Friday, May 30, 2008

Desktop Sharing Securely with VNC from WinXP to Ubuntu

I decided to setup two old computers lying around my office today. One already had Ubuntu 7.04 (Feisty Fawn) installed while the other was running WinXP. So I wiped the WinXP off one, and distro upgraded the other to Ubuntu 8.04 (Hardy Heron). Now I have two Hardys sitting on an office bench. I primarily work with a dual-screen WinXP machine with remote desktop to another WinXP machine somewhere else. Then it dawned on me that instead of using ssh to issue text commands to the two Hardys, it will be great if I could do remote desktop to them and control all 4 machines.

It turns out that the simplest way was not a proper remote desktop like how WinXP does its remote desktop but rather, desktop sharing using VNC that comes with Ubuntu. What happens in desktop sharing is you send inputs to the remote computer which sends you back the output. The input is taken to occur on-site, i.e. moving the mouse on the remote side actually moves the pointer on the actual machine. Unlike a proper remote desktop, desktop sharing with VNC is inherently insecure. This is primarily why I refer to it as remote sharing instead of remote desktop (note that in the System menu it is under "Remote Desktop").

Firstly, for remote sharing, after enabling it, a remote user can only connect to the desktop if a user is logged in on site. This means that a computer in an insecure physical location will never be secure as someone can sit down in front of it, stop the remote sharing, and start using the system in place of you. Contrast this with remote desktop in WinXP where the computer will be locked by the remote user on-site. Hence only someone with your user account can hijack the computer physically. Fortunately for me, both computers are in a secure physical location so this is not a problem.

Secondly, the password that one sets for remote sharing is only 8 characters long and there is no prompt for a user account. This means that the security of a user account is now only 8 characters since someone can log in remotely as well and change the on-site logged in user's password.

Lastly, for the free version of VNC, data exchange after logging in is not encrypted. That means any password sent can be sniffed over the network directly.

The solution to the last two problems is to use ssh tunneling and a firewall (or host denying). Indeed there are quite a few a articles online on how to achieve this, one of it being here. The gist of it is, one creates a secure ssh connection to the remote machine, use ssh tunneling to tell the remote machine to forward a connection to itself (on the VNC port), then, connect to desktop sharing through this secure tunnel. For example when connecting from A to B, an encrypted tunnel is set up from A to B and a unencrypted one from B to itself. The latter is fine since no data actually leaves the network interface. Then, to stop others from making a remote sharing connection, either only allow the local host (i.e. B) to remote share to itself or use a firewall to block incoming connections to the remote share port. I used a firewall since the GUI option to ``allow local connections only" for remote sharing did not work for me and I was too lazy to manually edit the configuration files.

The net effect, now connecting to a remote computer requires logging in to it using ssh which makes the connecting password of 8 characters immaterial -- it is now as strong as your normal user account. Furthermore, no one can easily snoop on data you send over the network as it is encrypted, plus no one can access remote sharing directly without using ssh tunneling.


Tada! Controlling 2 WinXP machines and 2 Ubuntu boxes with one computer! But VNC is quite sluggish even when the machines use the same network switch and this still does not solve the physical insecurity problem. To do that we probably need real remote desktop. In Linux I think this means having an X-server on the WinXP machine via cygwin and logging in to the linux box using XDMCP. This gives the remote user a dedicated desktop, i.e. all actions are private to the user, instead of being shared on-site. The remote computer can be left at the normal log-in screen so no one without the proper privileges can hijack someone's user account on-site.

Alternatively some online HOWTOs seem to advocate FreeNX to do this which I believe is distributed from here. However, it might not be the best solution if the goal is to minimize computation on the remote client (i.e. the machine you are at) since the GUI computation is now done on it. ``SO why not just use normal ssh?", you ask. Well sometimes I forget the names of packages that I want to install and Synaptic helps me find them better than apt-get.

* * * * * Update * * * * *
Decided to give NoMachine NX a spin. It is easier to configure than VNC, handles all security problems and creates a separate X-session for each remote login. It does this, I believe, by having an x-server and using ssh for the connection. Get it from their website.

Monday, May 19, 2008

Arcade Joystick with MAME on Ubuntu 8.04 LTS

Today, I saw a cheap China made USB arcade stick at the computer store near my home. Previously I was contemplating buying the Japan made Hori Fighting Stick that will set me back a good $80. Luckily, this stick appeared for just $29. It is a Digi-USB Joystick from Topway and it says Windows 98 to XP on the front. Flipping to the back says "2002 Topway all rights reserved". Being something from 2002, it sounds like a good bet it will work in both Linux and Windows so I bought it and plugged it into my computer running Ubuntu 8.04 LTS. Typing $ sudo dmesg I found the stick was detected as being:

USB HID v1.10 Joystick [GreenAsia Inc. USB Joystick] on usb-0000:00:1d.0-2

And that it was a low speed USB 1.1 device. Not that I needed USB 2.0 anyway. Firing up MAME 0.135 I tried it with Marvel vs. Street Fighter. The GreenAsia Inc. driver in Ubuntu worked flawlessly. Physically, it does not have as good a feel as an arcade stick but it is decent enough to perform all air combos. Great! I finally have a decent fighting stick that works right out of the box. Being a light stick, one nice addition is the four sucker pads on the base of the stick that keeps it in place on the table top.


With 8 buttons, you can configure your favourite layout (American or Japanese) for the common six or four fighting buttons.


My desk is getting rather cluttered with the Tesun dual gamepads and this new joystick.


Here we go, King of Fighters 2002 on MAME 0.135!

Sunday, May 11, 2008

The Fly and the Fly-trap

A rather interesting video made by my friend, cciRRus, starring an innocent wasp, his pet fly-trap, and a tweezer. Ownage!

Ubuntu 8.04, MAME & AIGLX on ATI

With Ubuntu 8.04 LTS out for a few weeks now, I finally finished my exams and decided to give it a spin. Downloaded an alternate CD to upgrade my Ubuntu 7.10 from. Unfortunately it failed. It was only later that I realised it was due to my Mythbuntu installation. Should have downloaded the Mybuntu alternate CD instead. Thankfully, the servers were up and a net upgrade quickly placed 8.04 on my PC. Some problems still not resolved though (but not really the fault of Ubuntu). For starters, AIGLX is still working,


But sadly playing videos and watching tv using tvtime with XV still fails in windowed mode due to problems with the ATI drivers. The best I could get is flickering videos. But it is not stable. After messing around with some Compiz settings, it is possible to lose video altogether.


F-spot seems slightly less buggy. Next I decided to install the latest version of SDLMAME v0.125 from here (forget xmame, the base version of mame is too ancient). It didn't work right at the start using opengl rendering and I had to edit "/etc/sdlmame/mame.ini" to set option "gl_pbo 0" before it would run.

What delighted me the most is my Tesun USB-706D Dual Analogue Joypads (looks like PS gamepads, two pads hooked to one usb plug) that I bought for $23 worked right out of the box without additional drivers except for the vibration (not that it mattered). Unfortunately, with Compiz and the ATI fglrx 8.47.3 drivers, the display flickers like videos and tvtime. Hence I had to postpone my eye-candy yet again till ATI gives better drivers. Oh well, back to metacity.


Marvel Vs Street Fighter! It's been a long time.


Dungeons & Dragons 2: Shadows Over Mystara! Used to be stuck in the arcade for 4 hours with my friend trying to finish this with one or two coins. It takes about 1.5 hours to complete the game. So far everything seems alright with 8.04, I have no idea why they packaged Firefox 3 Beta 5 though. Broke some of my extensions but it does have some cool features. Other than that there's nothing really visibly special.

Wednesday, May 7, 2008

10000 Hours to simulate Blackjack rules

This article on BBC sort of reminded me of my first programming course where I was trying to hard code some blackjack rules for a simple blackjack competition. Now that Genetic Algorithms have started to make sense to me, Pontoon, anyone?

Saturday, May 3, 2008

Iron Man

It's amazing, it's incredible, it's Iron Man! Nevermind the super cool hardware, the sophisticated weapons and his attitude, there's some amazing software and interfaces in there too!