Sometimes, when you want to do screen sharing, it can be hard to get the client in place on the other person's computer. They may have trouble installing it, may not have the rights to install it, or feel it is just too much trouble.

Fear not, because nowadays one can use a regular web browser as a VNC client. All the person at the other end needs to have on their computer is a modern web browser, such as Google's Chrome.

Screen detail: A Chrome browser running noVNC. In the upper half one can see the web browser that noVNC is running in, further down shows part of the VNC session that is running inside the browser (Gnome on Ubuntu 10.4)

The new generation of web browsers support the canvas element of HTML 5. The canvas element allows the browser to display a bitmap in a rectangle, and this bitmap can be continously manipulated pixel-by-pixel through javascript. Again, having a modern browser with a super fast javascript engine makes it realistic to use the canvas element for sharing a remote computer in real time.

I have found three implementations of VNC through the web browser:

• noVNC
• Guacamole
• ThinVNC

ThinVNC works on Windows only on the server side as far as I can tell, and I run Linux, so that one is out. Guacamole needs a java servlet container (e.g. Apache + Tomcat), and I do not want to install that, so the choice fell on noVNC, and so far it works like a charm!

I have not been able to make it run on Firefox (v 3.6.12), but it does run on Chrome (v 8.0.552), both tested on Ubuntu Linux. A customer failed to connect with a Chrome 7 series, running on OSX, so my guess is Chrome 8 or better is a good bet. noVNC also works with Chromium (an open source version of Chrome) 9.0.565 on CentOS 5, but not with Firefox 3.6.4 on CentOS 5 in my tests.

All three programs, or at least novnc and Guacamole that I have paid attention to, requires three programs to run:

• The VNC server of your choice,
• A server that translates (proxies) the VNC server communication to a web browser friendly language (called WebSockets),
• A javascript running in the web browser that takes care of painting the remote screen, and handles mouse and keyboard events in cases one is not merely viewing but also controlling the remote machine.

What you need on the server side.

I liked the way noVNC gets you up and running really quickly. First and foremost you need a VNC server. I have tested noVNC with Gnome's desktop sharing (on Ubuntu 10.4). After downloading and unpacking noVNC, you can start it right away in the terminal, with the command indicated in the readme file. This will start a Websockets proxy server. The one used in noVNC is written in Python and hence needs no Java (in contrast to Guacamole). You need to indicate what port your VNC server is running on, so the Websockets server knows where the VNC server is that it is proxying. VNC servers typically run on port 5900, or 5901, or 5902 or thereabouts. For desktop sharing it is often 5900.

The command line also starts a web server that the remote client should connect to. You can vary the ports that the Websockets proxy and web server run on, to avoid conflicts with other server processes on your machine.

After having started noVNC, simply point the browser to the URL that the command returned in the terminal. This will load a web page and the javascripts needed to connect.

The web server is just a simple server to serve the html page and javascripts to the browser. If you already have a web server somewhere you can serve the files from there instead.

Encrypted connections

When using plain old VNC, it is a good idea to tunnel the session through ssh. With noVNC you can have the connection encrypted directly in the browser. The noVNC readme explains how: There is no need to connect to a different encrypted port; the proxy automatically recognises that the connection is encrypted. The proxy can be started with a --ssl-only flag to only accept encrypted connections, and encryption must then always be switched on in the web browser page, either under the settings menu (that looks like a button) or by supplying "encrypt=1" as an extra CGI parameter when loading the page. I have tested with Google Chrome (v 8.0.552), on Ubuntu Linux 10.10 and it worked fine. Ok, I didn't intercept the traffic between the browser and server to really verify it was encrypted, but I take in good faith that it was.

Installing the proxy server as a service

Once I had played around with noVNC for a while, I started to look to have it installed with a bit more permanence. Now the HTML and the javascript for the web browser can be served from any old web server, and the VNC server is built into Gnome, but what about the WebSockets proxy, that translates the VNC to something the browser can understand? noVNC ships with no less than 3 alternative WebSockets proxies, one written in Python, one written in (server side) Javascript and one written in C. The Javascript version does not support encryption. The Python based proxy server can be run in the foreground with the -f flag, and as a daemon otherwise. But it would be nice to have it run always, and automatically started when the server reboots. I decided to put it under the control of supervisord, a framework for running processes and keeping them alive, that I am familiar with from developing with Plone and buildout. Supervisord does not manage other daemonized processes. Instead it wants to run processes that think they are running in the foreground, but are in fact connected to supervisord. Supervisord in this way is tightly coupled with the processes it runs. It can restart and otherwise manage its child processes, without the need for pid files or other such things. It i also trivial to run multiple copies of a program.

On Ubuntu 10.4, you can install supervisord easily; it is one of the packages in the usual repositories. After it has been installed, it has an entry in the /etc/init.d directory , and in /etc/supervisor/ directory you can add directions for it to run wsproxy.py as a foreground process. On install supervisord is configured to start when the server boots. Here is what I use. This is an entry in the /etc/supervisorsuper/supervisord.conf file on a Ubuntu 10.4 server:

[program:wsproxy]
command=/usr/local/bin/wsproxy/wsproxy.py -f 6900 --cert=self.pem --ssl-only localhost:5900
process_name=%(program_name)s
numprocs=1
directory=/usr/local/bin/wsproxy
stopsignal=TERM
user=a_user_name

It runs wsproxy.py on server startup, and will restart wsproxy if it ever would go down. wsproxy is configured above to proxy a VNC server running on port 5900 and serves it out as a websocket service on port 6900 for noVNC. wsproxy is configured above to requre SSL encryption.

Update:

There seems to be a bit of trouble with the websocket protocol that noVNC uses, but according to Wikipedia, Google Chrome should still support it in all versions. The crux is here.:

http://hacks.mozilla.org/2010/12/websockets-disabled-in-firefox-4/

Check:

http://en.wikipedia.org/wiki/WebSockets#Browsers_supporting_WebSocket

for what browsers to use. However, the developer of NoVNC, Joel Martin, points out in a comment to this blog post that NoVNC has a built in Flash based Websockets proxy, so one is with NoVNC actually not dependant on Websockets support in the web browser.

So, right now it seems like Firefox will not support Websockets out-of-the-box, until they have fixed the issue. It seems though that you can turn it on again in about:config. Opera is turning websockets off by default from what I can see. However I guess the browser versions tested below as working (Chrome v 8.0.552, and Chromium 9.0.565) will continue to work since they are already out, and it seems all Chrome versions support it.

Some quick notes for myself:

Two frameworks that allow you to test your web code at the end point, i.e. from a browser's point of view, are Webdriver (part of Selenium now) and Windmill.

A third option has emerged, js-test-driver. The tests in Windmill seems to be in Python (I have toyed briefly with it) while the tests in Webdriver are in Java (I use this regularly for a few test cases). js-test-driver seems to use Javascript.

# easily integrates with continuous builds systems and # allows running tests on multiple browsers quickly to ease TDD style development.

Rhythmbox will not connect to a firefly (mt-daapd) server if it is running on the same machine on Ubuntu 10.10 Maverick Meerkat. Banshee will connect to it and show the playlists, but will not be able to play the songs. The servers work just fine though if you connect to them with Rhythmbox or Banshee from another Ubuntu 10.10 machine.

In order to make sure that this not just a borked 10.10 installation on one machine, I connected to the second machine's server from the first, worked fine. Connecting the second machine's clients  to its own server did not work.

Problem temporarily handled by downgrading Rhythmbox to the versions for 10.4.

Tecknaren Berglin har ofta väldigt roliga och underfundiga teckningar. Men idag sätter man kaffet i halsen när han kommer fram till följande slutsats:

Nej, vårt välstånd bygger inte på att några i ett annat hörn av världen har jävligt låga löner. I alla fall inte om man jämför med vad de skulle ha om vi inte köpte av dem alls. Då skulle de svälta ihjäl eller tvingas till desperata och destruktiva livsstilar. Det faktum att vi handlar från dem gör dem rikare: Det gör det möjligt för dem att sätta sina barn i skolan, köpa ett hus, betala en operation osv. Med andra ord: Frihandeln och globaliseringen hjälper dem att leva.

Jag vet inte riktigt hur Berglin har tänkt här...

Läs mer: Berglins | Serier | SvD

De flesta webbsajter med login på, autentiserar användaren med hjälp av liten cookie. Om någon kan avlyssna trafiken mellan en besökare och webbsajten - och det är ofta förhållandevis lätt att göra, så kan denne kopiera cookien och får då plötsligt tillgång till besökarens konto, på t ex Facebook.

Detta är inte alldeles enkelt att skydda sig mot. Det bästa skyddet är att man använder https (SSL/TLS) i all kommunikation med sajter som man är inloggad på. Då är cookies krypterade, och kan inte avlyssnas och användas. Problemet är att en webbläsare om den får en cookie från en domän, om man ite speciellt anger det, även kan användas för http-kopplingar mot sajten. http-kopplingar kan dyka upp på en annars SSL-skyddad sajt av fler anledningar:

• Vissa resurser använder inte SSL/TLS (bilder, videos mm), därför att det blir långsamt pga att de:
  • inte cachas på webbläsarsidan
  • och/eller tar processorkraft på serversidan
• Man har glömt att skydda vissa resurser
• Man låter sina resurser vara del av andras webbsajter (som t ex Facebooks "Like"-knappar) och har inte skyddat dessa med https (SSL/TLS)

Eftersom många sociala sajter tillåter att deras resurser används på andra sajter (som webbuggar t ex), är det väldigt svårt som webbanvändare att veta vilka webbsajter ens webbläsare kommunicerar med i ett givet ögonblick.

Hur skyddar man sig?

• Det bästa verkar vara att se till att ens webbläsare bara accepterar cookies från SSL-adresser som har secure-flaggan satt på cookies. Sådana cookies skickas aldrig av webbläsaren över en okrypterad länk. Jag har inte sett någon sådan plugin som säkerställer detta dock. En variant är att webbläsaren själv sätter secure-flaggan på cookies som kommer från en https-adress.
• Arbeta över ett VPN eller annan krypterad tunnel och sedan göra en riskbedömning på om någon kan avlyssna efter tunnelns slut

Plugins som gör något i alla fall i dag är t ex:

• HTTPS-Everywhere
• Force-TLS

Jag hittade just en gammal Firefox-plugin, Secure Cookies, i vilken bl a följande kod finns (i securecookies.js):

if(topic == "http-on-examine-response" )
	    {
	    	if(this.secure){
	    		var httpChannel = subject
			    		.QueryInterface(Components.interfaces.nsIHttpChannel);
				var cookie = httpChannel.getResponseHeader("Set-Cookie");
				//is there a Secure Cookie in the Header
				if(cookie.search(/secure/i) != -1)
		    	{
		    		//cookieheader = all not secure cookies
			   		var cookieheader = this.setCookiefromString(cookie, subject.URI);
			   		httpChannel.setResponseHeader("Set-Cookie", cookieheader, false);
			   		cookie = httpChannel.getResponseHeader("Set-Cookie");
		    	}
		    }
	    }

Här borde det finnas möjligheter att stoppa in ett obligatoriskt secure-kriterium. Men plugin:en är inte uppdaterad för nyare Firefox, så en del jobb behövs nog.

You can’t simply avoid visiting the sites that are being attacked here. There’s an enormous amount of mixed content on the web today, such as the Facebook “Like” button, Digg’s “Digg It” button, twitter widgets, and even embedded images that are hosted on Flickr or other photo sharing sites. Every time you access any web page that includes any of this content, your browser also sends any authentication cookies you have with the request to pull down the widget. TechCrunch is a great example of this, every article has lots of little widgets to share it on numerous social sites.

Läs mer: Firesheep, a day later - codebutler

Suddenly the little icon that show your network connection status was gone. This was a bit of a problem since I could not configure the computer to connect to a wireless network anymore.

It turns out that the applet behind the missing icon is called nm-applet. Trying to start it with:

nm-applet

did not work since it was reported to be already running. Well, we can do something about that:

killalll nm-applet
nm-applet

and it turned up again

In Gnome Terminal in my installation of Ubuntu 10.10 (Maverick Meerkat), the trusty old alt + "." does not work anymore. It usually prints the last argument used in bash, but now it just prints a dot ".".

Workaround seems to be to use Esc + "." instead, does the same thing. But it works.

Found it here:

Equivalent/Alternatives for Alt+Dot in Mac
One thing i miss from the Linux shell is the Alt+Dot shortcut. What it does is insert the last argument of the previous command. It appears to be a trivial technique, but it's really useful.

Läs mer: 1 bash history scrolling - Gooduser.info

One annoying thing with the otherwise capable Rhythmbox for Gnome, is that your music library becomes one big soup of songs. However there is a plugin for Rhythmbox that allows you to browse your directories. It is called folderview and allows you subselect from your music collection based on path, which means that you can browse in a tree to a directory within your music repository, and folderview will display and play all songs in that directory and its subdirectories.

When I say "will play" that is exactly what it does, it will immediately switch to and start playing the first song it finds, if it detects that Rhythmbox is already playing something. Besides this minor quirk it is a very useful plugin: Kudos to the author and to the architects of the Rhythmbox plugin system!

If you want completely separate entities under Rhythmbox, with separate playlists, take look at the mt-daapd (Firefly) DAAP server in conjunction with the Rhythmbox DAAP plugin.

Rhythmbox folder view plugin

Läs mer: folderview - Project Hosting on Google Code

In a freshly upgrade 10.4 I eventually found the trash in ~/.local/share/Trash

I could not find it in the GUI.

The Guardian är en av de tidningar som verkligen förstått Internet. Nu har de gjort en Flash-applikation i vilken man själv kan bestämma vad som ska sparas i den brittiska statsbudgeten.

Man borde koppla detta så att man kan se andras budgetar också.

The coalition says it must slash billions from public spending to tackle the UK's growing budget deficit. George Osborne's comprehensive spending review will reveal where the axe will fall. But should he cut as deep? And is he cutting the right things?

Läs mer: Comprehensive spending review interactive: you make the cuts | Politics | guardian.co.uk

lastmatch.py is a part of pylastfp, a python module that allows you to:

• fingerprint your mp3s and hence find other rips of the same music
• or find out the correct name and title for given mp3.

The latter is achieved by the lastmatch.py script searching the lastfm database over the net for matching audio fingerprints, and return the metadata for those files. Metadata is limited to title and artist.

This is a Python interface to Last.fm's acoustic fingerprinting library (called fplib) and its related API services. It performs fingerprint extraction, fingerprint ID lookup, and track metadata lookup. It also comes with some helpers for decoding audio files.

If you like me are running Spotify under Wine on Linux, the Spotify integration with sharemyplaylists.com won't work. The play button on the playlists pages at sharemyplaylists.com are javascript urls that do not tell what is the spotify url for the playlist.

Clicking the play button, Firefox will reply that is does not know how to handle the spotify:// protocol and Chrome will ask a command line application to handle it, but that one will fail silently.

But can we at least see the Spotify URL? Firefox will not reveal what the Spotify URL is, Chrome will, but in a dialog box where copy does not work, and it is pretty tedious to read and type a long seemingly random string. Konqueror will do nothing at all.

But if we could get sharemyplaylists.com to tell what the spotify url is, all will be fine. Stepping through the javascript code one can see a jquery call to playTrack.php, and it turns out we can call this directly from the URL field in the web browser. If you right click the play button you can copy the javascript url.

Take the number from that one and append it to:

http://sharemyplaylists.com/playTrack.php?postId=

In the resulting web page, you can see the spotify url. Copy that one and paste into Spotify's search field and hit return and it will be loaded into Spotify.

Never thought i was going to read nano's man page, but today I did.

Nano is an easy-to-use text editor for console use.

It turns out that if you supply the "-m" flag, you can change the cursor position with the mouse. You can also select menu commands with the mouse, but you cannot select text. In fact, you lose the ability to select text to get into the local clipboard also, so my enthusiasm is waning.

I have just installed the Firefly DAAP server (formerly known as the mt-daap server and still called mt-daapd in the Ubuntu repositories). It functions as a server for a database of your music files.

That does not sound as much until you realise that:

• It serves out playlists as well
• It is all really, really well done

I am trying out as a way of partioning my Rhythmbox's music library into two parts. I now have a Firefly DAAP server running, serving out a directory that is a mirror of my Sansa Clip portable player. In this way I can separate the music on that one (mostly latin music) from the music in my main library on the hard disk. Rhythmbox will treat them as completely separate entities with their own playlists and music libraries respectively.

So far, Firefly works like a charm. It feels solid, has a very functional web interface and is fast. I am impressed!

Will get back with more info later

The purpose of this project is built the best server software to serve digital music to the Roku Soundbridge and iTunes; to be able to serve the widest variety of digital music content over the widest range of devices. Current stable releases have been reported to run on Linux, all the BSDs, Solaris, AIX, and a variety of embedded devices such as the Linksys NSLU2, the Maxtor MSS, and the Buffalo Linkstation, to name but a few.

Läs mer: Firefly Media Server :: Home Page

I had treated "-print0" as just another flag to the find command. It is not: In fact when find encounters a "-print" or "-print0" command it prints right then and there, and any flags coming thereafter are ignored (unless another -print or print0 command follows them).

I first tested like this:

find -print0 -name "*.mp3" |xargs -0 tag-command --flags

But that is wrong! The -name flag is completely ignored

This is the way it should be:

find -name "*.mp3" -print0|xargs -0 tag-command --flags

Thanks to jax for pointing this out.

This actually works:

find -print0 -name "*.mp3" -print0|xargs -0 tag-command --flags

If you for some crazy reason would like to pass all files to the tag-command, but pass mp3 files twice...

Found this on the Internet, will add inks if I find the sources again:

Batch convert wav to mp3:

for f in *.wav ; do lame -V 2 "$f" ; done

Batch rename mp3s

for f in *.mp3 ; do AUFILE=`echo "$f" | sed 's/.wav//g'` ; mv "$f" "$AUFILE"; done

This is just a note to self on what I used to make executables of my python programs for Linux and Windows respectively. It is now some time since I did i t so I had to look at the documentation I wrote for play-next-pause:

It is pyinstaller for Linux and Py2exe for Windows.

LibOFA (Library Open Fingerprint Architecture) is an open-source audio fingerprint created and provided by MusicIP (http://www.musicip.com). It is available cross-platform (win32, OS X, nix), and available for anyone to use in their own digital music applications.

  musicip-libofa - Project Hosting on Google Code

See also: lastmatch.py -command that identifies mp3s

The same component isolation that made it effective for large distributed telecom systems makes it effective for multicore CPUs and networked applications.

Läs mer: Erlang | September 2010 | Communications of the ACM

One of my customers seemed to had gotten into the habit of calling me "J". I got e-mails like "Nice work J!", "Copy and paste J!".

After about a year of this, actually triggered by the "Copy and paste J!" phrase in an e-mail today, I had to write back and ask if the customer was angry or frustrated about something.

It turned out that what arrived as "J" on my side had been a smiley on his side, but due to some incompatibilities between the e-mail systems, it became mangled into a "J" when I got it. Which by coincidence is of course the initial of my given name.  I had started to think that the customer had some deep seated passive aggressive anger issues.