Saturday, February 18, 2017

How to forward X11 from a CentOS/RedHat Linux server to a Windows PC

In some cases it might be useful to run GUI based apps on backend servers (usually VPSs or dedicated servers) that lack the means to display them, i.e. have no graphics capability or monitor attached to them.

On Linux servers this is usually done via VNC but that requires firewall mods to open the VNC port(s) on the server side which may not always be possible or desirable.

That leaves us with two options:
  • TeamViewer which is fine for the occasional non-commercial use but requires licensing otherwise
  • Good old X forwarding from the server to a listening port on a computer with graphics display capability. In this scenario the backend server (or the GUI app running on it) becomes the X client and the app, running on the graphics capable PC, that displays their GUIs becomes the X server.

I will shortly cover here how the second scenario can be set up using a CentOS/RedHat server and Xming + Putty on a Windows PC. There are basically two ways to do it:

  1. Simply forward X on your remote server to your local X Server. This requires that you open/forward a port on your local PC to receive the X data in your X server.To set this up:
    • Install PuTTY on your PC
    • Install Xming on your PC
    • Open port 6000 on your PC and open/forward it from your router to your PC.
    • Add your remote server's IP into a file named "X0.hosts" under the Xming installation directory (typically "C:\Program Files (x86)\Xming") and start or restart Xming
    • Connect to your remote server via ssh using PuTTY and install the full X Window System on your backend server: yum groupinstall "X Window System"
    • Then issue this command to redirect the X display to your PC: export DISPLAY=x.x.x.x:0.0 where x.x.x.x is your PC's IP address.
    • From this point any command issued on your remote server that invokes a program with a GUI should bring up the app's windows on your PC via Xming, e.g. xclock & or firefox &
  2. Forward X to your PC via ssh (in this case PuTTY). This has two benefits and one possible down side compared to the option right above. The benefits are a)Secured X data (i.e. it cannot be intercepted while travelling between the server and your PC), b)You do not need to open/forward any port on your PC or allow your server's IP address in Xming's hosts list. The down side is that X forwarding may be slower this way, unless ssh compression is used which I am not sure how much it would change things. To do this follow these steps:
    • Install PuTTY on your PC
    • Install Xming on your PC and have it running
    • In PuTTY, under the SSH settings, find the X11 tab and
      • enable X11 forwarding
      • set the X display location to localhost:0
    • On your server edit your ssh daemon's config file, typically at "/etc/ssh/sshd_config" and set the following options:
      • X11Forwarding yes
      • X11DisplayOffset 10
    • Connect to your remote server via ssh using your PuTTY with the X11 options set as shown above.
    • From this point on any command issued on your remote server that invokes a program with a GUI should bring up the app's windows on your PC via Xming, e.g. xclock & or firefox &





Monday, January 30, 2017

Open/save password protected PowerPoint Presentations using VSTO

Although VSTO offers easy ways to save or open password protected Word documents or Excel Workbooks e.g. in pseudocode, Open(docpath, ..., password) or Save(docpath,..., password), it does not offer such options for PowerPoint presentations. However, there is still a way to do it programmatically fairly easily:

To save a presentation with a password:

PowerPoint.Presentation p = Globals.ThisAddIn.Application.Presentations.Add();
p.Password = "whatever";
p.Save();

To open a password protected presentation simply pass the password at the end of the presentation path, when opening it, in this "hackish" way:

PowerPoint.Presentation d = Globals.ThisAddIn.Application.Presentations.Open(FullFilePath + "::whatever::");

Monday, December 19, 2016

Contemporary JavaScript programming

Some core tenets of contemporary JavaScript coding are demonstrated in this article. Things like Object Oriented Programming in combination with jQuery usage.

http://javascriptissexy.com/javascript-apply-call-and-bind-methods-are-essential-for-javascript-professionals/

Tuesday, December 13, 2016

Are SSL certs really needed?

When I go to a well known site like google.com or amazon.com my main trust factor is a correctly spelled domain. On top of that, if all that is needed to establish a secure connection is a key pair generated by the correctly addressed domain what is the added value of third party's signature on say Google's public key?

Perhaps the only valid defense is they guard against a compromised DNS server or router but it seems kinda overkill especially when nobody is really guarding the integrity of your computer and browser software,

Sure, they do provide added security, but my point is whether it really addresses the weakest link in this connection. Can anyone hack your ISP's DNS or Router? It is pretty hard and rare these days. The weakest link however, by far, is your own browser where you could be seeing a fake address and a fake green light. Now, a virus that can do that is not that hard to build and we all know there are millions upon millions of people infected with computer viruses right now. How many are using a hacked DNS or a compromised router?

Monday, December 5, 2016

Rootless Android Screen Mirroring

Free seamless Android remote control (via screen mirroring) without rooting requirement. Special hosting app for Samsung smartphones - supports my S7 edge perfectly.

Saturday, September 17, 2016

Emulating user interaction with browsers (click-bots)

There are a number of ways this can be done and they vary in complexity and effectiveness significantly.

  1. You can control/drive any browser via a browser extension registered online (e.g. chrome store) and installed the usual way.
    • Problem 1: extension needs to be approved and signed by the browser owners
    • Problem 2: you need an extension for each browser you want to control
  2. Chrome specifically can be controlled/driven via DevTools Remoting which is also how Selenium does it with its ChromeDriver. Ref: Chrome Debugger Protocol
    • Problem: Only works with Chrome
  3. Set the browser into extension development mode by programmatically manipulating its configuration files and add an unsigned extension for controlling/driving the browser either by manipulating the browser configuration files and/or Windows registry or by scripting a hidden drag-and-drop operation of the extension file onto the browser window while it displays the appropriate extension installation page.
    • Problem: Although very doable implementation, especially for both the two major browsers out there (Chrome and FF) is on the hard side.
  4. Drive/control the browser, or any other Window really, via the Win32 SendInput() function. For this to work you need to defeat the Operating System's protection against click-bots which restricts window focus giving to non-programmatic GUI interactions (i.e. actions directly performed by a real user like clicking on a real mouse device). There is a diminishing repertoire of ways to do that but there are still ways to do it even on Windows 10 (e.g. DLL injection and dialog launch from within the hijacked process). Interactions can be accomplished either via keystroke sequences sent (with the correct timing) to the browser Window instance or via relative/absolute coordinates clicks (hard to claculate the exact spot given different window/screen sizes but still doable). Can work in all cases and for all browsers as it does not depend on other software or auxiliary APIs that may or may not be available.
    • Problem. Hardest of all four to do especially because of the window focus protection defeating requirement but also because of the complications related to correctly calculating coordinates where clicks (and not keystrokes) are absolutely needed.