Background: I look after the Raspberry Pi version of Scratch for the Foundation. Mostly this is a matter of Smalltalk programming, VM developing and some very frustrating moments with shell scripts.
Right now I'm baffled and annoyed by what seems likely to be a unix permissions or related issue when using xrdp to connect to a Pi from any other machine. I know that it's not a problem directly with theSqueak VM since google has revealed quite a few other applications having similar looking issues. Part of my problem is that I don't know enough about this area to really know what to search for to narrow things down.
So, problem description -
The current Scratch system runs on the Squeak Cog VM (see https://github.com/OpenSmalltalk/opensmalltalk-vm), which amongst other things uses pthreads and needs to set the thread priority. That used to be something that required modifying some config but more recent (Raspbian) kernels have no problem with it.
Except when using xrdp, which is a pain because I mostly work with my Pi via xrdp to my iMac. To handle this I have to prepend a 'sudo -E' which is tolerable for a developer but not really good for general users.
I have a similar problem with a trivial file copying command used in the VM make process as well, and that doesn't use any thread stuff nor priority work, but does require me to sudo make in a terminal window.
As an experiment I tried using tightvnc, to see if anything might work better. After reading the full install instructions (https://www.raspberrypi.org/documentation/remote-access/vnc/) and adding the auto-startup init.d script etc, it seemed like maybe we were in luck because the sudo isn't needed! Hooray! Of course, I was a bit disappointed by the seemingly slower display handling, but never mind.
Sadly this isn't even close to the end of the story. I've recently been working on completing the support for the X composition input window system that allows Japanese and other non-Latin1 type language users to enter characters more easily. It's pretty clever, once you've installed iBus, Anthy, many fonts and done some setup. But, while it works perfectly well on a Pi with a direct display, and fine on an xrdp display (with the sudo to allow Scratch to run in the first place, of course) it simply won't work via vnc with or without a sudo.
Googling shows a large number of other applications having problems in odd ways with the relevant XCreateIC() call (see https://github.com/OpenSmalltalk/opensmalltalk-vm/blob/Cog/platforms/unix/vm-display-X11/sqUnixX11.c line:1659 for our usage) but nothing I can make much connection to vnc for. To add to the annoyance the combo window appears ok for Terminals!
To summarise-
direct display - no problems for either the pthread priority or the compo window
xrdp - needs sudo for pthreads priority but the compo window works ok
vnc - doesn't need sudo for pthread priority but compo window doesn't work.
What I need: help with finding out what causes these problems and maybe even solutions. A way to configure xrdp to not require 'sudo' would be nice.
To my delight a colleague found what appears to be a very effective answer to this; it seems that the /etc/pam.d/common-session file needs a single line adding.
Edit the file and add
session required pam_limits.so
This allows all the applications I have that previously had permission related problems to run under xrdp. Another Scratch user who had a similar issue using PuTTY reports that it solved that issue as well.
Related
OH GOD I'M SUCH A NOOB
wait let me explain this.
I am somewhat familiar with linux, and i own a raspberry pi which i use as a ssh server, but i recently got hold on a old Dell Precision M4300 Laptop, so i got a minimal debian installation on that as well.
Howerver, as i logged in directly (as using the display and keyboard on the machine) to the laptop, i discovered a strange thing:
When executing a command resulting in a new menu, for example
nano .bashrc
, and than exiting that menu, the output gets shown where previously only the list of typed in commands and outputs was. This seems somewhat logical, as the "menue" is a "command output" as well, but when sshing to the machine from my windows machine (via gygwin or putty), the "menue" closes and i see the list of prompts and command outputs again, the same happens when sshing to the raspi. Is this a speciality of Putty / Cygwin? Can i make bash on the machine clean up after nano?
Thanks for any replys, i am really out of ideas here, i don't even know the right search term...
The functionality you are talking about is implemented by smcup and rmcup which can be used by editors such as nano and other applications to save and restore the screen when they are invoked and exited. This functionality is known as alternate screen and you can find more documentation regarding it here. Some people actually are quite annoyed by it.
Unfortunately, if you're using the linux virtual console instead of X windows or even connecting into the machine via ssh from another computer, then it seems like this feature is not available, according to this other post.
I'll start with a little background. A small project of mine has been to try to use my Android tablet as an external monitor for my laptop using a VNC client (vnc4server). There are two main options for doing this that I have seen. The simplest is to use xrandr and widen the screen, creating a section just for the tablet. However, this can cause some graphics issues if I understand correctly, although it has the benefit of permitting windows to cross displays. The other option is to run a separate desktop session for the VNC server.
I have chosen to go the route of a second desktop as the session can live and die without significantly affecting my main session and can in theory be tailored specifically to the tablet. A little tool called x2vnc allows me to connect to the VNC server in a similar manner to the more popular Synergy and use it like a n external monitor. I also have the nice little benefit of being able to easily and cleanly switch from landscape to portrait using xrandr.
This brings me to my current issue. So far, I have only been able to reliably use plain x-windows. Although this is entirely functional, I would prefer something more complete. Although xstartup examples have been posted for a variety of window managers, none of these seem to run properly. I suspect all of these are for headless systems. Gnome/Unity are each unforgivably slow and seem to conflict with my existing session. I also feel that these are a little too cluttered for my ten inch tablet. On the other hand, Xmonad simply crashes as soon as I try to open a second window in addition to not updating the graphics properly.
I would like to know anything that will lead me in the direction of a better stable desktop environment. This includes configuration tips and alternate window managers.
I am currently running Ubuntu 12.04 with gnome-xmonad (recently Unity). My xstartup is plain x-window-manager. I have tried any readily available examples for gnome and xmonad that I have been able to find.
Is it possible to create GUI firewall that works as Windows and Mac counterparts? Per program basis. Popup notification window when specific program want to send\recv data from network.
If no, than why? What Linux kernel lacks to allow existence of such programs?
If yes, than why there aren't such program?
P.S. This is programming question, not user one.
Yes it's possible. You will need to setup firewall rules to route traffic through an userspace daemon, it'll involve quite a bit of work.
N/A
Because they're pretty pointless - if the user understands which programs he should block from net access he could just as well use one of multiple existing friendly netfilter/iptables frontends to configure this.
It is possible, there are no restrictions and at least one such application exists.
I would like to clarify a couple of points though.
If I understood this article correct, the firewalls mentioned here so far and iptables this question is tagged under are packet filters and accept and drop packets depending more on IP addresses and ports they come from/sent to.
What you describe looks more like mandatory access control to me. There are several utilities for that purpose in Linux - selinux, apparmor, tomoyo.
If I had to implement a graphical utility you describe, I would pick, for example, AppArmor, which supports whitelists, and, to some extent, dynamic profiling, and tried to make a GUI for it.
OpenSUSE's YaST features graphical interface for apparmor setup and 'learning' , but it is specific to the distribution.
So Linux users and administrators have several ways to control network (and files) access on per-application basis.
Why the graphical frontends for MAC are so few is another question. Probably it's because Linux desktop users tend to trust software they install from repositories and have less reasons to control them this way (if an application is freely distributed, it has less reasons to call home and packages are normally reviewed before they get to repositories) while administrators and power users are fine with command line.
As desktop Linux gets more popular and people install more software from AUR or PPA or even from gnome-look.org where packages and scripts are not reviewed that accurately (if at all) a demand for such type of software (user-friendly, simple to configure MAC) might grow.
To answer your 3rd point.
There is such a program which provides zenity popups, it is called Leopard Flower:
http://sourceforge.net/projects/leopardflower
Yes. Everything is possible
-
There are real antiviruses for linux, so there could be firewalls with GUI also. But as a linux user I can say that such firewall is not needed.
I reached that Question as i am currently trying to migrate from a Mac to Linux. There are a lot of applications I run on my Mac and on my Linux PC. Some of them I trust fully. But others I am not fully trusting. If they are installed from a source that checks them or not, do i have to trust them because someone else did? No, I am old enough to choose myself.
In times where privacy is getting more and more complicate to achieve, and Distributions exist that show that we should not trust everyone, I like to be in control of what my applications do. This control might not end at the connection to the network/Internet but it is what this question (and mine is about.
I have used LittleSnitch for MacOSX in the past years and I was surprised how often an application likes to access the internet without me even noticing. To check for updates, to call home, ...
Now where i would like to switch to Linux, I tried to find the same thing as I want to be in control of what leaves my PC.
During my research I found a lot of questions about that topic. This one, in my opinion, best describes what it is about. The question for me is the same. I want to know when an application tries to send or receive information over the network/internet.
Solutions like SELinux and AppAmor might be able to allow or deny such connections. Configuring them means a lot of manual configuration and does not inform when a new application tries to connect somewhere. You have to know which application you want to deny access to the network.
The existence of Douane (How to control internet access for each program? and DouaneApp.com) show that there is a need for an easy solution. There is even a Distribution which seems to have such a feature included. But i am not sure what Subgraph OS (subgraph.com) is using, but they state something like this on there website. It reads exactly like the initial question: "The Subgraph OS application firewall allows a user to control which applications can initiate outgoing connections. When an unknown application attempts to make an outgoing connection, the user will be prompted to allow or deny the connection on a temporary or permanent basis. This helps prevent malicious applications from phoning home."
As it seems to me, there are only two options at the moment. One is to Compiling Douane manually mysqlf or two, switch distribution to Subgraph OS. As one of the answers state, everything is possible - So i am surprised there is no other solution. Or is there?
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I want to get some input on some of the advantages of why developers should and need to use Linux as their primary development desktop on a daily basic as opposed to using Windows. This is particulary helpful when your Dev, QA, and Production environments are Linux.
The current analogy that I keep coming back to is. If I build my demo car as a Ford Escort, but my project car is a Ford Mustang, it doesn't make sense at all.
I'm currently at an IT department that allows dual boot with Windows and Linux, but some run Linux while the vast majority use Windows.
Here's several advantages that I've came up with since using Linux as a primary desktop.
Same Exact operating system as Dev, QA, and Production
Same Scripts (.sh) instead of maintaining (.bat and *.sh). Somewhat mitigated by using cygwin, but still a bit different.
Team learns simple commands such as: cd, ls, cat, top
Team learns Advanced commands like: pkill, pgrep, chmod, su, sudo, ssh, scp
Full access to installs typically for Linux, such as RPM, DEB installs just like the target environments.
The list could go on and on, but I want to get some feedback of anything that I may have missed, or even any disadvantages (of course there are some). To me it makes sense to migrate an entire team over to using Linux, and using Virtual Box, running Windows XP VM's to test functional items that 95% of most of the world uses.
This is similar but a little different thread going on here as well.
link text
I have to say getting forced into SSH access to a linux development box for PHP/MySQL development has been one of my greatest and fastest growth experiences as a developer (who formerly worked only in windows XP as a dev environment) as well as bridging some of the knowledge gap between development and sysadmin tasks which is great for developers to understand more about, especially if you ever end up in a one-man army kind of situation.
I was all about windows/eclipse and point and click, and now I am all about VIM and keyboard shortcuts. The color coding/auto tab complete stuff is pretty good these days.
Where I work we use Rackspace Cloud servers for production and development. I imaged the production server (2G ram/CentOS 5.2 stack) for a dev server (so the environment IS EXACTLY THE SAME not close but EXACT) and run it on the smallest instance (256M ram) which is only about $12 month for my dev box. My buddy had a mac he did local dev on for the same codebase and he experienced subtle bugs in the code due to the mac environment, that I do not experience on my cloud dev box (or production).
So what I am getting at is with this type of shift (to the cloud for linux dev with no GUI) portability and quick recovery from hardware failure, and productivity (keyboard shortcuts rule over point/click/drag select) are some other major advantages. Obvs you can learn keyboard shortcuts in Windows too, but when forced to work in only a terminal window, you learn a lot more of them out of necessity. I run Windows 7 on a laptop (essentially as a dumb terminal to my cloud devbox), but I SSH into my devbox with putty and work on code with VIM and manage it with git. If my laptop ever fails or gets stolen, all I really need is ANY computer that has an SSH client (and internet connection) and I can be productive on a temporary loaned computer within 30 minutes until my preferred hardware is fixed/replaced. (all my passwords on the laptop are in a keepass encrypted db which is backed up on dropbox.com as well as external HD, occasional gmail to self). And of course configure putty with nice fonts/font size and full-screen window size.
In contrast getting a windows box from clean install to dev environment tweaked exactly how you want might take a couple full-time days plus a couple hours here and there for a month, and still not replicate the production environment to your needs.
Ok, end biased rant - I guess my point is I didn't know what I was missing as a windows guy, and simple non GUI linux tools for web development have proven to be superior to me for how we work. But also note my laptop is Windows 7, so when work is done or a need to do some IE testing, I'm on a "normal" OS. However, I doubt a lot of people would be willing to make such a change if there is no perceptible gain or immediate need.
I just switched to using Ubuntu from Windows XP, here's what I found:
Pro's of Linux
Linux is less likely to be affected by viruses. I lost some time to viruses when I used XP.
As you said, same environment as Dev/QA/Prod which is nice. It's no longer a change of mindset when I connect to one of those machines
Linux is more stable. I usually rebooted XP every week or two.
You get to use the unix tools (find, pkill, grep, etc.). Cygwin is a workaround but seems quite a bit slower than running unix natively.
Performance seems quite a bit better on Linux. This is probably the biggest win for me, I have a memory-intensive Dev environment.
Cons of Linux
Open Office is a bit of a shock to the system compared to Word/Excel (which I have been using for many years).
I miss Notepad++
I need to run VirtualBox to host my local Sql Server Dev database
I need to run VirtualBox when running internet explorer
More of a pain to copy/paste text between Sql Server Management studio and IE if needed because they run in VirtualBox
Remote Desktop is more of a pain. Microsoft's remote desktop allowed me to not have to log out from work before working at home and vice versa
I have one app that only runs with the Wine emulator and won't work at all for me when remote desktop-ing on linux
I agree with the poster who said it's good to give developers a choice - they will appreciate that instead of having one or the other OS rammed down their throats. An added benefit is that you'll then be able to differentiate the good devs from the bad :) Just kidding.
On my first employment, we had been working on HP UX systems. So I really learned love the power of the console and it's elegance:
Use find to work on loads of files
less for really big log or data files without delay
for loops with substring handling to rename thousands of files in seconds.
and many other nice shell hacks to save you time and nerves...
But not many people seemed to agree in my later employments...
However. I only once had the posibility to use a Fedora Linux box for development several years ago. It was a 64 bit system in the first years of their existance. Maybe this was the problem. I was looking forward to use a proper shell again, but was disapointed as Eclipse did not run stable and had a lot of bugs. This was a pitty and a no go. Since then I never again had the chance to use linux as development OS.
As I start to work in a new employment in some days I really think about to give it an other try. Would do you think, is it still unstable? I nearly can't imagine.
You won't have to use Visual Studio.
Since that doesn't seem to be an issue for you, you might provide more details---what languages are you developing in? If it's Java, then you'll be spending most of your time in Eclipse, Netbeans, etc., so it really won't make much difference. What is your budget for the changeover, or what savings do you hope to get?
From your reasons it seems that you're pretty commited to UNIX already.
Why not give the developers a choice?
git runs faster.
...
Okay, not that much of an advantage...
Linux boxes are easier to containerize with solutions like Docker so that you can more easily share your environment with other devs or QA.
Also, if you need multiple boxes talking to each other for your dev setup, then Linux is a more practical solution. I was working on a Windows machine with a .Net solution which had to talk to services on a different box. I chose to install a couple of VM's using the steps described here (http://mytakeon.it/the-complete-steps-to-having-a-virtual-box-up-and-running-on-your-computer/). The Linux VMs were so light weight, easy to manage and faster in booting up.
I do this all the time using VNC and it is very easy, but I am curious about a few things like XDMCP. As I understand it, this is a way of creating the entire desktop on a remote X-Server which seems fairly elegant.
Several years ago, I worked on a Solaris server and multiple developers had X-Servers running in Windows and we were able to access a full remote X-desktop. All my efforts so far in X based systems seem to indicate that only one instance, remote or local, of the desktop can be loaded, so I guess this Solaris thing was an actual application that "emulated" a desktop, but who knows....
Any input ?
From Windows I've found the best way to do this is using the Xwin command in cygwin.
Steps:
Install Cygwin, making sure to install X11. (Do this by scrolling to the bottom of the list on the "select packages" screen and click on the word "default" to the right of "X11". Give it a second or two and it will change to "install".)
Then, just run the Xwin command like this:
Xwin -query your.unix.system.name
You'll get a full-screen login window from you unix box. That's it!
Btw, sometimes firewalls get in the way of the UDP protocol for XDMCP. If that happens, look up the port numbers (one UDP outgoing, and one TCP incomming) and unblock them. Other xdmcp troubleshooting tips here.
NX will allow you to use a complete remote desktop environment locally, and most Linux distros already have the server available.
As an alternative to full cygwin install you might want to look at Xming. It is quite a bit lighter and should provide the same functionality.
In Xorg/GDM/LightDM options : "listen" should be activated (disabled by default)
In windows, try Xwin32.
In Linux, try Xnest (windowed) or X with "-query" command.
Be careful: it's slow and everything (passwords included) is transmitted in clear. So keep it on local network, tunnel it in SSH or better don't use it.
I found an additional remote desktop implementation which works quite nicely with LXDE:
x2go
Has clients for Windows, Linux and MacOS X.