nerd, pl. nerden

NX through proxy (“tunnel”)

Say you want to connect to an NX server that is behind a firewall, and some corporate VPN client doesn’t work on your OS.

You have your ssh connections neatly set up to connect through a proxy that is outside the firewall (mine is called “myproxy”). That proxy has netcat (nc) installed. For example, your .ssh/config looks something like this:

Host *
EscapeChar none
ForwardX11 yes
ForwardAgent yes

Host myproxy

Host nxcorp1
ProxyCommand ssh user@myproxy nc %h %p

Host nxcorp2
ProxyCommand ssh user@myproxy nc %h %p

Host nxcorp3
ProxyCommand ssh user@myproxy nc %h %p

Now the issue with OpenNX and NoMachine’s own NX client is that they call nxssh in a way that makes it ignore your .ssh/config. So I found this little recipe hidden away in a pdf in the most obscure corner of the internet that forces nxssh to acknowledge .ssh/config. Here’s a summary of that pdf:

If you’re on OS X, the path to nxssh (NXBINPATH) will be /Library/OpenNX/bin. On Linux it’s typically /usr/NX/bin.

First, rename the nxssh binary:

$ sudo mv nxssh nxssh.bin

Then, as sudo create a file called nxssh.csh in that directory with the following contents:

#!/bin/csh -f
set params = ( )
@ i = 0
while ( $i < $#argv ) @ i++ if ( "$argv[$i]:q" == "-E" ) continue set params = ( $params:q $argv[$i]:q ) end exec $0:h/nxssh.bin $params:q

Finally, make it executable and create a symbolic link to that file:

$ sudo chmod a+x nxssh.csh
$ sudo ln -s nxssh.csh nxssh

Now in your NX client configuration, use your ssh hostname as defined in .ssh/config for the address:

Screen Shot 2013-11-18 at 12.04.06

Setting up a passwordless ssh chain all the way to your NX server will make life much easier.

Build OpenNX on OS X 10.9 (Mavericks)

Update 14th Nov 2013: Keyboard mapping works fine when NoMachine’s NX server is used instead of FreeNX.

Update 10th Nov 2013: Turns out that the OpenNX 0.16.725 dmg works on Mavericks after a re-install – no reason to go through these instructions unless you want to build a 64-bit version. They keyboard mapping bug is still present though.

Update 9th Jun 2014: Use x2go instead. Works on Mavericks without any problems.

The OpenNX dmg that you can get from the downloads section doesn’t work on OSX 10.9. Here are some instructions to get it to run on OS X with MacPorts. It’s still very buggy and the incredibly annoying keyboard issue is still present so that these notes are more of a starting point to fix OpenNX in future revisions.

    1. Install MacPorts (don’t forget to install XCode and the Command Line Tools – these prerequisites are somewhat hidden on MacPorts’ installation page).
    2. Install some dependencies:
      sudo port install wxWidgets-3.0 curl libidn openssl zlib nxcomp libpng jpeg svn2cl cctools libtool autoconf automake pulseaudio
    3. Get the OpenNX source code:
      cd ~
      svn checkout -r 724 svn:// opennx-svn
    4. Get and apply a patch to build with MacPorts:
      cd opennx-svn
      patch -p0 < opennx-osx.patch
    5. Get and build nxssh:
      cd ~/opennx-svn/opennx
      tar -xzf nxssh-3.5.0-2.tar.gz
      cd ~/opennx-svn/opennx/nxssh
      CPPFLAGS="-I/opt/local/include -I/opt/local/include/nx" LDFLAGS="-L/opt/local/lib -L/opt/local/lib/nx -lresolv" ./configure --prefix=/opt/local
      make -j4
      cd ..
      mkdir -p bin
      ln -s nxssh/nxssh ./bin/nxssh
    6. Build OpenNX:
      cd ~/opennx-svn/opennx
      make -f
      make -j4
    7. The application should end up in ~/opennx-svn/opennx/ If you get a lengthy error message that boils down to an issue with nxssh, make sure that your system NX path points to ~/opennx-svn/opennx in OpenNX’ configuration settings

Screen Shot 2013-11-09 at 19.09.47

Build TrueCrypt on OS X 64 bit with hardware acceleration

The TrueCrypt binary for OS X that you can get from has several issues:

To address these problems, it’s best to build TrueCrypt from source. Here are some instructions. You’ll need a 64 bit cpu for this to work.

  1. Install MacPorts (don’t forget to install XCode and the Command Line Tools – these prerequisites are somewhat hidden on MacPorts’ installation page).
  2. Get some build dependencies from MacPorts (do not install osxfuse from MacPorts if you want to use your own build of osxfuse instead – see bottom of post for instructions):
    sudo port install wxWidgets-3.0 osxfuse nasm wget pkgconfig
  3. Select wxWidgets-3.0:
    sudo port select wxWidgets wxWidgets-3.0
  4. Download the TrueCrypt 7.1 source code (not sure whether I’m allowed to redistribute it).
  5. Extract the source code and change into the source directory:
    tar -xzf Downloads/TrueCrypt\ 7.1a\ Source.tar.gz
    cd truecrypt-7.1a-source
  6. Download this patch:
  7. Download some Pkcs11 header files into the source directory:
    mkdir Pkcs11
    cd Pkcs11
    cd ..
  8. Apply the patch:
    patch -p0 < truecrypt-osx.patch
  9. Build:
    make -j4
    The GUI is still buggy on OS X 10.9 (Mavericks), but the command-line version works fine:
    make -j4 NOGUI=1
  10. The application bundle will end up in Main/ The command-line executable is located in Main/TrueCrypt

TrueCrypt 7.a


Update 19th Oct 2013: The patch is now under version control as a gist on github.

Update 28th Oct 2013: These instructions are not yet recommended for OS X 10.9 (Mavericks). MacPorts doesn’t seem to be ready yet.

Update 29th Oct 2013: The GUI is still very buggy on Mavericks, but the command-line version seems to be stable:
make -j4 NOGUI=1
The executable will end up in Main/TrueCrypt.

Update 11th Nov 2013: If you want to use your own build of OSXFUSE instead of the MacPorts version, you’ll have to modify the following two files after patching the source code (i.e. after step 8):
-FUSE_LIBS = $(shell pkg-config fuse --libs)
+FUSE_LIBS = -L/usr/local/lib -losxfuse -pthread -liconv

-CXXFLAGS += $(shell pkg-config fuse --cflags)
+CXXFLAGS += -D_FILE_OFFSET_BITS=64 -D_DARWIN_USE_64_BIT_INODE -I/usr/local/include/osxfuse

I’d recommend to uninstall fuse4x and fuse4x-kext in that case to avoid any mess.

Update 17th Nov 2013: Portfile is available on github now. If you’d like to see this integrated into MacPorts, please voice your support here.

Update 20th Apr 2014: Updated Portfile to switch to osxfuse because fuse4x has been deprecated by MacPorts.

Update 2nd Jun 2014: As TrueCrypt is down and the code isn’t available any longer from the official site, I’ve decided to start a Github repo that contains all changes that are required to build on OS X 64bit. This may also be useful for other platforms as the code was ported to wxWidgets 3.0 in the process.

NX on Android

Before anyone gets excited: I’m cheating here. This is not a native NX client for Android (more on that at the end of this post). I’m running ubuntu in a chroot environment under Android. It works surprisingly well though.

NX on chroot on Android

An NX session running in a chroot environment on Android


Ubuntu on Android
Installing Ubuntu in a chroot environment is not the scope of this post. Complete Linux Installer from the Google Play Store makes the process relatively pain-free. Go for Ubuntu 12.04 with the LX Desktop Environment that comes with the “Small Ubuntu Image”.

Complete Linux Installer

Complete Linux Installer simplifies setting up a chroot environment


NX client
Installing an NX client is unfortunately a bit harder than I would have hoped. QtNX is part of the standard Ubuntu repositories, but the Qt widgets didn’t seem to work properly – not sure whether it’s a problem with LXDE or with the VNC client, but the controls (dropboxes etc.) simply didn’t render. Therefore we’ll resort to OpenNX. Binary Debian packages are only available for x86 so that we’ll have to build from source. Launching your newly installed Ubuntu will get you to a root terminal within your chroot environment. First, you’ll have to install some build dependencies:

apt-get install libwxgtk2.8-dev libssl-dev libjpeg-turbo8-dev libpng-dev g++ make libx11-dev libxmu-dev

We’ll get nxssh and nxproxy directly from NoMachine’s open source site (the fixed IPs might change over time!):

cd ~
tar -xzf nxproxy-3.5.0-1.tar.gz
tar -xzf nxcomp-3.5.0-2.tar.gz
tar -xzf nxssh-3.5.0-2.tar.gz
cd nxssh
CFLAGS="-I/root/nxcomp" ./configure
cp nxssh /usr/local/bin/
chmod 755 /usr/local/bin/nxssh
cd ../nxproxy
cp nxproxy /usr/local/bin/
chmod 755 /usr/local/bin/nxproxy

Then we’ll build OpenNX:

cd ~
tar -xzf opennx-
cd opennx-0.16
make install

Some permissions for key files need to be fixed:

chmod 755 /usr/local/share/keys
chmod 666 /usr/local/share/keys/server.id_dsa.key

That’s it. Open a VNC connection to localhost:5902, select “Run” from the start menu and launch opennx.

Native NX client for Android
It should be pretty straightforward to build a native NX client connecting to a native X server. I’ve already ported most of the dependencies for another project. Let me know if there’s any interest.

Convert flash video to Android format with ffmpeg

If your flash video is already in a format that Android can read, such as h264/x264, there’s no reason to recode the whole file. You can simply copy the video and audio streams into a new container that Android can make sense of.

  • Check the audio and video codecs:
    $ ffmpeg -i flashvideo.f4v
  • Copy the streams into a new container:
    $ ffmpeg -i flashvideo.f4v -vcodec copy -acodec copy mp4video.mp4
  • Make your file streamable. This is optional but convenient if you want to check that your device can read the file as soon as you’ve started pushing it.
    $ qt-faststart mp4video.mp4 mp4video_fs.mp4
  • Push to your Android device:
    $ adb push mp4video_fs.mp4 /sdcard/DCIM/Camera/

In case this fails and you have to recode the file, here are some rather outdated links. On more recent devices, you should be able to encode at a higher resolution than 432×240, and x264 will give you considerably smaller files than mpeg4.
Encoding Video for Android on Ubuntu Community Documentation
Convert videos to G1 compatible format with FFMPEG in Ubuntu

Using the GPIO pins on a Pandaboard

The Pandaboard is a neat little computer featuring a dual-core ARM processor. While the on-board GPIO pins seem like a fantastic way to use this board for all sorts of projects, I couldn’t find any documentation how to address them from linux, so here’s a summary of what I did:

  1. Make sure your kernel supports GPIO:
    $ grep GPIOLIB /boot/config-`uname -r`
    $ grep GPIO_SYSFS /boot/config-`uname -r`
  2. Get the Pandaboard System Reference Manual
  3. Tables 10 and 11 on pp. 43-44 show you the pin definitions for J3 and J6. You should be able to use (at least) the pins for GPMC Address/Data bits 8-15, which are mostly located on J6. See Fig. 17 on p. 42 for the placement and orientation of these connectors.
    Pandaboard connector pinout

    Pandaboard connector pinout: Top rows are odd pins starting with 1, bottom rows are even pins starting with 2

  4. Export the GPIO that you’d like to use to the file system. For example, to write to GPIO_32 on pin 18 of J6:
    $ sudo su
    $ cd /sys/class/gpio
    $ echo 32 > export
    $ cd gpio32
    $ echo "low" > direction
  5. That’s it for the setup. To set the pin to low or high, you can now do:
    $ echo "0" > value
    $ echo "1" > value
  6. Put this into your /etc/rc.local if you want members of “yourgroup” to access the gpio without root privileges:
    sudo sh -c "echo 32 > /sys/class/gpio/export" 
    sudo sh -c "echo \"low\" > /sys/class/gpio/gpio32/direction"
    sudo chgrp yourgroup /sys/class/gpio/gpio32/value
    sudo chmod 664 /sys/class/gpio/gpio32/value
    exit 0

Some more generic documentation is available on and A video illustrating the procedure has been posted on YouTube. And someone has bluntly copied most of this tutorial over at

Python IDE

Python, SciPy and NumPy don’t come with a graphical user interface. That’s probably what puts most MATLAB users off leaving the Dark Side. Here’s a review of two free cross-platform Python IDEs.

  1. Eclipse + PyDev
    +Excellent code completion, syntax highlighting, refactoring.
    +Used by plenty of large-scale software projects.
    ±Looks the same on all platforms: bad.
    ±IPython is integrated as an interactive shell since 2.2.2, but difficult to access. Interactive plotting doesn't work.
    Not exactly lightweight.
  2. Spyder
    +Good code completion and syntax highlighting.
    +Excellent IPython integration. Matplotlib works just fine.
    Development mostly depends on one guy. Who does a great job btw.
    It's clearly geared towards Windows. No installers for OS X are available. "You can easily run Spyder on all major platforms" is plain wrong: Installation on OS X through MacPorts takes forever (because of Qt).
    Qt applications look bad on GTK and OS X.

Eclipse + PyDev make the race, in particular on OS X. If only they could get interactive plotting to work.

Alpine vs. Mutt

Here are some real-world reasons why Mutt sucks less than Alpine:

  • Mutt can handle MIME/PGP multipart messages out of the box. This is a nightmare on Alpine. I have yet to find someone who gets topal to run in less than a day.
  • Google contacts can be accessed from Mutt using goobook.
  • With header and body caching enabled, Mutt is way faster at browsing IMAP directories.
  • Mutt makes it embarrassingly simple to backup remote mail to a local drive: Simply save it to a local mail folder.
  • Mutt will let you delete mails from a gmail IMAP inbox.
  • Pine, Alpine and Re-Alpine seem to be unmaintained as of March 2012. Mutt is comparatively lively.