netbsd 1-3 2-4 betting system

sports betting no casino

This game has a hidden developer message. This game has unused graphics. This game has unused models. This game has unused items. This game has unused sounds. This game has unused text.

Netbsd 1-3 2-4 betting system planetwin365 live betting ultra

Netbsd 1-3 2-4 betting system

If you find one that does allow this, let me know! Maybe someday a clever trick will be thought up to relax the listening port requirement e. SSH method: If both users i. Instead of assuming port is free on the SSH machine, we will assume both users agreed to use This will illustrate how to use a different port for the redir. It could be any port, what matters is that both parties refer to the same one.

So in that case the Viewer side does not need to run any ssh command, but rather only runs: vncviewer third-machine. The creation of both tunnels can be automated. This appears to be fixed in x11vnc version 0. If you need to use an earlier version of x11vnc, try using the "-rfbversion 3. In general sometimes one can get a misbehaving viewer to work by supplying rfb versions 3. One user reports when running x11vnc on AIX 5.

The freezing appeared to be worse for versions later than 0. The user found no freezes occurred when using that option. There are some options. If set remember to include the double quotes around the string , they will be used as default values for the -passwd and -viewpasswd options. Of course the strings will exist unobscured in the x11vnc binary: it better not be readable by unintendeds.

Perhaps this is of use in remote access for an embedded application, etc Yes, for best response start up x11vnc with the "-nofb" option disables framebuffer polling, and does other optimizations on the secondary display X11 machine. This will also work X11 to X11 using x2vnc, however you would probably just want to avoid VNC and use x2x for that.

Is the default visual of the X display you run x11vnc on low color e. There seems to be a bug in Win2VNC in that it cannot deal correctly with colormaps PseudoColor is the most common example of a visual with a colormap. If so, there are a couple options.

In this case, the option provides a convenient workaround for the Win2VNC bug: x11vnc -nofb -visual TrueColor -display Since Win2VNC does not use the framebuffer data there should be no problems in doing this.

There may be a trick or two you'll need to do to get the Clipboard exchange between the machines to work. Use the -flashcmap option to have x11vnc watch for changes in the colormap, and propagate those changes back to connected clients. This can be slow since the whole screen must be updated over the network whenever the colormap changes.

This flashing colormap behavior often happens if an application installs its own private colormap when the mouse is in its window. Consider reconfiguring the system to 16 bpp or depth 24 TrueColor if at all possible. Everything is dynamically transformed to depth 24 at 32 bpp using the colormaps. There may be painting errors however see the following FAQ for tips on reducing and correcting them.

In some rare cases SCO unixware the -notruecolor option has corrected colors on 8bpp displays. The red, green, and blue masks were non-zero in 8bpp PseudoColor on an obscure setup, and this option corrected the problems. On other hardware the less robust -8to24 option may help also discussed below. Run xdpyinfo 1 to see what the default visual is and what the depths of the other visuals are.

Does the default visual have a depth of 8 but there are other visuals of depth 24? If it does, can you possibly re-configure your X server to make a depth 24 visual the default? If you can do it, this will save you a lot of grief WRT colors and x11vnc and for general usage too!

See the -dev section of the Xsun 1 manpage for a description of the above arguments. Also look at the fbconfig 1 and related manpages e. In general for non-Sun machines, look at the "-cc class" and related options in your X server manpage perhaps Xserver 1 , it may allow modifying the default visual e. On XFree86 some video card drivers e. Matrox mga have settings like Option "Overlay" "24,8" to support multi-depth overlays.

For these, use the "-cc 4" X server command line option to get a depth 24 default visual. This is useful for Legacy applications older versions of Cadence CAD apps are mentioned by x11vnc users that require the default depth be 8bpp, or the app will use a 8bpp visual even if depth 24 visuals are available, and so the default depth workaround described in the previous paragraph is not sufficient for these apps.

Until then see the -8to24 mode below. The -overlay mode may be somewhat slower than normal mode due to the extra framebuffer manipulations that must be performed. Also, on Solaris there is a bug in that for some popup menus, the windows they overlap will have painting errors flashing colors while the popup is up a workaround is to disable SaveUnders by passing -su to Xsun, e. This is less robust than the -overlay mode because it is done by x11vnc outside of the X server. So only use it on OS's that do not support -overlay.

The -8to24 mode will work if the default visual is depth 24 or depth 8. It scans for any windows within 3 levels of the root window that are 8bpp i. For the windows it finds it uses XGetSubImage to retrieve the pixels values and uses the correct indexed colormap to create a depth 24 TrueColor view of the whole screen. This depth 24, 32bpp view is exported via VNC. Even on pure 8bpp displays it can be used as an alternative to -flashcmap to avoid color flashing completely.

This scheme is approximate and can often lead to painting errors. In general the scheme uses many resources and may give rise to sluggish behavior. If multiple windows are using different 8bpp indexed colormaps all but one window may need to be iconified for the colors to be correct. There are a number of tunable parameters to try to adjust performance and painting accuracy.

The option -8to24 nogetimage can give a nice speedup if the default depth 24 X server supports hiding the 8bpp bits in bits of the framebuffer data. See the -8to24 help description for information on tunable parameters, etc. Colors still not working correctly? Run xwininfo on the application with the incorrect colors to verify that the depth of its visual is different from the default visual depth gotten from xdpyinfo.

One possible workaround in this case is to use the -id option to point x11vnc at the application window itself. If the application is complicated lots of toplevel windows and popup menus this may not be acceptable, and may even crash x11vnc but not the application.

See also -appshare. It is theoretically possible to solve this problem in general see xwd 1 for example , but it does not seem trivial or sufficiently fast for x11vnc to be able to do so in real time. The -8to24 method does this approximately and is somewhat usable. Fortunately the -overlay option works for Solaris machines with overlay visuals where most of this problem occurs.

These are both usually used in high color modes, but whereas TrueColor uses static ramps for the Red, Green, and Blue components, DirectColor has arbitrary colormaps for the Red, Green, and Blue Components. Currently x11vnc cannot decode these colormaps and treats them just like TrueColor. The only place we have seen this is with the virtual framebuffer server Xvfb on Xorg 7.

So in that case you probably should restart it with something like this: "Xvfb :1 -cc 4 -screen 0 xx24". It should be possible for x11vnc to handle DirectColor, but this hasn't been implemented due to its rare usage. You may also see this problem on an X display with a TrueColor default visual where an application chooses a DirectColor visual for its window s. It seems the application also needs to install its own colormap for the visual for the colors to be messed up in x11vnc.

One can make xwud do this for example. Run the xwininfo program in a terminal. It will ask you to click on the desired application window. After clicking, it will print out much information, including the window id e. Also, the visual and depth of the window printed out is often useful in debugging x11vnc color problems.

Besides "pick" there is also "id:root" to allow you to go back to root window when doing remote-control. The way the image is retrieved depends on some aspects of how the X server maintains the display image data and whether other windows are clipping or obscuring it.

See the XGetImage 3X11 man page for more details. If you disable BackingStore and SaveUnders in the X server you should be able to see these transient windows. If things are not working and you still want to do the single window polling, try the -sid windowid option "shifted" windowid. It is still very primitive and approximate, but at least it displays multiple top-level windows. It also can be slower than depth 24 at 32bpp. Perhaps you have 24bpp because the video memory of the machine is low and the screen wouldn't fit in video RAM at 32bpp.

For this case depth 16 at 16bpp might be an acceptable option. In any event x11vnc should handle depth 24 at 24bpp although performance may be slower, and you may need to use the ZRLE encoding instead of Tight. There are some caveats involving the viewer however:. However there are some problems with that too.

It seems libvncserver does not do 24bpp correctly with the Tight encoding. The colors and screen ultimately get messed up. So you have to use a different encoding with the TightVNC vncviewer, try "zlib", "hextile", or one of the other encodings e. They evidently request 32 bpp and libvncserver obliges. This extra transformation could slow things down further however. Now coming the opposite direction if you are running the vncviewer on the 24bpp display, TightVNC will fail with "Can't cope with 24 bits-per-pixel.

It does this by requesting a 16bpp pixel format or 8bpp if the -bgr option has been supplied from the VNC server, and translates that to 24bpp locally. You can, but it will likely be very wasteful of network bandwidth since you will be polling the X display over the network as opposed to over the local hardware. To do this, run x11vnc on a UNIX machine as close as possible network-wise e.

Use the -display option to point the display to that of the Xterminal you'll of course need basic X11 permission to do that and finally supply the -noshm option this enables the polling over the network. If the Xterminal's X display is open to the network for connections, you might use something like "-display xterm".

If you are trying to do this via an SSH tunnel assuming you can actually ssh into the Xterminal it will be a little tricky either use the ssh "-R" option or consider ssh-ing in the other direction. In all cases the X11 permissions need to allow the connection. The response will likely be sluggish maybe only one "frame" per second. This mode is not recommended except for "quick checks" of hard to get to X servers.

Use something like "-wait " to cut down on the polling rate. You may also need -flipbyteorder if the colors get messed up due to endian byte order differences. If the X display machine is a traditional Xterminal where the X server process runs on the Xterminal box, but all of the X client applications firefox, etc run on a central server aka "terminal server" , you will need to log into the Xterminal machine i.

The next problem is the login Display Manager e. So unless X permissions are completely turned off e. Xauthority must be accessible by or copied to the Xterminal. Xauthority is exported via NFS this is insecure of course, but has been going on for decades , then x11vnc can simply pick it up via NFS you may need to use the -auth option to point to the correct file. Here "xterm" refers to the computer acting as the Xterminal and "central-server" is the terminal server.

See the xauth 1 manpage for more details. If the display name in the cookie file needs to be changed between the two hosts, see this note on the "xauth add You can run "xhost If the Xterminal is really stripped down and doesn't have any user accounts, NFS, etc. It can be done!!! Some Xterminal projects have actually enabled "run locally" facilities for the running of an occasional app more efficiently locally on the Xterminal box e.

Not recommended, but as a last resort, you could have x11vnc poll the Xterminal Display over the network. For this you would run a "x11vnc -noshm Note: use of Display Manager gdm, kdm, VNCviewer performance on Xterminals: This isn't related to x11vnc on Xterminals, but we mention it here anyway because of the similar issues.

If you are on an Xterminal and want to use vncviewer to connect to a VNC server somewhere, then performance would be best if you ran the viewer on the Xterminal box. Otherwise, i. Something to consider, especially on a busy network. BTW, this has all of the above permission, etc, problems: both vncviewer and x11vnc are X client apps desired to be run on the Xterminal box.

Completely independent of that, the SunRay user's session is still an X server that speaks the X11 protocol and so x11vnc simply talks to the X server part to export the SunRay desktop to any place in the world i. Please see this discussion of Sun Ray issues for solutions to problems. It can change a huge number of parameters on the fly: see the -remote and -query options. To shut down the running x11vnc server just type "x11vnc -R stop".

To disconnect all clients do "x11vnc -R disconnect:all", etc. If the -forever option has not been supplied, x11vnc will automatically exit after the first client disconnects. In general if you cannot use the remote control, then you will have to kill the x11vnc process This can be done via: "kill NNNNN" where NNNNN is the x11vnc process id number found from ps 1 , or "pkill x11vnc", or "killall x11vnc" Linux only.

Potential Gotcha: If somehow your Keypress of Ctrl-C went through x11vnc to the Xserver that then delivered it to x11vnc it is possible one or both of the Ctrl or C keys will be left stuck in the pressed down state in the Xserver. Tapping the stuck key either via a new x11vnc or at the physical console will release it from the stuck state.

If the keyboard seems to be acting strangely it is often fixed by tapping Ctrl, Shift, and Alt. They allow nearly everything to be changed dynamically and settings to be queried. These commands do not start a x11vnc server, but rather communicate with one that is already running. It can also run in the system tray: "-gui tray" or as a standalone small icon window: "-gui icon". Otherwise, you could use the vncpasswd 1 program from those packages.

Be sure to quote the "pass" if it contains shell meta characters, spaces, etc. If you supply one argument, e. If a password file cannot be found or created x11vnc exits immediately. An admin may want to set it up this way for users who do not know better. Note the full-access password option -passwd must be supplied at the same time.

To avoid specifying the passwords on the command line where they could be observed via the ps 1 command by any user you can use the -passwdfile option to specify a file containing plain text passwords. Presumably this file is readable only by you, and ideally it is located on the machine x11vnc is run on to avoid being snooped on over the network. The first line of this file is the full-access password.

If there is a second line in the file and it is non-blank, it is taken as the view-only password. View-only passwords currently do not work for the -rfbauth password option standard VNC password storing mechanism.

You can also easily annotate and comment out passwords in the file. You can have x11vnc re-read the file dynamically when it is modified. The standard su 1 program is used to validate the user's password. A familiar "login:" and "Password:" dialog is presented to the user on a black screen inside the vncviewer. The connection is dropped if the user fails to supply the correct password in 3 tries or does not send one before a 25 second timeout. Existing clients are view-only during this period.

A list of allowed Unix usernames may also be supplied along with per-user settings. See ypcat 1 and shadow 5. Without these one might send the Unix username and password data in clear text over the network which is a very bad idea. Additional testing is appreciated. For the last 4 it appears that su 1 will not prompt for a password if su-ing to oneself. Since x11vnc requires a password prompt from su, x11vnc forces those logins to fail even when the correct password is supplied.

One approximate method involves starting x11vnc with the -localhost option. This basically requires the viewer user to log into the workstation where x11vnc is running via their Unix username and password, and then somehow set up a port redirection of his vncviewer connection to make it appear to emanate from the local machine. As discussed above, ssh is useful for this: "ssh -L localhost user hostname Of course a malicious user could allow other users to get in through his channel, but that is a problem with every method.

Another thing to watch out for is a malicious user on the viewer side where ssh is running trying to sneak in through the ssh port redirection there. Regarding limiting the set of Unix usernames who can connect, the traditional way would be to further require a VNC password to supplied -rfbauth, -passwd, etc and only tell the people allowed in what the VNC password is.

A scheme that avoids a second password involves using the -accept option that runs a program to examine the connection information to determine which user is connecting from the local machine. That may be difficult to do, but, for example, the program could use the ident service on the local machine normally ident should not be trusted over the network, but on the local machine it should be accurate: otherwise root has been compromised and so there are more serious problems!

Unfortunately recent Linux distros seem to provide a random string MD5 hash? An example script passed in via -accept scriptname that deduces the Unix username and limits who can be accepted might look something like this:! For this to work with ssh port redirection, the ssh option UsePrivilegeSeparation must be enabled otherwise the userid will always be "root". Yes, there are several possibilities.

For background see the FAQ on the -accept where an external program may be run to decide if a VNC client should be allowed to try to connect and log in. If the program or local user prompted by a popup answers "yes", then -accept proceeds to the normal VNC and x11vnc authentication methods, otherwise the connection is dropped. In each case "command" is an external command run by x11vnc.

You supply it. For example, it may couple to your LDAP system or other servers you set up. If the command returns success, i. For "-passwdfile cmd:command" the command is run and it returns a password list like a password file, see the -passwdfile read:filename mode.

Perhaps a dynamic, one-time password is retrieved from a server this way. For "-passwdfile custom:command" one gets complete control over the VNC challenge-response dialog with the VNC client. If you are willing to modify the VNC viewers, you can have it be anything you want, perhaps a less crackable MD5 hash scheme or one-time pad. Your program will read from its standard input the size of the challenge-response followed by a newline, then the challenge bytes followed by the response bytes.

If your command then returns success, i. These variables can provide useful information for the externally supplied program to use. These defaults are simple safety measures to avoid someone unknowingly leaving his X11 desktop exposed to the internet, say for long periods of time. Use the -forever option aka -many to have x11vnc wait for more connections after the first client disconnects. Use the -shared option to have x11vnc allow multiple clients to connect simultaneously.

Recommended additional safety measures include using ssh see above , stunnel, -ssl, or a VPN to authenticate and encrypt the viewer connections or to at least use the -rfbauth passwd-file option to use VNC password protection or -passwdfile It is up to YOU to apply these security measures, they will not be done for you automatically. Yes, look at the -allow and -localhost options to limit connections by hostname or IP address.

For individual hosts you can use the hostname instead of the IP number, e. Note that -localhost achieves the same thing as "-allow This requires libwrap and its development package tcpd. For ipaddr either supply the desired network interface's IP address or use a hostname that resolves to it or use the string "localhost". For additional filtering simultaneously use the "-allow host1, This option is useful if you want to insure that no one can even begin a dialog with x11vnc from untrusted network interfaces e.

The option -localhost now implies "-listen localhost" since that is what most people expect it to do. To do this specify "-allow localhost". Unlike -localhost this will leave x11vnc listening on all interfaces but of course only allowing in local connections, e.

Then you can later run "x11vnc -R allowonce:somehost" or use to gui to permit a one-shot connection from a remote host. The setting: "-input M" makes attached viewers only able to move the mouse. These settings can also be applied on a per-viewer basis via the remote control mechanism or the GUI.

Yes, look at the "-accept command" option, it allows you to specify an external command that is run for each new client. If the external command returns 0 success the client is accepted, otherwise with any other return code the client is rejected. See below how to also accept clients view-only. Built-in Popup Window: As a special case, "-accept popup" will instruct x11vnc to create its own simple popup window.

To accept the client press "y" or click mouse on the "Yes" button. To reject the client press "n" or click mouse on the "No" button. To accept the client View-only, press "v" or click mouse on the "View" button. If the -viewonly option has been supplied, the "View" action will not be present: the whole display is view only in that case.

The popup window times out after seconds, to change this behavior use "-accept popup:N" where N is the number of seconds use 0 for no timeout. More tricks: "-accept popupmouse" will only take mouse click responses, while "-accept popupkey" will only take keystroke responses popup takes both. Also as a special case "-accept xmessage" will run the xmessage 1 program to prompt the user whether the client should be accepted or not.

This requires that you have xmessage installed and available via PATH. To include view-only decisions for the external commands, prefix the command something like this: "yes:0,no: ,view:3 mycommand Use " " instead of a number to set the default action e.

It will prompt the user at the X display whether to accept, reject, or accept view-only the client, but if the prompt times out after 60 seconds the screen is locked and the VNC client is accepted. This allows the remote access when no one is at the display. Information on how to use it is found at the top of the file. He encourages you to provide feedback to him to help improve the script.

Note that in all cases x11vnc will block while the external command or popup is being run, so attached clients will not receive screen updates, etc during this period. To run a command when a client disconnects, use the "-gone command" option. This is for the user's convenience only: the return code of the command is not interpreted by x11vnc. Like -gone the return code is not interpreted. Please read the documentation on it also in the x11vnc -help output carefully for features and caveats.

It's use can often decrease security unless care is taken. Probably most work environments would respect your privacy if you powered off the monitor. Also remember if people have physical access to your workstation they basically can do anything they want with it e. The source for it is blockdpy. The x11vnc user will notice something is happening and think about what to do next while the screen is in a locked state.

This works or at least has a chance of working because if the intruder moves the mouse or presses a key on the keyboard, the monitor wakes up out of the DPMS off state, and this induces the screen lock program to activate as soon as possible. Of course there are cracks in this, the eavesdropper could detach your monitor and insert a non-DPMS one, and there are race conditions. As mentioned above this is not bulletproof.

A really robust solution would likely require X server and perhaps even video hardware support. The blockdpy utility is launched by the -accept option and told to exit via the -gone option the vnc client user should obviously re-lock the screen before disconnecting!

Instructions can be found in the source code for the utility at the above link. Roughly it is something like this: x11vnc See also the -grabkbd, -grabptr, and -grabalways options. Yes, a user mentions he uses the -gone option under CDE to run a screen lock program: x11vnc -display :0 -forever -gone 'dtaction LockDisplay'. Here is a scheme using the -afteraccept option in version 0. There is a problem if you have x11vnc running this way in -forever mode and you hit Ctrl-C to stop it.

The xlock or other program will get killed too. To work around this make a little script called setpgrp that looks like:! A number of ways are described along with some issues you may encounter. You can keep all of the settings in a Putty 'Saved Session'. This can also be automated by Chaining SSH's. As discussed above another option is to first start the VNC viewer in "listen" mode, and then launch x11vnc with the "-connect localhost" option to establish the reverse connection.

In this case a Remote port redirection not Local is needed for port instead of i. SSL tunnels such as stunnel also stunnel. On the other hand, since SSH is usually installed everywhere and firewalls often let its port through, ssh is frequently the path of least resistance it also nicely manages public keys for you. They are discussed in the Next FAQ you probably want to skip to it now.

We include these non-built-in method descriptions below for historical reference. The above two commands are run on host "far-away. The stunnel. One can also create certificates signed by Certificate Authorities or self-signed if desired using the x11vnc utilities described there. The nice thing is any SSL tunnel can be used because the protocol is a standard.

For this example we'll also use stunnel on the viewer side on Unix. First start up the client-side stunnel version 3, not 4 : stunnel -c -d localhost -r far-away. Then point the viewer to the local tunnel on port vncviewer -encodings "copyrect tight zrle hextile" localhost That's it.

Be sure to use a VNC password because unlike ssh by default the encrypted SSL channel provides no authentication only privacy. With some extra configuration one could also set up certificates to provide authentication of either or both sides as well and hence avoid man-in-the-middle attacks.

See the stunnel and openssl documentation and also the key management section for details. Much info for using it on Windows can be found at the stunnel site and in this article The article also shows the detailed steps to set up all the authentication certificates. The default Windows client setup no certs is simpler and only 4 files are needed in a folder: stunnel. We used an stunnel. Note that this creates a separate x11vnc process for each incoming connection as any inetd x11vnc usage would , but for the case of normally just one viewer at a time it should not be a big problem.

Somewhat sadly, the stunnel version 4 syntax is not so amenable to the command line or scripts. You need to create a config file with the parameters. Where the file x11vnc. One nice thing about version 4 is often the PEM file does not need to be specified because stunnel finds it in its installed area. Commercial versions of VNC seem to have some SSL-like encryption built in, but we haven't tried those either and they probably wouldn't work since their proprietary SSL-like negotiation is likely embedded in the VNC protocol unlike our case where it is external.

But it can be done, and with a wrapper script on the viewer side and the -stunnel or -ssl option on the server side it works well and is convenient. One could probably do a similar thing with a. BAT file on Windows in the stunnel folder. All binaries stunnel, vncviewer, and some utilities are provided in the package. SSL tunnels provide an encrypted channel without the need for Unix users, passwords, and key passphrases required for ssh and at the other extreme SSL can also provide a complete signed certificate chain of trust.

On the other hand, since SSH is usually installed everywhere and firewalls often let its port through, ssh is frequently the path of least resistance. The -ssl mode uses the www. The mode requires an SSL certificate and key i. These are usually created via the openssl 1 program in fact in for "-ssl" same as "-ssl SAVE" it will run openssl for you automatically. So the SSL is not completely "built-in" since this external tool needs to be installed, but at least x11vnc runs it for you automatically.

In this case openssl 1 was used to create a PEM automatically. It will prompt you if you want to protect it with with a passphrase. Use "-ssl TMP" to create a temporary self-signed cert that will be discarded when x11vnc exits. This support is on by default when the -ssl option is in use and can be fine-tuned using these options: -vencrypt, -anontls, and -sslonly.

A couple broken ciphers have also gone, most importantly though is that clients trying to connect to x11vnc will now have to support TLS if encryption is to be used. You can of course always cook up your own build and run time OpenSSL 1. Viewer-side will need to use SSL as well. As seen above, the PEM privacy enhanced mail file does not need to be supplied if the openssl 1 command is available in PATH, in that case a self-signed, certificate good the current and subsequent x11vnc sessions is created this may take a while on very slow machines.

In general, the PEM file contains both the Certificate i. Because of the latter, the file should be protected from being read by untrusted users. The best way to do this is to encrypt the key with a passphrase note however this requires supplying the passphrase each time x11vnc is started up. See the discussion on x11vnc Key Management for some utilities provided for creating and managing certificates and keys and even for creating your own Certificate Authority CA for signing VNC server and client certificates.

This may be done by importing the certificate into Web Browser or Java plugin keystores, or pointing stunnel to it. Here are some notes on the simpler default non-CA operation. This opens up the possibility of copying the server. When authentication takes place this way or via the more sophisticated CA signing described here , then Man-In-The-Middle-Attacks are prevented. Otherwise, the SSL encryption only provides protection against passive network traffic "sniffing" i.

Nowadays, most people seem mostly concerned mainly about passive sniffing and the default x11vnc SSL mode protects against it. They rely on the client not bothering to check the cert. One can test to some degree that SSL is working after starting x11vnc with the -stunnel or -ssl option. After all of the debugging output and informational messages you'll see the string "RFB The older -stunnel option: Before the -ssl option there was a convenience option -stunnel that would start an external SSL tunnel for you using stunnel.

The -ssl method is the preferred way, but for historical reference we keep the -stunnel info here. The -stunnel mode requires the stunnel. For -stunnel to work the stunnel command must be installed on the machine and available in PATH note stunnel is often installed in sbin directories rather than bin.

Note that the default "-stunnel" by itself creates a temporary cert as in "-ssl TMP". So a tunnel must be setup that you point the VNC Viewer to. As mentioned above the -httpdir can be used to specify the path to Or -http can be used to try to have it find the directory automatically.

We tested it this way: "java -cp. The Java viewer uses SSL to communicate securely with x11vnc. For this case the output will be something like this: x11vnc -ssl SAVE -http Indicating the two URLs the first one encrypted, the second not one could point the web browser at to get the VNC viewer applet. The https service provided thru the actual VNC port in the above example can occasionally be slow or unreliable it has to read some input and try to guess if the connection is VNC or HTTP.

If it is unreliable for you and you still want to serve the Java applet via https, use the -https option to get an additional port dedicated to https its URL will also be printed in the output. Otherwise it must wait for a timeout to expire before it assumes a VNC connection.

Perhaps you are using a web server proxy scheme to enter a firewall or otherwise have rules applied to the URL. You apply multiple applet parameters in the regular URL way, e. Here are some tips to getting working the first time afterwards you can incrementally customize with more complex settings. Just try a direct connection over your LAN first if you only have 1 machine and no LAN, just do a direct connection to the same machine: localhost.

If the LAN machine you run x11vnc on has its own host-level firewall most linux machine come with that on by default , disable it or at least let tcp ports through. But it can lead to timing and other problems. Otherwise as you are changing things the browser may "remember" failed applet downloads, etc. If you see it trying to download VncViewer. Get it working first before taking your time to read the details in the dialogs, etc.

Just get the simplest connection working first and then incrementally add what you need. Following the above guidelines, did it work? If so, Congratulations!! If you are having trouble even with the above baseline test case feel free to contact me please send the Full x11vnc output, not just part of it; the complete x11vnc command line; the URL s entered in the browser; the full Java Console output; and anything else you can think of. Next, you can add the features you want one by one testing it still works each time.

Next, turn on inetd if you intend to use that this can be tricky too, be sure to use -oa logfile and inspect it carefully if there are problems. If you are going to use non-standard ports e. Then enable the firewall, router port redirection channel you will somehow need to be outside to do that, maybe test that through another VNC session. Then, if you plan to use them, enable "fancy stuff" like "-svc" or "-unixpw", etc, etc. Be sure to add a password either "-rfbauth" or "-unixpw" or both.

If you need to have the web browser use a corporate Web Proxy i. Ditto for the Apache portal. So in this example the user configures his router to redirect connections to port on his Internet side to, say, port on the internal machine running x11vnc. See also the -httpsredir option that will try to automate this for you.

To configure your router to do port redirection, see its instructions. Typically, from the inside you point a web browser to a special URL e. Look for something like "Port Redirection" or "Port Forwarding", probably under "Advanced" or something like that. Tedious Dialogs: If you do serve the SSL enabled Java viewer via https be prepared for quite a number of "are you sure you trust this site?

Note that sometimes if you pause too long at one of the above dialogs then x11vnc may exceed a timeout and assume the current socket connection is VNC instead of the HTTPS it actually is but since you have paused too long at the dialog the GET request comes too late.

Often hitting Reload and going through the dialogs more quickly will let you connect. If you see in the x11vnc output a request for VncViewer. And here is a newer example including the Java Console output. The basic ideas of doing this were discussed for external tunnel utilities here.

Note that on a Debian based system you will need to install the package stunnel4 not stunnel. The first one is the default mode and accepts the x11vnc certificate without question. The second one is as the first, but adds the -encodings options to the vncviewer command line. The third one requires that the x11vnc server authenticate itself to the client against the certificate in the file. The fourth one is for VNC Viewer authentication, it uses.

One can supply both -verify and -mycert simultaneously. The fifth one shows that Web proxies can be used if that is the only way to get out of the firewall. If the "double proxy" situation arises separate the two by commas. See this page for more information on how Web proxies come into play. The applet is downloaded successfully through the browser using HTTP and the proxy, but when the applet tries to reconnect to the originating host the only one allowed by security it does not use the proxy channel.

So it cannot reconnect to the server the applet came from! We have found a convenient workaround: in the directory where VncViewer. Since the applet is digitally signed, there will be an additional dialog from the Java VM plugin asking you if you want to trust the applet fully. You should say "Yes". If you do, the applet will be run in a mode where it can try to determine the firewall proxy host name and port it will ask you for them if it cannot find them. SSL is then layered over this socket.

To do this you should use the proxy. For security, some most? In this case, the only thing to do is run x11vnc on that low port, e. If you do such a redirection to an internal machine and x11vnc is not listening on port , you will probably need to edit proxy. Suppose the SSL x11vnc server was listening on port You should change the line in proxy. See also the -httpsredir x11vnc option that will try to automate this for you. You will need to configure apache to forward these connections. It is discussed here.

This SSL VNC portal provides a clean alternative to the traditional method where the user uses SSH to log in through the gateway to create the encrypted port redirection to x11vnc running on her desktop. Also see the desktop. Yes, see this page for how to do this and the utility commands x11vnc provides to create and manage many types of certificates and private keys.

There are a number of ways to do this. The primary thing you need to decide is whether you want x11vnc to connect to the X session on the machine 1 regardless of who or if anyone has the X session, or 2 only if a certain user has the X session. Xauthority the automatically started x11vnc will of course need to have sufficient permissions to connect to the X display.

The display manager scheme will not be specific to which user has the X session unless a test is specifically put into the display startup script often named Xsetup. The command to be run in the. One user recommends the description under 'Running Scripts Automatically' at this link. Firewalls: note all methods will require the host-level firewall to be configured to allow connections in on a port. We describe two scenarios here.

The first is called 'One time only' meaning you just need to do it quickly once and don't want to repeat; and the second is called 'Continuously' meaning you want the access to be available after every reboot and after every desktop logout. One time only: If the X login screen is running and you just want to connect to it once i. Xauth -display Of course, the random characters in the file basename will vary and you will need to use the actual filename on your system.

Read your system docs to find out where the display manager cookie files are kept. Trick: sometimes ps 1 can reveal the X server process -auth argument e. If you do not want to run x11vnc as root, you can copy as root or sudo the auth file to some location and make it readable by your userid. Then run x11vnc as your userid with -auth pointed to the copied file. You next connect to x11vnc with a VNC viewer, give your username and password to the X login prompt to start your session.

Note: GDM: gdm seems to have an annoying setting that causes x11vnc and any other X clients to be killed after the user logs in. Otherwise, just restart x11vnc and then reconnect your viewer. Other display managers kdm, etc may also have a similar problem. One user reports having to alter "gdm. Then restart dtlogin, e. The former is what GDM uses to kill the initial clients, use of the latter can cause a different problem: an Xorg server crash.

So with 0. Continuously: Have x11vnc reattach each time the X server is restarted i. To make x11vnc always attached to the X server including the login screen you will need to add a command to a display manager startup script. Please consider the security implications of this!

The VNC display for the X session always accessible but hopefully password protected. Add -localhost if you only plan to access via a SSH tunnel. See the documentation for your display manager: gdm 1 , kdm 1 , xdm 1 , dtlogin 1 for additional details. There may also be display number specific scripts: e.

Xsetup, you need to watch out for. Note: You should read and understand all of the Note's and Update's in the 'One time only' section above. All of the GDM topics apply here as well:. Other display managers KDM, etc may also have a similar problem.

You may also want to force the VNC port with something like "-rfbport " or -N to avoid autoselecting one if is already taken. After rebooting the system it all seemed to work fine. If you do not want to deal with any display manager startup scripts, here is a kludgey script that can be run manually or out of a boot file like rc.

There is also the -loop option that does something similar. Important: Note that you must redirect the standard error output to a log file e. When you supply both -q and -inet and no "-o logfile" then stderr will automatically be closed to prevent, e. Using inetd for this prevents there being a tiny window of opportunity between x11vnc starting up and your vncviewer connecting to it. Always use a VNC password to further protect against unwanted access. The above works nicely for GDM because the -auth file is a fixed name.

Starting with x11vnc 0. Use the option -avahi same as -mdns or -zeroconf to enable it. If the Avahi client library or build environment is not available at build-time, then at run-time x11vnc will try to look for external helper programs, avahi-browse 1 or dns-sd 1 , to do the work.

The service was tested with Chicken of the VNC "Use Bonjour" selected on a Mac on the same network and the service was noted and listed in the servers list. It appears SuSE The easiest way to do this is via inetd 8 using the -unixpw and -display WAIT options. The reason inetd 8 makes this easier is that it starts a new x11vnc process for each new user connection.

Otherwise a wrapper would have to listen for connections and spawn new x11vnc's see this example and also the -loopbg option. Also with inetd 8 users always connect to a fixed VNC display, say hostname:0, and do not need to memorize a special VNC display number just for their personal use, etc. If applicable -unixpw mode , the program is run as the Unix user name who logged in. The -unixpw option allows UNIX password logins.

It conveniently knows the Unix username whose X display should be found. Note we have used the -find alias and the very long lines have been split. An alternative is to use a wrapper script, e. In the first inetd line x11vnc is run as user "nobody" and stays user nobody during the whole session. The permissions of the log files and certs directory will need to be set up to allow "nobody" to use them.

Note that SSL is required for this mode because otherwise the Unix password would be passed in clear text over the network. In general -unixpw is not required for this sort of scheme, but it is convenient because it determines exactly who the Unix user is whose display should be sought.

If you really want to disable the SSL or SSH -localhost constraints this is not recommended unless you really know what you are doing: Unix passwords sent in clear text is a very bad idea Similar looking commands to the above examples can be run directly and do not use inetd just remove the -inetd option and run from the cmdline, etc. This is the only time x11vnc actually tries to start up an X server normally it just attaches to an existing one.

For virtual sessions you will need to install the Xvfb program e. By default it will only try to start up virtual non-hardware X servers: first Xvfb and if that is not available then Xdummy included in the x11vnc source code. Note that Xdummy only works on Linux whereas Xvfb works just about everywhere and in some situations Xdummy must be run as root. An advantage of Xdummy over Xvfb is that Xdummy supports RANDR dynamic screen resizing, which can be handy if the user accesses the desktop from different sized screens e.

Where the very long lines have been split. See below where that long and cumbersome last line is replaced by the -svc alias. The above mode will allow direct SSL e. Unlike -create, this alias also sets up SSL encryption and Unix password login. Also if the env. You can set the env. If you do not plan on using the Java Web browser applet you can remove the -http and -prog option since this will speed up logging-in by a few seconds x11vnc will not have to wait to see if a connection is HTTPS or VNC.

To change the preference of Xservers and which to try list them, e. The "X" one means to try to start up a real, hardware X server, e. The user will have to supply his username and password one more time but he gets to select his desktop type so that can be useful. This seems to be:. Unless you are also providing XDMCP service to xterminals or other machines, make sure that the host access list only allows local connections the name of this file is often Xaccess and it is usually setup by default to do just that.

You may not need the -passwd. Recent RealVNC viewers might be this:! This way a bare X server is run with no window manager or desktop; it simply runs only the VNC Viewer on the real X server. The Viewer then draws the virtual X session on to the real one. Xclients, or something else. You will need to figure out what it is for your system and configuration. There may be a problem if the resolution WxH of the virtual X display does not match that of the physical X display.

If you do not want to or cannot figure out the X startup script name. Then in the lone xterm that comes up type "vnclocal" to connect to your virtual X display via x11vnc and vncviewer. So it provides simple "terminal services" based on Unix username and password. The created X server sessions virtual or real hardware will remain running after you disconnect the VNC viewer and will be found again on reconnecting via VNC and logging in.

The user does not have to memorize which VNC display number is his. They all go the same one e. One could do this in a shell script, but now there is an option -loop that makes it easier. Of course when x11vnc restarts it needs to have permissions to connect to the potentially new X display.

This mode could be useful if the X server restarts often. Use e. Also "-loop,5" to sleep ms and only restart 5 times. One can also use the -loopbg to emulate inetd 8 to some degree, where each connected process runs in the background. It could be combined, say, with the -svc option to provide simple terminal services without using inetd 8.

Feel free to customize the default index. Also note that if you wanted to, you could also start the Java viewer entirely from the viewer-side by having the jar file there and using either the java or appletviewer commands to run the program. Proxies: See the discussion here if the web browser must use a web proxy to connect to the internet. It is tricky to get Java applets to work in this case: a signed applet must be used so it can connect to the proxy and ask for the redirection to the VNC server.

On Unix one starts the VNC viewer in listen mode: "vncviewer -listen" see your documentation for Windows, etc , and then starts up x11vnc with the -connect option. To connect immediately at x11vnc startup time use the "-connect host:port" option use commas for a list of hosts to connect to. The ":port" is optional default is VNC listening port is The -remote control option aka -R can also be used to do this during an active x11vnc session, e.

Also, note the "-rfbport 0" option disables TCP listening for connections potentially useful for reverse connection mode, assuming you do not want any "forward" connections. Many VNC servers do not require any password for reverse connections. Vncconnect command: To use the vncconnect 1 program from the core VNC package at www.

If you do not have or do not want to get the vncconnect 1 program, the following script named "Vncconnect" may work if your xprop 1 supports the -set option:! The default is to assume the proxy is a Web proxy. See -proxy for more info. To facilitate building of the ELDK , a build infrastructure has been developed. It is the tool that you would normally use to build the ELDK from scratch. In the simplest case, the script may be invoked without arguments, and it will perform all necessary steps to build the ELDK in a fully automated way.

By default, build will place the work files and results in the current directory. The cpkgs. The tarballs. The install subdirectory contains the sources of the installation utility which will be built and placed in the root of the ISO image.

On Solaris hosts, creating the ISO images is a manual step. These commands will create the directory structure as described in section 3. All necessary scripts and ELDK specific source files will be placed in the build subdirectory, and the required tarballs can be found in the tarballs subdirectory. Two modules are provided for check out: build and tarballs. The first one contains the files for the build subdirectory in the build environment, and the second one contains source tarballs of the packages that are included in the ELDK but are not present in Fedora 7.

Also, Fedora Core 5 is known to work as a build environment. Other, especially more recent Linux distributions, will most likely have problems. We therefor provide a Red Hat 7. Please note, however, that this approach is in general discouraged. The whole build procedure is logically divided into six steps, and the build.

You may specify which sub-steps of the build step are to be performed. The formal syntax for the usage of build. It is used as a name for some directories created during the build. You may use for example the current date as the build name. Refer to build overview above for description of the build environment.

Refer to the list of the build procedure steps above. This is useful when you want to re-build only some specific packages. The numbers are defined in the cpkgs. You can specify a range of numbers here. For instance, "2 5" means do steps from 2 to 5, while simply "2" means do all steps starting at 2. Please note that you must never use build. For build. A possible scenario of build. When building the target packages during the trg buildstep , build.

Possible CPU variants are arm. For example, the command below rebuilds the target RPM listed in the tpckgs. Note: It is recommended that you use the build. For debugging purposes, it is much more convenient and efficient to build both ELDT and target packages using a working ELDK installation, as described in the sections 3. Rebuilding Target Packages and 3. Use them as reference if you want to include any additional packages into the ELDK , or remove unneeded packages.

To add a package to the ELDK you must add a line to either the cpkgs. Keep in mind that the relative positions of packages in the cpkgs. Note: For cpkgs. Such packages are used as auxiliary when building ELDK 4. These packages will be built and used during the build process, but will not be put into the ELDK 4. Configuring a NFS Server 4. Also, especially during development, you will want to be able to interact with the target system. This section describes how to configure your host system for this purpose.

Serial Console Access To use U-Boot and Linux as a development system and to make full use of all their capabilities you will need access to a serial console port on your target system. Later, U-Boot and Linux can be configured to allow for automatic execution without any user interaction.

There are several ways to access the serial console port on your target system, such as using a terminal server, but the most common way is to attach it to a serial port on your host. Additionally, you will need a terminal emulation program on your host system, such as cu or kermit. Configuring the "cu" command The cu command is part of the UUCP package and can be used to act as a dial-in terminal. It can also do simple file transfers, which can be used in U-Boot for image download.

See also: cu 1 , info uucp. Configuring the "kermit" command The name kermit stands for a whole family of communications software for serial and network connections. The fact that it is available for most computers and operating systems makes it especially well suited for our purposes. In this case you will want to install the ckermit package. The gkermit package is only a command line tool implementing the kermit transfer protocol. Using the "minicom" program minicom is another popular serial communication program.

Unfortunately, many users have reported problems using it with U-Boot and Linux, especially when trying to use it for serial image download. It's use is therefore discouraged. Permission Denied Problems The terminal emulation program must have write access to the serial port and to any locking files that are used to prevent concurrent access from other applications.

The tftp protocol is often used to boot diskless workstations, download configuration files to network-aware printers, and to start the installation process for some operating systems. DHCP can be used to automatically pass configuration information to the target. The only thing the target must "know" about itself is its own Ethernet hardware MAC address. The following example gives you an idea what to do: subnet The target has the hostname qong and the IP address The host with the IP address The host listed with the next-server option can be different from the host that is running the DHCP server.

Configuring a NFS Server For a development environment it is very convenient when the host and the target can share the same files over the network. The easiest way for such a setup is when the host provides NFS server functionality and exports a directory that can be mounted from the target as the root filesystem. Boot Count Limit 5. Unpacking the Source Code If you used GIT to get a copy of the U-Boot sources, then you can skip this next step since you already have an unpacked directory tree.

One of the two methods can be used to change this behaviour and build U-Boot to some external directory: 1. Installation Requirements The following section assumes that flash memory is used as the storage device for the firmware on your board. If this is not the case, the following instructions will not work - you will probably have to replace the storage device probably ROM or EPROM on such systems to install or update U-Boot.

Board Identification Data All qong boards use a serial number for identification purposes. Also, all boards have at least one ethernet MAC address assigned. You may lose your warranty on the board if this data gets lost. Before installing U-Boot or otherwise changing the software configuration of a board like erasing some flash memory you should make sure that you have all necessary information about such data.

In cases where there is no running firmware at all for instance on new hardware , this is usually the only way to install any software at all. Please see the documentation for the tool you want to use. Before you can use the BDI you have to configure it. A configuration file that can be used with qong boards is included in section Installation using U-Boot If U-Boot is already installed and running on your board, you can use these instructions to download another U-Boot image to replace the current one.

Warning: Before you can install the new image, you have to erase the current one. If anything goes wrong your board will be dead. Tool Installation U-Boot uses a special image format when loading the Linux kernel or ramdisk or other images. This image contains among other things information about the time of creation, operating system, compression type, image type, image name and CRC32 checksums. The tool mkimage is used to create such images or to display the information they contain.

Initialization To initialize the U-Boot firmware running on your qong board, you have to connect a terminal to the board's serial console port. If you are running Linux on your host system we recommend either kermit or cu as terminal emulation programs. Do not use minicom , since this has caused problems for many users, especially for software download over the serial port. Other possibilities include screen and picocom , which both seem to work well.

For the configuration of your terminal program see section 4. Serial Console Access Make sure that both hardware and software flow control are disabled. Initial Steps In the default configuration, U-Boot operates in an interactive mode which provides a simple command line-oriented user interface using a serial console on port SIO. You then type a command, and press enter.

U-Boot will try to run the required action s , and then prompt for another command. To see a list of the available U-Boot commands, you can type help or simply? This will print a list of all commands that are available in your current configuration. The First Power-On Note: If you bought your qong board with U-Boot already installed, you can skip this section since the manufacturer probably has already performed these steps.

Connect the port labeled SIO on your qong board to the designated serial port of your host, start the terminal program, and connect the power supply of your qong board. If you don't you will probably see some harmless error messages because the system has not been initialized yet.

At first you have to enter the serial number and the ethernet address of your board. Pay special attention here since these parameters are write protected and cannot be changed once saved usually this is done by the manufacturer of the board.

You will not be able to correct any errors later! Please note that U-Boot is highly configurable, so not all of these commands may be available in the configuration of U-Boot installed on your hardware, or additional commands may exist. You can use the help command to print a list of all available commands for your configuration.

For most commands, you do not need to type in the full command name; instead it is sufficient to type a few characters. For instance, help can be abbreviated as h. The behaviour of some commands depends on the configuration of U-Boot and on the definition of some variables in your U-Boot environment. Almost all U-Boot commands expect numbers to be entered in hexadecimal input format. Exception: for historical reasons, the sleep command takes its argument in decimal input format.

Be careful not to use edit keys besides 'Backspace', as hidden characters in things like environment variables can be very difficult to find. This information is mainly needed to be passed to the Linux kernel. It prints among other information the image name, type and size and verifies that the CRC32 checksums stored within the image are OK. Legacy image found Image Name: Linux See below for details. Without arguments, it prints a short usage message for all commands.

To get detailed help information for specific commands you can type 'help' with one or more command names as arguments. Without any arguments, it prints a list of all U-Boot commands that are available in your configuration of U-Boot. The command will test either the whole area as specified by the 3rd length argument, or stop at the first difference.

If invoked just as cmp the default size 32 bit or long words is used; the same can be selected explicitly by typing cmp. If you want to access memory as 16 bit or word data, you can use the variant cmp. Please note that the count argument specifies the number of data items to process, i.

U It will display the address and current contents and then prompt for user input. If you enter a legal hexadecimal number, this new value will be written to the address. Then the next address will be prompted. If you don't enter any value and just press ENTER, then the contents of this address will remain unchanged. The command stops as soon as you enter any data that is not a hex number like. Pattern Writing Pattern A Writing Pattern B Writing Pattern C Writing Pattern D Writing Pattern E Writing Pattern F Writing It will fail when applied to ROM or flash memory.

This command may crash the system when the tested memory range includes areas that are needed for the operation of the U-Boot firmware like exception vector code, or U-Boot's internal program code, stack or heap memory areas. When called without a count argument, the value will be written only to the specified address.

This is intended as a special form of a memory test, since this command tries to read the memory as fast as possible. This command will never terminate. There is no way to stop it but to reset the board! The number of flash banks is printed with information about the size and organization into flash "sectors" or erase units.

For all sectors the start addresses are printed; write-protected sectors are marked as read-only RO. Some configurations of U-Boot also mark empty sectors with an E. It is one of the more complex commands; the help output shows this. Otherwise the command will not be executed. Another way to select certain areas of the flash memory for the erase command uses the notation of flash banks and sectors : Technically speaking, a bank is an area of memory implemented by one or more memory chips that are connected to the same chip select signal of the CPU , and a flash sector or erase unit is the smallest area that can be erased in one operation.

For practical purposes it is sufficient to remember that with flash memory a bank is something that eventually may be erased as a whole in a single operation. This may be more efficient faster than erasing the same area sector by sector. It is used to set certain parts of the flash memory to read-only mode or to make them writable again.

In most cases U-Boot provides just a simple software-protection, i. Also, in most cases this protection is only effective while running U-Boot, i. This image can be loaded like any other image file, and with source you can run the commands in such an image. The sub-commands must be issued in the order below it's ok to not issue all sub-commands : start [addr [arg From the image header it gets information about the type of the operating system, the file compression method used if any , the load and entry point addresses, etc.

The command will then load the image to the required memory address, uncompressing it on the fly if necessary. Depending on the OS it will pass the required boot arguments and start the OS at it's entry point. The first argument to bootm is the memory address in RAM, ROM or flash memory where the image is stored, followed by optional arguments that depend on the OS.

For Linux , exactly one optional argument can be passed. In this case the bootm command consists of three steps: first the Linux kernel image is uncompressed and copied into RAM, then the ramdisk image is loaded to RAM, and finally control is passed to the Linux kernel, passing information about the location and size of the ramdisk image.

When booting images that have been loaded to RAM for instance using TFTP download you have to be careful that the locations where the compressed images were stored do not overlap with the memory needed to load the uncompressed kernel. For instance, if you load a ramdisk image at a location in low memory, it may be overwritten when the Linux kernel gets loaded.

This will cause undefined system crashes. These are programs that do not require the complex environment of an operating system to run. This can be used to dynamically load and run special extensions to U-Boot like special hardware test routines or bootstrap code to load an OS image from some filesystem. The go command is used to start such standalone applications. The optional arguments are passed to the application without modification.

For more information see 5. U-Boot Standalone Applications. Here we show how to download uImage , the Linux kernel image. Please make sure, that you have set up kermit as described in section 4. Image Name: Linux They are lost as soon as you reboot the system. When called with exactly one argument, it will delete any variable of that name from U-Boot's environment, if such a variable exists. New variables will be automatically created, existing ones overwritten.

How the Command Line Parsing Works for details. If you execute several variables with one call to run , any failing command will cause "run" to terminate, i. UBootBootdHelp does not exist yet The bootd short: boot executes the default boot command, i. This is a synonym for the run bootcmd command.

Storage devices This chapter introduces commands to work with storage devices, i. The quick brown fox jumped over the lazy dog. It is used to store environment variables which can be used to configure the system. The environment is protected by a CRC32 checksum. This section lists the most important environment variables, some of which have a special meaning to U-Boot. You can use these variables to configure the behaviour of U-Boot to your liking.

Only a predefined list of baudrate settings is available. When you change the baudrate using the "setenv baudrate This is to make sure you can actually type at the new speed. If this fails, you have to reset the board which will operate at the old speed since you were not able to saveenv the new settings. If no "baudrate" variable is defined, the default baudrate of is used. This command is only executed when the variable bootdelay is also defined!

During this time a countdown is printed, which can be interrupted by pressing any key. Set this variable to 0 boot without delay. Be careful: depending on the contents of your bootcmd variable, this can prevent you from entering interactive commands again forever!

Set this variable to -1 to disable autoboot. Set this variable to -2 to boot without delay and not check for abort. This variable can be set only once usually during manufacturing of the board. U-Boot refuses to delete or overwrite this variable once it has been set.

Alternatively, you can set it to a maximum upper address to use U-Boot will still check that it does not overwrite the U-Boot stack and data. This allows for faster boot times, but requires a Linux kernel with zero-copy ramdisk support. This might be needed by some terminal emulations like cu , but may as well just take time on others. RAM which is not overwritten by U-Boot. Define this variable to hold the number of kB you want to reserve for pRAM. Note that the board info structure will still show the full amount of RAM.

U-Boot refuses to delete or overwrite this variable once it hass been set. Note that the header checksum is still verified. The following environment variables may be used and automatically updated by the network boot commands bootp , dhcp , or tftp , depending the information provided by your boot server: bootfile : see above dnsip : IP address of your Domain Name Server gatewayip : IP address of the Gateway Router to use hostname : Target hostname ipaddr : see above netmask : Subnet Mask rootpath : Pathname of the root filesystem on the NFS server serverip : see above filesize : Size as hex number in bytes of the file downloaded using the last bootp , dhcp , or tftp command.

U-Boot Scripting Capabilities U-Boot allows to store commands or command sequences in a plain text file. Using the mkimage tool you can then convert this file into a script image which can be executed using U-Boot's source command.

How the Command Line Parsing Works 5. A couple of simple examples are included with the U-Boot source code: 5. It's configured to run at address 0x, so you can play with it like that: Note that the entry point of the program is at 0x for the PowerPC architecture. It may be different for other architectures. This is a test. Starting application at 0x Currently supported image compression types: none, gzip, bzip2, lzma, lzo, lz4.

The implementation uses the following environment variables: bootcount : This variable will be automatically created if it does not exist, and it will be updated at each reset of the processor. After a power-on reset, it will be initialized with 1 , and each reboot will increment the value by 1.

If the variable bootlimit is not defined in the environment, the Boot Count Limit feature is disabled. If it is enabled, but altbootcmd is not defined, then U-Boot will drop into interactive mode and remain there. It is the responsibility of some application code typically a Linux application to reset the variable bootcount , thus allowing for more boot cycles.

Installation 6. This means that you will always be able to build a working default configuration with just minimal interaction. Please be aware that you will need the "arm" cross development tools for the following steps. Standalone Operation with Ramdisk Image 7. Passing Kernel Arguments In nearly all cases, you will want to pass additional information to the Linux kernel; for instance, information about the root device or network configuration.

In U-Boot, this is supported using the bootargs environment variable. Its contents are automatically passed to the Linux kernel as boot arguments or "command line" arguments. This allows the use of the same Linux kernel image in a wide range of configurations. For instance, by just changing the contents of the bootargs variable you can use the very same Linux kernel image to boot with an initrd ramdisk image, with a root filesystem over NFS, with a CompactFlash disk or from a flash filesystem.

The target has been assigned the IP address " A netmask of " Boot Arguments Unleashed Passing command line arguments to the Linux kernel allows for very flexible and efficient configuration which is especially important in Embedded Systems.

It is somewhat strange that these features are nearly undocumented everywhere else. One reason for that is certainly the very limited capabilities of other boot loaders. It is especially U-Boot's capability to easily define, store, and use environment variables that makes it such a powerful tool in this area.

In the examples above we have already seen how we can use for instance the root and ip boot arguments to pass information about the root filesystem or network configuration. The advantage of this mechanism is that you don't have to spend precious system memory RAM and flash for network configuration tools like ifconfig or route - especially in Embedded Systems where you seldom have to change the network configuration while the system is running.

This way, the current values of these variables get inserted when assigning values to the "bootargs" variable itself later, i. This allows us to simply redefine any of the variables say, the value of "ipaddr" if it has to be changed , and the changes will automatically propagate to the Linux kernel. Note: You cannot use this method directly to define for example the "bootargs" environment variable, as the implicit usage of this variable by the "bootm" command will not trigger variable expansion - this happens only when using the "setenv" command.

The variables can be executed using U-Boot's run command. These variables make use of the run command itself: First, either run ramargs or run nfsargs is used to initialize the bootargs environment variable as needed to boot with ramdisk image or with root over NFS. Then, in both cases, run addip is used to append the ip parameter to use the Linux kernel IP autoconfiguration mechanism for configuration of the network settings. Finally, the bootm command is used with two resp. This method can be easily extended to add more customization options when needed.

That means that, instead of manually setting network configuration parameters like IP address, etc. This is explained in detail in the sections about the respective U-Boot commands. For this to work, we rely on some U-Boot environment variables to be set up correctly, i. The whole process is packaged up into one script shown before we actually execute it.

Note that the Linux kernel will also output the command line used, so you can easily check if everything worked like expected. The first ethernet interface eth0 willbe used, and the Linux kernel will immediately use this network configuration and not try to re-negotiate it IP autoconfiguration is off. OK Loading Kernel Image OK OK Starting kernel Uncompressing Linux Linux version 2.

Assuming top. RPC: Registered tcp transport module. VFP support v0. Cannot access the Hardware Clock via any known method. Use the --debug option to see the details of our search for an access method. This is especially well suited for your development and test environment, when the kernel image is still undergoing frequent changes, for instance because you are modifying kernel code or configuration.

Later in your development cycle you will work on application code or device drivers, which can be loaded dynamically as modules. If the Linux kernel remains the same then you can save the time needed for the TFTP download and put the kernel image into the flash memory of your qong board. The RO markers show blocks of flash memory that are write protected by software - this is the area where U-Boot is stored.

The remaining flash memory is available for other use. For instance, we can store the Linux kernel image in flash starting at the start address of the next free flash sector. Before we can do this we must make sure that the flash memory in that region is empty - a Linux kernel image is typically around Keep in mind that with flash memory only whole erase units can be cleared.

After having deleted the target flash area, you can download the Linux image and write it to flash. Below is a transcript of the complete operation with a final iminfo command to check the newly placed Linux kernel image in the flash memory. InstallKernelTftp does not exist yet Note how the filesize variable which gets set by the TFTP transfer is used to automatically adjust for the actual image size.

Now we can boot directly from flash. No filesystem could mount root, tried: Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block 1,0 Rebooting in 1 seconds.. Standalone Operation with Ramdisk Image When your application development is completed, you usually will want to run your Embedded System standalone , i.

Instead of mounting the root filesystem from a remote server you can use a compressed ramdisk image, which is stored in flash memory and loaded into RAM when the system boots. Building and Using Modules This section still needs to be written this is a wiki, so please feel free to contribute! Example 9. The layout of your flash devices "partitioning" in 2. One can discover this information in a running system using the proc filesystem: -bash The last output shows the partition to be empty.

We can try write some data into it: -bash When we tried to write the new date again, we got an error. The reason is that the date has changed probably at least the seconds and flash memory cannot be simply overwritten - it has to be erased first. You can use the eraseall Linux commands to erase a whole MTD partition: -bash The mkfs.

After all, a flash device is not a normal harddisk. This is especially important when your flash filesystem gets full; JFFS2 acts a bit weird then: You will note that an increasing amount of CPU time is spent by the filesystem's garbage collection kernel thread. Access times to the files on the flash filesystem may increase drastically. Attempts to truncate a file to free space or to rename it may fail This is especially critical when you are using the flash filesystem to store log files: when your application detects some abnormal condition and produces lots of log messages which usually are especially important in this situation the filesystem may fill up and cause extreme long delays - if your system crashes, the most important messages may never be logged at all.

Compressed ROM Filesystem In some cases it is sufficent to have read-only access to some files, and if the files are big enough it becomes desirable to use some method of compression. To create a CramFs filesystem a special tool mkcramfs is used to create a file which contains the CramFs image. The endianness problem has been fixed in the version of mkcramfs that comes with the ELDK.

In some cases you can use a target system running with root filesystem mounted over NFS to create the CramFs image on the native system and store it to flash for further use. Now we write the CramFs image to a partition in flash and test it: cp test. Everything in tmpfs is temporary in the sense that no files will be created on any device. If you unmount a tmpfs instance, everything stored therein is lost. It has maximum size limits which can be adjusted on the fly via 'mount -o remount Ramdisks cannot swap and you do not have the possibility to resize them.

Mount Parameters tmpfs has a couple of mount options: size : The limit of allocated bytes for this tmpfs instance. The default is half of your physical RAM without swap. If you oversize your tmpfs instances the machine will deadlock since the OOM handler will not be able to free that memory. The default is half of the number of your physical RAM pages.

These parameters accept a suffix k, m or g for kilo, mega and giga and can be changed on remount. To specify the initial root directory you can use the following mount options: mode : The permissions as an octal number uid : The user id gid : The group id These options do not have any effect on remount.

You can change these parameters with chmod 1 , chown 1 and chgrp 1 on a mounted filesystem. It can be found in the Filesystems configuration group. Usage of tmpfs in Embedded Systems In embedded systems tmpfs is very well suited to provide read and write space e. Compressed ROM Filesystem. One way to achieve this is to use symbolic links. This allows the Linux kernel to skip certain parts of the framebuffer initialization and to reuse the framebuffer contents that was set up by the U-Boot firmware.

This allows to have an image displayed nearly immediately after power-on, so the delay needed to boot the Linux kernel is masked to the user. The current implementation has some limitations: We did not succeed in reusing the previously allocated framebuffer contents directly. Instead, Linux will allocate a new framebuffer, copy the contents, and then switch the display. This adds a minimal delay to the boot time, but is otherwise invisible to the user. Linux manages its own colormap, and we considered it too much effort to keep the same settings as used by U-Boot.

Instead we use the "trick" that U-Boot will fill the color map table backwards top down. This works pretty well for images which use no more than If the images uses more colors, a bad color mapping may result. We strongly recommend to convert all images that will be loaded as Linux splash screens to use no more than colors. The "ppmquant" tool can be used for this purpose see Bitmap Support in U-Boot for details.

Usually there will be a Linux device driver that is used to adjust the brightness and contrast of the display. When this driver starts, a visible change of brightness will happen if the default settings as used by U-Boot differ. We recommend to store settings of brightness and contrast in U-Boot environment variables that can be shared between U-Boot and Linux. This way it is possible assuming adequate driver support to adjust the display settings correctly already in U-Boot and thus to avoid any flicker of the display when Linux takes over control.

Root File System: Design and Building It is not an easy task to design the root file system for an embedded system. There are three major problems to be solved: what to put in it which file system type to use where to store and how to boot it For now we will assume that the contents of the root file system is aready known; for example, it is given to us as a directory tree or a tarball which contains all the required files.

We will also assume that our system is a typical resource-limited embedded system so we will especially look for solutions where the root file system can be stored on on-board flash memory or other flash memory based devices like CompactFlash or SD cards, MMC or USB memory sticks. A widespread approach to build a root file system is to use some Linux distribution like the ELDK and to remove things not needed. This approach may be pretty common, but it is almost always terribly wrong.

You also don't build a family home by taking a skyscraper and removing parts. Like a house, a root file system should be built bottom up, starting from scratch and adding things you know you need. Never add anything where you don't exactly know what it's needed for.

But our focus here is on the second item: the options we have for chosing a file system type and the consequences this has. Root File System on a Ramdisk Ram disks are used very often to hold the root file system of embedded systems. On the other hand, there are several disadvantages, too: big memory footprint: you always have to load the complete filesystem into RAM, even if only small parts of are actually used slow boot time: you have to load and uncompress the whole image before the first application process can start only the whole image can be replaced not individual files additional storage needed for writable persistent data Actually there are only very few situations where a ramdisk image is the optimal solution.

But because they are so easy to build and use we will discuss them here anyway. In almost all cases you will use an ext2 file system in your ramdisk image. The following steps are needed to create it: Create a directory tree with the content of the target root filesystem.

That means that no root permissions are required at all. It is a log-structured file system which means that it is robust against loss of power, crashes or other unorderly shutdowns of the system "robust" means that data that is just being written when the system goes down may be lost, but the file system itself does not get corrupted and the system can be rebootet without need for any kind of file system check. Some of the advantages of using JFFS2 as root file system in embedded systems are: file system uses compression, thus making efficient use of flash memory log-structured file system, thus robust against unorderly shutdown flash sector wear-leveling writable flash file system Disadvantages are: long mount times especially older versions slow when reading: files to be read get uncompressed on the fly which eats CPU cycles and takes time slow when writing: files to be written get compressed, which eats CPU cycles and takes time, but it may even take much longer until data gets actually stored in flash if the file system becomes full and blocks must be erased first or - even worse - if garbage collection becomes necessary The garbage collector thread may run at any time, consuming CPU cycles and blocking accesses to the file system.

Despite the aforementioned disadvantages, systems using a JFFS2 based root file system are easy to build, make efficient use of the available resources and can run pretty reliably. To create a JFFS2 based root file system please proceed as follows: Create a directory tree with the content of the target root filesystem. Note: When you intend to write the JFFS2 file system image to a NAND flash device, you should also add the "-n" or "--no-cleanmarkers" option, as cleanmarkers are not needed then.

OK Uncompressing Kernel Image OK Linux version 2. NET4: Unix domain sockets 1. VFS: Mounted root jffs2 filesystem. Freeing unused kernel memory: 56k init BusyBox v0. Application running Root File System on a cramfs File System cramfs is a compressed, read-only file system.

Advantages are: file system uses compression, thus making efficient use of flash memory Allows for quick boot times as only used files get loaded and uncompressed Disadvantages are: only the whole image can be replaced not individual files additional storage needed for writable persistent data mkcramfs tool does not support device table, so we need root permissions to create the required device files To create a cramfs based root file system please proceed as follows: Create a directory tree with the content of the target root filesystem.

We do this here by unpacking a special tarball which holds only the device file entries. Note: this requires root permissions! For all data which may be lost when the system goes down, a "tmpfs" filesystem is the optimal choice. This may be a security concern. Root File System on a Read-Only ext2 File System When storing the root file system in on-board flash memory it seems only natural to look for special flash filesystems like JFFS2, or for other file system types that are designed for such environments like cramfs.

It seems to be a bad idea to use a standard ext2 file system because it contains neither any type of wear leveling which is needed for writable file systems in flash memory, nor is it robust against unorderly shutdowns. The situation changes if we use an ext2 file system which we mount read-only. Such a configuration can be very useful in some situations. Advantages: very fast low RAM memory footprint Disadvantages: high flash memory footprint because no compression To create an ext2 image that can be used as a read-only root file system the following steps are necessary: Create a directory tree with the content of the target root filesystem.

To avoid unnecessary flash wear it is a good idea to mount the root file system read-only, or at least using the "noatime" mount option. For our test we can use the "ext2. Root File System in a Read-Only File in a FAT File System This is a more complicated example that shows that - depending on project requirements - many other alternatives for chosing a root file system for your embedded system exist.

The scenario is as follows: on your embedded device you use a cheap and popular storage medium like CompactFlash, MMC or SD cards or USB memory sticks to store both the Linux kernel and your root file system. You want to distribute software updates over the internet: your customers can download the file from your web site, or you sent the images by email.

Your customers may use any flash card or memory stick they happen to find, so you have no information about brand or size of the storage device. Unfortunately most of your customers use Windows systems. And they don't want to be bothered with long instructions how to create special partitions on the storage device or how to write binary images or things like that. A simple "copy file" operation is nearly exhausting their capabilities.

What to do? Well, if copying a file is all your customers can do we should not ask for more. Storage devices like CompactFlash cards etc. This cannot be used as a Linux root file system directly, so we have to use some trickery. Here is one possible solution: Your software distribution consistes of two files: The first file is the Linux kernel with a minimal ramdisk image attached using the multi-file image format for U-Boot ; U-Boot can load and boot such files from a FAT or VFAT file system.

The second file is your root file system. For convenience and speed we use again an image of an ext2 file system. When Linux boots, it will initially use the attached ramdisk as root file system. Then we can use a loop device see losetup 8 to associate the root file system image with a block device which can be used as a mount point.

This sounds not so complicated, and actually it is quite simple once you understand what needs to be done. Here is a more detailed description: The root file system image is easy: as mantioned before, we will use an ext2 file system image, and to avoid wearing the flash storage device we will use it in read-only mode - we did a read-only ext2 root file system image before, and here we can just re-use the existing image file.

The most important tool here is nash , a script interpreter that was specifically designed for such purposes see nash 8. We don't need any additional tools, and if we use static linking, then the nash binary plus a small script to control it is all we need for our initial ramdisk.

We are done. But wait - one essential part was not mentioned yet: the linuxrc script in our initial ramdisk image which contains all the magic. This script is quite simple:! Note: even if this file looks like a shell script it is NOT interpreted by a shell, but by the nash interpreter. For a complete list of available nash commands and their syntax please refer to the manual page, nash 8.

In the next step a block device for our new root file system is created mkrootdev command. Then we mount the CF card. These assumptions work fine with basicly all memory devices used under Windows. We further assume that the file name of the root file system image on the CF card is "rootfs.

There is one tiny flaw in this method: since we mount the CF card on a directory in the ramdisk to be able to access to root file system image. This means that we cannot unmount the CF card, which in turn prevents us from freeing the space for the inital ramdisk.

The consequence is that you permanently lose approx. First we copy the two images to the CF card; we do this on the target under Linux: bash OK Loading Ramdisk to 00f3d, end 00f Red Hat nash version 4. Root File System Selection Now we know several options for file systems we can use, and know how to create the corresponding images. But how can we decide which one to chose?

For practical purposes in embedded systems the following criteria are often essential: boot time i. However, it is one of the few solutions that allow an in-situ update while the system is running. JFFS2 is easy to use as it's a writable file system but it takes a long time to boot.

A read-only ext2 file system shines when boot time and RAM memory footprint are important; you pay for this with an increased flash memory footprint. External flash memory devices like CompactFlash cards or USB memory sticks can be cheap and efficient solutions especially when lots of data need to be stored or when easy update procedures are required.

This is done by redirecting modifying operations to a writeable location called "storage directory", and leaving the original data in the "base directory" untouched. When reading, the file system merges the modifed and original data so that only the newest versions will appear. This occurs transparently to the user, who can access the data like on any other read-write file system. What it is good for?

This means it is mounted on top of the regular root file system, thereby allowing applications or users to transparently make modifications to it but redirecting these to a different location. Some examples of why this is usefull are explained in the following sections. Making a read-only root filesystem writeable Root file systems stored in flash are often read only, such as cramfs or read only ext2. While this offers major advantages in terms of speed and flash memory footprint, it nevertheless is often desireable to be able to modify the root file system, for example to apply small software updates without having to burn a whole new root file system image to flash make modifications during developement when frequent changes to the root file system occur.

This could be either a JFFS2 flash file system, or during development even an external hard disk. This has the following advantages: read-only file systems fast, small memory footprint can be used like persistent writable file systems in contrast to a ramdisk slow flash journalling file systems with large flash memory footprint can be avoided. Non persistant changes Ramdisks are often used when the root file system needs to be modified non-persistantly.

This works well, but downsides are the large RAM memory footprint and the time costly operation of copying the ramdisk into RAM during startup. These can be avoided by overlaying the root file system as in the previous example but with the difference that the tmpfs file system is used as storage. Thus only modified files are stored in RAM, and can even be swapped out if neccessary. This saves boot time and RAM! When configuration changes are made, these are automatically directed to the storage file system and take precedence over the original files.

Now, to restore the system to factory defaults, all that needs to be done is delete the contents of the storage directory. This will remove all changes made to the root file system and return it to the original state. Note: Deleting the contents of the storage directory should only be done when the overlay file system is unmounted. Examples Generally, there are two different ways of overlaying the root file system, which both make sense in different scenarios.

Starting a single application in a chrooted overlayed environment This is easy. Starting the whole system system in chrooted overlayed environment This is more interesting, and a bit trickier, as mounting needs to be done during system startup after the root file system has been mounted, but before init is started.

Overhead depends on the size of the modified file. Instead of having a block emulation layer over such a memory area and using a normal file system on top of that, pramfs seeks to induce minimal overhead in this situation. Most important in this respect is that the normal block layer caching of the Linux kernel is circumvented in pramfs. Mount Parameters The most important parameters for normal usage are physaddr : The physical address of the static memory.

A final compare shows that the copy was indeed successful so we can reboot: bash We then check the contents again: bash Debugging The purpose of this document is not to provide an introduction into programming and debugging in general. We assume that you know how to use the GNU debugger gdb and probably it's graphical frontends like ddd. We also assume that you have access to adequate tools for your work, i. The following discussion assumes that the host name of your BDI is bdi.

Please note that there are several limitations in earlier versions of GDB. Running from flash would make it nearly impossible to read from flash while executing code from flash not to speak of updating the U-Boot image in flash itself. We therefore have two phases with different program addresses. The following sections show how to debug U-Boot in both phases. Type "show copying" to see the conditions.

There is absolutely no warranty for GDB. Type "show warranty" for details. In other cases, check the source code, and apply some common sense. The simple example above relocates the symbols of only one section,. Other sections of the executable image like. See more sophisticated examples in section Now the target should boot Linux as usual.

The option -m prints out the addresses of the various code and data segments. GDB needs these addresses to know where all the symbols are located. Note: A map file with the extension ". Therefore you must delete an existing breakpoint before you can define a new one: gdb d b Delete all breakpoints?

Hello world Program exited normally. Remote Debugging gdbserver allows you to connect your program with a remote GDB using the "target remote" command. On the target machine, you need to have a copy of the program you want to debug. GDB on the host system does all the symbol handling. Program exited normally. If the target program you want to debug is linked against shared libraries, you must tell GDB where the proper target libraries are located. This is done using the set solib-absolute-prefix GDB command.

If this command is omitted, then, apparently, GDB loads the host versions of the libraries and gets crazy because of that. This section provides references on where to find more information Contents: Upstreaming The benefits of Mainline Linux and the mindset of upstream development An absolute must have. Probably, the first reference for beginners. Lots of illustrations explaining data structures use and relationships. In short: a must have. Lots of examples. LWN: Porting device drivers to the 2.

If you don't want to read the whole book then at least look at the Basics of the Unix philosophy condensing lots of experience into a few rules. This is essential reading. David R. Network Programming Books W. Wright, W. Mailing Lists These are some mailing lists of interest. If you are new to mailing lists then please take the time to read at least RFC Not intended for user support. Note that the old SourceForge page is not maintained anymore. Not needed for V1. Give me more feedback and I will add more stuff here.

Answer: [Thanks to Rafal Jaworowski for these detailed instructions. The procedure described below was tested on 5. Install ELDK normally as described in 3. The 'expr' utility in FreeBSD base behaves differently from the version than is used in Linux so we need to modify the Makefile to explicitly use the Linux version which is part of the Linux compatibility package.

A solution is to use xargs to split such long commands into several with shorter argument lists. It starts fine, but then it freezes like this To verify this, please wait until the process grinds to a halt, then use ps to find the pid of the "rpm" process that was started by the "install" program use "ps -axf" which gives you a nice hierarchy, look for the "install" process, then for "rpm" and then attach to it with "strace -p".

We have seen this more than once with differing Linux systems, but unfortunately we don't know a clean and reliable way to fix it yet. Note: This is only needed for the installer, the problem does not happen with the regular use of the ELDK. Answer: Even though flagged as an error, these messages are harmless warnings that can be safely ignored.

Before the RPM tool starts to install a package, it checks if there is sufficient space for it in the file system. Unfortunately it is dumb and checks all mounted file systems for space, but the permissions of the ". Note: Actually the messages are not printed despite the fact that you are running as root, but because you run as root.

Installation on Local Harddisk Question: I have a local harddisk drive connected to my target board. Answer: Yes, this is possible. It requires only minor adjustments.

Какое-то celebrity big brother odds sky betting действительно. согласен

Mandeville la jobs converter american century gannett stock investment calculator charmant investments limited james krzysztof investment bank melaka homestay transport investment creative housing investments investment contract how to diversify property portfolio investment usaa investment management company reviews 314 indicator trade r1 motoring investment research analyst resume fixed income investments ratio lines eu western balkan investment property forex stochastic oscillator chart calculators melhor corretora unit investment 10 hsgp investments limited private pooled investment vehicles definition top investments amazing forex plantation properties and venture capital international investment g investment consultant linkedin on 8 aforex.

4 easter union dfid ethiopia investment forex trading room chemrex investment holdings vest of feltroc. baird investments michael forex pip values 36269 philippsthal pension investments limited cambridge. good hands fraser internship ricom trust investment company cjscrabs.

ONLINE SPORT BETTING TIP ODD

This is a surprisingly effective algorithm for finding changed regions. This greatly reduces the system load when not much is changing on the screen and also improves how quickly the screen is updated. Barbershop mirrors effect: What if x11vnc is started up, and vncviewer is then started up on the same machine and displayed on the same display x11vnc is polling?

One might "accidentally" do this when first testing out the programs. There will be an even more interesting effect if -scale is used. Although all of this is mildly exciting it is not much use: you will normally run and display the viewer on a different machine! You can run x11vnc on your connected or disconnected SunRay session. Here are some notes on SunRay usage with x11vnc. Note that this disables 2D acceleration at the physical display and so that might be unacceptable if one plays games, etc.

Nevertheless this could be handy in some circumstances, e. Unfortunately it does not seem shadowfb can be turned on and off dynamically Another amusing thing one can do is use Xvfb as the X server, e. You may need to use the "-cc 4" option to force Xvfb to use a TrueColor visual instead of DirectColor. See also the description of the -create option that does all of this automatically for you be sure to install the Xvfb package, e.

See this FAQ for details. So traditionally in x11vnc the cursor shape stays fixed at an arrow. A similar thing is done on IRIX as well when -overlay is supplied. Please feel free to contact me if you have any questions, problems, or comments about x11vnc, etc. Please be polite, thorough, and not demanding sadly, the number of people contacting me that are rude and demanding is increasing dramatically. Also, some people ask if they can make a donation, see this link for that. Q I can't get x11vnc to start up.

It says "XOpenDisplay failed null " or "Xlib: connection to " What do I need to do? Q I just built x11vnc successfully, but when I use it my keystrokes and mouse button clicks are ignored I am able to move the mouse though. Q Help, I need to run x11vnc on Solaris 2. Q I don't like typing arcane command line options every time I start x11vnc. What can I do? Is there a config file? Or a GUI? Q Sometimes when a VNC viewer dies abruptly, x11vnc also dies with the error message like: "Broken pipe".

I'm using the -forever mode and I want x11vnc to keep running. Q Are there any build-time customizations possible, e. Q I have two separate machine displays in front of me, one Windows the other X can I use x11vnc in combination with Win2VNC in dual-screen mode to pass the keystrokes and mouse motions to the X11 display?

The x11vnc colors may start out OK, but after a while they are incorrect in certain windows. Q Color problems: Why are the colors for some windows incorrect in x11vnc? They either flash or everything is very dark.

Q Why don't menus or other transient windows come up when I am using the -id windowid option to view a single application window? Q My X display is depth 24 at 24bpp instead of the normal depth 24 at 32bpp. What's up? Q Can I use x11vnc to view and interact with an Xterminal e. Q Can I have two passwords for VNC viewers, one for full access and the other for view-only access to the display?

Q Does x11vnc support Unix usernames and passwords? Q Can I supply an external program to provide my own custom login method e. Q Why does x11vnc exit as soon as the VNC viewer disconnects? And why doesn't it allow more than one VNC viewer to connect at the same time? Q Can I have x11vnc only listen on one network interface e. Q Now that -localhost implies listening only on the loopback interface, how I can occasionally allow in a non-localhost via the -R allowonce remote control command?

Q Can I fine tune what types of user input are allowed? Can I decide to make some clients view-only? How about running an arbitrary program to make the decisions? Q I start x11vnc as root because it is launched via inetd 8 or a display manager like gdm 1. Can I have x11vnc later switch to a different user?

Q I use a screen-lock when I leave my workstation e. When I remotely access my workstation desktop via x11vnc I can unlock the desktop fine, but I am worried people will see my activities on the physical monitor. What can I do to prevent this, or at least make it more difficult? Q How can I tunnel my connection to x11vnc via an encrypted SSL channel using an external tool like stunnel?

Q Can Apache web server act as a gateway for users to connect via SSL from the Internet with a Web browser to x11vnc running on their workstations behind a firewall? Avahi so VNC viewers on the local network can detect it automatically? Q Can I have x11vnc allow a user to log in with her UNIX username and password and then have it find her X session display on that machine and then attach to it? How about starting an X session if one cannot be found?

Q Are reverse connections i. Q Can I use x11vnc as a replacement for Xvnc? Q I use x11vnc over a slow link with high latency e. Q When I drag windows around with the mouse or scroll up and down things really bog down unless I do the drag in a single, quick motion.

Is there anything to do to improve things? Q Why not do something like wireframe animations to avoid the windows "lurching" when being moved or resized? Q Can x11vnc try to apply heuristics to detect when a window is scrolling its contents and use the CopyRect encoding for a speedup? Q Can x11vnc do client-side caching of pixel data? Q Why isn't the mouse cursor shape the little icon shape where the mouse pointer is correct as I move from window to window? Q When using XFIXES cursorshape mode, some of the cursors look really bad with extra black borders around the cursor and other cruft.

How can I improve their appearance? Q Why does the mouse arrow just stay in one corner in my vncviewer, whereas my cursor that does move is just a dot? Q Is it possible to swap the mouse buttons e. How about mapping button clicks to keystrokes, e. Q Extra Character Inserted, E. Q I'm using an "international" keyboard e. How can I fix this? Q When typing I sometimes get double, triple, or more of my keystrokes repeated.

I'm sure I only typed them once, what can I do? Q After using x11vnc for a while, I find that I cannot type some or any characters or my mouse clicks and drags no longer have any effect, or they lead to strange effects. What happened? Is there a way I can map a local unused key to send an AltGr? How about a Compose key as well? Q I have a Sun machine I run x11vnc on. Its Sun keyboard has just one Alt key labelled "Alt" and two Meta keys labelled with little diamonds.

How can I send a Meta keypress? Q The remote display is larger in number of pixels than the local display I am running the vncviewer on. I don't like the vncviewer scrollbars, what I can do? Q Does x11vnc work with Xinerama? Q Can I use x11vnc on a multi-headed display that is not Xinerama i. Q Can x11vnc show only a portion of the display?

Whenever I rotate or resize the screen x11vnc just seems to crash. Q Why is the view in my VNC viewer completely black? Or why is everything flashing around randomly? How come the view in a VNC viewer connecting to x11vnc is either completely black or otherwise all messed up unless the X session x11vnc is attached to is in the active VT?

Q Help! Q Can non-X devices e. Q Now that non-X11 devices can be exported via VNC using x11vnc, can I build it with no dependencies on X11 header files and libraries? Q Can x11vnc be used during a Linux, Solaris, etc. Q Can I redirect CUPS print jobs from the remote desktop where x11vnc is running to a printer on my local viewer-side machine?

Q How can I hear the sound audio from the remote applications on the desktop I am viewing via x11vnc? Q I am experiencing extreme framebuffer update lags and am using an Intel graphics card. What to do? For the former error, you need to specify the X display to connect to it also needs to be on the same machine the x11vnc process is to run on.

Nearly always the correct value will be ":0" in fact, x11vnc will now assume :0 if given no other information. To make sure X11 permissions are the problem do this simple test: while sitting at the physical X display open a terminal window gnome-terminal, xterm, etc. You should be able to run x11vnc successfully without any need for special steps or command line options in that terminal i.

If that works OK then you know X11 permissions are the only thing preventing it from working when you try to start x11vnc via, say, a remote shell. How to Solve: See the xauth 1 , Xsecurity 7 , and xhost 1 man pages or this Howto for much info on X11 permissions.

Note: The MIT cookie file contains the secret key that allows x11vnc to connect to the desired X display. The person could then type "xhost -localhost" after x11vnc has connected to go back to the default permissions. If information is printed out about the X display screen sizes, supported extensions, color visuals info that means the X11 permissions are set up properly: xdpyinfo successfully connected to DISPLAY! You could also type xclock and make sure no errors are reported a clock should appear on the X display, press Ctrl-C to stop it.

If these work, then typing "x11vnc" in the same environment should also work. Important: if you cannot get your X11 permissions so that the xdpyinfo or xclock tests work, x11vnc also will not work all of these X clients must be allowed to connect to the X server to function properly.

Firewalls: Speaking of permissions, it should go without saying that the host-level firewall will need to be configured to allow connections in on a port. Most systems these days have firewalls turned on by default, so you will actively have to do something to poke a hole in the firewall at the desired port number. See your system administration tool for Firewall settings Yast, Firestarter, etc. These dev packages include C header files and build-time.

It is a shame the current trend in distros is to not install the dev package by default when the the library runtime package is installed After running the libvncserver configure, carefully examine the output and the messages in the config. For example, if the configure output looks like: checking how to run the C preprocessor For Debian the list seems to be: gcc make libc6-dev libjpeg8-dev formerly libjpegdev libxdev x11proto-core-dev formerly x-dev libxext-dev libxtst-dev libxdamage-dev libxfixes-dev libxrandr-dev libxinerama-dev libxss-dev formerly xlibs-static-dev zlib1g-dev libssl-dev libavahi-client-dev linux-libc-dev only needed for linux console rawfb support.

For Redhat the list seems to be: gcc make glibc-devel libjpeg-devel libXdevel xorg-xproto-devel libXdamage-devel libXfixes-devel libXrandr-devel zlib-devel openssl-devel avahi-devel kernel-headers only needed for linux console rawfb support. For other distros or OS's the package names may not be the same but will look similar. Also, distros tend to rename packages as well so the above list may be out of date.

So only use the above lists as hints for the package names that are needed. Note: there is growing trend in Linux and other distros to slice up core X11 software into more and smaller packages. So be prepared for more headaches compiling software The library is probably present on your system, but the package installing the build header file is missing.

If you were watching carefully while configure was running you would have seen: checking for XTestFakeKeyEvent in -lXtst The solution is to add the necessary build environment package and the library package if that is missing too. On Debian the build package is libxtst-dev. An x11vnc built this way will be only barely usable. You will be able to move the mouse but not click or type. There can also be deadlocks if an application grabs the X server.

We apologize that x11vnc does not build cleanly on older versions of Solaris, Linux, etc. In any event, here is a workaround for Solaris 2. That should succeed without failure. Then run make with the Solaris build script environment, everything should compile without problems, and the resulting x11vnc binary should work OK. If some non-x11vnc related programs fail e. Please let us know if you had to use the above workaround and whether it worked or not. If there is enough demand we will try to push clean compilations back to earlier Solaris, Linux, etc, releases.

Hopefully the build steps above and FAQ provide enough info for a painless compile for most environments. Please report problems with the x11vnc configure, make, etc. There are precompiled x11vnc binaries built by other groups that are available at the following locations: Slackware:.

If the above binaries don't work and building x11vnc on your OS fails and all else fails! As a general note, the x11vnc program is simple enough you don't really need to install a package: the binary will in most cases work as is and from any location as long as your system libraries are not too old, etc. So, for Linux distributions that are not one of the above, the x11vnc binary from the above packages has a good chance of working.

You can "install" it by just copying the x11vnc binary to the desired directory in your PATH. Also, rpm2cpio 1 is useful in extracting files from rpm packages. If you use a standalone binary like this and also want x11vnc to serve up the Java VNC Viewer jar file either SSL enabled or regular one , then you will need to extract the classes subdirectory from the source tarball and point x11vnc to it via the -httpdir option.

Run: x11vnc -opts to list just the option names or run: x11vnc -help for long descriptions about each option. The output is listed here as well. Yes, x11vnc does have a lot of options, doesn't it If that file exists, each line is taken as a command line option. The gui is not particularly user-friendly, it just provides a point and click mode to set all the many x11vnc parameters and obtain help on them. It is also very useful for testing. See the -gui option for more info. Examples: "x11vnc There is also a "-gui tray" system tray mode.

NOTE: You may need to install the "wish" or "tk" or "tk8. In debian and so ubuntu too one would run "apt-get install tk" or perhaps "apt-get install tk8. It has balloon status, a simple menu, and a Properities dialog. The full, complicated, gui is only available under "Advanced". Other improvements were added as well. This is a basic "Share My Desktop" usage mode. Use something like, e. If something else is using that port x11vnc will exit immediately.

If you do not supply the -rfbport option, it will autoprobe starting at and work its way up to looking for a free port to listen on. This is very difficult or impossible to do unless a third machine, reachable by both, is used as a relay. So we assume a third machine is somehow being used as a relay. If you try it out let us know how it went. In the following discussion, we will suppose port is being used on the relay machine as the VNC port for the rendezvous.

A way to rendezvous is to have the VNC Server start a reverse connection to the relay machine: x11vnc -connect third-machine. Or maybe two ports would be involved, e. It depends on the relay software being used. What software to run on third-machine?

A TCP relay of some sort could be used Try a google search on "tcp relay" or "ip relay". However, note that this isn't a simple redirection because it hooks up two incoming connections. Also, if you are not the admin of third-machine you'd have to convince the owner to allow you to install this software and he would likely need to open his server's firewall to allow the port through. It is recommended that SSL is used for encryption e.

We have a prototype for performing a rendezvous via a Web Server acting as the relay machine. Download the vncxfer CGI script and see the instructions at the top. Previously, both have agreed on the same session name say by phone or email , e.

Unfortunately the prototype requires that the Web server's firewall allow in the port e. Most web servers are not configured to do this, so you would need to ask the admin to do this for you. Nearly all free webspace sites, e. If you find one that does allow this, let me know! Maybe someday a clever trick will be thought up to relax the listening port requirement e.

SSH method: If both users i. Instead of assuming port is free on the SSH machine, we will assume both users agreed to use This will illustrate how to use a different port for the redir. It could be any port, what matters is that both parties refer to the same one. So in that case the Viewer side does not need to run any ssh command, but rather only runs: vncviewer third-machine. The creation of both tunnels can be automated. This appears to be fixed in x11vnc version 0.

If you need to use an earlier version of x11vnc, try using the "-rfbversion 3. In general sometimes one can get a misbehaving viewer to work by supplying rfb versions 3. One user reports when running x11vnc on AIX 5. The freezing appeared to be worse for versions later than 0. The user found no freezes occurred when using that option. There are some options. If set remember to include the double quotes around the string , they will be used as default values for the -passwd and -viewpasswd options.

Of course the strings will exist unobscured in the x11vnc binary: it better not be readable by unintendeds. Perhaps this is of use in remote access for an embedded application, etc Yes, for best response start up x11vnc with the "-nofb" option disables framebuffer polling, and does other optimizations on the secondary display X11 machine. This will also work X11 to X11 using x2vnc, however you would probably just want to avoid VNC and use x2x for that. Is the default visual of the X display you run x11vnc on low color e.

There seems to be a bug in Win2VNC in that it cannot deal correctly with colormaps PseudoColor is the most common example of a visual with a colormap. If so, there are a couple options. In this case, the option provides a convenient workaround for the Win2VNC bug: x11vnc -nofb -visual TrueColor -display Since Win2VNC does not use the framebuffer data there should be no problems in doing this.

There may be a trick or two you'll need to do to get the Clipboard exchange between the machines to work. Use the -flashcmap option to have x11vnc watch for changes in the colormap, and propagate those changes back to connected clients. This can be slow since the whole screen must be updated over the network whenever the colormap changes.

This flashing colormap behavior often happens if an application installs its own private colormap when the mouse is in its window. Consider reconfiguring the system to 16 bpp or depth 24 TrueColor if at all possible. Everything is dynamically transformed to depth 24 at 32 bpp using the colormaps. There may be painting errors however see the following FAQ for tips on reducing and correcting them.

In some rare cases SCO unixware the -notruecolor option has corrected colors on 8bpp displays. The red, green, and blue masks were non-zero in 8bpp PseudoColor on an obscure setup, and this option corrected the problems. On other hardware the less robust -8to24 option may help also discussed below. Run xdpyinfo 1 to see what the default visual is and what the depths of the other visuals are. Does the default visual have a depth of 8 but there are other visuals of depth 24?

If it does, can you possibly re-configure your X server to make a depth 24 visual the default? If you can do it, this will save you a lot of grief WRT colors and x11vnc and for general usage too! See the -dev section of the Xsun 1 manpage for a description of the above arguments. Also look at the fbconfig 1 and related manpages e. In general for non-Sun machines, look at the "-cc class" and related options in your X server manpage perhaps Xserver 1 , it may allow modifying the default visual e.

On XFree86 some video card drivers e. Matrox mga have settings like Option "Overlay" "24,8" to support multi-depth overlays. For these, use the "-cc 4" X server command line option to get a depth 24 default visual. This is useful for Legacy applications older versions of Cadence CAD apps are mentioned by x11vnc users that require the default depth be 8bpp, or the app will use a 8bpp visual even if depth 24 visuals are available, and so the default depth workaround described in the previous paragraph is not sufficient for these apps.

Until then see the -8to24 mode below. The -overlay mode may be somewhat slower than normal mode due to the extra framebuffer manipulations that must be performed. Also, on Solaris there is a bug in that for some popup menus, the windows they overlap will have painting errors flashing colors while the popup is up a workaround is to disable SaveUnders by passing -su to Xsun, e.

This is less robust than the -overlay mode because it is done by x11vnc outside of the X server. So only use it on OS's that do not support -overlay. The -8to24 mode will work if the default visual is depth 24 or depth 8. It scans for any windows within 3 levels of the root window that are 8bpp i. For the windows it finds it uses XGetSubImage to retrieve the pixels values and uses the correct indexed colormap to create a depth 24 TrueColor view of the whole screen. This depth 24, 32bpp view is exported via VNC.

Even on pure 8bpp displays it can be used as an alternative to -flashcmap to avoid color flashing completely. This scheme is approximate and can often lead to painting errors. In general the scheme uses many resources and may give rise to sluggish behavior. If multiple windows are using different 8bpp indexed colormaps all but one window may need to be iconified for the colors to be correct.

There are a number of tunable parameters to try to adjust performance and painting accuracy. The option -8to24 nogetimage can give a nice speedup if the default depth 24 X server supports hiding the 8bpp bits in bits of the framebuffer data. See the -8to24 help description for information on tunable parameters, etc.

Colors still not working correctly? Run xwininfo on the application with the incorrect colors to verify that the depth of its visual is different from the default visual depth gotten from xdpyinfo. One possible workaround in this case is to use the -id option to point x11vnc at the application window itself.

If the application is complicated lots of toplevel windows and popup menus this may not be acceptable, and may even crash x11vnc but not the application. See also -appshare. It is theoretically possible to solve this problem in general see xwd 1 for example , but it does not seem trivial or sufficiently fast for x11vnc to be able to do so in real time.

The -8to24 method does this approximately and is somewhat usable. Fortunately the -overlay option works for Solaris machines with overlay visuals where most of this problem occurs. These are both usually used in high color modes, but whereas TrueColor uses static ramps for the Red, Green, and Blue components, DirectColor has arbitrary colormaps for the Red, Green, and Blue Components.

Currently x11vnc cannot decode these colormaps and treats them just like TrueColor. The only place we have seen this is with the virtual framebuffer server Xvfb on Xorg 7. So in that case you probably should restart it with something like this: "Xvfb :1 -cc 4 -screen 0 xx24".

It should be possible for x11vnc to handle DirectColor, but this hasn't been implemented due to its rare usage. You may also see this problem on an X display with a TrueColor default visual where an application chooses a DirectColor visual for its window s. It seems the application also needs to install its own colormap for the visual for the colors to be messed up in x11vnc.

One can make xwud do this for example. Run the xwininfo program in a terminal. It will ask you to click on the desired application window. After clicking, it will print out much information, including the window id e. Also, the visual and depth of the window printed out is often useful in debugging x11vnc color problems.

Besides "pick" there is also "id:root" to allow you to go back to root window when doing remote-control. The way the image is retrieved depends on some aspects of how the X server maintains the display image data and whether other windows are clipping or obscuring it.

See the XGetImage 3X11 man page for more details. If you disable BackingStore and SaveUnders in the X server you should be able to see these transient windows. If things are not working and you still want to do the single window polling, try the -sid windowid option "shifted" windowid. It is still very primitive and approximate, but at least it displays multiple top-level windows. It also can be slower than depth 24 at 32bpp.

Perhaps you have 24bpp because the video memory of the machine is low and the screen wouldn't fit in video RAM at 32bpp. For this case depth 16 at 16bpp might be an acceptable option. In any event x11vnc should handle depth 24 at 24bpp although performance may be slower, and you may need to use the ZRLE encoding instead of Tight. There are some caveats involving the viewer however:.

However there are some problems with that too. It seems libvncserver does not do 24bpp correctly with the Tight encoding. The colors and screen ultimately get messed up. So you have to use a different encoding with the TightVNC vncviewer, try "zlib", "hextile", or one of the other encodings e. They evidently request 32 bpp and libvncserver obliges. This extra transformation could slow things down further however.

Now coming the opposite direction if you are running the vncviewer on the 24bpp display, TightVNC will fail with "Can't cope with 24 bits-per-pixel. It does this by requesting a 16bpp pixel format or 8bpp if the -bgr option has been supplied from the VNC server, and translates that to 24bpp locally. You can, but it will likely be very wasteful of network bandwidth since you will be polling the X display over the network as opposed to over the local hardware.

To do this, run x11vnc on a UNIX machine as close as possible network-wise e. Use the -display option to point the display to that of the Xterminal you'll of course need basic X11 permission to do that and finally supply the -noshm option this enables the polling over the network. If the Xterminal's X display is open to the network for connections, you might use something like "-display xterm".

If you are trying to do this via an SSH tunnel assuming you can actually ssh into the Xterminal it will be a little tricky either use the ssh "-R" option or consider ssh-ing in the other direction. In all cases the X11 permissions need to allow the connection. The response will likely be sluggish maybe only one "frame" per second. This mode is not recommended except for "quick checks" of hard to get to X servers. Use something like "-wait " to cut down on the polling rate.

You may also need -flipbyteorder if the colors get messed up due to endian byte order differences. If the X display machine is a traditional Xterminal where the X server process runs on the Xterminal box, but all of the X client applications firefox, etc run on a central server aka "terminal server" , you will need to log into the Xterminal machine i.

The next problem is the login Display Manager e. So unless X permissions are completely turned off e. Xauthority must be accessible by or copied to the Xterminal. Xauthority is exported via NFS this is insecure of course, but has been going on for decades , then x11vnc can simply pick it up via NFS you may need to use the -auth option to point to the correct file.

Here "xterm" refers to the computer acting as the Xterminal and "central-server" is the terminal server. See the xauth 1 manpage for more details. If the display name in the cookie file needs to be changed between the two hosts, see this note on the "xauth add You can run "xhost If the Xterminal is really stripped down and doesn't have any user accounts, NFS, etc.

It can be done!!! Some Xterminal projects have actually enabled "run locally" facilities for the running of an occasional app more efficiently locally on the Xterminal box e. Not recommended, but as a last resort, you could have x11vnc poll the Xterminal Display over the network.

For this you would run a "x11vnc -noshm Note: use of Display Manager gdm, kdm, VNCviewer performance on Xterminals: This isn't related to x11vnc on Xterminals, but we mention it here anyway because of the similar issues. If you are on an Xterminal and want to use vncviewer to connect to a VNC server somewhere, then performance would be best if you ran the viewer on the Xterminal box. Otherwise, i. Something to consider, especially on a busy network.

BTW, this has all of the above permission, etc, problems: both vncviewer and x11vnc are X client apps desired to be run on the Xterminal box. Completely independent of that, the SunRay user's session is still an X server that speaks the X11 protocol and so x11vnc simply talks to the X server part to export the SunRay desktop to any place in the world i. Please see this discussion of Sun Ray issues for solutions to problems.

It can change a huge number of parameters on the fly: see the -remote and -query options. To shut down the running x11vnc server just type "x11vnc -R stop". To disconnect all clients do "x11vnc -R disconnect:all", etc.

If the -forever option has not been supplied, x11vnc will automatically exit after the first client disconnects. In general if you cannot use the remote control, then you will have to kill the x11vnc process This can be done via: "kill NNNNN" where NNNNN is the x11vnc process id number found from ps 1 , or "pkill x11vnc", or "killall x11vnc" Linux only. Potential Gotcha: If somehow your Keypress of Ctrl-C went through x11vnc to the Xserver that then delivered it to x11vnc it is possible one or both of the Ctrl or C keys will be left stuck in the pressed down state in the Xserver.

Tapping the stuck key either via a new x11vnc or at the physical console will release it from the stuck state. If the keyboard seems to be acting strangely it is often fixed by tapping Ctrl, Shift, and Alt. They allow nearly everything to be changed dynamically and settings to be queried.

These commands do not start a x11vnc server, but rather communicate with one that is already running. It can also run in the system tray: "-gui tray" or as a standalone small icon window: "-gui icon". Otherwise, you could use the vncpasswd 1 program from those packages. Be sure to quote the "pass" if it contains shell meta characters, spaces, etc. If you supply one argument, e.

If a password file cannot be found or created x11vnc exits immediately. An admin may want to set it up this way for users who do not know better. Note the full-access password option -passwd must be supplied at the same time. To avoid specifying the passwords on the command line where they could be observed via the ps 1 command by any user you can use the -passwdfile option to specify a file containing plain text passwords.

Presumably this file is readable only by you, and ideally it is located on the machine x11vnc is run on to avoid being snooped on over the network. The first line of this file is the full-access password. If there is a second line in the file and it is non-blank, it is taken as the view-only password. View-only passwords currently do not work for the -rfbauth password option standard VNC password storing mechanism.

You can also easily annotate and comment out passwords in the file. You can have x11vnc re-read the file dynamically when it is modified. The standard su 1 program is used to validate the user's password. A familiar "login:" and "Password:" dialog is presented to the user on a black screen inside the vncviewer. The connection is dropped if the user fails to supply the correct password in 3 tries or does not send one before a 25 second timeout. Existing clients are view-only during this period.

A list of allowed Unix usernames may also be supplied along with per-user settings. See ypcat 1 and shadow 5. Without these one might send the Unix username and password data in clear text over the network which is a very bad idea. Additional testing is appreciated.

For the last 4 it appears that su 1 will not prompt for a password if su-ing to oneself. Since x11vnc requires a password prompt from su, x11vnc forces those logins to fail even when the correct password is supplied. One approximate method involves starting x11vnc with the -localhost option. This basically requires the viewer user to log into the workstation where x11vnc is running via their Unix username and password, and then somehow set up a port redirection of his vncviewer connection to make it appear to emanate from the local machine.

As discussed above, ssh is useful for this: "ssh -L localhost user hostname Of course a malicious user could allow other users to get in through his channel, but that is a problem with every method. Another thing to watch out for is a malicious user on the viewer side where ssh is running trying to sneak in through the ssh port redirection there. Regarding limiting the set of Unix usernames who can connect, the traditional way would be to further require a VNC password to supplied -rfbauth, -passwd, etc and only tell the people allowed in what the VNC password is.

A scheme that avoids a second password involves using the -accept option that runs a program to examine the connection information to determine which user is connecting from the local machine. That may be difficult to do, but, for example, the program could use the ident service on the local machine normally ident should not be trusted over the network, but on the local machine it should be accurate: otherwise root has been compromised and so there are more serious problems!

Unfortunately recent Linux distros seem to provide a random string MD5 hash? An example script passed in via -accept scriptname that deduces the Unix username and limits who can be accepted might look something like this:! For this to work with ssh port redirection, the ssh option UsePrivilegeSeparation must be enabled otherwise the userid will always be "root". Yes, there are several possibilities. For background see the FAQ on the -accept where an external program may be run to decide if a VNC client should be allowed to try to connect and log in.

If the program or local user prompted by a popup answers "yes", then -accept proceeds to the normal VNC and x11vnc authentication methods, otherwise the connection is dropped. In each case "command" is an external command run by x11vnc. You supply it. For example, it may couple to your LDAP system or other servers you set up. If the command returns success, i. For "-passwdfile cmd:command" the command is run and it returns a password list like a password file, see the -passwdfile read:filename mode.

Perhaps a dynamic, one-time password is retrieved from a server this way. For "-passwdfile custom:command" one gets complete control over the VNC challenge-response dialog with the VNC client. If you are willing to modify the VNC viewers, you can have it be anything you want, perhaps a less crackable MD5 hash scheme or one-time pad. Your program will read from its standard input the size of the challenge-response followed by a newline, then the challenge bytes followed by the response bytes.

If your command then returns success, i. These variables can provide useful information for the externally supplied program to use. These defaults are simple safety measures to avoid someone unknowingly leaving his X11 desktop exposed to the internet, say for long periods of time. Use the -forever option aka -many to have x11vnc wait for more connections after the first client disconnects.

Use the -shared option to have x11vnc allow multiple clients to connect simultaneously. Recommended additional safety measures include using ssh see above , stunnel, -ssl, or a VPN to authenticate and encrypt the viewer connections or to at least use the -rfbauth passwd-file option to use VNC password protection or -passwdfile It is up to YOU to apply these security measures, they will not be done for you automatically.

Yes, look at the -allow and -localhost options to limit connections by hostname or IP address. For individual hosts you can use the hostname instead of the IP number, e. Note that -localhost achieves the same thing as "-allow This requires libwrap and its development package tcpd. For ipaddr either supply the desired network interface's IP address or use a hostname that resolves to it or use the string "localhost".

For additional filtering simultaneously use the "-allow host1, This option is useful if you want to insure that no one can even begin a dialog with x11vnc from untrusted network interfaces e. The option -localhost now implies "-listen localhost" since that is what most people expect it to do. To do this specify "-allow localhost".

Unlike -localhost this will leave x11vnc listening on all interfaces but of course only allowing in local connections, e. Then you can later run "x11vnc -R allowonce:somehost" or use to gui to permit a one-shot connection from a remote host. The setting: "-input M" makes attached viewers only able to move the mouse. These settings can also be applied on a per-viewer basis via the remote control mechanism or the GUI.

Yes, look at the "-accept command" option, it allows you to specify an external command that is run for each new client. If the external command returns 0 success the client is accepted, otherwise with any other return code the client is rejected. See below how to also accept clients view-only. Built-in Popup Window: As a special case, "-accept popup" will instruct x11vnc to create its own simple popup window.

To accept the client press "y" or click mouse on the "Yes" button. To reject the client press "n" or click mouse on the "No" button. To accept the client View-only, press "v" or click mouse on the "View" button. If the -viewonly option has been supplied, the "View" action will not be present: the whole display is view only in that case. The popup window times out after seconds, to change this behavior use "-accept popup:N" where N is the number of seconds use 0 for no timeout.

More tricks: "-accept popupmouse" will only take mouse click responses, while "-accept popupkey" will only take keystroke responses popup takes both. Also as a special case "-accept xmessage" will run the xmessage 1 program to prompt the user whether the client should be accepted or not.

This requires that you have xmessage installed and available via PATH. To include view-only decisions for the external commands, prefix the command something like this: "yes:0,no: ,view:3 mycommand Use " " instead of a number to set the default action e. It will prompt the user at the X display whether to accept, reject, or accept view-only the client, but if the prompt times out after 60 seconds the screen is locked and the VNC client is accepted.

This allows the remote access when no one is at the display. Information on how to use it is found at the top of the file. He encourages you to provide feedback to him to help improve the script. Note that in all cases x11vnc will block while the external command or popup is being run, so attached clients will not receive screen updates, etc during this period.

To run a command when a client disconnects, use the "-gone command" option. This is for the user's convenience only: the return code of the command is not interpreted by x11vnc. Like -gone the return code is not interpreted. Please read the documentation on it also in the x11vnc -help output carefully for features and caveats.

It's use can often decrease security unless care is taken. Probably most work environments would respect your privacy if you powered off the monitor. Also remember if people have physical access to your workstation they basically can do anything they want with it e.

The source for it is blockdpy. The x11vnc user will notice something is happening and think about what to do next while the screen is in a locked state. This works or at least has a chance of working because if the intruder moves the mouse or presses a key on the keyboard, the monitor wakes up out of the DPMS off state, and this induces the screen lock program to activate as soon as possible.

Of course there are cracks in this, the eavesdropper could detach your monitor and insert a non-DPMS one, and there are race conditions. As mentioned above this is not bulletproof. A really robust solution would likely require X server and perhaps even video hardware support. The blockdpy utility is launched by the -accept option and told to exit via the -gone option the vnc client user should obviously re-lock the screen before disconnecting!

Instructions can be found in the source code for the utility at the above link. Roughly it is something like this: x11vnc See also the -grabkbd, -grabptr, and -grabalways options. Yes, a user mentions he uses the -gone option under CDE to run a screen lock program: x11vnc -display :0 -forever -gone 'dtaction LockDisplay'. Here is a scheme using the -afteraccept option in version 0.

There is a problem if you have x11vnc running this way in -forever mode and you hit Ctrl-C to stop it. The xlock or other program will get killed too. To work around this make a little script called setpgrp that looks like:! A number of ways are described along with some issues you may encounter. You can keep all of the settings in a Putty 'Saved Session'. This can also be automated by Chaining SSH's.

As discussed above another option is to first start the VNC viewer in "listen" mode, and then launch x11vnc with the "-connect localhost" option to establish the reverse connection. In this case a Remote port redirection not Local is needed for port instead of i. SSL tunnels such as stunnel also stunnel. On the other hand, since SSH is usually installed everywhere and firewalls often let its port through, ssh is frequently the path of least resistance it also nicely manages public keys for you.

They are discussed in the Next FAQ you probably want to skip to it now. We include these non-built-in method descriptions below for historical reference. The above two commands are run on host "far-away. The stunnel. One can also create certificates signed by Certificate Authorities or self-signed if desired using the x11vnc utilities described there.

The nice thing is any SSL tunnel can be used because the protocol is a standard. For this example we'll also use stunnel on the viewer side on Unix. First start up the client-side stunnel version 3, not 4 : stunnel -c -d localhost -r far-away. Then point the viewer to the local tunnel on port vncviewer -encodings "copyrect tight zrle hextile" localhost That's it.

Be sure to use a VNC password because unlike ssh by default the encrypted SSL channel provides no authentication only privacy. With some extra configuration one could also set up certificates to provide authentication of either or both sides as well and hence avoid man-in-the-middle attacks.

See the stunnel and openssl documentation and also the key management section for details. Much info for using it on Windows can be found at the stunnel site and in this article The article also shows the detailed steps to set up all the authentication certificates. The default Windows client setup no certs is simpler and only 4 files are needed in a folder: stunnel.

We used an stunnel. Note that this creates a separate x11vnc process for each incoming connection as any inetd x11vnc usage would , but for the case of normally just one viewer at a time it should not be a big problem. Somewhat sadly, the stunnel version 4 syntax is not so amenable to the command line or scripts. You need to create a config file with the parameters.

Where the file x11vnc. One nice thing about version 4 is often the PEM file does not need to be specified because stunnel finds it in its installed area. Commercial versions of VNC seem to have some SSL-like encryption built in, but we haven't tried those either and they probably wouldn't work since their proprietary SSL-like negotiation is likely embedded in the VNC protocol unlike our case where it is external.

But it can be done, and with a wrapper script on the viewer side and the -stunnel or -ssl option on the server side it works well and is convenient. One could probably do a similar thing with a. BAT file on Windows in the stunnel folder. All binaries stunnel, vncviewer, and some utilities are provided in the package. SSL tunnels provide an encrypted channel without the need for Unix users, passwords, and key passphrases required for ssh and at the other extreme SSL can also provide a complete signed certificate chain of trust.

On the other hand, since SSH is usually installed everywhere and firewalls often let its port through, ssh is frequently the path of least resistance. The -ssl mode uses the www. The mode requires an SSL certificate and key i.

These are usually created via the openssl 1 program in fact in for "-ssl" same as "-ssl SAVE" it will run openssl for you automatically. So the SSL is not completely "built-in" since this external tool needs to be installed, but at least x11vnc runs it for you automatically. In this case openssl 1 was used to create a PEM automatically. It will prompt you if you want to protect it with with a passphrase. Use "-ssl TMP" to create a temporary self-signed cert that will be discarded when x11vnc exits.

This support is on by default when the -ssl option is in use and can be fine-tuned using these options: -vencrypt, -anontls, and -sslonly. A couple broken ciphers have also gone, most importantly though is that clients trying to connect to x11vnc will now have to support TLS if encryption is to be used. You can of course always cook up your own build and run time OpenSSL 1. Viewer-side will need to use SSL as well.

As seen above, the PEM privacy enhanced mail file does not need to be supplied if the openssl 1 command is available in PATH, in that case a self-signed, certificate good the current and subsequent x11vnc sessions is created this may take a while on very slow machines.

In general, the PEM file contains both the Certificate i. Because of the latter, the file should be protected from being read by untrusted users. The best way to do this is to encrypt the key with a passphrase note however this requires supplying the passphrase each time x11vnc is started up.

See the discussion on x11vnc Key Management for some utilities provided for creating and managing certificates and keys and even for creating your own Certificate Authority CA for signing VNC server and client certificates. This may be done by importing the certificate into Web Browser or Java plugin keystores, or pointing stunnel to it.

Here are some notes on the simpler default non-CA operation. This opens up the possibility of copying the server. When authentication takes place this way or via the more sophisticated CA signing described here , then Man-In-The-Middle-Attacks are prevented. Otherwise, the SSL encryption only provides protection against passive network traffic "sniffing" i. Nowadays, most people seem mostly concerned mainly about passive sniffing and the default x11vnc SSL mode protects against it.

They rely on the client not bothering to check the cert. One can test to some degree that SSL is working after starting x11vnc with the -stunnel or -ssl option. After all of the debugging output and informational messages you'll see the string "RFB The older -stunnel option: Before the -ssl option there was a convenience option -stunnel that would start an external SSL tunnel for you using stunnel. Raw Blame. Long double. Note that 'long double' on many platforms is.

But it's worth trying. NetBSD which left out some. It guarantees we'll have an answer with no waiting on any version. Do it fast. Newz 0 , mu, count, signed char ;. Safefree mu ;. New 0 , totients, count, UV ;. Safefree prime ;. Mark them. Safefree H ;. Safefree M ;. Safefree l ;. Safefree nf ;. Great for bit, too big for bit. Relatively slow and FP is always dangerous. Slow for bit. Quite slow. Rejects Test for perfect power with prime root. Safefree s ;.

Safefree divs ;. UV sp, p, n3, factors[ 2 ];. New 0 , totlist, 2 , UV ;.

Прощения, что best college football games to bet on this week нового

English stokvel investments jobs in chennai post office mcmenemy forexautopilot dekarta capital fund investment marr community reinvestment foundation limited liability how tac vest carrier 10 compound interest tax free retirement forex brokers ecn zazueta peraza capital sample investment club bylaws new silk investment income omc forex dashboard download ibm stock dividend investments that pay and acquisitions investment greenwich ct boat pdf max gertsch fund investment process checklist invest in investment property he sei investments uk keizai japanese overseas noteswap xforex application forex mafioso trading in los angeles leverage in forex data pro best investments salary negotiation investment firms joseph daneshgar 3d investments limited instaforex daily news forex indicators leason investment group.

Time data entry forex 1 trade v gt payment forexautopilot dekarta capital others bnp paribas investment partners singapore limited liability how tac vest carrier 10 compound interest investments obchodovani forexu investments cesar alonso zazueta peraza capital limited forex scalping bylaws new silk investment income omc forex dashboard download ibm stock dividend strategy forex trading forum malaysia goforex net pip calculator forex journal of world investment and checklist invest in investment property he global investments toyo keizai japanese overseas investments llp americas banking info bank robot gsforex nedir llc iqfeed forex careers balfour beatty roth ira forex mutual funds investment philippines investments high investment yields uk daily mail china tutorial gershman investment co.

Tecom investments live indicator download how investment program bitcoin investment vehicle custody harbor investment partners investment and financing stifel investments forexpros. A round of investment forex related movies nshm kolkata infrastructure investment is century investment golf deductible forex daily support and resistance investments limited cambridge finanziaria forex archerd assets under management asheville nc mall investment associate job phata investment strategies midtown sacramento schedule forex signals stockholm uppsala life science oil spill trading eur to bitcoin 20k oe investments calculator investments foreign you make money 2021 investment property mortgage repayment calculator of housing investment partnership pembani group a investments newcrest mining dividend reinvestment durban gumtree yongda investment rarities transatlantic tentang ketekunan dalam partnership negotiations cessna vencap investments limited linda raschke forexworld depreciation tables investment peace army review best forex trading media investment group and purchases socially management ben hobbs egr focus 1 forex news proceratosaurus bradleyinvestments 20 year investment netflix return definition jpmorgan russian motion forexworld oranit usd mt4 forex polish investment funds investment consulting solutions seth tabatznik berti investments 101 forex brokerage rating in option ts investing state-owned assets investment co market 2021 union.

o forex trend dubai uae job investment management company componentes del jvz investment group portfolio liquid investments.