to/serve with a 410 Gone header except for this specific file” but came up empty.

The (hugely laborious) workaround is, of course, to specify each file—as opposed to part of a directory path—not to serve like this:

Redirect gone /directory/not/to/serve/index.html
Redirect gone /directory/not/to/serve/bad_file.html
...
Redirect gone /directory/not/to/serve/sub/icky_file.html

and, unfortunately, wildcards (*, ?, etc.) aren’t allowed in Redirect directives.

Of course, as is usually the case, a simple Unix command solves all the above problems:

ln -s file_I_want_to_serve.html /directory/to/serve/file_I_want_to_serve.html

worked like a charm. That is to say, a symbolic link to the file_I_want_to_serve.html created in a directory outside the Redirected directory lets Apache access the file and serve it, despite its true location. You can use hard links or symlinks for this, and you can even link whole directories and access their contents via the link, too. Very useful.

I have to learn to keep it simple and stop looking for complex solutions all the time.

I have been using Mozilla Thunderbird as my default (and only) email client application on my Windoze laptop for a while now. (It’s far better for email than Outlook in just about every way.) I’ve also been using the Enigmail encrypted email extension. I’ve even been able to get my mother into using it to send me sensitive emails, such as when she wants me to order something for her on Amazon.com and needs to give me her credit card number to do so.

This has a number of advantages:

1. The message’s security is on-par with some of the best privacy encryption around. The telephone is a surprisingly easy communication channel to compromise. At least sending an encrypted email (assuming keyloggers aren’t present on a compromised system and assuming the private keys are kept safe) will take some more intense computational power to crack.
2. I’m basically guaranteed to recieve the communiqué; my cell phone provider has the worst reception and delays imagineable. I’m always available by email, however, because I check it as if I’m paranoid.
3. Best of all, my mother need not call me as often as she once has. (No offense, I love you Mom.)

Anyway, the point is that I had wanted to now integrate GPG with Apple’s Mail.app, had heard about GPGMail, but was worried that it wouldn’t work because it says it needs MacGPG, and I have Fink’s GPG port.

Being the blatantly insubordinate individual and anti-authoritarian that I am, I decided to try to work with it anyway and see what would break. So I installed GPGMail and launched Mail.app. I was presented with the error, “Invalid crypto engine! GPGMail cannot work. It didn’t find GnuPG (/usr/local/bin/gpg) with at least version 1.2.2. Please quit Mail, blah blah blah blah!”

So, thinking that maybe that path was just hardcoded into GPGMail, I created a symbolic link from /usr/local/bin/gpg which pointed to my Fink gpg installation at /sw/bin/gpg.

sudo ln -s /sw/bin/gpg /usr/local/bin/gpg

Much to my delight, it worked wonderfully. Luckily, it turns out that GPGMail can work just fine with GPG ports other than MacGPG. You just have to tell it where your gpg executable is.

The other day I found myself with a chat transcript about email security and I wanted to put it online in my other blog. Unfortunately, in order to do it properly I needed to add <p> to the beginning of each line and </p> to the end.

As I started manually adding the proper HTML paragraph markup to the lines I realized that what I was doing was pretty stupid. There are a number of ways to automate these simple changes to a file. Usually this can be done via a simple find-and-replace function of good text editors. In this case however, I didn’t want to replace anything, and while I could run a find-and-replace on line-endings (aka newlines) and then replace them with a line-ending followed by <p>, I didn’t know how to match line-endings in the program I was using (which was notepad2).

Then I realized that I already had access to the perfect utility to perform such a function, and one that could find anything I wanted in a file, including line-endings: sed. Sed is the Unix Stream Editor, and I had been meaning to learn how to use it for some time. Finally, I had the perfect excuse to read a sed tutorial! Combined with some input and output redirection, I executed the following command in my shell:

cat chat.txt | sed -e 's/^/<p>/' -e 's/$/<\/p>/' > chat-sedified.txt

Here’s what happened:

1. First, the chat.txt file was printed on STDOUT, but instead of just displaying that output I piped it into sed with the | (the vertical bar, or, incidentally, pipe symbol). In other words, the output of cat chat.txt was turned into the input for sed.

   Now that sed was given input, I told it to run two expressions (using the -e flag or option) one after the other.

   1. The first expression runs a search-and-replace (the s in the expression), looking for the beginning of the line (the ^ or caret character) and inserting an HTML paragraph mark (<p>, obviously).

   2. The second expression does the same thing, only for the end of the line instead of the beginning. ($ matches the end of the line.) There is only one complication: sed’s search-and-replace uses the forward slash (/) as the delimiter of the input fields. In other words, the usage of sed’s search-and-replace is thus: s/searchForThisText/replaceWithThisText/.

      In order to replace (or insert) text that includes a literal forward slash, it needs to be escaped by immediately preceeding it with a backslash. Thus the somewhat-more-cryptic <\/p> closing paragraph tag in the command.

2. Finally, the result (output) of sed’s changes were redirected to the not-yet-existant ied.txt file using the greater-than sign, >.

Sure, it took me about 20 minutes to read the tutorial and figure out the proper command, but then it would have taken at least 10 minutes to make the changes manually. Of course, the next time I would need to make similar changes, it would take me another ten minutes, and the same is true for all the other future times I would need to make such changes, assuming the file to be changed is the same length or shorter.

And, of course, I can do much more than simply wrap lines of a file in arbitray text with sed. It’s just as powerful, if not more so, than any kind of search-and-replace command in a text editor. And, naturally, it can do much more than just search for text and replace it. But I’ve rambled on enough by now and I’m getting hungry for dinner.