Session Migration With GDM

Last year Caolan
and I demoed hotdesking with GDM and VNC. Owen later pointed out that VNC
probably wasn't the way to go once the rendering
improvements
they're working come on line.

So, last week I picked up a patch I'd hacked up before Christmas,
finished it off and committed it to GDM. The idea is to do the same
thing as the VNC patch, but this time using a X proxy (like Xnest)
server on the terminal server instead of a VNC server.

Specifically, though, the features added to GDM are:

  • You can now configure GDM to run XDMCP sessions on a local X
    proxy server. This may be useful on its own for performance reasons;
    in theory, at least, an X proxy server should be able to limit the
    number of roundtrips it makes to the remote X server since if all you
    want to do is query server state, then that state is local. I've no
    idea yet how well Xnest and others do on this in practice, though.
  • If the proxy server supports disconnecting from its parent
    display and re-connecting later, you can configure GDM such that you
    can disconnect from your session and reconnect later simply by logging
    back in. The only proxy server's that I know of which support this is
    the DMX X server and NoMachine NX's nxagent. Its
    certainly possible to do this with any proxy though; I had it half
    done for Xnest before realizing DMX had good enough support to get the
    GDM patch done.

I've played around a little today with NoMachine's proxy. You can try
it out with GDM HEAD up by:

  1. Install NoMachine's server package
  2. Set xdmcp/EnableProxy=true in gdm.conf
  3. Download these scripts (run-nxagent.sh
    and reconnect-nxagent.sh)
    and stick them in /tmp
  4. Set xdmcp/ProxyXServer to
    ProxyXServer=/tmp/run-nxagent.sh -audit 0 -name NX -geometry 768x576 and xdmcp/ProxyReconnect to
    /tmp/reconnect-nxagent.sh
  5. Re-start GDM
  6. From another machine run X -query $server and login
    through the login screen
  7. Run /tmp/reconnect-nxagent.sh --to :20 on the server to
    disconnect your remote X server from the session
  8. Run X -query $server again on the server, login and you
    should be immediately re-directed to your original session
Tagged

Evolution Mail Account LDAP Backend For GConf

(Jaysus, thats a very long name for a few hundred lines of
code)

I've just finished hacking on what was a really interesting little
project. Basically, its a GConf backend which uses information in
the user's LDAP entries to generate the mail account configuration for
Evolution. The idea is that if you've a large number of users, all you
have to do is stick each user's email address, incoming mail server and
outgoing mail server in her LDAP entry and Evolution should just
magically work.

I'm really happy with how well this thing turned out. I mean, it
actually works, it didn't take much code, there wasn't anything
lurking in GConf or Evo waiting to stab me in the back ... and, most
of all, it should actually be very useful.

The code is in evolution-gconf-ldap-backend
in GNOME CVS and more details are in the README.

What's more, Dave Malcolm has also written some cool
scripts
to solve the same problem, but without LDAP.

Tagged

Rugby Weekend

Another big Six
Nations
rugby weekend over that saw Scotland beat Italy in the
dullest international game in a while, Wales beating France in a
breathtaking match in Paris and Ireland beating world champions
England in a tense, down-to-the-wire encounter in Dublin.

Its all looking like it'll end with a grand slam showdown between
Ireland and Wales in Cardiff. Who would have thought it?

The most bizarre example of how professionalism has changed Irish
rugby is that Brian O'Driscoll, Ireland's star centre, having strained
his hamstring was sent to this whole body
cryotherapy unit
where you get put in a freezer at below -120°C
(-184°F) for a few minutes so that you can train at four times the
inensity for the next few hours. Three weeks after an injury that
would have put players out for months and he's back on the pitch
leading the team and scoring tries.

Tagged

A Certain Rocking Vuntz

So, I just plowed through a few hundred emails in my gnome-panel bugzilla.gnome.org folder. In one
sense it was incredibly boring, because I don't think I actually
interacted with a single bug report, but in another sense its was just
incredibly awesome. The folder appears to be just full of bugs which
Vincent Untz has already
closed. Rocking!

I didn't know Vincent had a blog, interesting. I'll need to
polish my French a bit to understand it, though. About all I could
understand was "J'adore vim". I guess its a good thing he
uses vim, really. If he used emacs he'd put us all to even more
shame fixing even more bugs.

Tagged

SSH, X Forwarding and Xauth

Discovered something interesting yesterday while trying to figure out
why Sabayon wasn't
working for jdennis over SSH:

  • With ssh -Y, the SSH server creates a proxy X server to
    your local display which is just like any other SSH tunnel. Then
    it points $DISPLAY at the tunnel,
    e.g. DISPLAY=:10
  • In order for you to have permission to access the local display,
    though, it also needs to add an xauth cookie your \~/.Xauthority on
    the remote host.
  • The interesting part is that it doesn't do what you might assume
    and just forward your xauth cookie for the local display to the
    remote host. Instead it creates another cookie, sends that to the
    remote host and its that cookie which gets merged to your
    \~/.Xauthority. When you try and connect from the remote host to the
    local display over the tunnel, the SSH client compares the cookie
    in the first protocol message and if it matches the one it
    generated for the tunnel, it swaps that cookie with the original
    cookie and allows the connection to complete.

At first that might just seem like misguided paranoid delusional
crackrock, but it does actually make sense. With this cool trick, if
you SSH to a compromised machine (i.e. a machine where an attacker can
access you \~/.Xauthority), then your display is only vulnerable while
you remain logged in. Once you log out again, the compromised cookie
is useless.

Tagged