[gentoo-user] Re: How to run X11 apps remotely?
On 2022-03-22, Grant Taylor wrote: > On 3/22/22 10:41 AM, Grant Edwards wrote: >> How does one run "modern" X11 apps remotely? > > Xvnc > > As in run an Xvnc server as an X11 server / display. Point your > programs at that display / server. Then have a VNC client connect to > said VNC server. I've used VNC in the past, and always ended up with a virtual desktop/screen rather than having a remote application show up in a window. >> I do not want a "remote desktop". I just want to run a single >> application on a remote machine and have its window show up locally. > > You can adjust the size of the Xvnc's display so that it's the size of > just the application in question. You also don't need the full desktop > to display on that screen. OK, I've done that, but it's a little awkward to have to constantly adjust the Xvnc display to match the application window size. It appears that Xpra can handle that automatically. >> X11 transparent network support was its killer feature, > I completely agree. Especially when you start running different > programs on different systems / users / contexts. > >> but for all practical purpopses, that feature seems to have been >> killed. > > I don't think that's true. Of course it depends on which X11 apps you need to run remotely. For everything I've needed to run remotely in the past decade or so, it was unusable. The path to my remote host is also rather ugly. It jumps most of the way across the county and back through at least two NAT firewalls. Though the ping time is actually pretty decent (15-20ms) for the path it has to take. -- Grant
[gentoo-user] Re: How to run X11 apps remotely?
ah, yes. i completely forgot about xpra. probabably a better solution than spice. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6
Re: [gentoo-user] How to run X11 apps remotely?
unfortunately running the single application over app-emulation/spice might be as good as it gets. even over a local 1gig lan link those bugs you described are annoying. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6
Re: [gentoo-user] How to run X11 apps remotely?
Some clarifications. On 3/22/22 1:28 PM, Grant Taylor wrote: Xvnc I have looked at NoMachine (a.k.a. NX) in the past. But I've not tried it myself because my work client machine has a VNC client built in and doesn't have an NX client. As in run an Xvnc server as an X11 server / display. Point your programs at that display / server. Then have a VNC client connect to said VNC server. There's another option in the VNC / NX arena, but the name escapes me at the moment. There is also the possibility of RDP and / or ICA (whatever name old Citrix technology is going by these days). If you're into retro computing, PC Anywhere / Timbuktu are options. I run programs like this on the daily. E.g. Lotus Notes 9.x running on an old CentOS 6.x VM (last supported version) displaying on contemporary Gentoo on my workstation. The latency is noticeable if you know what to look for. But the latency is also quite tolerable. To be crystal clear, my Gentoo physical machine SSHs to my CentOS virtual machine with X11 forwarding such that the Notes client shows up on my Gentoo system. It's about as stock X11 as you can get. -- I have contemplated messing with xhost / xauth (cookies) to avoid the encryption / decryption overhead. But I found that I still needed remote command execution to set the DISPLAY and launch the Notes client. SSH makes this latter part trivial while also providing the former part. This is across a switched 1 Gbps LAN in the same subnet. This works well enough that I'm considering evaluating running more programs on discrete systems / VMs / containers with X11 networking. -- Grant. . . . unix || die
Re: [gentoo-user] How to run X11 apps remotely?
On 3/22/22 10:41 AM, Grant Edwards wrote: How does one run "modern" X11 apps remotely? Xvnc As in run an Xvnc server as an X11 server / display. Point your programs at that display / server. Then have a VNC client connect to said VNC server. Using ssh -X or ssh -Y works fine for older applications, but not for things that use "modern" toolkits. Modern tookit designers appear to have adopted a life mission to maximize the number of client-server round-trips required for even a trivial event like a keystroke in a text box. Yes. The back and forth between the X11 client (program) and server (display) is quite chatty and latency sensitive. The thing that running the Xvnc server on the same system as the X11 clients is that the latency between the two that the X11 protocol sees is effectively as small as possible. Then VNC's Remote Frame Buffer (RFB) protocol is more forgiving with latency between the VNC server and the VNC client. As a result, even with a 5-10Mbps remote connection, it takes several minutes to enter a string of even a few characters. A mouseclick on a button can take a minute or two to get processed. Resizing a window pretty much means it's time for a cuppa. Been there. Done that. Opening chrome and loading a web page can take 10-15 minutes. No activity at all on the screen, but the network connection to the remote machine is saturated at 5Mbps for minutes at a time. WTF? You also want to minimize spurious / superfluous updates that aren't actually /needed/. E.g. things fading in / out / animations. I do not want a "remote desktop". I just want to run a single application on a remote machine and have its window show up locally. You can adjust the size of the Xvnc's display so that it's the size of just the application in question. You also don't need the full desktop to display on that screen. Back in the day, I used to run X11 apps remotely through dial-up connections, and most of them were a little sluggish but still actually usable... The X11 protocol has changed a lot over the years. Older versions of X11 are less chatty than newer versions of X11. Reducing color depth also helps reduce the amount of data that needs to be exchanged. X11 transparent network support was its killer feature, I completely agree. Especially when you start running different programs on different systems / users / contexts. but for all practical purpopses, that feature seems to have been killed. I don't think that's true. I run programs like this on the daily. E.g. Lotus Notes 9.x running on an old CentOS 6.x VM (last supported version) displaying on contemporary Gentoo on my workstation. The latency is noticeable if you know what to look for. But the latency is also quite tolerable. I find web browsing to be considerably slower than my Notes client which I use interactively on the daily, if not hourly. -- Grant. . . . unix || die
[gentoo-user] Re: How to run X11 apps remotely?
On 2022-03-22, Grant Edwards wrote: > How does one run "modern" X11 apps remotely? > [...] > I do not want a "remote desktop". I just want to run a single > application on a remote machine and have its window show up locally. It looks like xpra will do what I want: https://packages.gentoo.org/packages/x11-wm/xpra It's interesting that it's classified as a window manager. >From https://xpra.org/: It gives you remote access to individual applications or full desktops. Xpra is usable over reasonably slow links and does its best to adapt to changing network bandwidth constraints. haven't tried it yet...
[gentoo-user] Re: How to run X11 apps remotely?
On 2022-03-22, Laurence Perkins wrote: >>Even something "lightweight" like atril is so slow it's barely usable. >> >>I do not want a "remote desktop". I just want to run a single >>application on a remote machine and have its window show up locally. >> >>Back in the day, I used to run X11 apps remotely through dial-up >>connections, and most of them were a little sluggish but still >>actually usable... >> >>X11 transparent network support was its killer feature, but for all >>practical purpopses, that feature seems to have been killed. > As you mentioned, it's a lot of extra round-trips. Which means that > it's not primarily your bandwidth that's the limiting factor, it's > the latency. > > Unfortunately, the speed of light being what it is, there are > practical limits to what you can do about latency depending on how > far apart the systems in question are. Where "far" is measured more in in hops than miles. :) Even with cut-through routing, each hop can be expensive. Add a couple firewalls with stateful packet inpsection, and latency from my house to the house next door isn't great. > But, check for and mitigate any bufferbloat issues you may have, > that will spike your latency quite a bit. > > The key back in the day was that people used X11 primitives > directly. But the X11 primitives are ugly, and there weren't any > tools for making them pretty. Yea, I remember. I wrote a couple xlib apps way back back when and it was painful. Even the old Xt toolkit wasn't fun. I do appreciate how easy it is to slap together something in Python and Gtk, I just wish it worked remotely after it was done. :) > So rather than add those mechanisms all the toolkit authors just did > their own thing and now everything is just bitmaps and practically > no processing can be done locally. > > Some programs like gVim will detect that they're running over SSH > and fall back to basic X11 for the speed factor. Not sure what > browsers might do that. Things like Xemacs are still usable, but if I'm doing emacs, I usually just run it directly in an ssh "terminal".
RE: [gentoo-user] How to run X11 apps remotely?
>-Original Message- >From: Grant Edwards >Sent: Tuesday, March 22, 2022 9:42 AM >To: gentoo-user@lists.gentoo.org >Subject: [gentoo-user] How to run X11 apps remotely? > >CAUTION: This is an EXTERNAL email. Do not click links or open attachments >unless you recognize the sender and know the content is safe. > >How does one run "modern" X11 apps remotely? > >Using ssh -X or ssh -Y works fine for older applications, but not for things >that use "modern" toolkits. Modern tookit designers appear to have adopted a >life mission to maximize the number of client-server round-trips required for >even a trivial event like a keystroke in a text box. > >As a result, even with a 5-10Mbps remote connection, it takes several minutes >to enter a string of even a few characters. A mouseclick on a button can take >a minute or two to get processed. Resizing a window pretty much means it's >time for a cuppa. > >Opening chrome and loading a web page can take 10-15 minutes. No activity at >all on the screen, but the network connection to the remote machine is >saturated at 5Mbps for minutes at a time. WTF? > >Something like LibreOffice is completely unusable. > >Even something "lightweight" like atril is so slow it's barely usable. > >I do not want a "remote desktop". I just want to run a single application on a >remote machine and have its window show up locally. > >Back in the day, I used to run X11 apps remotely through dial-up connections, >and most of them were a little sluggish but still actually usable... > >X11 transparent network support was its killer feature, but for all practical >purpopses, that feature seems to have been killed. > >-- >Grant > As you mentioned, it's a lot of extra round-trips. Which means that it's not primarily your bandwidth that's the limiting factor, it's the latency. Unfortunately, the speed of light being what it is, there are practical limits to what you can do about latency depending on how far apart the systems in question are. But, check for and mitigate any bufferbloat issues you may have, that will spike your latency quite a bit. The key back in the day was that people used X11 primitives directly. But the X11 primitives are ugly, and there weren't any tools for making them pretty. So rather than add those mechanisms all the toolkit authors just did their own thing and now everything is just bitmaps and practically no processing can be done locally. Some programs like gVim will detect that they're running over SSH and fall back to basic X11 for the speed factor. Not sure what browsers might do that. LMP
Re: [gentoo-user] How to run X11 apps remotely?
I think what happened is that a lot of rendering was moved to the client side, in particular font rendering. There may be ways to disable toolkit features that can lighten the load a bit.
RE: [gentoo-user] KDE, sddm etc security. Plus LVM question.
> -Original Message- > From: Rich Freeman > Sent: Monday, March 21, 2022 5:21 PM > To: gentoo-user@lists.gentoo.org > Subject: Re: [gentoo-user] KDE, sddm etc security. Plus LVM question. > > On Mon, Mar 21, 2022 at 8:03 PM Laurence Perkins wrote: > > > > The TPM in most computers doesn't dump the keys if someone tries to open > > the case to install hardware sniffers. > > > > That's a good point, though if somebody with the ability to sniff the RAM or > (to a lesser degree) GPU traffic is after you, then you probably want to be > on the lookout for rubber hose decryption. > > If you're a big spender the AMD Secure Memory Encryption feature would > probably help there, assuming they ever get it working on Linux. > > -- > Rich > > There are a lot of circumstances where the attacker doesn't want you to know you've been compromised. At least not right away. Tamper detection can be useful for avoiding that. Along similar lines there's a kernel module available, the project name slips my mind, which can be set to wipe keys, memory, etc. if the system is booted without a particular USB device attached, or if the device is removed. Gives one a way to quickly "decommission" a system. LMP
[gentoo-user] How to run X11 apps remotely?
How does one run "modern" X11 apps remotely? Using ssh -X or ssh -Y works fine for older applications, but not for things that use "modern" toolkits. Modern tookit designers appear to have adopted a life mission to maximize the number of client-server round-trips required for even a trivial event like a keystroke in a text box. As a result, even with a 5-10Mbps remote connection, it takes several minutes to enter a string of even a few characters. A mouseclick on a button can take a minute or two to get processed. Resizing a window pretty much means it's time for a cuppa. Opening chrome and loading a web page can take 10-15 minutes. No activity at all on the screen, but the network connection to the remote machine is saturated at 5Mbps for minutes at a time. WTF? Something like LibreOffice is completely unusable. Even something "lightweight" like atril is so slow it's barely usable. I do not want a "remote desktop". I just want to run a single application on a remote machine and have its window show up locally. Back in the day, I used to run X11 apps remotely through dial-up connections, and most of them were a little sluggish but still actually usable... X11 transparent network support was its killer feature, but for all practical purpopses, that feature seems to have been killed. -- Grant