The writeup didn't mention it, but I'd guess probably that logic analyzer supports X authorization, which means that there's an alternative with different security properties:
1. Make sure that X's `xauth` for is set up on your laptop/workstation.
2. Enable TCP listening of the X server (like the server used to do by default, back when people were doing remote X display like this). This is in lieu of running `socat`, so, when you configure the logic analyzer TCP/IP, you'd tell it the X server's normal TCP port instead of the `socat` one.
3. Set the `xauth` secret on the logic analyzer.
(Also, if the `ifconfig` in the blog post doesn't work for you, try `ip a`.)
A downside of this is that authorization secret would be accepted by the server an indefinite period of time after you're done using the logic analyzer.
A more secure alternative is to forget about X, and instead plug a compact PS/2 keyboard and pointing device into the logic analyzer. (IBM sold some compact keyboards with integrated TrackPoint and touchpad pointing devices, which take no more bench space than a laptop does.) I'd guess screenshots are a headache, though.
> I'd guess probably that logic analyzer supports X authorization, ...
Unfortunately, it doesn't. The screenshots in the blog posts are pretty much all there is. But even if it did, I wasn't even able to make my Linux laptop display an xclock on my desktop screen until I used the socat option. There's too many config files to get right. socat doesn't require any of that and it's only active when using the logic analyzer.
> A more secure alternative is to forget about X, and instead plug a compact PS/2 keyboard and pointing device into the logic analyzer.
Not enough room. Bulky test equipment like this lives on an equipment cart (I love it!) but it makes using a keyboard and mouse awkward. I'm not too worries about the security issues, TBH. In the unlikely case that attackers go through the trouble of entering my home network (why?), they're better at network ops than I am. The Linux machine that drives all this is for development only. All the stuff on there can be downloaded from my GitHub repos...
> IBM sold some compact keyboards with integrated TrackPoint and touchpad pointing devices, which take no more bench space than a laptop does.
It's not the greatest keyboard for typing, but the Logitech K400 is a decent modern alternative for such purposes. You'd need a USB-to-PS/2 adapter, though:
A bit more compact, the IBM SK-8845 can still be gotten on eBay with native PS/2 interfaces (or USB, in some variants): http://www.ibmfiles.com/pages/sk88xx.htm
The SK-88*4*5 are actually a little easier/cheaper to get than the later SK-88*5*5, maybe because the earlier model doesn't have Win95 keys.
(The SK-8855 was also noteworthy for Lenovo soliciting user input in its design, before they seemed to go all-in on a consumer Mac-like aesthetic. Now, SK-8855 and earlier TrackPoint keyboards sell used for more than they cost new, even if dirty, since Lenovo isn't making them like that anymore. Even though were only ever lightweight laptop-like keyboards, not veritable battleships like some historical earlier IBM mechanical keyboards.)
The FTP connection seems to be using active mode (PORT command). Does using passive mode (PASV command) help at all? This is usually the easiest fix for problems with FTP and firewalls, without having to reconfigure or poke holes in the firewall. I actually thought that most ftp clients had switched to passive mode by default to avoid this type of issue.
I tried. The logic analyzer doesn’t support PASV. I could only make it work by opening up all ports for the logic analyzer IP address. At least that was the case for Ubuntu 20.04, it worked out of the box for Ubuntu 18.04. I need to dig into that one day…
Since you're stuck using active FTP, maybe using nf_conntrack_ftp would help? I believe it is supposed to snoop the FTP connection, extract the port number from the PORT command, and then open only that port (from only that one IP) on the firewall. Of course since this is all on your LAN, just opening up all connections from the IP address is not really that dangerous and so anything more advanced might not be worth the effort.
I spent hours getting things to work the way they described it: xhost, xauth, Xorg, xserverrc, gdm3/custom.conf, and nothing stuck. I probably did something wrong. I'll add this blog post as a reference to mine.
I really like the socat option though. Other than opening a single TCP/IP port, it doesn't require changes to config files anywhere. I've just updated the blog post to make the UFW config more strict, by only allow TCP requests from the logic analyzer IP address.
BTW, your friend's search engine optimization game is a bit lacking. The title is not very descriptive. ;-)
I don't know anything about Xwayland, but there's this sentence in this socat writeup:
> If you want to access an X server that does not provide -listen tcp (Xwayland) or just did not have enabled it during startup (like most likely your host Xorg), you can use socat to provide TCP/IP access.
In my experience, a dedicated virtual machine running $problematic_stack often beats any workarounds - there’s often not enough people power to make niche workarounds like that work well, sometimes they’re brilliant, other times they’re barely functional.
I’m OK with barely functional if it works for me! These blog posts are about not forgetting how I did something when I need to build the setup again in the future. Google is better at searching the web than at searching local notes on one of my machines. :-)
Oh to be clear, I’m referring to wayland w/ x forwarding and I probably worded my comment poorly - point is sometimes I wont invest time when something obscure doesn’t work and other times if it’s obscure I’ll use some other workaround that avoids obscurity as much as possible. There are some pretty good ‘hacks’ that work brilliantly (sshfs for example) and others which work terribly (nvidia binary drivers seem to keep failing on me to the point where buying an AMD card may have a better ROI)
This looks remarkably similar to the one Tech Tangents (twitch/youtube) has hooked up to GPIB with Python tooling for automating cap reforming. Pretty sure he has VGA type capture working too, so he can hook it in to OBS for his streams (and overlays the Python automation via a web page).
Mine (I run Tech Tangents) is a 16500C and the interface is basically identical. The problem with remote access for these is that they draw traces to the screen using direct framebuffer access rather than X11 calls meaning you can't see them remotely. So the best you can do send them commands remotely and read the numerical results. That's why I went the VGA capture route.
If your router doesn’t supported static IP reservation ... Just choose an address that’s different that all the others and hope for the best. You probably won’t be using a machine like this 24/7…
Or assign one out of the static pool without the need for finger crossing. Never seen a router that doesn't let you adjust the DHCP range.
The 16500-series logic analysis system mainframe has its little siblings as 1650-series and 1660-series. The 16700-series logic analysis system mainframe has its little siblings as 1670-series.
They support oscilloscope cards, except when they don't. Those are the 16530-16534a boards. Specifically, the earlier scope boards 16530-16532a have been reported to not show a trace over X for an unknown reason. I will investigate that in the near future. You will want the 16533a or 16534a oscilloscope boards. Alternatively, you can simply purchase the integrated oscilloscope versions of these analyzers.
You'll notice the 1670G model in the article has the 2ch scope built in. That scope works over X11.
This a deep rabbit hole, but my 16500B from 1992 came with a 102-channel logic analyzer and a 2ch 250MHz 1gsa oscilloscope. There are many other interesting boards it can support and I am acquiring them as opportunity presents itself. It cost me $150 including shipping. :)
If you want your mind blown, consider that the 16500A came with a color touch screen in 1988 (I checked HP archives) and it could already be configured for X11 networking with the appropriate add-in card. There's also Windows software to operate these systems over a modem. The blank mainframe cost $7200.
I went on eBay and bought one - about 100 dollars landed.
... and I was able to get it to send X11 to my Mac within about a half an hour, the UX on this thing is actually really good, and the touchscreen very responsive.
I'll go on ebay later for a scope card or two, it has some sort of logic analyzer, but its missing the breakout pods for it. Either way, I'm happy, getting X working felt like summoning the dark arts.
There are apparently material differences though between the 16500L and the 16500H - I have an H, the manual for the L indicates a telnet interface.
The IR touch screen is awesome though: I reverse engineered the whole PCB into a schematic (it’s a pretty pedestrian LED matrix), and one day I want to do something fun with it.
1. Make sure that X's `xauth` for is set up on your laptop/workstation.
2. Enable TCP listening of the X server (like the server used to do by default, back when people were doing remote X display like this). This is in lieu of running `socat`, so, when you configure the logic analyzer TCP/IP, you'd tell it the X server's normal TCP port instead of the `socat` one.
3. Set the `xauth` secret on the logic analyzer.
(Also, if the `ifconfig` in the blog post doesn't work for you, try `ip a`.)
A downside of this is that authorization secret would be accepted by the server an indefinite period of time after you're done using the logic analyzer.
A more secure alternative is to forget about X, and instead plug a compact PS/2 keyboard and pointing device into the logic analyzer. (IBM sold some compact keyboards with integrated TrackPoint and touchpad pointing devices, which take no more bench space than a laptop does.) I'd guess screenshots are a headache, though.