Question on X11 support in OS X.
January 13, 2005 4:11 PM Subscribe
Question on X11 support in OS X. [+]
Like everyone and his wildebeeste, I'm thinking of getting the new Mac Mini, as it's the right price point to be worth having just for the things it comes with, even if I don't buy all my applications again just yet. I use Linux most of the time now and I'd like to continue using a Linux machine as needed but I'd like to disconnect the display and keyboard and get it out of the room. Since X11 is network transparent, and since OS X offers an optional X11 display server, I can presumably relegate my Linux box to the closet and continue to run the apps remotely on the Mac desktop.
The question is, is anyone out there doing this? Running X11 apps remotely on the OS X desktop? Does it work well for you?
Like everyone and his wildebeeste, I'm thinking of getting the new Mac Mini, as it's the right price point to be worth having just for the things it comes with, even if I don't buy all my applications again just yet. I use Linux most of the time now and I'd like to continue using a Linux machine as needed but I'd like to disconnect the display and keyboard and get it out of the room. Since X11 is network transparent, and since OS X offers an optional X11 display server, I can presumably relegate my Linux box to the closet and continue to run the apps remotely on the Mac desktop.
The question is, is anyone out there doing this? Running X11 apps remotely on the OS X desktop? Does it work well for you?
Open an xterm on the X11 application under OS X and then use ssh -X username@hostname to make a connection to your Linux box.
The -X argument will do the X11 variable forwarding work that is necessary to run X11 apps from your Linux box and have the windows displayed on your Mac.
posted by AlexReynolds at 4:17 PM on January 13, 2005
The -X argument will do the X11 variable forwarding work that is necessary to run X11 apps from your Linux box and have the windows displayed on your Mac.
posted by AlexReynolds at 4:17 PM on January 13, 2005
Yes. X11 was built for this.
I'm playing around with 3 different Linux machines at this very moment using OSX's X11 environment.
(ps. dont forget 'xhost +')
posted by vacapinta at 4:22 PM on January 13, 2005
I'm playing around with 3 different Linux machines at this very moment using OSX's X11 environment.
(ps. dont forget 'xhost +')
posted by vacapinta at 4:22 PM on January 13, 2005
Response by poster: Thanx, vacapinta, that's reassuring. I'm an X11 user/developer from way way back; it was the OS X X11 implementation in particular that I was worried about. My biggest fear is that the network transparency aspect of X11 (one of the really beautiful things about it) had been compromised in the interest of driving the display hardware more efficiently. I'm glad to hear that hasn't happened.
posted by George_Spiggott at 4:26 PM on January 13, 2005
posted by George_Spiggott at 4:26 PM on January 13, 2005
I do it all the time, it works like any other Unix.
Also, listen to AlexReynolds and use ssh. 'xhost +' is a serious security risk.
posted by Eamon at 5:02 PM on January 13, 2005
Also, listen to AlexReynolds and use ssh. 'xhost +' is a serious security risk.
posted by Eamon at 5:02 PM on January 13, 2005
Response by poster: Eamon, granted xhost is as secure as your network. Used within a private network with no untrusted users (or indeed no other users at all) you might as well use xhost and save the (admittedly small) encryption overhead.
posted by George_Spiggott at 5:11 PM on January 13, 2005
posted by George_Spiggott at 5:11 PM on January 13, 2005
Just chiming in to agree with everyone else. Yes, it'll work. I mean, X11 is X11 is X11...I doubt that they could still call it X11 if they did something as drastic as removing the network transparency. I mean, if you've developed for it as you say, you should know just how core a part of X11 that aspect is.
I haven't done that in a long time because, well, OSX is Unix, and with Fink or source builds I've got any Unix apps I need right here on my Mac.
*insert font memories of X forwarding in the school edlab during college*
posted by cyrusdogstar at 5:46 PM on January 13, 2005
I haven't done that in a long time because, well, OSX is Unix, and with Fink or source builds I've got any Unix apps I need right here on my Mac.
*insert font memories of X forwarding in the school edlab during college*
posted by cyrusdogstar at 5:46 PM on January 13, 2005
Response by poster: cyrusdogstar, I've seen broken X servers before. Many of them. I hadn't suspected that they'd have removed network transparency, just broken it while optimizing for something else and not giving a crap because they're not in the thin client business. And yes, I've been the principal author of commercial apps written largely in XLib and Xt Intrinsics. That was nudging a decade ago, though. As for xhost insecurity, I once had a co-worker who was a little too fond of xspy...
posted by George_Spiggott at 6:14 PM on January 13, 2005
posted by George_Spiggott at 6:14 PM on January 13, 2005
yes, I'm inside an extremely secure private network. Sorry, just took that for granted.
posted by vacapinta at 6:41 PM on January 13, 2005
posted by vacapinta at 6:41 PM on January 13, 2005
Hey, that's cool. I guess my other unspoken point would be that Apple almost never does a half-assed job of anything, so having them intentionally or uninentionally disable something like that would be really, really out of character for them :)
Ditto on the xhost. SSH X-forwarding is really just as easy and I can't think offhand of any convenience xhost gives that is worth the risk.
posted by cyrusdogstar at 6:42 PM on January 13, 2005
Ditto on the xhost. SSH X-forwarding is really just as easy and I can't think offhand of any convenience xhost gives that is worth the risk.
posted by cyrusdogstar at 6:42 PM on January 13, 2005
On post: That was aimed at Messr. Spiggot, in case anyone's confused =)
vacapinta: I assume you know this already, but it's probably not a good idea to allow yourself ANY bad security habits just because you have a secure or private network.
Also, internal security is often just as important as external, because if someone DOES manage to get in you're making it super easy for them to take over *everything*. Security in layers ++.
(Obviously my 2nd point doesn't apply as much if it's a truly private network, but any network with ANY exterior access at ANY point is not so. I won't go into the anal retentive realm of theorizing about physical security compromises as an end-run around whatever protection you do have in place =))
posted by cyrusdogstar at 6:47 PM on January 13, 2005
vacapinta: I assume you know this already, but it's probably not a good idea to allow yourself ANY bad security habits just because you have a secure or private network.
Also, internal security is often just as important as external, because if someone DOES manage to get in you're making it super easy for them to take over *everything*. Security in layers ++.
(Obviously my 2nd point doesn't apply as much if it's a truly private network, but any network with ANY exterior access at ANY point is not so. I won't go into the anal retentive realm of theorizing about physical security compromises as an end-run around whatever protection you do have in place =))
posted by cyrusdogstar at 6:47 PM on January 13, 2005
I use X11 on MacOS X a great deal, it's very well done. I use it for working from home and run various circuit design tools on it. It's just as good as running linux and X11 and better than running an X11 server on Windows.
Incidently I never use xhost, even on private networks. Learn to use xauth if you don't want the overhead of SSH and also don't need to encrypt your streams.
On your MacOS X/11 xterm type "xauth nlist $DISPLAY" and copy the ugly hex string to the clipboard. Log in to your remote machine and type "setenv DISPLAY macosmachine:0" and then echo "ugly hex string" | xauth nmerge -
I learned in grad school that things like xhost + were a bad idea (actually, I learned by inflicting suffering on others more than having suffering inflicted on me - nothing like well timed nude supermodels to make your friends turn beet red in front of their thesis advisor)
Before we had VPN at work I'd use ssh's X forwarding though so all my packets would look like line noise though.
posted by substrate at 5:25 AM on January 14, 2005
Incidently I never use xhost, even on private networks. Learn to use xauth if you don't want the overhead of SSH and also don't need to encrypt your streams.
On your MacOS X/11 xterm type "xauth nlist $DISPLAY" and copy the ugly hex string to the clipboard. Log in to your remote machine and type "setenv DISPLAY macosmachine:0" and then echo "ugly hex string" | xauth nmerge -
I learned in grad school that things like xhost + were a bad idea (actually, I learned by inflicting suffering on others more than having suffering inflicted on me - nothing like well timed nude supermodels to make your friends turn beet red in front of their thesis advisor)
Before we had VPN at work I'd use ssh's X forwarding though so all my packets would look like line noise though.
posted by substrate at 5:25 AM on January 14, 2005
I use Apple's X11 at work to manage our iPlanet LDAP servers sitting on Sun boxes. The guy down the hall uses it to manage our Netscreen firewall. It's awesome- it just works.
posted by mkultra at 6:38 AM on January 14, 2005
posted by mkultra at 6:38 AM on January 14, 2005
This thread is closed to new comments.
posted by mrbill at 4:15 PM on January 13, 2005