another one of my brains

Assumptions:

• You have a remote machine configured to listen for VNC connections on such as :5900.
• You can ssh into your remote machine.
• You (wisely) have not opened port 5900 in your firewall.
• You want to access your machine remotely over VNC.

Let’s tunnel.

Rationale

VNC is basically plain text, including any keystrokes you send. Authentication is weak compared to such as ssh. And to access VNC remotely you’d ostensibly have to open that port to the Internet.

With ssh tunneling, you don’t have to open a special port in your firewall for VNC. All authentication and subsequent traffic happens over ssh.

Set up the tunnel

Try this:

ssh -C user@myhost.com -L 5900:127.0.0.1:5900

Feel free to add -fNq to background ssh (so you can’t accidentally close a terminal window and lose it), -N so that it doesn’t run any commands, and -q so that it’s quiet.

This connects you to myhost.com, forwarding your local port (hence -L) 5900 to the remote port 5900.

Connect

Use your favorite VNC client, connecting to localhost, port 5900, and with whatever credentials you set up.

Anecdata: slow?

I’ve only tested this once or twice. It seems pretty slow! I can’t tell if it’s the quality of this connection or what. So maybe prepare yourself.

Example: I have a big ol’ PATH variable, necessarily : separated. I want to see each entry on a separate line. Here you go:

echo $PATH | tr ':' '\n'

Or if you’re feeling even more terse:

tr ':' '\n' <<<$PATH

tr is one of my blind spots, I’ll admit. I’m more inclined to reach for sed or awk, which are overkill for little jobs like these.

Sometimes I want to know when a file in my path has been updated. You can find out where a file is with which foo. Pass that right into ls -l like so:

ls -l `which foo`

I’ve been using the Go language in my spare time. I like it a lot so far.

Rather than clutter up this blog with a bunch of Go-specific stuff, though, I’ve created a new one: gobrain.tumblr.com.

I’d heard about git bisect before, but I hadn’t spent much time playing with it until today. It turned out to be too painful to use in my case, as there was a massive merge between the “good” and “bad” patches. Nevertheless, it seems quite useful.

The very simple version is that it’s good for binary searching for a bad commit. You give it a bad commit, a good commit, and it will bisect (see what they did there) that set of commits as part of a binary search for the culprit commit.

In a nut:

git bisect start
git co d34db33f # here's a known bad commit
git bisect bad # mark that commit as bad
git bisect good f00 # a known good commit

git will present you with a series of commits, doing the binary searching for you. Your role is tell it whether the suggested commit is good or bad based on compiling, running tests, or whatever. Alternatively you can supply a script whose return code git will use as good/bad criterion (zero vs. nonzero, of course).

Check out Pro Git for more details, as well as git help bisect.

Roughly one year after Firesheep, I’ve still never gotten around to setting up a VPN. Here’s a “cheaper” way to get something similar, using software that your average *nix machine has out of the box.

One caveat: I don’t know much about the technical details behind this; I’ve gotten it to work easily enough by reading the webs and playing around. If you’re concerned about browsing on an open network, this may offer some measure of confidence.

Set up the tunnel

Here:

ssh -D 8080 -CNfq user@myhost.com

Now you just need to tell your system to send traffic to localhost:8080.

On a Mac, this is simple. Go to Network Preferences. Click Proxies. Click SOCKS Proxy. In the field SOCKS Proxy Server, put localhost for the host and 8080 for the port. Enable Socks Proxy if/when you want it to be active. Hit Apply.

I don’t know how to do this in Linux, but there’s gotta be some way to do it.

«Update (2012-03-12) The Arch Linux Wiki has a very helpful page about proxy settings. You set a bunch of proxy-related environment variables and hope your programs are all well-behaved enough to make use of that setting. It smells hacky but if it works… »

Ideally, you’ve already set up your ssh keys on myhost.com. You did do that, right?

Verify

A site like http://whatsmyip.com will allow you to check your IP easily. You can confirm that Chrome is using the proxy by going to chrome://net-internals/#proxy.

The tunnel will just go away when you lose connectivity to the network. You can manually close it, presumably, with kill.

Automation

You could conceivably make a script to automate this. Roughly:

if [ "$1" -eq "start" ]; then
    # TODO: check for already running session
    ssh -D 8080 -f -C -q -N user@myhost.com
    pid=$!
    cat $pid >/var/run/tunnel.lock # or wherever
elif [ "$1" -eq "stop" ]; then
   # TODO: check for already running session
    kill $(cat /var/run/tunnel.lock)
fi

In Ubuntu, there’s notify-send. I used this for a tea timer earlier:

( sleep 10m && notify-send -t 5000 'Tea time!' ) & ; disown

This will pop up those nifty transparent Growl-like notifications on your desktop. They are designed to be somewhat unobtrusive, though, and don’t allow much if any customization. This can be inconvenient if you want a prominent, non-expiring message when some lengthy task completes.

zenity is an alternative, and quite versatile at that. This will pop up an “OK” dialog box which is more obtrusive by design:

zenity --info --text='Tea time!'

There’s plenty more in the manpage. For instance, you can post a notification in the notification area. You can also use to provide a graphical file selection prompt, a calendar date picker, and so on.