ACCC Home Page ACADEMIC COMPUTING and COMMUNICATIONS CENTER
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 
The ADN Connection, November/December 1995 The A3C Connection
Nov/Dec 1995 Contents When a Good Computer Goes Bad Word Macro Viruses What viruses are "going around" at UIC today? Mac Viruses
Free Seminars for Spring 1995 More on Pine: Email and a Newsreader, Too Through an X Window Darkly About the ADN Connection  

Through an X Window Darkly

 
Tech Tips
Expert UNIX
 
   
 
     
Do You Need X Windows?
 

If you do everything locally on your PC, you don't need it. If you only interact with remote machines through Eudora or Netscape or a newsreader, you don't need it. But if you find yourself wishing that the program you're running remotely could just pop open a window on your screen and show you a graph of its progress, accept input data at a crucial part of the run, and maybe even allow you to cut-and-paste that data from another window generated by different program running on a different machine, then you really do need it -- the X Window System.

Consider SAS, for example. Using SAS on the PC on your desk is great for interactivity and for controlling your statistical analysis while it is running. Provided, of course, your data set is small enough for a PC. Using SAS on a large remote computer is great for computational power and for handling tapes and large data sets. Provided, of course, that you don't mind waiting for SAS to finish processing your data, transferring the results to your PC and graphing them, examining the graph to help you decide what to do next, and then logging back on to the remote computer and starting all over again. Do you want the best of both worlds? Then you want X.

There is no point to using X just to use it. Like any system, X has its drawbacks -- it has a large appetite for network resources and there are some aspects of its configuration, such as security, that you really need to pay attention to. But if you need graphic or multiwindow output from a remote machine, X can be a very convenient way to watch and control those remote processes from your desktop.

Return to Contents

 
     
Client-Server at its Core
  The X Window System (often called X11 or X Windows or simply X) is only superficially similar to other window systems like Microsoft Windows and the Macintosh. In fact, X can coexist with these other systems. X is different because it is inherently a client/server system. That is, every "X Window System" consists of at least three parts: the program that decides what to put into the X window (which may, but doesn't have to, run on a remote machine), the program that deals with your physical keyboard, mouse, and screen (which must run on your local machine), and the X protocol that defines how these two programs interact.

The X protocol is platform independent -- both clients and servers exist for many computers, including the Macintosh, Windows, and OS/2, as well as all manner of UNIX. And X is extremely flexible and configurable. (To a fault, actually. X is a hacker's dream. Fortunately, it is quite useful without custom configuration, too.) It is so configurable that my X sessions might have a very different look and feel from yours. On the whole, this is an advantage, because it has encouraged many people to contribute programs and utilities, and quite a number of them are free.

Return to Contents

 

The origins of X.

The X Window System began in 1984 at MIT as part of Project Athena. X Window's continuing development is supervised by the X Consortium -- an independent, not-for-profit organization that provides vendor-neutral architectural and administrative leadership. The X Consortium's World Wide Web home page is at the URL http://www.x.org/

 
     
Many Clients, One Server
  A key part of X11 is the server -- the display program that actually controls the hardware on your desk. Mouse movements and clicks and keyboard input are sent to the server, and screen output is generated by the server. But the server does not interpret the mouse and keyboard input. Rather, it sends the input to the appropriate client program, and acts on behalf of the client when it redraws the various windows. Because all of the real intelligence rests with the X clients, the X server can be small and fast enough to run on many different hardware platforms.

X clients, on the other hand, are the applications programs that tell your X server what to draw and where to draw it. Thus, in X terminology, the application, which may run on the same machine as the X server or may run on another machine, is the client.

Although this is true to the notion that servers should obey the wishes of clients, the way the terms "server" and "client" are defined in X -- with the server being local to your desktop and the client being (possibly) remote -- is just the reverse of the usual client-server structure. There are those that defend the X terminology, but the fact is, you just have to get used to it.
 
 

Want your own X server?

The Computer Center has a site license for Hummingbird Communication's eXceed line of X servers (for DOS, MS Windows, and OS/2) and MacX for Apple Macintoshes. For more information look in the "Available Software" section on the ADN WWW home page. Location http://www.uic.edu/depts/accc/
 

Return to Contents

 
     
The X Window Manager
  One special X client is called the "window manager". The window manager is the X client program that puts a frame around a window, and takes care of moving, resizing, and iconifying the window when you give the proper commands. There are many X window managers to choose from, and just to make things more exciting, each window manager looks and works differently.

Motif (mwm) and open look (olwm) are common windows managers, and there are other ones like twm (the "t" is for its author, Thomas LaStrange), and fvwm (the "v" is for virtual; the "f" did mean something at one time, but whatever it was is now lost in the mists of time). When you use exceed for MS Windows, you can even use MS Windows as your X window manager. This has a distinct advantage -- it allows you to cut-and-paste between an X program in running in one window and a Windows program in another.

One would think that window management, being rather fundamental to a windowing system, would come built-in. (As is true with microcomputer windowing software like MacOS, MS Windows, and IBM OS/2.) But X provides process, not policy. In other words, X provides the means for clients and servers to communicate, but lets each window manager and each application make its own decisions about what a button does, how to move or resize a window, how to determine which window grabs the keyboard input, and so forth.

The result is that no one is locked out of making improvements to X by proprietary software. The major vendors, as well as contributors to the X Consortium, have made improvements to window managers as well as application clients.

Return to Contents

 
     
Traveling with X Windows
 

Here is an example of exceed running under MS Windows on a PC in the ADN public labs. The small window in the upper left is always visible when exceed is running; it holds icons used to stop or reconfigure the exceed server, to cut-and-paste, and to get help. I've reconfigured exceed to use Microsoft Windows as the X-window window manager (not the default setup).

In the window on the bottom left, WordPerfect is running on the PC, in the normal fashion. But the HoTMetaL window to its right is generated by icarus over the net. That is, the frame, size, and placement of the HoTMetaL X window is governed by an interaction between the HoTMetaL client application on icarus, MS Windows, and exceed, but the content of the window, including the menu bar and buttons, is governed by the HoTMetaL client, with eXceed's cooperation.

The icon at the bottom labeled tnvt-tigger represents a live telnet session to tigger. In that session, I entered the sas command, which generated the two windows at the top labeled sas.log and sas:program editor. Then I entered a SAS program using the program editor window and ran it (on tigger). That produced both the sas:graph X window in the upper right and the graph in that window. Again, the content of the SAS X windows is governed by SAS on tigger, but the placement of the X windows on the screen is governed by MS Windows.

 
     
Clients xterm et al.
  One of the most useful of the generic X clients is xterm, which is basically a command line terminal emulator in a window. There are a few intrinsic advantages to using xterm rather than another type of terminal emulator, such as the ability to scroll backwards or to select fonts and colors. You might want to have one or more xterm windows open just to be able to launch other clients (possibly telneting to other machines first) and to be able to cut-and-paste from one xterm window to another.

Although I use xterm the most, there are lots of other useful X clients, many available on the 'Net for free. There are terminal emulators, clocks, calendars, rolodex and mail programs, editors and word processors, statistical packages (like SAS), drawing and paint programs, and network utilities. Not to mention games and decorations. Obviously, many other operating systems and windowing programs offer these types of programs. But if you do have a compelling reason to use X, you may as well make use of the other benefits.

Return to Contents

 
     
X and Security
  Every client-server system has to consider network security, and X is no exception. If I run an X server on my desk, how can I give my remote clients permission to read and write my screen, but not other people's clients? This is not an idle question. It is quite possible while using X to inadvertently let others read and write on your screen, including reading passwords you thought were hidden.

X provides two security mechanisms. One, the "xhost" mechanism, is easy to use and, unfortunately, easier to abuse. The other is the "magic cookie" mechanism. It's a bit harder to use than xhost, but provides much better security when you run your X clients on a multiuser system. Neither, however, provides any real defense against network sniffing.

xhost security:
The xhost mechanism grants access to your X server to everyone on a given set of machines. If, for example, you want to run SAS on tigger, you could use your X server's xhost command to make tigger a trusted host machine; this would give everyone using tigger the ability to read the windows managed by your X server. Yes, the people who use tigger happen to be a nice, friendly bunch, but you can see that this could pose a problem. Please don't do this.
magic cookie security:
The magic cookie mechanism is much more sensible. It grants access to your X server only to certain accounts on the remote machine, not to everyone. It does so by forcing the remote client to provide your X server with a secret code called a "magic cookie". The hard part is figuring out a way for the X server and the X client to both know the shared magic cookie before the client is actually run.
Check your security arrangement. It's a good idea whenever you set up a new X server to check it out to make sure your security arrangements are OK. Start your X server, then ask a friend with a separate account on the remote machine to try running an X client on that machine and display the clients windows on your screen. Remember, if they can do it, then anyone else on that machine can read your screen and keystrokes. (And by the way, it is not particularly hard for a malicious user to scan a network looking for X sessions to eavesdrop on.)

I don't mean to scare you, but it is important to know the security implications when you use X. The "normal" X defaults can depend on many variables and are often not what you'd want. That said, we have set up exceed in the personal computer labs so that when you make a connection to tigger or icarus, the magic cookie security is turned on by default. So you should be safe. But there are no guarantees if you mess with the configuration yourself.

Return to Contents

 
     
Getting Started with X Windows
  You'll need a UNIX account to use exceed in the labs. If you haven't opened your ADN UNIX account yet, you can do that when you stop by an ADN public micro lab, too -- click the "Account Creation" icon and answer a few questions. Be sure to take your UIC picture ID with you; you'll need it to open your account. 
 

Common problems in getting started using X

  • In the public labs, exceed is configured to start sessions automatically, without having to fiddle with the setup. But if you do fiddle, or if you use X from some other system, you need to set the display variable (so your clients will know where to put their windows) and to establish your X Authority mechanism (so your server knows which clients to allow).

  • When starting a remote client, it is important that the client know where to display the output. This can be done either by setting the display environment variable, or usually by the option on the X clients command line. Often, this variable is set for you when you log on. (To check, enter: echo $display

    • It will return the name of the machine where your X server is running, with a :0 at the end.)
    If you do need to set the display variable yourself and you're using K shell, enter something like this: export display=tigger.uic.edu:0
    Without the :0 at the end, the X client might think your local device has many monitors, and wont know which one to use. Also if you are using magic cookie security, be sure that the case of the display variable matches the case of the result from the xauthlist command.

  • If you get messages that the server refused service, either the magic cookie or xhost mechanism is not functioning properly. You can check the magic cookie authorizations with the xauthlist command. This will tell you what authorizations the remote UNIX system thinks it has. Be sure that the remote system's name in the list of authorizations matches exactly the name in the display variable, including case. You can also turn on the xhost authorization temporarily for testing, since it is sometimes easier than the magic cookie protocol. But be very careful when you do this, and be very sure not to type any passwords at all in this state.
Return to Contents

What's Left that We Haven't Covered?

Actually, there's lots about X what we haven't talked about yet:
  • How to use X once you get it running, including how to resize windows, scroll, start clients, and so forth. Much of the details of these subjects depend on what window manager you use and, to some extent, the client application program you're running. If you are already comfortable with microcomputer windowing software like MacOS, MS Windows, or OS/2, with a little experimentation you should be able to discover a lot of what you need to know to use most X Windows window managers, but it won't teach you everything.

  • Configuration and customization, and customizing your startup scripts. The Computer Center supports exceed and MacX, X Windows servers for PCs and Macs, respectively. There are configuration options that allow you to select fonts and colors, to choose a windows manager, and to set up your security scheme. And there are other "X resources" to play with. For example, you can customize X menus; because I logon to tigger so often, I've put a new menu item in my root menu to do that for me.

  • Common Desktop Environment. CDE is a fairly new industry-wide standard that, for the first time, prescribes a standard look and feel for X. We have it on tigger now, but not on icarus. CDE lets you have multiple virtual screens with multiple windows on each screen, drag-and-drop icons, and provides you with a session manager and lots of other good stuff. Of course, it has its own idiosyncrasies in customization.
Return to Contents 		 
     
Give X a Test Run
  Do you want to try out X windows? If you have an account on tigger or icarus, then you can go to a public microcomputer lab, sit down at any available personal computer, and double click the exceed icon.

When exceed starts up, it will display a menu that allows you to log onto tigger, icarus, or a few other machines. Pick one on which you have an account, login, and give it a whirl. (Be patient if you decide to login to tigger; tigger's login process uses CDE and it takes a while to start up.)

We have exceed set in the ADN public labs to use the remote window manager (on icarus or tigger) by default, so your X Windows session will take over your entire screen. But you can change this default using the exceed configuration menu on the PC. We also have exceed set up in the labs to use magic cookie security by default. Both tigger and icarus respond properly to this protocol, and will set up the necessary environment automatically.

Comments are appreciated; send them to
Bob Goldstein, bobg@uic.edu
  
 

The ADN Connection, Nov/Dec 1995 Previous: More on Pine: Email and a Newsreader, Too Next: About the ADN Connection

1999-7-2  connect@uic.edu
UIC Home Page Search UIC Pages Contact UIC