Apple

xrayspx's picture

Setting up NoMachine NX over SSH

Music: 

As an Apple and Linux user, remote screen admin can be a colossal pain in the ass. On the Mac, we have a VNC server by default, but can't specify settings which will improve speed over slow connections, like lowering the color depth. I've tried alternate VNC servers in the past, but they all were painful to set up and still very slow over an SSH tunnel.

Several years ago I set up NoMachine's NX server, which is quite nearly as fast as MS RDP, and it's been working like a dream ever since.

This guide focuses on a Mac client connecting to a Mac server over an SSH tunnel.

Install NoMachine NX on both systems from the DMG. If everything is working, there should be a NoMachine menu in the menu bar on the server and some indicator that listening is enabled. Netstat should show the machine is listening on port 4000:

xrayspxs-iMac:~ xrayspx$ netstat -nat | grep 4000
tcp6 0 0 *.4000 *.* LISTEN
tcp4 0 0 *.4000 *.* LISTEN

With the server listening, on the client machine, set up a new connection. Most of this is totally default except that I un-checked "use UDP for multimedia" and set the target port to 4003:

To connect everything up over ssh, set up the tunnel by ssh'ing to your intermediate server. In my case I have the tunnel listen on port 4003, as shown in the new configuration setup, this is to prevent it overlapping with the NX server on the client machine:

ssh -N -L 4003:10.250.0.98:4000 xrayspx@raspberrypi

Verify the client-side machine is now listening on port 4003:

pro:~ xrayspx$ netstat -nat | grep 4003
tcp4 0 0 127.0.0.1.4003 *.* LISTEN
tcp6 0 0 ::1.4003 *.* LISTEN

Then launch the client connection to that local listening port. This can be done via the NX menu in the menu bar, but I automate all this so that I am just clicking on "NX to Home", and a script wakes up the home machine, builds the tunnel, and opens the connection:

On the Mac, you have to run nxplayer from the NoMachine.app package, on both Ubuntu and Mac, the session ".nxs" files are in ~/Documents/NoMachine:

/Applications/NoMachine.app/Contents/MacOS/nxplayer --session ~/Documents/NoMachine/Connection\ to\ iMac.nxs

The full script I run is more like this:

#! /bin/bash

#ssh into the ssh server and wake up the target system with WoL then hang out 10 seconds for the machine to absolutely be awake
ssh xrayspx@raspberrypi 'wakeimac'

sleep 10

#set up the ssh tunnel with listening port 4003
ssh -N -L 4003:10.250.0.98:4000 xrayspx@raspberrypi &

# I am tracking all the PIDs so I can kill them later, this tended to leave tunnels listening and crap after a session so they need to be killed
sshpid=`jobs -p`
shellpid="$$"

/Applications/NoMachine.app/Contents/MacOS/nxplayer --session ~/Documents/NoMachine/Connection\ to\ iMac.nxs

# On the Mac I can't actually kill the pids, since the nxplayer forks off and the script keeps running. On my Linux client, the nxplayer job holds the script from completing until I quit it. I'm sure there's a better easier way on the Mac.
#kill $sshpid; echo "killed pid $sshpid"
#kill $shellpid

xrayspx's picture

The Lattice of Convenience

Music: 

Def Leppard - Bringin' on the Heartbreak

A couple of years ago, Natalie and I canceled cable since we found it had literally been a year since we watched anything live on TV. I've built a pretty good "lattice of convenience" to store a media library of "Crap we like" and conveniently stream it pretty much anywhere.

Over the years, we've collected maybe 3000 CDs and a several hundred DVDs, including many box sets of TV series we like. I feel like we spent a TON on CDs when we were younger that most people didn't.

xrayspx's picture

And With That

Music: 

I've bought my last MacBook

Who's to say this isn't /only/ on the Macbook product, and that the Macbook Pro might not have the stupid thing? Either way though this is bush league.

Previously

xrayspx's picture

Why use any specific OS?

Music: 

I was reading this Slashdot post about "why use linux" and pointing out all the good things we have.

But really the question applies to pretty much any OS now. A huge percentage of users could be told "you're using X at work" (well, not X, like a variable, $X) and they'd adapt, begin to prefer whatever OS, and buy it for their home computers. [I'm sure Linux would accelerate /fast/ in the case that a couple of major companies start deploying to the desktop (this is gonna be the year...).]


Macs

I own 3 Macs, but I'm as or more at home in Linux on the desktop (I didn't "switch" from Windows, I switched from Linux, by accident, and I stand by those words today). I only really use Free Software, even on the Macs, save for a couple of things to be addressed below... When I set up a Mac, the stuff I always set up is:

Chrome
LibreOffice
GIMP
Adium
Firefox
OpenEMU
iTerm
OwnCloud sync client

And that's about it, and you can run 37% of that functionality on any platform, subbing Pidgin and excluding a decent shell on some platforms (Cygwin doesn't count), which is weighted at 62% of the total functionality of any computer I use.

I use iTunes, Mail.App, and Photos, (which is loathsome), as well as calendaring and contacts, so not all Free Software, but I guess I use "Apple Software and Free Software" when on the Mac, but that's mainly because of aesthetics, not any functional advantage they may or may not have over Free alternatives. Mail.app looks nice, iTunes looks nice, it's nearly impossible to run Amarok on OSX, at least the last time I tried, they integrate well with their OS, etc. However we must be able to run things like Adobe software, and OmniGraffle. I'd hate my job without OmniGraffle.


Linux

On Linux, I can do a handful of small things I can't do on OSX, and the same thing the other way 'round. But I set everything up exactly the same. I prefer the OSX Keychain Encrypted Notes function over my GPG encrypted files, but just because it's smoother. OSX has improved in handling multiple monitors over the past few years, and KDE, and X in general, has gotten much worse at it. I like to have multiple screens, with multiple virtual desktops, and when I change virtual desktops, I want only that physical screen space to change. So I have Enlightenment. Easy (enough) and gorgeous, and all kinds of customizable.

Other things are a massive pain, Juniper SSL VPN with a requirement for 32-bit Java and Firefox. Come on everyone... But it works, and I use it day to day. It just took a month to get the machine set up the way I like, and it takes some upkeep when some package gets updated that breaks that arrangement. But it's never been a showstopper, because I'm a professional.

However, even for any non-professional, there are major cases for Linux:

Linux runs my home theatre, which boots to Kodi so I can stream TV and movies from our collection of ripped DVDs, watch online streams from the major networks, PBS, Archive, etc*. Chrome so we can watch local news, use Amazon and Hulu and stuff, and browse seamlessly through emulators for any game I care to play through N64/PS1 era. All controlled by the TV Remote (within Kodi) or any Android tablet or no-provider obsolete shitphone (With KDE Connect, Yay for KDE Connect!). Haven't touched the wireless keyboard in at least a month.

This is all doable on a $35 Raspberry Pi 3 right now. I know that part because of the video game cabinet which is on the horizon and which does exactly all this stuff, including Wipeout XL PS1 Games. I'm sure we will be doing build blogs on that.


Windows

So what about Windows? Not for my specific use cases, but why should anyone care who isn't old and curmudgeonly? I carry grudges maintain baggage from 20 years ago.

I hear there's transparency now kind of, and virtual desktops are finally a thing baked into the OS, but every time I log into my Windows 10 VM at work, I am infuriated by it, so why should I bother? Windows can suck it. That's all I know. I'm happy enough to do server admin of Windows servers, I don't much care either way whether I'm adminning Windows or Linux at the end of the day.

Desktop OS? No dice. How times change.

* Side Note: Please do not buy one of those "pre-built pirate box" Pi's with Kodi and a bunch of janky, buggy, potentially insecure plugins pre-installed. Kodi has very strong feelings about that, and I agree with them on the point that regular people who think this is going to be better than an Amazon Fire stick with Free TV streaming are going to:

A) Be disappointed
B) Bring awful attention to a fantastic project by unfairly associating them with and implying their endorsement of piracy and copyright infringement.
C) Could be setting themselves up to get owned by pre-installed botnets or whatever other backdoor/sniffer/malware nightmare scenario, I can't even imagine buying one of these...

People are of course going to download and use those plugins, but should know what they're doing, not blame Kodi for any fallout, and most importantly should not give money to thieves and scam artists, because that's dumb.

xrayspx's picture

Simple location aware ssh tunneling for Chrome (Mac)

Music: 

Hall and Oates - Private Eyes (Seriously, it just came on randomly)
and really, just as I finished formatting the stupid script, Big Brother from Humanwine was playing.

This is both a nice toy to have in a Big Brother Is Watching sense, and a glaring example of why one should never log in and use a Mac (or any other system obviously) as an Administrator. Just have a Regular Guy account, and escalate to Administrator/Root when needed. For example, this tool could be inserted by a script to cause all your browsing traffic to route through a proxy server of an attackers choosing. If you're not running as an Administrator, you can't write the file without escalating. (Example of the risk, though it wouldn't help here, since there is LCE to root...goddammit Apple...)

I had a use case recently where I wanted to have multiple copies of Chromium start in different profiles and with different proxy settings. I'm getting to the point at which I don't think that's really feasible, in that any new instance will assume the proxy settings of any already running instance.

BUT, I did get some cool location aware-ish proxying set up. Since one use case involves laptops, I'd like to see it use a local proxy when I'm home, and a remote proxy when I'm not at home (hosted VPS for instance).

I'm using ssh to set up a SOCKS5 proxy, and push all traffic including DNS through the tunnel, ssh'ing to different hosts based on different local system IPs. I have it checking en0 and en1 and if their IPs match my home subnet, it ssh's to a local system, if they are anything else, it will run against a publicly hosted system to which I can ssh.

Next step is to clean up after itself, so when you run Chromium (or Chrome), it will detect IPs, ssh to the appropriate host, and connect using that tunnel. When Chromium closes, it cleans up the SSH session so it's not just hanging around.

To use - Have a local and remote host you can ssh to using keys, and which allow you to forward. On the Mac, navigate to /Applications/Chromium.app/Contents/MacOS/. Rename Chromium to Chromium-bin. Drop this script in, chmod appropriately, and name it Chromium. Now when the Chromium app is run, it runs our script to set up proxies and launch the browser:


#! /bin/bash

ip0=`ifconfig en0 | grep -v inet6 | grep inet | awk '{print $2}' | awk -F "." '{print $1"."$2"."$3}'`
ip1=`ifconfig en1 | grep -v inet6 | grep inet | awk '{print $2}' | awk -F "." '{print $1"."$2"."$3}'`

if [ -z "$ip0"  ]
  then
   if [ "$ip1" = "192.168.30" ]
     then
       ssh -C2qTnN -D 8181 username@192.168.30.241 &

       proxypid=`jobs -p`
       /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://127.0.0.1:8181" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE 127.0.0.1" --profile-directory=Tunnl 2>&1 /dev/null

       kill $proxypid

      else

        ssh -C2qTnN -D 8181 username@publichost.com &

        proxypid=`jobs -p`
        /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://127.0.0.1:8181" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE 127.0.0.1" --profile-directory=Tunnl 2>&1 /dev/null

        kill $proxypid

      fi

  elif [ "$ip0" = "192.168.30" ]
    then
      ssh -C2qTnN -D 8181 username@192.168.30.241 &

      proxypid=`jobs -p`
      /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://127.0.0.1:8181" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE 127.0.0.1" --profile-directory=Tunnl 2>&1 /dev/null

      kill $proxypid

  else

      ssh -C2qTnN -D 8181 username@publichost.com &

      proxypid=`jobs -p`
      /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://127.0.0.1:8181" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE 127.0.0.1" --profile-directory=Tunnl 2>&1 /dev/null

      kill $proxypid

fi

xrayspx's picture

Post Purchase Comparison Shopping

Music: 

The Ettes - Teeth

This is just what the world needs, another smug mac owner. Since people seemed not to believe I do my homework and continue to offer me platform advice, I went and priced up an HP with the same specs as my new Pro.

All said and done, including stupid $250 for AppleCare, my new machine was $3248, delivered. The HP equivalent, a Z420 Workstation, was $3,707 + $45 shipping. That's for 6 core Xeon, base 6GB of memory (CRUCIAL...), 1TB 7200RPM drive, 1GB ATI card.

So $500 more for a machine with an OS I hate dealing with, sounds like a pretty good bargain. Oh, and it says right on the page that the NIC won't work with Windows 8, so that's pretty swell.

Lenovo would sell me a similar config, with a 4-core 3.30Ghz CPU for only $100 more than my machine, I couldn't get exactly the same 6 core Xeon in the S30 workstations I was looking at.

I think I'll take the bargain Apple product, thanks :-)

Overall though I'm pretty happy. Moving the software-RAID1 set between machines was just "move the drives, they work", which I didn't really expect.

Now, here's a Stack of Macs:

Fixed Tags:
xrayspx's picture

They Don't Make 'Em Like This Anymore

Music: 

Thu, 08/01/2013 - 7:33pm - It's the last of the big V8 Interceptors. csFlickr

Last of the big V8 Interceptors. I had to grab a new Pro before they decided only to sell those insane coffee magnets with no internal drive bays. Last one lasted 7 good years, here's to another computer in 2020.

Fixed Tags:
xrayspx's picture

Never Offer Me Platform Advice

Music: 

Throwing Muses - Cry Baby Cry

I am in the market for a new computer. Apple has left me seriously disappointed with the new Mac Pro, what with its inability to hold many 3.5" SATA drives, and has driven me to the iMac after all this time. Internal storage and the fact that the iMacs of the time (2006) sucked was the main driver for me getting the Pro I have now in the first place. However, time marches on, I have a 32-bit EFI and can't upgrade past Lion, and the install is getting kind of crufty, and so I end up having to bounce the machine every so often, which sucks.

So the new Pro is out, might as well go with a maxed out iMac. I had two questions:

  • Am I going to see much difference between the i5 and i7?
  • Do I care about 2GB of video memory vs. 1GB
  • I asked a friend about the CPU thing. His response was "HP will sell you a way better machine for half the price anyway". Was that what I asked? Do I give a fuck what HP sells? Have I not already proven this to be false when I bought this Pro in the first place?

    If I roll up in a BMW 535i, is your first reaction going to be "You could have bought a v6 Nissan Altima for half the price and only lost 30hp". No.

    I have very specific needs, which Apple meets much better than Microsoft + HP (or whoever), my reasons are not "Because it looks cool" or "Because I am a hipster".

    My reasons are:

    • I am not an Apple fanboy. I am a Unix fanboy
      • Use Cygwin, it's just as good
        • No fuck YOU, I don't like rewriting every goddamn little bash script every time I deploy to a different platform, the differences in output between GNU and BSD toolchains are annoying enough, I don't want to deal with MS tools on top of that.
    • Don't like Windows? Use Linux!
      • If Linux was a serious option, I wouldn't be ditching a perfectly good 4 core 2.66Ghz machine with 16 GB of memory just to get an iMac. Photoshop does not run on Linux. Illustrator does not run on Linux. I run many things on Linux, my wife's primary home machine is not going to be one of them.
    • Well dual boot Linux with Windows!!!
      • Explain that to my wife, and explain to her how her workflow must change because we're using Windows now because we're cheap.
      • Why should I reboot my machine, ever?
      • What if I want to quickly get a unix environment outside my work environment for testing, should I remote reboot into Linux? Manually change boot menu options before rebooting? Sounds like a waste of time.
    • But GAMES!
      • But I don't care about games. Anything I want to play I can either play on my HTPC or in a Windows VM on the Mac.

    ...And on, and on and on I could go.

    Fixed Tags:
    xrayspx's picture

    Use The Force

    Fixed Tags:

    Some time ago, I set "3 finger drag" on my mouse to "Lock my machine". That worked about 50% of the time first try. The rest of the time it would take me to my dashboard, change virtual desktops, or go back in my browser history.

    The correct way, as in all things, is to use The Force.

    xrayspx's picture

    Hmm. So that's how it is in their family

    Music: 

    Shriekback - Malaria

    TL;DR: Here is how to restore DJ to iTunes, as much as possible

    A few months ago, Apple maliciously broke iTunes in several really specific ways, one of which was to drop the DJ functionality, which is basically how I would listen to music.

    Reading a thread on JWZ's site this issue, among others, I posted my somewhat-fix for the issue. And it is. A "somewhat" fix. It acts pretty much like DJ used to act, but for two problems. You can't drag things from a window with your whole collection into your "DJ" window (Cause hey, ONLY ONE WINDOW NOW), and besides, I had to create a Smart Playlist to fix it, and you can't add to a smart playlist anyway. There is "Play Next", which I guess works.

    My other main gripe with this is that when I hit Next to skip a track, usually it removes it from the top of the playlist, but often enough to annoy the fuck out of me, it doesn't, and I have to go back in and clean up the top of my list a few times a day. Worse, songs I've skipped will come back up in the mix sooner than I would otherwise want them to, since iTunes doesn't know I've skipped them.

    I remember reading somewhere that there was a discussion once about how to make iTunes mark something as "Skipped", or at least what the secret parameters are that cause things not to become "Skipped". So tonight it annoyed me enough to hunt around, and of course, the very first hit was back to a different JWZ post from exactly three years ago this week, complaining about this exact skipping thing.

    Of course he didn't get a satisfactory answer, because he almost never gets a satisfactory answer to exactly what he asked. It looks like if you skip between 2 and 20 seconds into the song, and don't hit pause ever, it will show as Skipped. Neat.

    His Herp Derp checkbox was the only thing that made any of this sane for me in this case.

    To mostly restore iTunes DJ, do the following:

    Click + at the bottom left of the iTunes window and create a new Smart Playlist. I named mine "DJ-ish".

    Match All of the following rules:

    • Last Played not in the last 1 days -- Or however long you want to go between repeats
    • Last Skipped not in the last 2 days -- This will make iTunes clean up most songs you skip using the Next button.
    • Limit to 100 items selected by Random -- or however many upcoming tracks you want it to pull at a time
    • Match only checked items -- Unless you want iTunes to randomly play songs you've explicitly told it you don't want to hear by un-checking them
    • Live Updating

    It's pretty simple to get most of that functionality back, but you know what would have been simpler? NOT REMOVING IT.

    Pages

    Subscribe to RSS - Apple