Ovidiu Predescu's Weblog

Setting up ssh-agent on Windows XP

As you probably know already, ssh-agent is an easy way to enter the passwords for your private SSH keys only once per session. On Linux and Unix systems, when using X-Windows, it is very easy to setup ssh-agent as the parent process of your window manager. In fact most of the Linux distributions start-up the window manager this way.

The way ssh-agent works is by setting up two environment variables, SSH_AUTH_SOCK and SSH_AGENT_PID. The first is used to communicate the location of the Unix socket domain on which ssh-agent is listening for requests. The second is used to identify the Unix process id of ssh-agent, so it can be killed by ssh-add -k.

These environment variables have to communicated to every process that wants to use ssh later on, so ssh can connect to the ssh-agent process and fetch the decrypted private keys. In the Unix parent-child process model, this works just fine. The ssh-agent does the work of creating the Unix socket domain and then forks a child process. In this process it first exports the two environment variables above, then exec the process - the window manager for X-Windows. This way all the processes that inherit from it will have these environment variables available.

On Windows this is not possible, since there is no way to interpose some other process before the window manager. This of course, assumes the same parent-child relationship of processes as in Unix. The alternative is to always start ssh-agent on some well-known socket. Below, I assume you use Cygwin, an excellent free-software Unix emulator for Windows.

There are few things you need to do. First in your Windows home directory (usually c:\Document and Settings\yourusername, make sure you have a .bash_profile that reads:

. ~/.bashrc

Then create a .bashrc file in your home directory, and add to it the following:

export SSH_AUTH_SOCK=/tmp/.ssh-socket

ssh-add -l 2>&1 >/dev/null

if [ $? = 2 ]; then

   # Exit status 2 means couldn't connect to ssh-agent; start one now

   ssh-agent -a $SSH_AUTH_SOCK >/tmp/.ssh-script

   . /tmp/.ssh-script

   echo $SSH_AGENT_PID >/tmp/.ssh-agent-pid

fi

function kill-agent {

   pid=`cat /tmp/.ssh-agent-pid`

   kill $pid

}

Next, go to the Start menu, "Control Panel" -> "System" -> "Advanced" -> "Environment Variables" and add a new variable SSH_AUTH_SOCK, whose value should be /tmp/.ssh-socket. Hit OK to make the change persistent.

What happens next? The first time you open a bash terminal, an ssh-agent process is going to be automatically created. This process will listen on the Unix socket domain /tmp/.ssh-socket. Run ssh-add at the prompt to enter the password for your private key(s).

Now when you open another terminal, that will share the same ssh-agent process because of the SSH_AUTH_SOCK definition. Running ssh or any other command that uses ssh underneath will work without having to enter the password for your keys.

It will also work if you run a cygwin-ified version of XEmacs. Tramp, CVS or any other Emacs package that uses ssh will work just fine now.

The only requirement is for these programs to be cygwin-ified, otherwise the sharing described above doesn't work.

Virus attack on Apache committers

Today I started to receive a flood of email messages like this:

From: noreply@apache.org
Date: Tue Mar 2, 2004  6:21:20 PM US/Pacific
To: ovidiu@apache.org
Subject: E-mail account security warning.
Attachments: There is 1 attachment

Hello user  of Apache.org e-mail server,

Our main mailing server will  be  temporary  unavaible for next two days, 
to continue receiving mail in these  days you have to configure  our free
auto-forwarding service.

For details see the  attached file.

The Management,
    The Apache.org team    http://www.apache.org
<Text Document.pif> attachment

This obviously looks fake, but they got me thinking after a discussion I had not long ago with Steven. Somebody is obviously targetting Apache committers. Perhaps to gain something more than simply placing a new virus on somebody's computer.

If you're an Apache committer, receive such a message and you're on Windows, be aware!

Update: I just got another message at my xemacs.org email address. So it's not only Apache. The interesting thing is whoever is behind this, is filtering the email addresses and is carefully constructing email messages very targetted to a restricted set of people. It's the first time I see this happening.

I wonder when such virus email messages will be customized on a per-user basis :(

SCO attacks GPL

SCO has decided to attack GPL by drafting this letter to Congress. (via The Register).

This attach is remarcably similar to Craig Mundie's attack on GPL and Open Source, from almost two years ago.

All of the usages of "free" in both letters are associated with money, not with freedom. In fact such freedom is deemed dangerous to our national economy and security. I hope not to see free software/open source developers labeled as terrorists.

Both letters completely ignore the fact that many companies make money by extending or building on top of these free software projects, while at the same time playing nice with respect to the communities involved. They also don't mention the innovations made possible by exactly this model: how about GCC, GDB, Emacs, Perl, Python, PHP, Apache, and many others?

ApacheCon 2003 slides

I've uploaded the slides for my ApacheCon 2003 session on the Cocoon control flow. The presentation describes the work I've done in Apache Cocoon to use continuations in programming Web applications.

http://www.webweavertech.com/ovidiu/apachecon2003/

I was looking at a similar presentation that I've done in November 2002 at Cocoon GetTogether in Ghent, Belgium, and I noticed with great surprise that all of the items on the todo list were implemented since then. Quite impressive! Especially since all of the items on the todo list were contributed by people other than me ;)

ApacheCon

I arrived in Las Vegas last night, after the plane was delayed in San Jose for about 5 hours. Had I known that, I would have taken a later flight. Oh well...

Around 9pm I met with Steven, Bruno, Gianugo, Stefano, Gregory ?, and Pier. We had dinner at a spanish restaurant in Venice - the fake one of course.

I was pleasantly surprised to meet Steven again after last year's Cocoon GetTogether. He's a really great guy, last year we didn't have much time to talk. We discussed at great length about the flow engine, especially about the Rhino engine.

Today I woke up at 4:20am and headed to Valley of Fire, about an hour drive NE from Las Vegas. I spent a great deal of time driving around and taking some shots very early in the morning. The weather was cloudy very early in the morning, but around 7am the clouds broke up. I went on few small hikes through few red-rock canyons, and finally headed back around 12:20pm.

I'm now attending Stefano's talk on the dynamics of virtual communities. He's presenting his work on Agora, a tool for visualizing the links within the Apache community. Interesting stuff.

Next session I want to attend is Steven's introduction to Cocoon. He decided to stay at the hotel, rather than coming with me in Valley of Fire, to polish his presentation. In retrospective, I think he made a good decision, I'm very tired after getting only 4 hours of sleep.

mod_jk2 problems

Looking at the logs last weekend I noticed several errors caused by mod_jk2. A friend of mine also pointed out some weird error messages showing up when accessing various servlets. These problems were totally random, but were showing up when the servlet was accessed rapidly. The error messages correlated with the log file entries indicated problems in the communication between the web server and the servlet container:

[error] workerEnv.init() create slot epStat.14 failed
[debug] ../../common/jk_worker_ajp13.c(638): ajp13.getEndpoint(): endpoint creation ... endpoint:15 failed

These errors happened with the latest mod_jk2 compiled from source. I ended up installing mod_jk instead, and all these errors went away.

ApacheCon 2003 speaker

I just found from Matthew's and Steven's blogs that ApacheCon is open for registration. It looks like my session on Cocoon control flow was accepted! Carsten, Stefano and Steven have sessions on Cocoon too, which makes things very interesting!

No more Netscape

Ugo Cei: Netscape is dead, long live Mozilla.

With the advent of Safari on Apple's MacOS X and IE on Windows, it looks like Mozilla's main target audience, at least from a consumer perspective, is going to be Linux only. This is really unfortunate, I was really hoping for a sequel of the browser war with a different ending than the first part.

Hopefully one or more commercial organizations are going to pour in some money to support further development of Mozilla. Otherwise larger adoption of the browser might be hindered by perceived lack of support.

CSS development with Mozilla

Simon Willison has a very interesting Weblog entry about using CSS bookmarklets to speed up Web app development.

The most interesting ones I found were the edit styles and ancestors. You first have to bookmark the links on Simon's page. Then visit a site whose CSS style you want to develop. Now go in your bookmarks and select edit styles and ancestors bookmarklets. The first one will pop up a window with the CSS styles of the current page. The second one acts via side effects by showing you the DOM hierarchy for the HTML element the mouse is currently over. You can change the style of the Web page interactively in a very easy way.

JavaOne - compiling programming languages to the JVM

Per Bothner's talk on Kawa is about to start. Per worked on various things over the year. He used to work for Cygnus, before being acquired by RedHat; he worked on GCC and many other tools.

17:16 It started. Apparently Per is the only presenter not affiliated with any company, which an almost unheard of at JavaOne. The attendance is pretty light, it's either too late or people don't care about languages other than Java.

What do you do when you need a higher language than Java? Well, you can write an interpreter. However if you do repetitive computations, it can get pretty slow. Another approach is to compile the program in your language to Java source code.

The best approach is to compile directly to in-memory Java bytecodes. Per makes the interesting assertion that bytecodes are more general than Java source: you actually have goto statements.

Kawa was written while at Cygnus in 1996 and is a GNU project, with a more liberal license than GPL. Kawa can be run interactively from the command line, it can be compiled to a program file. Languages implemented in Kawa: Scheme, XQuery, XSLT, Emacs Lisp etc.

Short introduction to Scheme, an "impure" functional language because of assignment. You run Kawa by doing java kawa.repl and you get the interactive prompt. It supports big integers.You can write applets in Scheme's Kawa.

Another language supported is Common Lisp. Guy Steele was instrumental in the Scheme, Common Lisp and Java languages.

Emacs Lisp: "Emacs is still the most powerful text editor". Kawa compiles Elisp to Java bytecodes. Goal is modern Emacs re-implementation that can efficiently use existing Emacs packages. Uses Swing to represent and display text. A nice JEmacs screenshot, unfortunately not many people actually contribute to it.

XQuery is a very high-level language used for querying, combining and generating XML-like data sets. It is a superset of XPath. Kawa supports XQuery with Qexo, which is missing some features, but still very useful. Some example of XQuery to generate an HTML fragment: it uses HTML markup and XQuery syntax to generate the output page. The example can generate XHTML 1.0, HTML, Scheme from the same file. The example XQuery program can be compiled to a Java class with a main, or to a servlet which can be deployed on a servlet container.

XQuery can be considered as an alternative to JSP. An XQuery program can also be compiled to a CGI program, not very useful these days however. You can embed the XQuery engine in a Java program and take advantage of its power.

Next language shown is XSLT. The Kawa implementation compiles an XSLT stylesheet into a Java class. The project is incomplete, but it's a useful example.

BRL is Beautiful Report Language, a template language much like JSP. Instead of embedding Java, you embed Scheme. KRL - Kawa Report Language - is Per's implementation. The language uses square brackets to embed Scheme code. You can embed such code within HTML tags.

Nice is a strongly typed language with multi-methods, parametric types, anonymous functions, tuples and multiple implementation. KRL and Nice were both written by other people than Per.

Implementation. Each language is a subclass of Interpreter. Each Interpreter uses a Lexer to parse an expression or a program file. The result is an Excpression instance. There are many subclasses of Expression. Once you have an Expression object, you call the compile() method to compile the script. This method takes two arguments, a Compilation object for managing the state, and a Target object for specifying where to leave the result, usually the JVM's stack.

Bean Scripting Framework finally at Apache

Chuck Murcko wrote me to say that BSF is about to finally transition from IBM to Apache Jakarta! The mailing lists are up, although no Web archives yet; to register yourself go to the mailing list Web page. A new 2.3 release of BSF should become available once the Jakarta BSF Web site comes up, which should be up any time now.

I'm working on an MVC Web application framework which uses scripting languages supported by BSF as an option to write the Controller. BSF is a central piece in it, that's why I'm so keen on seeing it healthy at Apache. I am also planning to use some AOP patterns to provide extensibility to this framework. More on this as code becomes available.

Creating applications with Mozilla

Brett Morgan:

While mooching through Creating Applications with Mozilla I noticed something very cool in chapter 12. Remote Mozilla Applications - where a mozilla application is pulled at run time from a web server.

This is really cool! I still dream of an RSS aggregator integrated in Mozilla, which has the ability to subscribe to Weblogs you visit while browsing. The current process is too cumbersome, copy the RSS feed URL and manually enter it in the RSS aggregator. You almost forget to do it.

Now that I switched to NetNewsWire, I was thinking I could write a simple AppleScript and invoke it from Mozilla to subscribe to the RSS feed in NetNewsWire. A specialized Mozilla application would be able to capture the URL and invoke the AppleScript, but NetNewsWire is not AppleScript enabled :(

Copyright and licenses

There was a lively discussion on cocoondev@outerthought.org few days ago about copyright and licenses. I post this reply to Nicola Ken Barozzi, as I think is of a greater interest.

Mozilla as a Web services platform

Salon has an interesting article about Mozilla as platform for developing applications [via Slashdot].

It's so refreshing to see Mozilla being positioned as a platform, and not just as yet another browser. It will be interesting to see how much this platform will take off. It certainly makes sense to have Mozilla applications built around Web applications running on remote servers, since it would be easier to manage the remote content using a richer, desktop-like interface. Weblogs are a good example of such an application.

To be really successful, the Mozilla platform will need to penetrate the enterprise market. Mozilla could probably succeed better as a development platform for enterprise applications, than as yet another browser the IT departments have to support.

Having backend enterprise applications accessible as Web services would probably make Mozilla's job a lot easier, since there's no need to load proprietary code in the Mozilla application. Thus the only thing to be implemented in such an application will be only the user interface, which interacts with the backend Web services-enabled system.

More on Bruce Perens departure from HP

New York Times has an article about Bruce Perens' departure from HP. As I reported earlier, Bruce is no longer with HP.

The main reasons for his departure though seem to be related to the Microsoft baiting Bruce is doing. His latest actions are against Microsoft's backed industry group, the Initiative for Software Choice. This group is persuading governments all over the world to use highly priced proprietary software instead of equivalent open-source ones, which are freely available. Bruce started Sincere Choice to counter the Microsoft led initiative.

Bruce Perens no longer with HP

Bruce Perens, one of the original open source movement founders, is no longer with HP. He was one of the open source leaders in HP, promoting open sourcing various projects which were not the core business of HP. He was also a big promoter of Debian Linux as part of the Linux Systems Operations.

His departure follows two highly publicized cases where HP invoked DMCA to threaten a group of researchers not to publish a vulnerability of the Tru64 operating system, which HP inherited by its aquisition of Compaq. The other case where HP invoked DMCA involved Bruce Perens himself. He was asked to not give a public demonstration of a DVD region-protection circumvenition technique at the highly visible O'Reilly Open Source Convention.

As a note to the reader, my employer is HP.